diff --git a/.gitattributes b/.gitattributes index 6313b56..8df86ec 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1,2 @@ * text=auto eol=lf +*.md diff=markdown -whitespace diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 89c9e33..5601750 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,8 +20,8 @@ permissions: pull-requests: write env: - REGISTRY: ${{ vars.DOCKERHUB_USER && 'docker.io' || 'ghcr.io' }} - REGISTRY_USER: ${{ vars.DOCKERHUB_USER || github.repository_owner }} + REGISTRY: ${{ vars.DOCKERHUB_USERNAME && 'docker.io' || 'ghcr.io' }} + REGISTRY_USER: ${{ vars.DOCKERHUB_USERNAME || github.repository_owner }} GITHUB_SHA: ${{ github.event.pull_request.head.sha || github.event.after || github.sha }} BUILDKIT_PROGRESS: plain @@ -29,38 +29,39 @@ jobs: test: runs-on: ubuntu-latest env: - REGISTRY: ${{ vars.DOCKERHUB_USER && 'docker.io' || 'ghcr.io' }} + REGISTRY: ${{ vars.DOCKERHUB_USERNAME && 'docker.io' || 'ghcr.io' }} outputs: targets: ${{ steps.matrix.outputs.targets }} steps: - # kics-scan ignore-line - - uses: actions/checkout@v4 + - name: Checkout code + # kics-scan ignore-line + uses: actions/checkout@v4.0.0 - # kics-scan ignore-line - - uses: docker/setup-qemu-action@v3.0.0 - name: Set up QEMU + - name: Setup QEMU + # kics-scan ignore-line + uses: docker/setup-qemu-action@v3.0.0 - - name: Set up Docker Buildx + - name: Setup Docker Buildx # kics-scan ignore-line uses: docker/setup-buildx-action@v3.0.0 - - name: get docker binary path + - name: Get the docker binary path id: docker-binary-path run: echo "DOCKER_BINARY_PATH=$(which docker)" >> "$GITHUB_OUTPUT" - - name: print bake file with empty env + - name: Print the bake file with a empty env id: bake-file-no-env run: env -i ${{ steps.docker-binary-path.outputs.DOCKER_BINARY_PATH }} buildx bake --print - - name: verify tag ends on -local + - name: Verify the tag ends on -local run: | BAKE_TAG="$(env -i ${{ steps.docker-binary-path.outputs.DOCKER_BINARY_PATH }} buildx bake --print | jq -r '[.target[].tags[]][0]')" [[ "${BAKE_TAG}" == *"-local" ]] || exit 1 - - name: print bake file + - name: Print the bake file with the runner env run: docker buildx bake --print - - name: validate tag + - name: Validate tag ends on -${{ github.base_ref || github.ref_name }} run: | BAKE_TAG="$(docker buildx bake --print | jq -r '[.target[].tags[]][0]')" [[ "${BAKE_TAG}" == *"-${{ github.base_ref || github.ref_name}}" ]] || exit 1 @@ -70,7 +71,7 @@ jobs: run: printf "targets=%s\n" "$(docker buildx bake --print | jq -r '"\(.target | keys)"')" >>"${GITHUB_OUTPUT}" - name: Show matrix - run: echo '${{ steps.matrix.outputs.targets }}' | jq + run: "echo '${{ steps.matrix.outputs.targets }}' | jq" build: needs: test @@ -79,7 +80,7 @@ jobs: matrix: targets: ${{ fromJson(needs.test.outputs.targets) }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.0.0 - name: Free up disk space # kics-scan ignore-line @@ -88,13 +89,13 @@ jobs: deleteDotnet: 'true' deleteAndroid: 'true' - # kics-scan ignore-line - - uses: docker/setup-qemu-action@v3.0.0 - name: Set up QEMU + - name: Setup QEMU + # kics-scan ignore-line + uses: docker/setup-qemu-action@v3.0.0 - # kics-scan ignore-line - - uses: docker/setup-buildx-action@v3.0.0 - name: Set up Docker Buildx + - name: Setup Docker Buildx + # kics-scan ignore-line + uses: docker/setup-buildx-action@v3.0.0 with: driver: docker-container driver-opts: image=moby/buildkit:v0.12.2 @@ -107,7 +108,7 @@ jobs: name: Login to ${{ env.REGISTRY }} with: registry: ${{ env.REGISTRY }} - username: ${{ vars.DOCKERHUB_USER || github.repository_owner }} + username: ${{ vars.DOCKERHUB_USERNAME || github.repository_owner }} password: ${{ secrets.DOCKERHUB_TOKEN || secrets.GITHUB_TOKEN }} logout: true @@ -139,7 +140,7 @@ jobs: # write-comment: ${{ github.actor != 'nektos/act' }} # summary: ${{ github.actor != 'nektos/act' }} # github-token: ${{ secrets.GITHUB_TOKEN }} - # organization: ${{ vars.DOCKERHUB_USER || github.repository_owner }} + # organization: ${{ vars.DOCKERHUB_USERNAME || github.repository_owner }} approve-pr: name: Approve PR @@ -161,11 +162,3 @@ jobs: env: PR_URL: ${{github.event.pull_request.html_url}} GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - - # auto merge dependabot PRs - - name: Merge DependaBot - if: github.actor == 'dependabot[bot]' && needs.build.result == 'success' - run: gh pr merge --auto --merge "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/dockerhub-description.yml b/.github/workflows/dockerhub-description.yml index 9368229..cf86b3e 100644 --- a/.github/workflows/dockerhub-description.yml +++ b/.github/workflows/dockerhub-description.yml @@ -17,14 +17,16 @@ jobs: dockerHubDescription: name: Update Docker-Hub description runs-on: ubuntu-latest + # Ensure this job only runs if the Docker-Hub user is set + if: vars.DOCKERHUB_USERNAME != '' steps: - - uses: actions/checkout@v4 + - name: Checkout code + uses: actions/checkout@v4.0.0 - name: Docker Hub Description uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864 with: - username: ${{ github.repository_owner }} + username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - repository: ${{ github.repository_owner }}/ubuntu-act + repository: ${{ format('{0}/{1}', vars.DOCKERHUB_USERNAME, 'ubuntu-act') }} short-description: ${{ github.event.repository.description }} - enable-url-completion: true diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 7ae54ce..0e21236 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -127,10 +127,10 @@ jobs: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository ) - run: sudo chown -Rc "${UID}" .git/ + run: sudo chown -Rc $UID .git/ # kics-scan ignore-line - - uses: stefanzweifel/git-auto-commit-action@v4 + - uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a name: Commit and push applied linter fixes if: >- github.actor != 'nektos/act' && diff --git a/.gitignore b/.gitignore index d1a4f6e..31d4c4b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,8 @@ +# directory created by megalinter megalinter-reports/ + +# Files used to configure nektos/act +.act +.actrc .secrets -.vars \ No newline at end of file +.vars diff --git a/.hadolint.yaml b/.hadolint.yaml index 25e351a..d530391 100644 --- a/.hadolint.yaml +++ b/.hadolint.yaml @@ -1,3 +1,4 @@ +--- # yaml-language-server: $schema=https://raw.githubusercontent.com/hadolint/hadolint/master/contrib/hadolint.json ignored: diff --git a/.mega-linter.yml b/.mega-linter.yml index 3cb33aa..b64d02f 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -1,27 +1,14 @@ --- # yaml-language-server: $schema=https://raw.githubusercontent.com/oxsecurity/megalinter/main/megalinter/descriptors/schemas/megalinter-configuration.jsonschema.json - # Configuration file for MegaLinter # See all available variables at https://megalinter.io/latest/config-file/ and in linters documentation - -APPLY_FIXES: all # all, none, or list of linter keys -# ENABLE: # If you use ENABLE variable, all other languages/formats/tooling-formats will be disabled by default -# ENABLE_LINTERS: # If you use ENABLE_LINTERS variable, all other linters will be disabled by default - -DISABLE: - - TERRAFORM -# - COPYPASTE # Uncomment to disable checks of excessive copy-pastes -# - SPELL # Comment to enable checks of spelling mistakes - -# DISABLE_ERRORS: true # Uncomment if you want MegaLinter to detect errors but not block CI to pass - +APPLY_FIXES: 'all' # all, none, or list of linter keys +CLEAR_REPORT_FOLDER: true DISABLE_LINTERS: - REPOSITORY_SEMGREP # doesn't work for me currently - FILEIO_REPORTER: false -FILTER_REGEX_EXCLUDE: '(megalinter-reports)' +# FILTER_REGEX_EXCLUDE: '(megalinter-reports)' IGNORE_GITIGNORED_FILES: true -MARKDOWN_FILTER_REGEX_EXCLUDE: '(license\.md)' -SPELL_LYCHEE_FILTER_REGEX_EXCLUDE: '(\.github/workflows|\.mega-linter\.yml)' SHOW_ELAPSED_TIME: true +SPELL_LYCHEE_FILTER_REGEX_EXCLUDE: '(\.github/workflows|\.mega-linter\.yml)' YAML_V8R_FILTER_REGEX_EXCLUDE: '(\.prettierrc\.yaml)' diff --git a/.vars.example b/.vars.example index 2495db1..c11adc3 100644 --- a/.vars.example +++ b/.vars.example @@ -1 +1 @@ -DOCKERHUB_USER= +DOCKERHUB_USERNAME= diff --git a/.vscode/settings.json b/.vscode/settings.json index 18c6765..ebe1a86 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -4,6 +4,10 @@ "strings": true } }, + "[ignore]": { + "editor.defaultFormatter": "foxundermoon.shell-format", + "files.insertFinalNewline": true + }, "[markdown]": { "diffEditor.ignoreTrimWhitespace": false, "editor.defaultFormatter": "esbenp.prettier-vscode", diff --git a/README.md b/README.md index 895c2a4..f141ad5 100644 --- a/README.md +++ b/README.md @@ -12,21 +12,21 @@ [![MegaLinter](https://github.com/mauwii/act-docker-images/workflows/MegaLinter/badge.svg?branch=main&event=push)][workflowMegaLinter] [![Docker-Hub description](https://github.com/mauwii/act-docker-images/actions/workflows/dockerhub-description.yml/badge.svg?branch=main)][workflowDhDesc] -## ⚠️ Heavily under construction... ⚠️ - -...so please do not use this anywhere in production ❗ +> [!WARNING] +> Heavily under construction, so please do not use this anywhere in production ## What -The docker images in this repository can be used with [nektos/act][nektosActRepo], which is a very -handy tool to run your github workflows locally. +The docker images in this repository are made to be used with [nektos/act][nektosActRepo], which is +a very handy tool to execute github workflows locally. If you don't know it yet, I highly recommend to check it out 🤓 ## Why In the other Images I had problems with executing azure related tools, so I decided to create my own -image which is heavily inspired by the images of [catthehacker][catthehackerImages] +image which is heavily inspired by the images of [catthehacker][catthehackerImages] and the +[official runner images][actionsRunnerImages]. ## How to use @@ -41,7 +41,7 @@ The easiest way is to add those lines in your `~/.actrc`: -P ubuntu-20.04=mauwii/ubuntu-act:20.04 ``` -For further Informations about nektos/arc and how to use it, take a 👀 at the [nektos +For further Informations about nektos/act and how to use it, take a 👀 at the [nektos documentation📖][nektosDocs] ## How I run act on my M2-Max 💻 @@ -52,19 +52,21 @@ documentation📖][nektosDocs] brew install act ``` + > [!IMPORTANT] + > Use `act --version` to make sure you have at least `act version 0.2.51`, which came with support + > for node20 + - set an alias to always pass the GITHUB_TOKEN (requires github-cli (`brew install gh`)) ```bash - # always add gh auth token to act - if validate_command act; then + if command -v act >/dev/null 2>&1; then alias act='act -s GITHUB_TOKEN="$(gh auth token)"' - # add alias to use gh act as act if gh-act is installed and act is not found elif gh extension list | grep -q "nektos/gh-act"; then alias act='gh act -s GITHUB_TOKEN="$(gh auth token)"' fi ``` -- Docker-Desktop settings: +- 🐳 Docker-Desktop settings: - Docker Engine (`~/.docker/daemon.json`): @@ -85,37 +87,54 @@ documentation📖][nektosDocs] - Features in Development: - - [ ] containerd - - [ ] wasm - - [x] rosetta - - [x] builds view + - ❌ containerd + - ❌ wasm + - ✅ rosetta + - ✅ builds view - Advanced: - - [ ] system - - [x] user - - [x] Allow the default Docker socket to be used - - [ ] Allow privileged port mapping - - [x] Automatically check configuration + - ❌ system + - ✅ user + - ✅ Allow the default Docker socket to be used + - ❌ Allow privileged port mapping + - ✅ Automatically check configuration - `~/.actrc`: - ```text + ```bash --rm -P ubuntu-latest=mauwii/ubuntu-act:latest -P ubuntu-22.04=mauwii/ubuntu-act:22.04 -P ubuntu-20.04=mauwii/ubuntu-act:20.04 ``` -## bake file +## docker-bake file -I would recommend to execute the ci workflow via act, but if you want to make use of the bake file -to build the image locally locally, you could do so like this: +As always, there are different options to build the images locally. I added `docker-bake.hcl` which +helps with orchestrating builds and needs buildx to be available, which comes out of the box with +docker desktop. Bake Files are still considered experimental, and your results may be totally +different depending on your local docker configuration. -```bash -GITHUB_SHA=$(git rev-parse HEAD) \ -REF_NAME=$(git rev-parse --abbrev-ref HEAD) \ -docker buildx bake --set "*.platform=linux/arm64" -``` +- using the `local` tag: + + ```bash + docker buildx bake \ + --set "*.platform=linux/$(uname -m)" + ``` + +- using the current branch as a tag name and set better labels, without pushing the cache to the + registry: + + ```bash + GITHUB_SHA="$(git rev-parse HEAD)" \ + REF_NAME="$(git rev-parse --abbrev-ref HEAD)" \ + docker buildx bake \ + --set="*.cache-to=" \ + --set="*.platform=linux/$(uname -m)" + ``` + + When you do this from the main branch and already use the latest image, it will be replaced with + the one you just built. If you are not using a mac silicon, just replace the platform `arm64` with `amd64`. @@ -125,22 +144,24 @@ To execute the mega-linter locally without the needs to install it, there are di - you can use act (I assume you run act the way I just explained): - This has the advantage that you run act with the same settings as the workflow itself would do. - ```bash act -W .github/workflows/mega-linter.yml ``` + This has the advantage that megalinter executes with the same settings as the workflow itself + would do, while not providing fixed versions if errors where found + - or you could use npx: ```bash npx mega-linter-runner \ - --flavor security \ + --flavor terraform \ -e GITHUB_TOKEN="$(gh auth token)" \ --remove-container ``` - The flavor is optional, the GH Action is currently not using a flavor + The flavor is optional but can be pretty useful if you have low bandwidth or limited storage, + while the GH Action is currently using the full megalinter image. ## Pre-Commit-Hook @@ -151,12 +172,14 @@ would be via pipx. After successfully installing pre-commit on your system, you need to run `pre-commit install` in the repository root if you want to enable the pre-commit hooks on your system as well. -[dockerHub]: https://hub.docker.com/r/mauwii/ubuntu-act/ "DockerHub" +[dockerHub]: https://hub.docker.com/r/mauwii/ubuntu-act/ "DockerHub container repository" [githubRepo]: https://github.com/mauwii/act-docker-images/ "GitHub repository" -[githubFork]: https://github.com/mauwii/act-docker-images/fork/ "GitHub forks" -[githubIssues]: https://github.com/mauwii/act-docker-images/issues/ "GitHub issues" -[githubCommits]: https://github.com/mauwii/act-docker-images/commits/ "GitHub commits" -[workflowCi]: https://github.com/mauwii/act-docker-images/actions/workflows/ci.yml "ci workflow" +[githubFork]: https://github.com/mauwii/act-docker-images/fork/ "GitHub repository - forks" +[githubIssues]: https://github.com/mauwii/act-docker-images/issues/ "GitHub repository - issues" +[githubCommits]: https://github.com/mauwii/act-docker-images/commits/ "GitHub repository - commits" +[workflowCi]: + https://github.com/mauwii/act-docker-images/actions/workflows/ci.yml + "GitHub workflow - ci" [workflowDhDesc]: https://github.com/mauwii/act-docker-images/actions/workflows/dockerhub-description.yml "DockerHub Description Workflow" @@ -164,7 +187,8 @@ repository root if you want to enable the pre-commit hooks on your system as wel https://github.com/mauwii/act-docker-images/actions?query=workflow%3AMegaLinter+branch%3Amain "MegaLinter Workflow" [nektosActRepo]: https://github.com/nektos/act "nektos/act git repository" +[nektosDocs]: https://nektosact.com/beginner/index.html "nektos/act docs" [catthehackerImages]: https://github.com/catthehacker/docker_images "catthehacker/docker_images repo" -[nektosDocs]: https://nektosact.com/beginner/index.html "nektos/act docs" +[actionsRunnerImages]: https://github.com/actions/runner-images "official GitHub Runner images" diff --git a/docker-bake.hcl b/docker-bake.hcl index 9e5b583..faa43ea 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -52,29 +52,29 @@ group "default" { } target "ubuntu" { - inherits = ["linux-platforms"] + inherits = ["linux-platforms"] dockerfile = "linux/ubuntu/Dockerfile" matrix = { release = [ { - major = "22" - minor = "04" + major = "22" + minor = "04" codename = "jammy" }, { - major = "20" - minor = "04" + major = "20" + minor = "04" codename = "focal" } ] } args = { - DISTRO = "ubuntu" - FROM_IMAGE = "${FROM_IMAGE}" - FROM_VERSION_MAJOR = release.major - FROM_VERSION_MINOR = release.minor - CODENAME = release.codename - GO_VERSION = "${GO_VERSION}" + CODENAME = release.codename + DISTRO = "ubuntu" + FROM_IMAGE = "${FROM_IMAGE}" + FROM_VERSION_MAJOR = release.major + FROM_VERSION_MINOR = release.minor + GO_VERSION = "${GO_VERSION}" GOLANG_GITHUB_SHA256_amd64 = "${GOLANG_GITHUB_SHA256_amd64}" GOLANG_GITHUB_SHA256_arm64 = "${GOLANG_GITHUB_SHA256_arm64}" } @@ -86,21 +86,21 @@ target "ubuntu" { notequal(REF_NAME, "local") ? "${REGISTRY}/${REPOSITORY_OWNER}/ubuntu-act:cache-${release.codename}" : "" ] tags = [ - "${REGISTRY}/${REPOSITORY_OWNER}/ubuntu-act:${release.major}.${release.minor}-${and(notequal(REF_NAME, ""),notequal(REF_NAME, null))?REF_NAME:"local"}", - and(notequal(GITHUB_SHA,null),equal("${REF_NAME}", "main")) ? "${REGISTRY}/${REPOSITORY_OWNER}/ubuntu-act:${release.major}.${release.minor}-${substr(GITHUB_SHA, 0, 7)}" : "", + "${REGISTRY}/${REPOSITORY_OWNER}/ubuntu-act:${release.major}.${release.minor}-${and(notequal(REF_NAME, ""), notequal(REF_NAME, null)) ? REF_NAME : "local"}", + and(notequal(GITHUB_SHA, null), equal("${REF_NAME}", "main")) ? "${REGISTRY}/${REPOSITORY_OWNER}/ubuntu-act:${release.major}.${release.minor}-${substr(GITHUB_SHA, 0, 7)}" : "", equal("${REF_NAME}", "main") ? "${REGISTRY}/${REPOSITORY_OWNER}/ubuntu-act:${release.major}.${release.minor}" : "", - and(equal("${REF_NAME}", "main"),equal(release.codename, "jammy")) ? "${REGISTRY}/${REPOSITORY_OWNER}/ubuntu-act:latest" : "", + and(equal("${REF_NAME}", "main"), equal(release.codename, "jammy")) ? "${REGISTRY}/${REPOSITORY_OWNER}/ubuntu-act:latest" : "", ] labels = { - "org.opencontainers.image.authors" = REPOSITORY_OWNER - "org.opencontainers.image.created" = timestamp() - "org.opencontainers.image.description" = "This Image is made to be used with Nektos/act to run your GH-Workflows locally" + "org.opencontainers.image.authors" = REPOSITORY_OWNER + "org.opencontainers.image.created" = timestamp() + "org.opencontainers.image.description" = "This Image is made to be used with Nektos/act to run your GH-Workflows locally" "org.opencontainers.image.documentation" = REPOSITORY_URL - "org.opencontainers.image.revision" = GITHUB_SHA - "org.opencontainers.image.source" = and(and(notequal(REPOSITORY_URL, ""), notequal(REPOSITORY_URL, null)), and(notequal(GITHUB_SHA, ""), notequal(GITHUB_SHA, null))) ? "${REPOSITORY_URL}/blob/${GITHUB_SHA}/linux/ubuntu/Dockerfile" : null - "org.opencontainers.image.title" = "ubuntu-act-${release.codename}" - "org.opencontainers.image.url" = equal("${REGISTRY}", "docker.io") ? "https://hub.docker.com/r/${REPOSITORY_OWNER}/ubuntu-act" : equal("${REGISTRY}", "ghcr.io") ? "https://github.com/${REPOSITORY}/pkgs/container/ubuntu-act" : null - "org.opencontainers.image.vendor" = "${REPOSITORY_OWNER}" + "org.opencontainers.image.revision" = GITHUB_SHA + "org.opencontainers.image.source" = and(and(notequal(REPOSITORY_URL, ""), notequal(REPOSITORY_URL, null)), and(notequal(GITHUB_SHA, ""), notequal(GITHUB_SHA, null))) ? "${REPOSITORY_URL}/blob/${GITHUB_SHA}/linux/ubuntu/Dockerfile" : null + "org.opencontainers.image.title" = "ubuntu-act-${release.codename}" + "org.opencontainers.image.url" = equal("${REGISTRY}", "docker.io") ? "https://hub.docker.com/r/${REPOSITORY_OWNER}/ubuntu-act" : equal("${REGISTRY}", "ghcr.io") ? "https://github.com/${REPOSITORY}/pkgs/container/ubuntu-act" : null + "org.opencontainers.image.vendor" = "${REPOSITORY_OWNER}" } }