feat: unpin apk packages, remove overcommit, switch back to github runners

.github/workflows/build_container.yml

@@ -21,43 +21,8 @@ jobs:
       - id: set-matrix
         run: echo "matrix=$(jq -c . build_versions.json)" >> $GITHUB_OUTPUT
 
-  build-X86-container:
-    runs-on: macarne
-    permissions:
-      contents: read
-      packages: write
-    needs: setup-matrix
-    strategy:
-      matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
-    steps:
-      - name: Build Vox Pupuli Test Box r${{ matrix.puppet_release }}
-        uses: voxpupuli/gha-build-and-publish-a-container@v2
-        with:
-          registry_password: ${{ secrets.GITHUB_TOKEN }}
-          build_args: |
-            BASE_IMAGE=${{ matrix.base_image }}
-            RUBYGEM_PUPPET=${{ matrix.rubygem_puppet }}
-            RUBYGEM_FACTER=${{ matrix.rubygem_facter }}
-            RUBYGEM_VOXPUPULI_TEST=${{ matrix.rubygem_voxpupuli_test }}
-            RUBYGEM_VOXPUPULI_ACCEPTANCE=${{ matrix.rubygem_voxpupuli_acceptance }}
-            RUBYGEM_VOXPUPULI_RELEASE=${{ matrix.rubygem_voxpupuli_release }}
-            RUBYGEM_PUPPET_METADATA=${{ matrix.rubygem_puppet_metadata }}
-            RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }}
-            RUBYGEM_RUBOCOP_PERFORMANCE=${{ matrix.rubygem_rubocop_performance }}
-            RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }}
-            APK_JQ=${{ matrix.apk_jq }}
-            APK_YAMLLINT=${{ matrix.apk_yamllint }}
-            APK_GIT=${{ matrix.apk_git }}
-            APK_CURL=${{ matrix.apk_curl }}
-          build_arch: linux/amd64
-          docker_username: voxpupulibot
-          docker_password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}
-          tags: |
-            docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86
-            ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86
-
-  build-ARM-container:
-    runs-on: hetzner-arm
+  build-and-push-container:
+    runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
@@ -80,81 +45,20 @@ jobs:
             RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }}
             RUBYGEM_RUBOCOP_PERFORMANCE=${{ matrix.rubygem_rubocop_performance }}
             RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }}
-            APK_JQ=${{ matrix.apk_jq }}
-            APK_YAMLLINT=${{ matrix.apk_yamllint }}
-            APK_GIT=${{ matrix.apk_git }}
-            APK_CURL=${{ matrix.apk_curl }}
-          build_arch: linux/arm64
+          build_arch: linux/amd64,linux/arm64
           docker_username: voxpupulibot
           docker_password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}
           tags: |
-            docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64
-            ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64
-
-  create-multiarch-manifests:
-    runs-on: ubuntu-latest
-    needs:
-      - setup-matrix
-      - build-X86-container
-      - build-ARM-container
-    strategy:
-      matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
-    steps:
-      - name: Log in to the ghcr.io registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Log in to the docker.io registry
-        uses: docker/login-action@v3
-        with:
-          registry: docker.io
-          username: voxpupulibot
-          password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}
-
-      - name: Create multiarch manifests
-        run: |
-          docker buildx imagetools create -t ghcr.io/voxpupuli/voxbox:${{ matrix.rubygem_puppet }}-${{ github.ref_name }} \
-            ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64 \
-            ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86
-
-          docker buildx imagetools create -t ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.ref_name }} \
-            ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64 \
-            ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86
-
-          docker buildx imagetools create -t ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }} \
-            ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64 \
-            ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86
-
-          docker buildx imagetools create -t ghcr.io/voxpupuli/voxbox:latest \
-            ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64 \
-            ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86
-
-          docker buildx imagetools create -t docker.io/voxpupuli/voxbox:${{ matrix.rubygem_puppet }}-${{ github.ref_name }} \
-            docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64 \
-            docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86
-
-          docker buildx imagetools create -t docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.ref_name }} \
-            docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64 \
-            docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86
-
-          docker buildx imagetools create -t docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }} \
-            docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64 \
-            docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86
-
-          docker buildx imagetools create -t docker.io/voxpupuli/voxbox:latest \
-            docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-arm64 \
-            docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.sha }}-x86
-
-  update-dockerhub-description:
-    runs-on: ubuntu-latest
-    needs:
-      - create-multiarch-manifests
-    steps:
-      - name: Source checkout
-        uses: actions/checkout@v4
+            ghcr.io/voxpupuli/voxbox:${{ matrix.rubygem_puppet }}-${{ github.ref_name }}
+            ghcr.io/voxpupuli/voxbox:${{ matrix.rubygem_puppet }}-latest
+            ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.ref_name }}
+            ghcr.io/voxpupuli/voxbox:${{ matrix.puppet_release }}
+            ghcr.io/voxpupuli/voxbox:latest
+            docker.io/voxpupuli/voxbox:${{ matrix.rubygem_puppet }}-${{ github.ref_name }}
+            docker.io/voxpupuli/voxbox:${{ matrix.rubygem_puppet }}-latest
+            docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}-${{ github.ref_name }}
+            docker.io/voxpupuli/voxbox:${{ matrix.puppet_release }}
+            docker.io/voxpupuli/voxbox:latest
 
       - name: Update Docker Hub Description
         uses: peter-evans/dockerhub-description@v4

.github/workflows/ci.yaml

@@ -47,13 +47,8 @@ jobs:
             RUBYGEM_VOXPUPULI_ACCEPTANCE=${{ matrix.rubygem_voxpupuli_acceptance }}
             RUBYGEM_VOXPUPULI_RELEASE=${{ matrix.rubygem_voxpupuli_release }}
             RUBYGEM_PUPPET_METADATA=${{ matrix.rubygem_puppet_metadata }}
-            RUBYGEM_OVERCOMMIT=${{ matrix.rubygem_overcommit }}
             RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }}
             RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }}
-            APK_JQ=${{ matrix.apk_jq }}
-            APK_YAMLLINT=${{ matrix.apk_yamllint }}
-            APK_GIT=${{ matrix.apk_git }}
-            APK_CURL=${{ matrix.apk_curl }}
 
       - name: Clone voxpupuli/puppet-example repository
         uses: actions/checkout@v4
@@ -102,13 +97,8 @@ jobs:
             RUBYGEM_VOXPUPULI_ACCEPTANCE=${{ matrix.rubygem_voxpupuli_acceptance }}
             RUBYGEM_VOXPUPULI_RELEASE=${{ matrix.rubygem_voxpupuli_release }}
             RUBYGEM_PUPPET_METADATA=${{ matrix.rubygem_puppet_metadata }}
-            RUBYGEM_OVERCOMMIT=${{ matrix.rubygem_overcommit }}
             RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }}
             RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }}
-            APK_JQ=${{ matrix.apk_jq }}
-            APK_YAMLLINT=${{ matrix.apk_yamllint }}
-            APK_GIT=${{ matrix.apk_git }}
-            APK_CURL=${{ matrix.apk_curl }}
 
       - name: Clone voxpupuli/puppet-example repository
         uses: actions/checkout@v4

.github/workflows/security_scanning.yml

@@ -48,13 +48,8 @@ jobs:
             RUBYGEM_VOXPUPULI_ACCEPTANCE=${{ matrix.rubygem_voxpupuli_acceptance }}
             RUBYGEM_VOXPUPULI_RELEASE=${{ matrix.rubygem_voxpupuli_release }}
             RUBYGEM_PUPPET_METADATA=${{ matrix.rubygem_puppet_metadata }}
-            RUBYGEM_OVERCOMMIT=${{ matrix.rubygem_overcommit }}
             RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }}
             RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }}
-            APK_JQ=${{ matrix.apk_jq }}
-            APK_YAMLLINT=${{ matrix.apk_yamllint }}
-            APK_GIT=${{ matrix.apk_git }}
-            APK_CURL=${{ matrix.apk_curl }}
 
       - name: Scan image with Anchore Grype
         uses: anchore/scan-action@v5

Dockerfile

@@ -4,13 +4,13 @@ FROM $BASE_IMAGE AS builder
 
 # Gems have to be ARG and ENV because they are used as reference in the Gemfile
 ARG RUBYGEM_PUPPET
-ENV RUBYGEM_PUPPET=${RUBYGEM_PUPPET:-8.8.1}
+ENV RUBYGEM_PUPPET=${RUBYGEM_PUPPET:-8.10.0}
 
 ARG RUBYGEM_FACTER
-ENV RUBYGEM_FACTER=${RUBYGEM_FACTER:-4.8.0}
+ENV RUBYGEM_FACTER=${RUBYGEM_FACTER:-4.10.0}
 
 ARG RUBYGEM_VOXPUPULI_TEST
-ENV RUBYGEM_VOXPUPULI_TEST=${RUBYGEM_VOXPUPULI_TEST:-9.0.0}
+ENV RUBYGEM_VOXPUPULI_TEST=${RUBYGEM_VOXPUPULI_TEST:-9.2.0}
 
 ARG RUBYGEM_VOXPUPULI_ACCEPTANCE
 ENV RUBYGEM_VOXPUPULI_ACCEPTANCE=${RUBYGEM_VOXPUPULI_ACCEPTANCE:-3.2.0}
@@ -19,7 +19,7 @@ ARG RUBYGEM_VOXPUPULI_RELEASE
 ENV RUBYGEM_VOXPUPULI_RELEASE=${RUBYGEM_VOXPUPULI_RELEASE:-3.1.0}
 
 ARG RUBYGEM_PUPPET_METADATA
-ENV RUBYGEM_PUPPET_METADATA=${RUBYGEM_PUPPET_METADATA:-4.2.0}
+ENV RUBYGEM_PUPPET_METADATA=${RUBYGEM_PUPPET_METADATA:-4.5.0}
 
 ARG RUBYGEM_MODULESYNC
 ENV RUBYGEM_MODULESYNC=${RUBYGEM_MODULESYNC:-3.2.0}
@@ -31,10 +31,10 @@ ARG RUBYGEM_RA10KE
 ENV RUBYGEM_RA10KE=${RUBYGEM_RA10KE:-3.1.0}
 
 ARG RUBYGEM_RUBOCOP_PERFORMANCE
-ENV RUBYGEM_RUBOCOP_PERFORMANCE=${RUBYGEM_RUBOCOP_PERFORMANCE:-1.21.1}
+ENV RUBYGEM_RUBOCOP_PERFORMANCE=${RUBYGEM_RUBOCOP_PERFORMANCE:-1.23.0}
 
 ARG RUBYGEM_BUNDLER
-ENV RUBYGEM_BUNDLER=${RUBYGEM_BUNDLER:-2.5.18}
+ENV RUBYGEM_BUNDLER=${RUBYGEM_BUNDLER:-2.5.23}
 
 COPY voxbox/Gemfile /
 
@@ -72,18 +72,12 @@ LABEL org.label-schema.maintainer="Voxpupuli Team <[email protected]>" \
       org.label-schema.schema-version="1.0" \
       org.label-schema.dockerfile="/Dockerfile"
 
-# APKs are not used in any other file, so ARG is sufficient.
-ARG APK_JQ=1.7.1-r0
-ARG APK_YAMLLINT=1.35.1-r1
-ARG APK_GIT=2.45.2-r0
-ARG APK_CURL=8.11.0-r2
-
 RUN apk update \
     && apk upgrade \
-    && apk add jq=${APK_JQ} \
-    && apk add yamllint=${APK_YAMLLINT} \
-    && apk add git=${APK_GIT} \
-    && apk add curl=${APK_CURL} \
+    && apk add jq \
+    && apk add yamllint \
+    && apk add git \
+    && apk add curl \
     && rm -rf /var/cache/apk/* \
     && rm -rf /usr/local/lib/ruby/gems
 

README.md

@@ -113,6 +113,8 @@ rake voxpupuli:custom:lint_all
 
 ## Additionally included Tools
 
+- curl
+- git
 - jq
 - yamllint
 

build_versions.json

@@ -9,16 +9,11 @@
       "rubygem_voxpupuli_acceptance": "3.2.0",
       "rubygem_voxpupuli_release": "3.1.0",
       "rubygem_puppet_metadata": "4.5.0",
-      "rubygem_overcommit": "0.64.0",
       "rubygem_modulesync": "3.2.0",
       "rubygem_r10k": "4.1.0",
       "rubygem_ra10ke": "3.1.0",
       "rubygem_rubocop_performance": "1.22.1",
-      "rubygem_bundler": "2.4.22",
-      "apk_jq": "1.6-r1",
-      "apk_yamllint": "1.26.3-r1",
-      "apk_git": "2.36.6-r0",
-      "apk_curl": "8.5.0-r0"
+      "rubygem_bundler": "2.4.22"
     },
     {
       "puppet_release": 8,
@@ -29,16 +24,11 @@
       "rubygem_voxpupuli_acceptance": "3.2.0",
       "rubygem_voxpupuli_release": "3.1.0",
       "rubygem_puppet_metadata": "4.5.0",
-      "rubygem_overcommit": "0.64.0",
       "rubygem_modulesync": "3.2.0",
       "rubygem_r10k": "4.1.0",
       "rubygem_ra10ke": "3.1.0",
       "rubygem_rubocop_performance": "1.22.1",
-      "rubygem_bundler": "2.5.22",
-      "apk_jq": "1.7.1-r0",
-      "apk_yamllint": "1.35.1-r1",
-      "apk_git": "2.45.2-r0",
-      "apk_curl": "8.11.0-r2"
+      "rubygem_bundler": "2.5.22"
     }
   ]
 }