Linting

.github/workflows/build-docker.yml

@@ -1,5 +1,7 @@
 name: Build and Push Docker
 
+permissions: read-all
+
 on:
   push:
     branches:
@@ -25,11 +27,26 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Extract version and increment
+        id: versioning
+        run: |
+          # Get the latest tag from git
+          VERSION=$(git describe --tags --abbrev=0 2>/dev/null || echo "v0.0.0")
+          # Strip the 'v' prefix if it exists
+          VERSION=${VERSION#v}
+          # Split the version into its components
+          IFS='.' read -r -a VERSION_PARTS <<< "$VERSION"
+          # Increment the patch version
+          NEW_VERSION="${VERSION_PARTS[0]}.${VERSION_PARTS[1]}.$((VERSION_PARTS[2] + 1))"
+          # Output the new version
+          echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV
+          echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT
+
       - name: Build and push
         uses: docker/build-push-action@v6
         with:
           context: .
           file: ./Dockerfile
           push: true
-          tags: ghcr.io/${{ github.repository }}/imageproxy:0.0.1
+          tags: ghcr.io/${{ github.repository }}:${{ steps.versioning.outputs.new_version }}
           platforms: linux/amd64,linux/arm64

.trunk/.gitignore

@@ -0,0 +1,9 @@
+*out
+*logs
+*actions
+*notifications
+*tools
+plugins
+user_trunk.yaml
+user.yaml
+tmp

.trunk/configs/.hadolint.yaml

@@ -0,0 +1,4 @@
+# Following source doesn't work in most setups
+ignored:
+  - SC1090
+  - SC1091

.trunk/configs/.isort.cfg

@@ -0,0 +1,2 @@
+[tool.isort]
+profile = "black"

.trunk/configs/.markdownlint.yaml

@@ -0,0 +1,2 @@
+# Prettier friendly markdownlint config (all formatting rules disabled)
+extends: markdownlint/style/prettier

.trunk/configs/.yamllint.yaml

@@ -0,0 +1,7 @@
+rules:
+  quoted-strings:
+    required: only-when-needed
+    extra-allowed: ["{|}"]
+  key-duplicates: {}
+  octal-values:
+    forbid-implicit-octal: true

.trunk/configs/ruff.toml

@@ -0,0 +1,5 @@
+# Generic, formatter-friendly config.
+select = ["B", "D3", "E", "F"]
+
+# Never enforce `E501` (line length violations). This should be handled by formatters.
+ignore = ["E501"]

.trunk/trunk.yaml

@@ -0,0 +1,40 @@
+# This file controls the behavior of Trunk: https://docs.trunk.io/cli
+# To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml
+version: 0.1
+cli:
+  version: 1.22.2
+# Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins)
+plugins:
+  sources:
+    - id: trunk
+      ref: v1.6.0
+      uri: https://github.com/trunk-io/plugins
+# Many linters and tools depend on runtimes - configure them here. (https://docs.trunk.io/runtimes)
+runtimes:
+  enabled:
+    - [email protected]
+    - [email protected]
+# This is the section where you manage your linters. (https://docs.trunk.io/check/configuration)
+lint:
+  enabled:
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - git-diff-check
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+actions:
+  disabled:
+    - trunk-announce
+    - trunk-check-pre-push
+    - trunk-fmt-pre-commit
+  enabled:
+    - trunk-upgrade-available

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.13.0b3 as base
+FROM python:3.13.0b3 AS base
 
 # Prevents Python from writing pyc files.
 ENV PYTHONDONTWRITEBYTECODE=1
@@ -13,21 +13,20 @@ WORKDIR /app
 # See https://docs.docker.com/go/dockerfile-user-best-practices/
 ARG UID=10001
 RUN adduser \
-    --disabled-password \
-    --gecos "" \
-    --home "/nonexistent" \
-    --shell "/sbin/nologin" \
-    --no-create-home \
-    --uid "${UID}" \
-    appuser
+  --disabled-password \
+  --gecos "" \
+  --home "/nonexistent" \
+  --shell "/sbin/nologin" \
+  --no-create-home \
+  --uid "${UID}" \
+  appuser
 
 # Download dependencies as a separate step to take advantage of Docker's caching.
 # Leverage a cache mount to /root/.cache/pip to speed up subsequent builds.
 # Leverage a bind mount to requirements.txt to avoid having to copy them into
 # into this layer.
-RUN --mount=type=cache,target=/root/.cache/pip \
-    --mount=type=bind,source=requirements.txt,target=requirements.txt \
-    python -m pip install -r requirements.txt
+RUN --mount=type=bind,source=requirements.txt,target=requirements.txt \
+  python -m pip install --no-cache-dir -r requirements.txt
 
 # Switch to the non-privileged user to run the application.
 USER appuser
@@ -38,5 +37,7 @@ COPY app.py .
 # Expose the port that the application listens on.
 EXPOSE 8000
 
+HEALTHCHECK --interval=10s --timeout=10s --start-period=5s --retries=3 CMD curl -f http://localhost:8000/health | grep OK || exit 1
+
 # Run the application.
-CMD waitress-serve --host=0.0.0.0 --port=8000 app:app
+CMD ["waitress-serve", "--host=0.0.0.0", "--port=8000", "app:app"]

app.py

@@ -1,8 +1,9 @@
-from flask import Flask, request, render_template_string
+# trunk-ignore-all(black)
+from flask import Flask, render_template_string, request
 
 app = Flask(__name__)
 
-HTML_TEMPLATE = '''
+HTML_TEMPLATE = """
 <!DOCTYPE html>
 <html lang="en">
 <head>
@@ -14,16 +15,22 @@
   <img src="{{ image_url }}" alt="Proxied Image">
 </body>
 </html>
-'''
+"""
 
-@app.route('/image')
+
+@app.route("/image")
 def proxy_image():
-  image_url = request.args.get('url')
-  if not image_url:
-    return "No image URL provided", 400
+    image_url = request.args.get("url")
+    if not image_url:
+        return "No image URL provided", 400
+
+    html_content = render_template_string(HTML_TEMPLATE, image_url=image_url)
+    return html_content
 
-  html_content = render_template_string(HTML_TEMPLATE, image_url=image_url)
-  return html_content
+@app.route("/health")
+def health():
+    return "OK"
 
-if __name__ == '__main__':
-  app.run(host='0.0.0.0', port=5000)
+if __name__ == "__main__":
+    # trunk-ignore(bandit/B104)
+    app.run(host="0.0.0.0", port=8000)

compose.yaml

@@ -1,49 +1,5 @@
-# Comments are provided throughout this file to help you get started.
-# If you need more help, visit the Docker Compose reference guide at
-# https://docs.docker.com/go/compose-spec-reference/
-
-# Here the instructions define your application as a service called "server".
-# This service is built from the Dockerfile in the current directory.
-# You can add other services your application may depend on here, such as a
-# database or a cache. For examples, see the Awesome Compose repository:
-# https://github.com/docker/awesome-compose
 services:
-  server:
-    build:
-      context: .
+  imageproxy:
+    image: ghcr.io/wuast94/imageproxy
     ports:
       - 8000:8000
-
-# The commented out section below is an example of how to define a PostgreSQL
-# database that your application can use. `depends_on` tells Docker Compose to
-# start the database before your application. The `db-data` volume persists the
-# database data between container restarts. The `db-password` secret is used
-# to set the database password. You must create `db/password.txt` and add
-# a password of your choosing to it before running `docker compose up`.
-#     depends_on:
-#       db:
-#         condition: service_healthy
-#   db:
-#     image: postgres
-#     restart: always
-#     user: postgres
-#     secrets:
-#       - db-password
-#     volumes:
-#       - db-data:/var/lib/postgresql/data
-#     environment:
-#       - POSTGRES_DB=example
-#       - POSTGRES_PASSWORD_FILE=/run/secrets/db-password
-#     expose:
-#       - 5432
-#     healthcheck:
-#       test: [ "CMD", "pg_isready" ]
-#       interval: 10s
-#       timeout: 5s
-#       retries: 5
-# volumes:
-#   db-data:
-# secrets:
-#   db-password:
-#     file: db/password.txt
-