diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 0000000..b352eb9 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,21 @@ +--- +version: 2 + +updates: + # Maintain dependencies for Docker + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: weekly + assignees: + - "mikenye" + - "fredclausen" + + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + assignees: + - "mikenye" + - "fredclausen" diff --git a/.github/workflows/cancel_dupes.yml b/.github/workflows/cancel_dupes.yml new file mode 100644 index 0000000..3381918 --- /dev/null +++ b/.github/workflows/cancel_dupes.yml @@ -0,0 +1,20 @@ +name: Cancelling Duplicates +on: + workflow_run: + workflows: + - "Deploy" + - "Check Linting" + - "Tests" + types: ["requested"] + +jobs: + cancel-duplicate-workflow-runs: + name: "Cancel duplicate workflow runs" + runs-on: ubuntu-latest + steps: + - uses: potiuk/cancel-workflow-runs@master + name: "Cancel duplicate workflow runs" + with: + cancelMode: allDuplicates + token: ${{ secrets.GITHUB_TOKEN }} + sourceRunId: ${{ github.event.workflow_run.id }} diff --git a/.github/workflows/check_versions.yml b/.github/workflows/check_versions.yml new file mode 100644 index 0000000..ce74f01 --- /dev/null +++ b/.github/workflows/check_versions.yml @@ -0,0 +1,74 @@ +--- +name: Check container software versions + +on: + workflow_dispatch: + # Check for new versions in adsbx repos + schedule: + - cron: "0 12 * * *" + +env: + GHCR_IMAGE: ${{ github.repository }}:latest + GHCR_REGISTRY: ghcr.io + WORKFLOW_FILE_TO_TRIGGER: deploy.yml + WORKFLOW_AUTH_TOKEN: ${{ secrets.GH_PAT_KX1T }} + +jobs: + version_in_container: + name: Check versions in 'latest' image + runs-on: ubuntu-latest + outputs: + currverhash: ${{ steps.current-version.outputs.currverhash }} + steps: + - name: Get versions from ${{ env.GHCR_IMAGE }} + id: current-version + run: | + set -x + docker run --rm --entrypoint cat ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_IMAGE }} /VERSIONS + echo "currverhash=$(docker run --rm --entrypoint md5sum ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_IMAGE }} /VERSIONS)" >> $GITHUB_OUTPUT + + latest_version: + name: Check latest versions + runs-on: ubuntu-latest + outputs: + latestverhash: ${{ steps.latest-version.outputs.latestverhash }} + steps: + - name: Build image + uses: docker/build-push-action@v5 + with: + push: false + load: true + tags: local_image_for_versions:latest + - name: Get versions from newly built image + id: latest-version + run: | + set -x + docker run --rm --entrypoint cat local_image_for_versions /VERSIONS + echo "latestverhash=$(docker run --rm --entrypoint md5sum local_image_for_versions /VERSIONS)" >> $GITHUB_OUTPUT + + display_versions: + name: Display versions + needs: [version_in_container, latest_version] + runs-on: ubuntu-latest + steps: + - name: Display versions + run: | + echo "version hash in current latest image = ${{ needs.version_in_container.outputs.currverhash }}" + echo "version hash in image just built = ${{ needs.latest_version.outputs.latestverhash }}" + echo "will a deployment be triggered = ${{ needs.version_in_container.outputs.currverhash != needs.latest_version.outputs.latestverhash }}" + + trigger_deploy: + name: Trigger deployment of image + needs: [version_in_container, latest_version] + if: ${{ needs.version_in_container.outputs.currverhash != needs.latest_version.outputs.latestverhash }} + runs-on: ubuntu-latest + env: + WORKFLOW_AUTH_TOKEN: ${{ secrets.GH_PAT_KX1T }} + WORKFLOW_REPO: sdr-enthusiasts/docker-tar1090 + WORKFLOW_FILE: deploy.yml + WORKFLOW_REASON: "triggered via deploy_ghcr.yml in sdr-enthusiasts/docker-baseimage" + steps: + - name: Trigger ${{ env.WORKFLOW_FILE }} in ${{ env.WORKFLOW_REPO }} + run: | + echo "$WORKFLOW_AUTH_TOKEN" | gh auth login --with-token + gh workflow run --ref main --repo "$WORKFLOW_REPO" "$WORKFLOW_FILE" -f reason="$WORKFLOW_REASON" diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..be07b2e --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,67 @@ +name: Deploy + +on: + workflow_dispatch: + inputs: + reason: + required: false + description: "Reason for running this workflow" + use_test_image: + required: false + type: boolean + description: "Use base image testpr" + default: false + + push: + branches: + - main + # Trigger only on specific files being updated. + + paths: + - Dockerfile + - rootfs/** + +env: + GHCR_IMAGE: sdr-enthusiasts/docker-vesselalert + GHCR_REGISTRY: ghcr.io + GH_LABEL: main + GHCR_TAG: latest + +jobs: + workflow-dispatch: + name: Triggered via Workflow Dispatch? + # only run this step if workflow dispatch triggered + # log the reason the workflow dispatch was triggered + if: | + github.event_name == 'workflow_dispatch' && + github.event.inputs.reason != '' + runs-on: ubuntu-latest + steps: + - name: Log dispatch reason + env: + INPUTS_REASON: ${{ github.event.inputs.reason }} + INPUTS_USE_TEST_IMAGE: ${{ github.event.inputs.use_test_image }} + run: | + echo "Workflow dispatch reason: $INPUTS_REASON" + echo "Use test image: $INPUTS_USE_TEST_IMAGE" + + deploy: + name: Deploy + uses: sdr-enthusiasts/common-github-workflows/.github/workflows/build_and_push_image.yml@main + with: + push_enabled: true + push_destinations: ghcr.io + ghcr_repo_owner: ${{ github.repository_owner }} + ghcr_repo: ${{ github.repository }} + get_version_method: git_commit_hash_short + # set build_latest to true if github.event.inputs.use_test_image is false + build_latest: ${{ github.event.inputs.use_test_image == 'false' || github.event.inputs.use_test_image == '' }} + build_baseimage_test: ${{ github.event.inputs.use_test_image == 'true' }} + # only build the entire stack if we are not using the test image + build_version_specific: ${{ github.event.inputs.use_test_image == 'false' || github.event.inputs.use_test_image == '' }} + build_platform_specific: ${{ github.event.inputs.use_test_image == 'false' || github.event.inputs.use_test_image == '' }} + build_nohealthcheck: ${{ github.event.inputs.use_test_image == 'false' || github.event.inputs.use_test_image == '' }} + build_baseimage_url: base/base-test-pr + secrets: + ghcr_token: ${{ secrets.GITHUB_TOKEN }} + dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml new file mode 100644 index 0000000..64665c7 --- /dev/null +++ b/.github/workflows/hadolint.yml @@ -0,0 +1,21 @@ +--- +name: Linting (Hadolint) + +on: + workflow_dispatch: + pull_request: + branches: + - main + paths: + - "Dockerfile" + +jobs: + hadolint: + name: Run hadolint against docker files + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Pull hadolint/hadolint:latest Image + run: docker pull hadolint/hadolint:latest + - name: Run hadolint against Dockerfiles + run: docker run --rm -i -v "$PWD":/workdir --workdir /workdir --entrypoint hadolint hadolint/hadolint --ignore SC2086 --ignore DL3003 --ignore DL3006 --ignore DL3010 --ignore DL4001 --ignore DL3007 --ignore DL3008 --ignore SC2068 --ignore DL3007 --ignore SC1091 --ignore DL3013 --ignore DL3010 $(find . -type f -iname "Dockerfile*") diff --git a/.github/workflows/markdownlint.yml b/.github/workflows/markdownlint.yml new file mode 100644 index 0000000..6605760 --- /dev/null +++ b/.github/workflows/markdownlint.yml @@ -0,0 +1,24 @@ +--- +name: Linting (Markdown) + +on: + workflow_dispatch: + pull_request: + branches: + - main + # only run these if markdown files are updated + paths: + - "**.md" + - "**.MD" + +jobs: + markdownlint: + name: Run markdownlint against markdown files + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - name: Pull markdownlint/markdownlint:latest Image + run: docker pull markdownlint/markdownlint:latest + - name: Run markdownlint against *.md files + run: docker run --rm -i -v "$(pwd)":/workdir --workdir /workdir markdownlint/markdownlint:latest --rules ~MD007,~MD013,~MD033,~MD026,~MD002,~MD022,~MD029 $(find . -type f -iname '*.md' | grep -v '/.git/') diff --git a/.github/workflows/on_pr.yml b/.github/workflows/on_pr.yml new file mode 100644 index 0000000..9e0de74 --- /dev/null +++ b/.github/workflows/on_pr.yml @@ -0,0 +1,28 @@ +--- +name: Pull Request + +on: + # Enable manual running of action if necessary + workflow_dispatch: + # Test build/deploy on PRs to main/master + pull_request: + # Only publish on push to main branch + branches: + - main + # Don't trigger if it's just a documentation update + paths-ignore: + - "**.md" + - "**.MD" + - "**.yml" + - "LICENSE" + - ".gitattributes" + - ".gitignore" + - ".dockerignore" + +jobs: + test-build: + name: Test + uses: sdr-enthusiasts/common-github-workflows/.github/workflows/build_and_push_image.yml@main + with: + push_enabled: false + get_version_method: git_commit_hash_short diff --git a/.github/workflows/pre-commit-updates.yaml b/.github/workflows/pre-commit-updates.yaml new file mode 100644 index 0000000..effb642 --- /dev/null +++ b/.github/workflows/pre-commit-updates.yaml @@ -0,0 +1,23 @@ +name: Update pre-commit hooks + +on: + workflow_dispatch: + schedule: + - cron: 0 0 * * 0 + +jobs: + update: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4.1.1 + with: + fetch-depth: 0 + - uses: vrslev/pre-commit-autoupdate@v1.0.0 + - uses: peter-evans/create-pull-request@v5 + with: + branch: pre-commit-autoupdate + title: "chore(deps): Update pre-commit hooks" + commit-message: "chore(deps): Update pre-commit hooks" + body: Update pre-commit hooks + labels: dependencies + delete-branch: True diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml new file mode 100644 index 0000000..9967c08 --- /dev/null +++ b/.github/workflows/shellcheck.yml @@ -0,0 +1,20 @@ +--- +name: Linting (Shellcheck) + +on: + workflow_dispatch: + pull_request: + branches: + - main + # only run these if markdown files are updated + +jobs: + shellcheck: + name: Run shellcheck against shell scripts + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Pull koalaman/shellcheck:stable Image + run: docker pull koalaman/shellcheck:stable + - name: Run Shellcheck against shell scripts + run: docker run --rm -i -v "$PWD:/mnt" koalaman/shellcheck:stable $(find . -type f -exec grep -m1 -l -E '^#!.*sh.*' {} \; | grep -v '/.git/') diff --git a/.github/workflows/yamllint.yml b/.github/workflows/yamllint.yml new file mode 100644 index 0000000..6e1a877 --- /dev/null +++ b/.github/workflows/yamllint.yml @@ -0,0 +1,27 @@ +--- +name: Linting (YAML) + +on: + workflow_dispatch: + pull_request: + branches: + - main + # only run when yaml files are updated + paths: + - "**.yml" + +jobs: + yamllint: + name: Run yamllint against YAML files + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: yaml-lint + uses: ibiqlik/action-yamllint@v3 + with: + config_data: | + extends: default + rules: + line-length: + max: 120 + level: warning