From 5c999bb94140aa6c016f1a0396c918b79cb93591 Mon Sep 17 00:00:00 2001 From: Magnus Walbeck Date: Fri, 14 Feb 2025 23:11:00 +0100 Subject: [PATCH 1/7] Add forgejo actions --- .drone.star | 141 -------------------------- .drone.yml | 188 ----------------------------------- .forgejo/workflows/build.yml | 87 ++++++++++++++++ .forgejo/workflows/test.yml | 72 ++++++++++++++ 4 files changed, 159 insertions(+), 329 deletions(-) delete mode 100644 .drone.star delete mode 100644 .drone.yml create mode 100644 .forgejo/workflows/build.yml create mode 100644 .forgejo/workflows/test.yml diff --git a/.drone.star b/.drone.star deleted file mode 100644 index 846dd32..0000000 --- a/.drone.star +++ /dev/null @@ -1,141 +0,0 @@ -def main(ctx): - return [ - lint(), - default_tests("1.7", "1.7"), - default_tests("1.7-prod", "1.7", "Dockerfile.prod"), - release("1.7", "1.7", custom_tags = "latest"), - release("1.7-prod", "1.7", "Dockerfile.prod", "prod", "latest-prod"), - ] - -def lint(): - return { - "kind": "pipeline", - "type": "docker", - "name": "lint", - "steps": [ - { - "name": "Lint Dockerfiles", - "image": "hadolint/hadolint:latest-debian", - "pull": "if-not-exists", - "commands": [ - "hadolint --version", - "hadolint */Dockerfile*", - ], - "when": { - "status": [ - "failure", - "success", - ], - }, - }, - { - "name": "Lint entrypoint scripts", - "image": "koalaman/shellcheck-alpine", - "pull": "if-not-exists", - "commands": [ - "shellcheck --version", - "shellcheck entrypoint*.sh", - ], - "when": { - "status": [ - "failure", - "success", - ], - }, - }, - ], - "trigger": { - "event": [ - "pull_request", - "push", - ], - "ref": { - "exclude": [ - "refs/heads/renovate/*", - ], - }, - }, - } - -def default_tests(name, grav_version, dockerfile = "Dockerfile"): - return { - "kind": "pipeline", - "type": "docker", - "name": "default_tests_%s" % name, - "steps": [ - { - "name": "build test", - "image": "thegeeklab/drone-docker-buildx", - "pull": "if-not-exists", - "settings": { - "dockerfile": "%s/%s" % (grav_version, dockerfile), - "username": { - "from_secret": "dockerhub_username", - }, - "password": { - "from_secret": "dockerhub_password_ro", - }, - "dry_run": "true", - "platforms": "linux/amd64,linux/arm64", - "repo": "mwalbeck/getgrav", - }, - }, - ], - "trigger": { - "event": [ - "pull_request", - ], - }, - "depends_on": [ - "lint", - ], - } - -def release(name, grav_version, dockerfile = "Dockerfile", app_env = "", custom_tags = ""): - return { - "kind": "pipeline", - "type": "docker", - "name": "release_%s" % name, - "steps": [ - { - "name": "determine tags", - "image": "mwalbeck/determine-docker-tags", - "pull": "if-not-exists", - "environment": { - "VERSION_TYPE": "docker_env", - "APP_NAME": "GRAV", - "DOCKERFILE_PATH": "%s/%s" % (grav_version, dockerfile), - "APP_ENV": app_env, - "CUSTOM_TAGS": custom_tags, - "INCLUDE_MAJOR": "negative", - }, - }, - { - "name": "build and publish", - "image": "thegeeklab/drone-docker-buildx", - "pull": "if-not-exists", - "settings": { - "dockerfile": "%s/%s" % (grav_version, dockerfile), - "username": { - "from_secret": "dockerhub_username", - }, - "password": { - "from_secret": "dockerhub_password", - }, - "platforms": "linux/amd64,linux/arm64", - "repo": "mwalbeck/getgrav", - }, - }, - ], - "trigger": { - "branch": [ - "master", - ], - "event": [ - "push", - ], - }, - "depends_on": [ - "lint", - ], - } diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 3f2adf1..0000000 --- a/.drone.yml +++ /dev/null @@ -1,188 +0,0 @@ ---- -kind: pipeline -type: docker -name: lint - -platform: - os: linux - arch: amd64 - -steps: -- name: Lint Dockerfiles - pull: if-not-exists - image: hadolint/hadolint:latest-debian - commands: - - hadolint --version - - hadolint */Dockerfile* - when: - status: - - failure - - success - -- name: Lint entrypoint scripts - pull: if-not-exists - image: koalaman/shellcheck-alpine - commands: - - shellcheck --version - - shellcheck entrypoint*.sh - when: - status: - - failure - - success - -trigger: - event: - - pull_request - - push - ref: - exclude: - - refs/heads/renovate/* - ---- -kind: pipeline -type: docker -name: default_tests_1.7 - -platform: - os: linux - arch: amd64 - -steps: -- name: build test - pull: if-not-exists - image: thegeeklab/drone-docker-buildx - settings: - dockerfile: 1.7/Dockerfile - dry_run: true - password: - from_secret: dockerhub_password_ro - platforms: linux/amd64,linux/arm64 - repo: mwalbeck/getgrav - username: - from_secret: dockerhub_username - -trigger: - event: - - pull_request - -depends_on: -- lint - ---- -kind: pipeline -type: docker -name: default_tests_1.7-prod - -platform: - os: linux - arch: amd64 - -steps: -- name: build test - pull: if-not-exists - image: thegeeklab/drone-docker-buildx - settings: - dockerfile: 1.7/Dockerfile.prod - dry_run: true - password: - from_secret: dockerhub_password_ro - platforms: linux/amd64,linux/arm64 - repo: mwalbeck/getgrav - username: - from_secret: dockerhub_username - -trigger: - event: - - pull_request - -depends_on: -- lint - ---- -kind: pipeline -type: docker -name: release_1.7 - -platform: - os: linux - arch: amd64 - -steps: -- name: determine tags - pull: if-not-exists - image: mwalbeck/determine-docker-tags - environment: - APP_NAME: GRAV - CUSTOM_TAGS: latest - DOCKERFILE_PATH: 1.7/Dockerfile - INCLUDE_MAJOR: negative - VERSION_TYPE: docker_env - -- name: build and publish - pull: if-not-exists - image: thegeeklab/drone-docker-buildx - settings: - dockerfile: 1.7/Dockerfile - password: - from_secret: dockerhub_password - platforms: linux/amd64,linux/arm64 - repo: mwalbeck/getgrav - username: - from_secret: dockerhub_username - -trigger: - branch: - - master - event: - - push - -depends_on: -- lint - ---- -kind: pipeline -type: docker -name: release_1.7-prod - -platform: - os: linux - arch: amd64 - -steps: -- name: determine tags - pull: if-not-exists - image: mwalbeck/determine-docker-tags - environment: - APP_ENV: prod - APP_NAME: GRAV - CUSTOM_TAGS: latest-prod - DOCKERFILE_PATH: 1.7/Dockerfile.prod - INCLUDE_MAJOR: negative - VERSION_TYPE: docker_env - -- name: build and publish - pull: if-not-exists - image: thegeeklab/drone-docker-buildx - settings: - dockerfile: 1.7/Dockerfile.prod - password: - from_secret: dockerhub_password - platforms: linux/amd64,linux/arm64 - repo: mwalbeck/getgrav - username: - from_secret: dockerhub_username - -trigger: - branch: - - master - event: - - push - -depends_on: -- lint - ---- -kind: signature -hmac: 510995e2c823c0fc6e76df59b2290f27b58094f9bb28c3ec98735202f0246b5f - -... diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml new file mode 100644 index 0000000..de7f9e0 --- /dev/null +++ b/.forgejo/workflows/build.yml @@ -0,0 +1,87 @@ +name: Build and publish + +on: + push: + branches: + - main + +jobs: + lint: + if: github.ref != 'refs/heads/renovate/*' + runs-on: docker + steps: + - uses: actions/checkout@v4 + - uses: https://github.com/hadolint/hadolint-action@v3.1.0 + with: + dockerfile: ./1.7/Dockerfile + - uses: https://github.com/hadolint/hadolint-action@v3.1.0 + with: + dockerfile: ./1.7/Dockerfile.prod + - uses: https://github.com/ludeeus/action-shellcheck@2.0.0 + + 1_7: + runs-on: dind + steps: + - uses: actions/checkout@v4 + - name: Get docker tags + id: tags + shell: sh + env: + VERSION_TYPE: "docker_env" + APP_NAME: "GRAV" + DOCKERFILE_PATH: "1.7/Dockerfile" + INCLUDE_MAJOR: "no" + CUSTOM_TAGS: "latest" + IMAGE_NAME: "mwalbeck/composer" + run: | + determine-docker-tags + dockerd & + - name: Login to Docker Hub + uses: https://github.com/docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Set up Docker Buildx + uses: https://github.com/docker/setup-buildx-action@v3 + - name: Build and push + uses: https://github.com/docker/build-push-action@v6 + with: + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.tags.outputs.tags }} + context: ./1.7 + file: Dockerfile + + 1_7_prod: + runs-on: dind + steps: + - uses: actions/checkout@v4 + - name: Get docker tags + id: tags + shell: sh + env: + VERSION_TYPE: "docker_env" + APP_NAME: "GRAV" + APP_ENV: "prod" + DOCKERFILE_PATH: "1.7/Dockerfile.prod" + INCLUDE_MAJOR: "no" + CUSTOM_TAGS: "latest-prod" + IMAGE_NAME: "mwalbeck/composer" + run: | + determine-docker-tags + dockerd & + - name: Login to Docker Hub + uses: https://github.com/docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Set up Docker Buildx + uses: https://github.com/docker/setup-buildx-action@v3 + - name: Build and push + uses: https://github.com/docker/build-push-action@v6 + with: + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.tags.outputs.tags }} + context: ./1.7 + file: Dockerfile.prod \ No newline at end of file diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml new file mode 100644 index 0000000..f91a971 --- /dev/null +++ b/.forgejo/workflows/test.yml @@ -0,0 +1,72 @@ +name: Test + +on: pull_request + +jobs: + lint: + if: github.ref != 'refs/heads/renovate/*' + runs-on: docker + steps: + - uses: actions/checkout@v4 + - uses: https://github.com/hadolint/hadolint-action@v3.1.0 + with: + dockerfile: ./1.7/Dockerfile + - uses: https://github.com/hadolint/hadolint-action@v3.1.0 + with: + dockerfile: ./1.7/Dockerfile.prod + - uses: https://github.com/ludeeus/action-shellcheck@2.0.0 + + 1_7: + runs-on: dind + steps: + - uses: actions/checkout@v4 + - name: Get docker tags + id: tags + shell: sh + env: + VERSION_TYPE: "docker_env" + APP_NAME: "GRAV" + DOCKERFILE_PATH: "1.7/Dockerfile" + INCLUDE_MAJOR: "no" + CUSTOM_TAGS: "latest" + IMAGE_NAME: "mwalbeck/composer" + run: | + determine-docker-tags + dockerd & + - name: Set up Docker Buildx + uses: https://github.com/docker/setup-buildx-action@v3 + - name: Test build + uses: https://github.com/docker/build-push-action@v6 + with: + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.tags.outputs.tags }} + context: ./1.7 + file: Dockerfile + + 1_7_prod: + runs-on: dind + steps: + - uses: actions/checkout@v4 + - name: Get docker tags + id: tags + shell: sh + env: + VERSION_TYPE: "docker_env" + APP_NAME: "GRAV" + APP_ENV: "prod" + DOCKERFILE_PATH: "1.7/Dockerfile.prod" + INCLUDE_MAJOR: "no" + CUSTOM_TAGS: "latest-prod" + IMAGE_NAME: "mwalbeck/composer" + run: | + determine-docker-tags + dockerd & + - name: Set up Docker Buildx + uses: https://github.com/docker/setup-buildx-action@v3 + - name: Test build + uses: https://github.com/docker/build-push-action@v6 + with: + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.tags.outputs.tags }} + context: ./1.7 + file: Dockerfile.prod \ No newline at end of file -- 2.45.2 From 0250ebc9806b9c6af80bb249d197141c17cd33fc Mon Sep 17 00:00:00 2001 From: Magnus Walbeck Date: Fri, 14 Feb 2025 23:13:30 +0100 Subject: [PATCH 2/7] Fix --- .forgejo/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml index f91a971..4ac3e94 100644 --- a/.forgejo/workflows/test.yml +++ b/.forgejo/workflows/test.yml @@ -41,7 +41,7 @@ jobs: platforms: linux/amd64,linux/arm64 tags: ${{ steps.tags.outputs.tags }} context: ./1.7 - file: Dockerfile + file: ./1.7/Dockerfile 1_7_prod: runs-on: dind @@ -69,4 +69,4 @@ jobs: platforms: linux/amd64,linux/arm64 tags: ${{ steps.tags.outputs.tags }} context: ./1.7 - file: Dockerfile.prod \ No newline at end of file + file: ./1.7/Dockerfile.prod \ No newline at end of file -- 2.45.2 From 9c0eff9901167a09b1949db2f7e8b7ed9ce19075 Mon Sep 17 00:00:00 2001 From: Magnus Walbeck Date: Fri, 14 Feb 2025 23:15:54 +0100 Subject: [PATCH 3/7] Fix context path --- .forgejo/workflows/test.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml index 4ac3e94..deae4a3 100644 --- a/.forgejo/workflows/test.yml +++ b/.forgejo/workflows/test.yml @@ -40,7 +40,6 @@ jobs: with: platforms: linux/amd64,linux/arm64 tags: ${{ steps.tags.outputs.tags }} - context: ./1.7 file: ./1.7/Dockerfile 1_7_prod: @@ -68,5 +67,4 @@ jobs: with: platforms: linux/amd64,linux/arm64 tags: ${{ steps.tags.outputs.tags }} - context: ./1.7 file: ./1.7/Dockerfile.prod \ No newline at end of file -- 2.45.2 From a35b3f0ec0a1dd3924026ea375f8ead52fdb8a56 Mon Sep 17 00:00:00 2001 From: Magnus Walbeck Date: Fri, 14 Feb 2025 23:34:41 +0100 Subject: [PATCH 4/7] Add qemu --- .forgejo/workflows/build.yml | 8 ++++++-- .forgejo/workflows/test.yml | 8 ++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index de7f9e0..44299dd 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -19,7 +19,7 @@ jobs: dockerfile: ./1.7/Dockerfile.prod - uses: https://github.com/ludeeus/action-shellcheck@2.0.0 - 1_7: + grav1_7: runs-on: dind steps: - uses: actions/checkout@v4 @@ -41,6 +41,8 @@ jobs: with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: https://github.com/docker/setup-buildx-action@v3 - name: Build and push @@ -52,7 +54,7 @@ jobs: context: ./1.7 file: Dockerfile - 1_7_prod: + grav1_7_prod: runs-on: dind steps: - uses: actions/checkout@v4 @@ -75,6 +77,8 @@ jobs: with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: https://github.com/docker/setup-buildx-action@v3 - name: Build and push diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml index deae4a3..8828099 100644 --- a/.forgejo/workflows/test.yml +++ b/.forgejo/workflows/test.yml @@ -16,7 +16,7 @@ jobs: dockerfile: ./1.7/Dockerfile.prod - uses: https://github.com/ludeeus/action-shellcheck@2.0.0 - 1_7: + grav1_7: runs-on: dind steps: - uses: actions/checkout@v4 @@ -33,6 +33,8 @@ jobs: run: | determine-docker-tags dockerd & + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: https://github.com/docker/setup-buildx-action@v3 - name: Test build @@ -42,7 +44,7 @@ jobs: tags: ${{ steps.tags.outputs.tags }} file: ./1.7/Dockerfile - 1_7_prod: + grav1_7_prod: runs-on: dind steps: - uses: actions/checkout@v4 @@ -60,6 +62,8 @@ jobs: run: | determine-docker-tags dockerd & + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: https://github.com/docker/setup-buildx-action@v3 - name: Test build -- 2.45.2 From 21b2a0c471c4d14aa09652218e5280b9821d4cc2 Mon Sep 17 00:00:00 2001 From: Magnus Walbeck Date: Sat, 15 Feb 2025 00:08:42 +0100 Subject: [PATCH 5/7] Remove pin --- 1.7/Dockerfile | 2 +- 1.7/Dockerfile.prod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/1.7/Dockerfile b/1.7/Dockerfile index 684729e..afadabc 100644 --- a/1.7/Dockerfile +++ b/1.7/Dockerfile @@ -1,4 +1,4 @@ -FROM php:8.1.31-fpm-bullseye@sha256:0287e65562b7a2e322d9fd5ae03c46ca8c3e5a976a0de963e7e5d69f1b90600d +FROM php:8.1.31-fpm-bullseye SHELL [ "/bin/bash", "-exo", "pipefail", "-c" ] diff --git a/1.7/Dockerfile.prod b/1.7/Dockerfile.prod index a4f5874..17fdaa2 100644 --- a/1.7/Dockerfile.prod +++ b/1.7/Dockerfile.prod @@ -1,4 +1,4 @@ -FROM php:8.1.31-fpm-bullseye@sha256:0287e65562b7a2e322d9fd5ae03c46ca8c3e5a976a0de963e7e5d69f1b90600d +FROM php:8.1.31-fpm-bullseye SHELL [ "/bin/bash", "-exo", "pipefail", "-c" ] -- 2.45.2 From b90074e39cdc7010e9570ebe2e873a84fff68215 Mon Sep 17 00:00:00 2001 From: Magnus Walbeck Date: Sat, 15 Feb 2025 00:13:50 +0100 Subject: [PATCH 6/7] Test --- 1.7/Dockerfile | 1 + 1.7/Dockerfile.prod | 1 + 2 files changed, 2 insertions(+) diff --git a/1.7/Dockerfile b/1.7/Dockerfile index afadabc..2da3996 100644 --- a/1.7/Dockerfile +++ b/1.7/Dockerfile @@ -13,6 +13,7 @@ RUN groupadd --system foo; \ useradd --no-log-init --system --gid foo --create-home foo; \ \ apt-get update; \ + apt-get --reinstall install libc-bin; \ apt-get install -y --no-install-recommends \ git \ unzip \ diff --git a/1.7/Dockerfile.prod b/1.7/Dockerfile.prod index 17fdaa2..356dbe1 100644 --- a/1.7/Dockerfile.prod +++ b/1.7/Dockerfile.prod @@ -13,6 +13,7 @@ RUN groupadd --force --system --gid 33 www-data; \ useradd --no-log-init --system --gid www-data --no-create-home --uid 33 www-data || true; \ \ apt-get update; \ + apt-get --reinstall install libc-bin; \ apt-get install -y --no-install-recommends \ git \ unzip \ -- 2.45.2 From 7bb72216f361f691a16dea704631b4c62dca9f58 Mon Sep 17 00:00:00 2001 From: Magnus Walbeck Date: Sat, 15 Feb 2025 00:24:29 +0100 Subject: [PATCH 7/7] Switch qemu image --- .forgejo/workflows/test.yml | 4 ++++ 1.7/Dockerfile | 2 +- 1.7/Dockerfile.prod | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml index 8828099..7d190c9 100644 --- a/.forgejo/workflows/test.yml +++ b/.forgejo/workflows/test.yml @@ -35,6 +35,8 @@ jobs: dockerd & - name: Set up QEMU uses: docker/setup-qemu-action@v3 + with: + image: tonistiigi/binfmt:qemu-v7.0.0-28 - name: Set up Docker Buildx uses: https://github.com/docker/setup-buildx-action@v3 - name: Test build @@ -64,6 +66,8 @@ jobs: dockerd & - name: Set up QEMU uses: docker/setup-qemu-action@v3 + with: + image: tonistiigi/binfmt:qemu-v7.0.0-28 - name: Set up Docker Buildx uses: https://github.com/docker/setup-buildx-action@v3 - name: Test build diff --git a/1.7/Dockerfile b/1.7/Dockerfile index 2da3996..401c547 100644 --- a/1.7/Dockerfile +++ b/1.7/Dockerfile @@ -1,4 +1,4 @@ -FROM php:8.1.31-fpm-bullseye +FROM php:8.1.31-fpm-bullseye@sha256:0287e65562b7a2e322d9fd5ae03c46ca8c3e5a976a0de963e7e5d69f1b90600d SHELL [ "/bin/bash", "-exo", "pipefail", "-c" ] diff --git a/1.7/Dockerfile.prod b/1.7/Dockerfile.prod index 356dbe1..406aa06 100644 --- a/1.7/Dockerfile.prod +++ b/1.7/Dockerfile.prod @@ -1,4 +1,4 @@ -FROM php:8.1.31-fpm-bullseye +FROM php:8.1.31-fpm-bullseye@sha256:0287e65562b7a2e322d9fd5ae03c46ca8c3e5a976a0de963e7e5d69f1b90600d SHELL [ "/bin/bash", "-exo", "pipefail", "-c" ] -- 2.45.2