initial commit

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# No matter which file got changed, request a review from the main developers
+ * @voxpupuli/tools-containerimages

.github/dependabot.yml

@@ -0,0 +1,25 @@
+---
+version: 2
+updates:
+  # raise PRs for gem updates
+  - package-ecosystem: bundler
+    directory: "/"
+    schedule:
+      interval: daily
+      time: "13:00"
+    open-pull-requests-limit: 10
+
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: daily
+      time: "13:00"
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+      time: "13:00"
+    open-pull-requests-limit: 10

.github/labeler.yml

@@ -0,0 +1,3 @@
+---
+skip-changelog:
+ - head-branch: ['^release-*', 'release']

.github/workflows/build_container.yml

@@ -0,0 +1,63 @@
+---
+name: Build and publish a 🛢️ container
+
+on:
+  push:
+    branches:
+      - 'main'
+    tags:
+      - '*'
+  workflow_dispatch:
+
+jobs:
+  setup-matrix:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - name: Source checkout
+        uses: actions/checkout@v4
+
+      - id: set-matrix
+        run: echo "matrix=$(jq -c . build_versions.json)" >> $GITHUB_OUTPUT
+
+  build-and-push-container:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    needs: setup-matrix
+    strategy:
+      matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
+    steps:
+      - name: Build Puppet Development Container ${{ matrix.puppet_release }}
+        uses: voxpupuli/gha-build-and-publish-a-container@v2
+        with:
+          registry_password: ${{ secrets.GITHUB_TOKEN }}
+          build_args: |
+            BASE_IMAGE=${{ matrix.base_image }}
+            RUBYGEM_PUPPET=${{ matrix.rubygem_puppet }}
+            RUBYGEM_FACTER=${{ matrix.facter_version }}
+            RUBYGEM_VOXPUPULI_TEST=${{ matrix.rubygem_voxpupuli_test }}
+            RUBYGEM_VOXPUPULI_ACCEPTANCE=${{ matrix.rubygem_voxpupuli_acceptance }}
+            RUBYGEM_VOXPUPULI_RELEASE=${{ matrix.rubygem_voxpupuli_release }}
+            RUBYGEM_PUPPET_METADATA=${{ matrix.rubygem_puppet_metadata }}
+            RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }}
+          build_arch: linux/amd64,linux/arm64
+          docker_username: voxpupulibot
+          docker_password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}
+          tags: |
+            ghcr.io/voxpupuli/voxbox:${{ matrix.rubygem_puppet }}-${{ github.ref_name }}
+            ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.ref_name }}
+            ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}
+            ghcr.io/voxpupuli/voxbox:latest
+            docker.io/voxpupuli/voxbox:${{ matrix.rubygem_puppet }}-${{ github.ref_name }}
+            docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.ref_name }}
+            docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}
+            docker.io/voxpupuli/voxbox:latest
+
+      - name: Update Docker Hub Description
+        uses: peter-evans/dockerhub-description@v4
+        with:
+          username: voxpupulibot
+          password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}

.github/workflows/ci.yaml

@@ -0,0 +1,74 @@
+---
+name: CI🚦
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  setup-matrix:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - name: Source checkout
+        uses: actions/checkout@v4
+
+      - id: set-matrix
+        run: echo "matrix=$(jq -c . build_versions.json)" >> $GITHUB_OUTPUT
+
+  build_test_container:
+    name: 'Build test container'
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    needs: setup-matrix
+    strategy:
+      matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v5
+        with:
+          tags: 'ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }}'
+          push: false
+          build-args: |
+            BASE_IMAGE=${{ matrix.base_image }}
+            RUBYGEM_PUPPET=${{ matrix.rubygem_puppet }}
+            RUBYGEM_FACTER=${{ matrix.facter_version }}
+            RUBYGEM_VOXPUPULI_TEST=${{ matrix.rubygem_voxpupuli_test }}
+            RUBYGEM_VOXPUPULI_ACCEPTANCE=${{ matrix.rubygem_voxpupuli_acceptance }}
+            RUBYGEM_VOXPUPULI_RELEASE=${{ matrix.rubygem_voxpupuli_release }}
+            RUBYGEM_PUPPET_METADATA=${{ matrix.rubygem_puppet_metadata }}
+            RUBYGEM_OVERCOMMIT=${{ matrix.rubygem_overcommit }}
+            RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }}
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }}'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'
+          matrix: ${{ toJson(matrix) }}
+
+  tests:
+    needs:
+      - build_test_container
+    runs-on: ubuntu-latest
+    name: Test suite
+    steps:
+      - run: echo Test suite completed

.github/workflows/labeler.yml

@@ -0,0 +1,14 @@
+---
+name: "Pull Request Labeler"
+
+on:
+  pull_request_target: {}
+
+jobs:
+  labeler:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/labeler@v5

.gitignore

@@ -0,0 +1,3 @@
+.bundle/
+vendor/
+Gemfile.lock

CONTRIBUTING.md

@@ -0,0 +1,17 @@
+# How to contribute
+
+PRs are very welcome!
+
+## Adding code
+
+- Create a fork
+- Create a branch
+- Do your thing
+- [Please sign all your commits](https://docs.github.com/de/authentication/managing-commit-signature-verification)
+- Create a PR
+  - Reference issues if applicable
+
+## Found a bug?
+
+- Please open an issue
+- If you are able to fix it you also can open a PR (see above)

Dockerfile

@@ -0,0 +1,44 @@
+ARG BASE_IMAGE=ruby:2.7.8
+
+FROM $BASE_IMAGE
+
+LABEL org.label-schema.maintainer="Voxpupuli Team <[email protected]>" \
+      org.label-schema.vendor="Voxpupuli" \
+      org.label-schema.url="https://github.com/voxpupuli/container-voxbox" \
+      org.label-schema.name="Vox Pupuli Test Box" \
+      org.label-schema.license="AGPL-3.0-or-later" \
+      org.label-schema.vcs-url="https://github.com/voxpupuli/container-voxbox" \
+      org.label-schema.schema-version="1.0" \
+      org.label-schema.dockerfile="/Dockerfile"
+
+ARG RUBYGEM_PUPPET
+ENV RUBYGEM_PUPPET=${RUBYGEM_PUPPET:-7.29.1}
+
+ARG RUBYGEM_FACTER
+ENV RUBYGEM_FACTER=${RUBYGEM_FACTER:-4.6.1}
+
+ARG RUBYGEM_VOXPUPULI_TEST
+ENV RUBYGEM_VOXPUPULI_TEST=${RUBYGEM_VOXPUPULI_TEST:-7.1.0}
+
+ARG RUBYGEM_VOXPUPULI_ACCEPTANCE
+ENV RUBYGEM_VOXPUPULI_ACCEPTANCE=${RUBYGEM_VOXPUPULI_ACCEPTANCE:-3.0.0}
+
+ARG RUBYGEM_VOXPUPULI_RELEASE
+ENV RUBYGEM_VOXPUPULI_RELEASE=${RUBYGEM_VOXPUPULI_RELEASE:-3.0.1}
+
+ARG RUBYGEM_PUPPET_METADATA
+ENV RUBYGEM_PUPPET_METADATA=${RUBYGEM_PUPPET_METADATA:-3.6.0}
+
+ARG RUBYGEM_MODULESYNC
+ENV RUBYGEM_MODULESYNC=${RUBYGEM_MODULESYNC:-3.2.0}
+
+COPY voxbox/Gemfile /
+COPY Dockerfile /
+
+RUN bundle config set path.system true && \
+    bundle install --gemfile=/Gemfile
+
+WORKDIR /repo
+
+ENTRYPOINT [ "rake" ]
+CMD [ "-T" ]

Gemfile

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+source ENV['GEM_SOURCE'] || 'https://rubygems.org'
+
+group :release do
+  gem 'github_changelog_generator', '~> 1.16.4', require: false
+end