From 6914dbbec534a101bf440746c46800f9cf848837 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Tue, 10 Dec 2024 09:16:55 +0100 Subject: [PATCH] feat: unpin apk packages, remove overcommit, switch back to github runners --- .github/workflows/build_container.yml | 122 +++--------------------- .github/workflows/ci.yaml | 10 -- .github/workflows/security_scanning.yml | 5 - Dockerfile | 26 ++--- README.md | 2 + build_versions.json | 14 +-- 6 files changed, 27 insertions(+), 152 deletions(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 0675320..98a3099 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -21,43 +21,8 @@ jobs: - id: set-matrix run: echo "matrix=$(jq -c . build_versions.json)" >> $GITHUB_OUTPUT - build-X86-container: - runs-on: macarne - permissions: - contents: read - packages: write - needs: setup-matrix - strategy: - matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }} - steps: - - name: Build Vox Pupuli Test Box r${{ matrix.puppet_release }} - uses: voxpupuli/gha-build-and-publish-a-container@v2 - with: - registry_password: ${{ secrets.GITHUB_TOKEN }} - build_args: | - BASE_IMAGE=${{ matrix.base_image }} - RUBYGEM_PUPPET=${{ matrix.rubygem_puppet }} - RUBYGEM_FACTER=${{ matrix.rubygem_facter }} - RUBYGEM_VOXPUPULI_TEST=${{ matrix.rubygem_voxpupuli_test }} - RUBYGEM_VOXPUPULI_ACCEPTANCE=${{ matrix.rubygem_voxpupuli_acceptance }} - RUBYGEM_VOXPUPULI_RELEASE=${{ matrix.rubygem_voxpupuli_release }} - RUBYGEM_PUPPET_METADATA=${{ matrix.rubygem_puppet_metadata }} - RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }} - RUBYGEM_RUBOCOP_PERFORMANCE=${{ matrix.rubygem_rubocop_performance }} - RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }} - APK_JQ=${{ matrix.apk_jq }} - APK_YAMLLINT=${{ matrix.apk_yamllint }} - APK_GIT=${{ matrix.apk_git }} - APK_CURL=${{ matrix.apk_curl }} - build_arch: linux/amd64 - docker_username: voxpupulibot - docker_password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }} - tags: | - docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86 - ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86 - - build-ARM-container: - runs-on: hetzner-arm + build-and-push-container: + runs-on: ubuntu-latest permissions: contents: read packages: write @@ -80,81 +45,20 @@ jobs: RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }} RUBYGEM_RUBOCOP_PERFORMANCE=${{ matrix.rubygem_rubocop_performance }} RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }} - APK_JQ=${{ matrix.apk_jq }} - APK_YAMLLINT=${{ matrix.apk_yamllint }} - APK_GIT=${{ matrix.apk_git }} - APK_CURL=${{ matrix.apk_curl }} - build_arch: linux/arm64 + build_arch: linux/amd64,linux/arm64 docker_username: voxpupulibot docker_password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }} tags: | - docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64 - ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64 - - create-multiarch-manifests: - runs-on: ubuntu-latest - needs: - - setup-matrix - - build-X86-container - - build-ARM-container - strategy: - matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }} - steps: - - name: Log in to the ghcr.io registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Log in to the docker.io registry - uses: docker/login-action@v3 - with: - registry: docker.io - username: voxpupulibot - password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }} - - - name: Create multiarch manifests - run: | - docker buildx imagetools create -t ghcr.io/voxpupuli/voxbox:${{ matrix.rubygem_puppet }}-${{ github.ref_name }} \ - ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64 \ - ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86 - - docker buildx imagetools create -t ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.ref_name }} \ - ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64 \ - ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86 - - docker buildx imagetools create -t ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }} \ - ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64 \ - ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86 - - docker buildx imagetools create -t ghcr.io/voxpupuli/voxbox:latest \ - ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64 \ - ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86 - - docker buildx imagetools create -t docker.io/voxpupuli/voxbox:${{ matrix.rubygem_puppet }}-${{ github.ref_name }} \ - docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64 \ - docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86 - - docker buildx imagetools create -t docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.ref_name }} \ - docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64 \ - docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86 - - docker buildx imagetools create -t docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }} \ - docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64 \ - docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86 - - docker buildx imagetools create -t docker.io/voxpupuli/voxbox:latest \ - docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64 \ - docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86 - - update-dockerhub-description: - runs-on: ubuntu-latest - needs: - - create-multiarch-manifests - steps: - - name: Source checkout - uses: actions/checkout@v4 + ghcr.io/voxpupuli/voxbox:${{ matrix.rubygem_puppet }}-${{ github.ref_name }} + ghcr.io/voxpupuli/voxbox:${{ matrix.rubygem_puppet }}-latest + ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.ref_name }} + ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }} + ghcr.io/voxpupuli/voxbox:latest + docker.io/voxpupuli/voxbox:${{ matrix.rubygem_puppet }}-${{ github.ref_name }} + docker.io/voxpupuli/voxbox:${{ matrix.rubygem_puppet }}-latest + docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.ref_name }} + docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }} + docker.io/voxpupuli/voxbox:latest - name: Update Docker Hub Description uses: peter-evans/dockerhub-description@v4 diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3c9a5d2..57f21ad 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -47,13 +47,8 @@ jobs: RUBYGEM_VOXPUPULI_ACCEPTANCE=${{ matrix.rubygem_voxpupuli_acceptance }} RUBYGEM_VOXPUPULI_RELEASE=${{ matrix.rubygem_voxpupuli_release }} RUBYGEM_PUPPET_METADATA=${{ matrix.rubygem_puppet_metadata }} - RUBYGEM_OVERCOMMIT=${{ matrix.rubygem_overcommit }} RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }} RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }} - APK_JQ=${{ matrix.apk_jq }} - APK_YAMLLINT=${{ matrix.apk_yamllint }} - APK_GIT=${{ matrix.apk_git }} - APK_CURL=${{ matrix.apk_curl }} - name: Clone voxpupuli/puppet-example repository uses: actions/checkout@v4 @@ -102,13 +97,8 @@ jobs: RUBYGEM_VOXPUPULI_ACCEPTANCE=${{ matrix.rubygem_voxpupuli_acceptance }} RUBYGEM_VOXPUPULI_RELEASE=${{ matrix.rubygem_voxpupuli_release }} RUBYGEM_PUPPET_METADATA=${{ matrix.rubygem_puppet_metadata }} - RUBYGEM_OVERCOMMIT=${{ matrix.rubygem_overcommit }} RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }} RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }} - APK_JQ=${{ matrix.apk_jq }} - APK_YAMLLINT=${{ matrix.apk_yamllint }} - APK_GIT=${{ matrix.apk_git }} - APK_CURL=${{ matrix.apk_curl }} - name: Clone voxpupuli/puppet-example repository uses: actions/checkout@v4 diff --git a/.github/workflows/security_scanning.yml b/.github/workflows/security_scanning.yml index 906ed1c..853554a 100644 --- a/.github/workflows/security_scanning.yml +++ b/.github/workflows/security_scanning.yml @@ -48,13 +48,8 @@ jobs: RUBYGEM_VOXPUPULI_ACCEPTANCE=${{ matrix.rubygem_voxpupuli_acceptance }} RUBYGEM_VOXPUPULI_RELEASE=${{ matrix.rubygem_voxpupuli_release }} RUBYGEM_PUPPET_METADATA=${{ matrix.rubygem_puppet_metadata }} - RUBYGEM_OVERCOMMIT=${{ matrix.rubygem_overcommit }} RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }} RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }} - APK_JQ=${{ matrix.apk_jq }} - APK_YAMLLINT=${{ matrix.apk_yamllint }} - APK_GIT=${{ matrix.apk_git }} - APK_CURL=${{ matrix.apk_curl }} - name: Scan image with Anchore Grype uses: anchore/scan-action@v5 diff --git a/Dockerfile b/Dockerfile index d90ae5a..82944b4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,13 +4,13 @@ FROM $BASE_IMAGE AS builder # Gems have to be ARG and ENV because they are used as reference in the Gemfile ARG RUBYGEM_PUPPET -ENV RUBYGEM_PUPPET=${RUBYGEM_PUPPET:-8.8.1} +ENV RUBYGEM_PUPPET=${RUBYGEM_PUPPET:-8.10.0} ARG RUBYGEM_FACTER -ENV RUBYGEM_FACTER=${RUBYGEM_FACTER:-4.8.0} +ENV RUBYGEM_FACTER=${RUBYGEM_FACTER:-4.10.0} ARG RUBYGEM_VOXPUPULI_TEST -ENV RUBYGEM_VOXPUPULI_TEST=${RUBYGEM_VOXPUPULI_TEST:-9.0.0} +ENV RUBYGEM_VOXPUPULI_TEST=${RUBYGEM_VOXPUPULI_TEST:-9.2.0} ARG RUBYGEM_VOXPUPULI_ACCEPTANCE ENV RUBYGEM_VOXPUPULI_ACCEPTANCE=${RUBYGEM_VOXPUPULI_ACCEPTANCE:-3.2.0} @@ -19,7 +19,7 @@ ARG RUBYGEM_VOXPUPULI_RELEASE ENV RUBYGEM_VOXPUPULI_RELEASE=${RUBYGEM_VOXPUPULI_RELEASE:-3.1.0} ARG RUBYGEM_PUPPET_METADATA -ENV RUBYGEM_PUPPET_METADATA=${RUBYGEM_PUPPET_METADATA:-4.2.0} +ENV RUBYGEM_PUPPET_METADATA=${RUBYGEM_PUPPET_METADATA:-4.5.0} ARG RUBYGEM_MODULESYNC ENV RUBYGEM_MODULESYNC=${RUBYGEM_MODULESYNC:-3.2.0} @@ -31,10 +31,10 @@ ARG RUBYGEM_RA10KE ENV RUBYGEM_RA10KE=${RUBYGEM_RA10KE:-3.1.0} ARG RUBYGEM_RUBOCOP_PERFORMANCE -ENV RUBYGEM_RUBOCOP_PERFORMANCE=${RUBYGEM_RUBOCOP_PERFORMANCE:-1.21.1} +ENV RUBYGEM_RUBOCOP_PERFORMANCE=${RUBYGEM_RUBOCOP_PERFORMANCE:-1.23.0} ARG RUBYGEM_BUNDLER -ENV RUBYGEM_BUNDLER=${RUBYGEM_BUNDLER:-2.5.18} +ENV RUBYGEM_BUNDLER=${RUBYGEM_BUNDLER:-2.5.23} COPY voxbox/Gemfile / @@ -72,18 +72,12 @@ LABEL org.label-schema.maintainer="Voxpupuli Team " \ org.label-schema.schema-version="1.0" \ org.label-schema.dockerfile="/Dockerfile" -# APKs are not used in any other file, so ARG is sufficient. -ARG APK_JQ=1.7.1-r0 -ARG APK_YAMLLINT=1.35.1-r1 -ARG APK_GIT=2.45.2-r0 -ARG APK_CURL=8.11.0-r2 - RUN apk update \ && apk upgrade \ - && apk add jq=${APK_JQ} \ - && apk add yamllint=${APK_YAMLLINT} \ - && apk add git=${APK_GIT} \ - && apk add curl=${APK_CURL} \ + && apk add jq \ + && apk add yamllint \ + && apk add git \ + && apk add curl \ && rm -rf /var/cache/apk/* \ && rm -rf /usr/local/lib/ruby/gems diff --git a/README.md b/README.md index 2dc9f8e..bd6f553 100644 --- a/README.md +++ b/README.md @@ -113,6 +113,8 @@ rake voxpupuli:custom:lint_all ## Additionally included Tools +- curl +- git - jq - yamllint diff --git a/build_versions.json b/build_versions.json index f82cbfc..b1293f7 100644 --- a/build_versions.json +++ b/build_versions.json @@ -9,16 +9,11 @@ "rubygem_voxpupuli_acceptance": "3.2.0", "rubygem_voxpupuli_release": "3.1.0", "rubygem_puppet_metadata": "4.5.0", - "rubygem_overcommit": "0.64.0", "rubygem_modulesync": "3.2.0", "rubygem_r10k": "4.1.0", "rubygem_ra10ke": "3.1.0", "rubygem_rubocop_performance": "1.22.1", - "rubygem_bundler": "2.4.22", - "apk_jq": "1.6-r1", - "apk_yamllint": "1.26.3-r1", - "apk_git": "2.36.6-r0", - "apk_curl": "8.5.0-r0" + "rubygem_bundler": "2.4.22" }, { "puppet_release": 8, @@ -29,16 +24,11 @@ "rubygem_voxpupuli_acceptance": "3.2.0", "rubygem_voxpupuli_release": "3.1.0", "rubygem_puppet_metadata": "4.5.0", - "rubygem_overcommit": "0.64.0", "rubygem_modulesync": "3.2.0", "rubygem_r10k": "4.1.0", "rubygem_ra10ke": "3.1.0", "rubygem_rubocop_performance": "1.22.1", - "rubygem_bundler": "2.5.22", - "apk_jq": "1.7.1-r0", - "apk_yamllint": "1.35.1-r1", - "apk_git": "2.45.2-r0", - "apk_curl": "8.11.0-r2" + "rubygem_bundler": "2.5.22" } ] }