feat(CONTAINER): add gpg container

cicd-tools-org · Jul 27, 2024 · 083179a · 083179a
1 parent c20da06
commit 083179a
Show file tree

Hide file tree

Showing 5 changed files with 179 additions and 1 deletion.
diff --git a/.cicd-tools/containers/gpg/Dockerfile b/.cicd-tools/containers/gpg/Dockerfile
@@ -0,0 +1,19 @@
+FROM debian:stable
+
+LABEL org.opencontainers.image.source=https://github.com/cicd-tools-org/cicd-tools
+LABEL org.opencontainers.image.description="FOSS gettext binaries for CICD-Tools."
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && \
+    apt-get install \
+      -y \
+      --no-install-recommends \
+      gnupg2=2.2.* && \
+    apt-get clean && \
+    rm -rf /var/cache/apt/* && \
+    rm -rf /var/lib/apt/lists/* && \
+    rm -rf /tmp/*
+
+RUN mkdir -p /mnt
+WORKDIR /mnt
diff --git a/.github/workflows/workflow-container-gpg-multiarch.yml b/.github/workflows/workflow-container-gpg-multiarch.yml
@@ -0,0 +1,143 @@
+---
+name: cicd-tooling-github-workflow-container-gpg-multiarch
+
+on:
+  push:
+    paths:
+      - ".cicd-tools/containers/gettext"
+      - ".github/workflows/workflow-container-gpg-multiarch.yml"
+      - ".github/workflows/job-*-container-*.yml"
+      - "scripts/container.sh"
+  schedule:
+    - cron: "0 6 * * 1"
+  workflow_dispatch:
+
+#  secrets:
+#    SLACK_WEBHOOK:
+#      description: "Optional, enables Slack notifications."
+#      required: false
+
+jobs:
+
+  configuration:
+    uses: ./.github/workflows/job-00-cookiecutter-read_configuration.yml
+
+  start:
+    secrets:
+      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+    uses: ./.github/workflows/job-00-generic-notification.yml
+    with:
+      NOTIFICATION_EMOJI: ":vertical_traffic_light:"
+      NOTIFICATION_MESSAGE: "Multi-arch container build has started!"
+      WORKFLOW_NAME: "gpg-container"
+
+  security:
+    needs:
+      - configuration
+    secrets:
+      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+    uses: ./.github/workflows/job-10-generic-security_scan_credentials.yml
+    with:
+      VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }}
+      WORKFLOW_NAME: "gpg-container"
+
+  scan:
+    permissions:
+      security-events: write
+    needs:
+      - configuration
+    secrets:
+      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+    strategy:
+      fail-fast: true
+      matrix:
+        include:
+          - build-platform: linux/amd64
+            build-tag: linux-amd64
+          - build-platform: linux/arm64
+            build-tag: linux-arm64
+      max-parallel: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_CONCURRENCY }}
+    uses: ./.github/workflows/job-10-container-security_scan_container.yml
+    with:
+      CONTEXT: .cicd-tools/containers/gettext
+      FAIL_BUILD: true
+      FAIL_THRESHOLD: "critical"
+      FIXED_ONLY: true
+      IMAGE_NAME: cicd-tools-org/cicd-tools-gpg
+      IMAGE_TAG: ${{ matrix.build-tag }}
+      PLATFORM: ${{ matrix.build-platform }}
+      REQUIRES_QEMU: true
+      VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }}
+      WORKFLOW_NAME: "gpg-container"
+
+  lint:
+    needs:
+      - configuration
+    secrets:
+      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+    uses: ./.github/workflows/job-80-container-dockerfile_linter.yml
+    with:
+      DOCKERFILE: .cicd-tools/containers/gettext/Dockerfile
+      VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }}
+      WORKFLOW_NAME: "gpg-container"
+
+  push:
+    needs:
+      - configuration
+      - lint
+      - scan
+      - security
+      - start
+    permissions:
+      packages: write
+    secrets:
+      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+    strategy:
+      fail-fast: true
+      matrix:
+        include:
+          - build-platform: linux/amd64
+            build-tag: linux-amd64
+          - build-platform: linux/arm64
+            build-tag: linux-arm64
+      max-parallel: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_CONCURRENCY }}
+    uses: ./.github/workflows/job-95-container-push.yml
+    with:
+      CONTEXT: .cicd-tools/containers/gettext
+      IMAGE_NAME: cicd-tools-org/cicd-tools-gpg
+      IMAGE_TAG: ${{ matrix.build-tag }}
+      PLATFORM: ${{ matrix.build-platform }}
+      REQUIRES_QEMU: true
+      VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }}
+      WORKFLOW_NAME: "gpg-container"
+
+  multiarch:
+    needs:
+      - configuration
+      - push
+    permissions:
+      packages: write
+    secrets:
+      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+    uses: ./.github/workflows/job-95-container-multiarch.yml
+    with:
+      IMAGE_GIT: true
+      IMAGE_LATEST: true
+      IMAGE_NAME: cicd-tools-org/cicd-tools-gpg
+      MULTIARCH_TAG: "multiarch"
+      SOURCE_TAGS: |
+        linux-amd64
+        linux-arm64
+      VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }}
+      WORKFLOW_NAME: "gpg-container"
+
+  success:
+    needs:
+      - multiarch
+    secrets:
+      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+    uses: ./.github/workflows/job-00-generic-notification.yml
+    with:
+      NOTIFICATION_EMOJI: ":checkered_flag:"
+      NOTIFICATION_MESSAGE: "Multi-arch container build has completed successfully!"
+      WORKFLOW_NAME: "gpg-container"
diff --git a/.vale/Vocab/cicd-tools/accept.txt b/.vale/Vocab/cicd-tools/accept.txt
@@ -1,5 +1,6 @@
 anchore
 codebase's
 gettext
+gpg
 mac_maker
 tmate
diff --git a/scripts/containers.sh b/scripts/containers.sh
@@ -48,6 +48,21 @@ main() {
     -t ghcr.io/cicd-tools-org/cicd-tools-gettext:linux-arm .
   popd >> /dev/null
 
+  log "INFO" "Building the CICD-Tools gpg container ..."
+
+  pushd .cicd-tools/containers/gpg >> /dev/null
+  log "INFO" "  Building AMD64 ..."
+  docker build \
+    --no-cache \
+    --platform linux/amd64 \
+    -t ghcr.io/cicd-tools-org/cicd-tools-gpg:linux-amd .
+  log "INFO" "  Building ARM64 ..."
+  docker build \
+    --no-cache \
+    --platform linux/arm64 \
+    -t ghcr.io/cicd-tools-org/cicd-tools-gpg:linux-arm .
+  popd >> /dev/null
+
   log "INFO" "Containers successfully built."
 }
 

diff --git a/{{cookiecutter.project_slug}}/.pre-commit-config.yaml b/{{cookiecutter.project_slug}}/.pre-commit-config.yaml
@@ -19,7 +19,7 @@ repos:
       - id: commitizen
         stages: [commit-msg]
   - repo: https://github.com/cicd-tools-org/pre-commit.git
-    rev: c58cb72acbf89070f7496957599e79ce17afe9f8
+    rev: 58afbc3e8a53a5e941fa183cd3785125685cfb0c
     hooks:
       - id: format-shell
         args: