From 36875b29a1f209a27499c7dec75b49a7628b34bf Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Tue, 30 Jul 2024 00:47:57 +0200 Subject: [PATCH 1/6] switch to alpine Signed-off-by: Robert Waffen --- Dockerfile | 13 +++++-------- build_versions.json | 4 ++-- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 962084c..26ac35c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG BASE_IMAGE=docker.io/ruby:3.2.5-bookworm +ARG BASE_IMAGE=docker.io/ruby:3.2.5-alpine3.20 FROM $BASE_IMAGE @@ -45,16 +45,13 @@ COPY voxbox/Gemfile / COPY voxbox/Rakefile / COPY Dockerfile / -RUN apt-get update \ - && apt-get upgrade -y \ - && apt-get install -y yamllint \ - && apt-get autoremove -y \ - && apt-get clean \ +RUN apk update \ + && apk upgrade \ + && apk add --no-cache --update alpine-sdk \ + && apk add --no-cache --update yamllint \ && bundle config set path.system true \ && bundle config set jobs $(nproc) \ && bundle install --gemfile=/Gemfile \ - && apt-get purge -y "libaom*" linux-libc-dev "libmagick*" "imagemagick-*" \ - && rm -rf /var/lib/apt/lists/* \ && rm -rf /usr/local/lib/ruby/gems/*/cache/* \ && rm -rf /usr/local/lib/ruby/gems/2.7.0/gems/cgi-0.1.0.2 \ && rm -rf /usr/local/lib/ruby/gems/2.7.0/specifications/default/cgi-0.1.0.2.gemspec \ diff --git a/build_versions.json b/build_versions.json index 431ea11..04f6cfd 100644 --- a/build_versions.json +++ b/build_versions.json @@ -2,7 +2,7 @@ "include": [ { "puppet_release": 7, - "base_image": "ghcr.io/betadots/ruby:2.7.8-focal", + "base_image": "docker.io/ruby:2.7.8-alpine3.16", "rubygem_puppet": "7.32.1", "rubygem_facter": "4.8.0", "rubygem_voxpupuli_test": "9.0.0", @@ -17,7 +17,7 @@ }, { "puppet_release": 8, - "base_image": "docker.io/ruby:3.2.5-bookworm", + "base_image": "docker.io/ruby:3.2.5-alpine3.20", "rubygem_puppet": "8.8.1", "rubygem_facter": "4.8.0", "rubygem_voxpupuli_test": "9.0.0", From 364fd267890532e8ea401b9a574b40bec5d030b4 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Wed, 31 Jul 2024 10:09:25 +0200 Subject: [PATCH 2/6] add ci test for container Signed-off-by: Robert Waffen --- .github/workflows/ci.yaml | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 18d432a..f1408be 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -65,21 +65,22 @@ jobs: with: sarif_file: 'trivy-results-${{ matrix.rubygem_puppet }}.sarif' - # - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph - # uses: aquasecurity/trivy-action@master - # with: - # scan-type: 'image' - # format: 'github' - # output: 'dependency-results.sbom.json' - # image-ref: 'ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }}' - # github-pat: ${{ secrets.GITHUB_TOKEN }} - - # - name: Upload trivy report as a Github artifact - # uses: actions/upload-artifact@v4 - # with: - # name: trivy-sbom-report - # path: '${{ github.workspace }}/dependency-results.sbom.json' - # retention-days: 20 # 90 is the default + - name: Test container + run: | + mkdir -p /tmp/voxbox + cd /tmp/voxbox + git clone https://github.com/voxpupuli/puppet-example.git + cd puppet-example + docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -T + docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} check + docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} lint + docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} metadata_lint + docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} strings:validate:reference + docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} rubocop + docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} syntax + docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} spec + docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} r10k:syntax + docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} r10k:dependencies tests: needs: From c7e7c1eec1e98935914d7f36c1c692ee087ffc5f Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Wed, 31 Jul 2024 12:15:08 +0200 Subject: [PATCH 3/6] checkout puppet-example the gha way Signed-off-by: Robert Waffen --- .github/workflows/ci.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f1408be..4c2ac90 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -65,11 +65,13 @@ jobs: with: sarif_file: 'trivy-results-${{ matrix.rubygem_puppet }}.sarif' + - name: Clone voxpupuli/puppet-example repository + uses: actions/checkout@v4 + with: + repository: voxpupuli/puppet-example + - name: Test container run: | - mkdir -p /tmp/voxbox - cd /tmp/voxbox - git clone https://github.com/voxpupuli/puppet-example.git cd puppet-example docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -T docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} check From c116f54cf2af476539aa6dc13b88f3f12d1024fd Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Wed, 31 Jul 2024 12:22:53 +0200 Subject: [PATCH 4/6] update test config Signed-off-by: Robert Waffen --- .github/workflows/ci.yaml | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 4c2ac90..f7dac71 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -72,17 +72,16 @@ jobs: - name: Test container run: | - cd puppet-example - docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -T - docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} check - docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} lint - docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} metadata_lint - docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} strings:validate:reference - docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} rubocop - docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} syntax - docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} spec - docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} r10k:syntax - docker run --rm -it ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} r10k:dependencies + docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile -T + docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile check + docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile lint + docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile metadata_lint + docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile strings:validate:reference + docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile rubocop + docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile syntax + docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile spec + docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile r10k:syntax + docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile r10k:dependencies tests: needs: From 863f1a7ea4db4697ba9e81af1faf6700b8b60878 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Wed, 31 Jul 2024 12:26:24 +0200 Subject: [PATCH 5/6] remove interactive container flag Signed-off-by: Robert Waffen --- .github/workflows/ci.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f7dac71..f0d95f6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -72,16 +72,16 @@ jobs: - name: Test container run: | - docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile -T - docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile check - docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile lint - docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile metadata_lint - docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile strings:validate:reference - docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile rubocop - docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile syntax - docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile spec - docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile r10k:syntax - docker run --rm -it -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile r10k:dependencies + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile -T + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile check + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile lint + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile metadata_lint + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile strings:validate:reference + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile rubocop + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile syntax + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile spec + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile r10k:syntax + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile r10k:dependencies tests: needs: From 4b9980366e80f50de5b247251b3e8ac3d88126c3 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Wed, 31 Jul 2024 13:52:34 +0200 Subject: [PATCH 6/6] remove checkt tets, because it complicates things with git Signed-off-by: Robert Waffen --- .github/workflows/ci.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f0d95f6..4e602b3 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -73,7 +73,6 @@ jobs: - name: Test container run: | docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile -T - docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile check docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile lint docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile metadata_lint docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile strings:validate:reference