Skip to content

Commit

Permalink
ops updates, fixes, dependabot config
Browse files Browse the repository at this point in the history
  • Loading branch information
@kerberizer
kerberizer committed Dec 5, 2024
1 parent 5a26c00 commit d2deb68
Show file tree
Hide file tree
Showing 4 changed files with 56 additions and 29 deletions.
19 changes: 19 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
version: 2
updates:

# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
assignees:
- "kerberizer"

# Maintain dependencies for JS
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
assignees:
- "kerberizer"
45 changes: 28 additions & 17 deletions .github/workflows/docker-publish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,11 @@ on: # yamllint disable-line rule:truthy
branches:
- main
- develop
tags:
- v*.*.*
workflow_dispatch:
pull_request:
branches:
- main
- develop
workflow_dispatch:

env:
REGISTRY: ghcr.io
Expand All @@ -27,15 +29,18 @@ jobs:
id-token: write

steps:

- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4.1.7
with:
submodules: recursive

# TODO: Temporary solution for using different backends.
- name: Set up appropriate backend
run: >-
if [[ '${{ github.ref }}' == 'refs/heads/main' ]]; then
if [[ '${{ github.event_name }}' == 'pull_request' ]]; then
api_url='https://api-test2.ramanchada.ideaconsult.net/template'
elif [[ '${{ github.ref }}' == 'refs/heads/main' ]]; then
api_url="https://api.ramanchada.ideaconsult.net/template"
elif [[ '${{ github.ref }}' == 'refs/heads/develop' ]]; then
api_url='https://api-test.ramanchada.ideaconsult.net/template'
Expand All @@ -49,19 +54,19 @@ jobs:
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@v3.3.0
uses: sigstore/cosign-installer@v3.7.0
with:
cosign-release: 'v2.2.3'
cosign-release: 'v2.4.1'

# Workaround: https://github.com/docker/build-push-action/issues/461
- name: Setup Docker buildx
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
uses: docker/setup-buildx-action@v3.7.1

# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
uses: docker/login-action@v3.3.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
Expand All @@ -71,12 +76,18 @@ jobs:
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
uses: docker/metadata-action@v5.6.1
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
labels: |
org.opencontainers.image.description=Template Designer Service
org.opencontainers.image.licenses=MIT
org.opencontainers.image.title=template-designer
org.opencontainers.image.url=https://github.com/ideaconsult/templateforge/blob/main/README.md
org.opencontainers.image.vendor=IDEAconsult
tags: |
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'develop') }}
type=raw,value=stable,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/develop' }}
type=raw,value=stable,enable=${{ github.ref == 'refs/heads/main' }}
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
Expand All @@ -85,22 +96,22 @@ jobs:
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@v3
uses: docker/build-push-action@v6.10.0
with:
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
labels: ${{ steps.meta.outputs.labels }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max

# Sign the resulting Docker image digest except on PRs.
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish
# transparency data even for private images, pass --force to cosign below.
# https://github.com/sigstore/cosign
- name: Sign the published Docker image
if: ${{ github.event_name != 'pull_request' }}
if: github.event_name != 'pull_request'
env:
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
TAGS: ${{ steps.meta.outputs.tags }}
Expand Down
7 changes: 7 additions & 0 deletions .yamllint.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
extends: default
rules:
line-length:
max: 119
new-lines:
type: platform
14 changes: 2 additions & 12 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM node:lts-alpine as requirements-stage
FROM node:lts-alpine AS requirements-stage

WORKDIR /tmp

Expand All @@ -15,17 +15,7 @@ RUN npm install
#RUN npm run lint
RUN npm run build-docker

FROM nginx:mainline

LABEL maintainer="Luchesar ILIEV <[email protected]>" \
org.opencontainers.image.created=$BUILD_DATE \
org.opencontainers.image.description="Template Designer Service" \
org.opencontainers.image.revision=$VCS_REF \
org.opencontainers.image.schema-version="1.0" \
org.opencontainers.image.source="https://github.com/ideaconsult/templateforge" \
org.opencontainers.image.title="template-designer" \
org.opencontainers.image.url="https://github.com/ideaconsult/templateforge/blob/main/README.md" \
org.opencontainers.image.vendor="IDEAconsult" \
org.opencontainers.image.version="latest"
FROM nginx:mainline

COPY --from=requirements-stage /tmp/dist /usr/share/nginx/html

0 comments on commit d2deb68

Please sign in to comment.