diff --git a/.cicd-tools/containers/gpg/Dockerfile b/.cicd-tools/containers/gpg/Dockerfile new file mode 100644 index 00000000..fdb1ac53 --- /dev/null +++ b/.cicd-tools/containers/gpg/Dockerfile @@ -0,0 +1,19 @@ +FROM debian:stable + +LABEL org.opencontainers.image.source=https://github.com/cicd-tools-org/cicd-tools +LABEL org.opencontainers.image.description="FOSS gettext binaries for CICD-Tools." + +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get update && \ + apt-get install \ + -y \ + --no-install-recommends \ + gnupg2=2.2.* && \ + apt-get clean && \ + rm -rf /var/cache/apt/* && \ + rm -rf /var/lib/apt/lists/* && \ + rm -rf /tmp/* + +RUN mkdir -p /mnt +WORKDIR /mnt diff --git a/.github/workflows/workflow-container-gpg-multiarch.yml b/.github/workflows/workflow-container-gpg-multiarch.yml new file mode 100644 index 00000000..f368dff6 --- /dev/null +++ b/.github/workflows/workflow-container-gpg-multiarch.yml @@ -0,0 +1,143 @@ +--- +name: cicd-tooling-github-workflow-container-gpg-multiarch + +on: + push: + paths: + - ".cicd-tools/containers/gpg" + - ".github/workflows/workflow-container-gpg-multiarch.yml" + - ".github/workflows/job-*-container-*.yml" + - "scripts/container.sh" + schedule: + - cron: "0 6 * * 1" + workflow_dispatch: + +# secrets: +# SLACK_WEBHOOK: +# description: "Optional, enables Slack notifications." +# required: false + +jobs: + + configuration: + uses: ./.github/workflows/job-00-cookiecutter-read_configuration.yml + + start: + secrets: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + uses: ./.github/workflows/job-00-generic-notification.yml + with: + NOTIFICATION_EMOJI: ":vertical_traffic_light:" + NOTIFICATION_MESSAGE: "Multi-arch container build has started!" + WORKFLOW_NAME: "gpg-container" + + security: + needs: + - configuration + secrets: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + uses: ./.github/workflows/job-10-generic-security_scan_credentials.yml + with: + VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }} + WORKFLOW_NAME: "gpg-container" + + scan: + permissions: + security-events: write + needs: + - configuration + secrets: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + strategy: + fail-fast: true + matrix: + include: + - build-platform: linux/amd64 + build-tag: linux-amd64 + - build-platform: linux/arm64 + build-tag: linux-arm64 + max-parallel: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_CONCURRENCY }} + uses: ./.github/workflows/job-10-container-security_scan_container.yml + with: + CONTEXT: .cicd-tools/containers/gpg + FAIL_BUILD: true + FAIL_THRESHOLD: "critical" + FIXED_ONLY: true + IMAGE_NAME: cicd-tools-org/cicd-tools-gpg + IMAGE_TAG: ${{ matrix.build-tag }} + PLATFORM: ${{ matrix.build-platform }} + REQUIRES_QEMU: true + VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }} + WORKFLOW_NAME: "gpg-container" + + lint: + needs: + - configuration + secrets: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + uses: ./.github/workflows/job-80-container-dockerfile_linter.yml + with: + DOCKERFILE: .cicd-tools/containers/gpg/Dockerfile + VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }} + WORKFLOW_NAME: "gpg-container" + + push: + needs: + - configuration + - lint + - scan + - security + - start + permissions: + packages: write + secrets: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + strategy: + fail-fast: true + matrix: + include: + - build-platform: linux/amd64 + build-tag: linux-amd64 + - build-platform: linux/arm64 + build-tag: linux-arm64 + max-parallel: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_CONCURRENCY }} + uses: ./.github/workflows/job-95-container-push.yml + with: + CONTEXT: .cicd-tools/containers/gpg + IMAGE_NAME: cicd-tools-org/cicd-tools-gpg + IMAGE_TAG: ${{ matrix.build-tag }} + PLATFORM: ${{ matrix.build-platform }} + REQUIRES_QEMU: true + VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }} + WORKFLOW_NAME: "gpg-container" + + multiarch: + needs: + - configuration + - push + permissions: + packages: write + secrets: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + uses: ./.github/workflows/job-95-container-multiarch.yml + with: + IMAGE_GIT: true + IMAGE_LATEST: true + IMAGE_NAME: cicd-tools-org/cicd-tools-gpg + MULTIARCH_TAG: "multiarch" + SOURCE_TAGS: | + linux-amd64 + linux-arm64 + VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }} + WORKFLOW_NAME: "gpg-container" + + success: + needs: + - multiarch + secrets: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + uses: ./.github/workflows/job-00-generic-notification.yml + with: + NOTIFICATION_EMOJI: ":checkered_flag:" + NOTIFICATION_MESSAGE: "Multi-arch container build has completed successfully!" + WORKFLOW_NAME: "gpg-container" diff --git a/.vale/Vocab/cicd-tools/accept.txt b/.vale/Vocab/cicd-tools/accept.txt index f06c1b9e..cd18b1c2 100644 --- a/.vale/Vocab/cicd-tools/accept.txt +++ b/.vale/Vocab/cicd-tools/accept.txt @@ -1,5 +1,6 @@ anchore codebase's gettext +gpg mac_maker tmate diff --git a/scripts/containers.sh b/scripts/containers.sh index 1a400de2..ab968b9a 100755 --- a/scripts/containers.sh +++ b/scripts/containers.sh @@ -48,6 +48,21 @@ main() { -t ghcr.io/cicd-tools-org/cicd-tools-gettext:linux-arm . popd >> /dev/null + log "INFO" "Building the CICD-Tools gpg container ..." + + pushd .cicd-tools/containers/gpg >> /dev/null + log "INFO" " Building AMD64 ..." + docker build \ + --no-cache \ + --platform linux/amd64 \ + -t ghcr.io/cicd-tools-org/cicd-tools-gpg:linux-amd . + log "INFO" " Building ARM64 ..." + docker build \ + --no-cache \ + --platform linux/arm64 \ + -t ghcr.io/cicd-tools-org/cicd-tools-gpg:linux-arm . + popd >> /dev/null + log "INFO" "Containers successfully built." } diff --git a/{{cookiecutter.project_slug}}/.pre-commit-config.yaml b/{{cookiecutter.project_slug}}/.pre-commit-config.yaml index b51f97ea..b9580308 100644 --- a/{{cookiecutter.project_slug}}/.pre-commit-config.yaml +++ b/{{cookiecutter.project_slug}}/.pre-commit-config.yaml @@ -19,7 +19,7 @@ repos: - id: commitizen stages: [commit-msg] - repo: https://github.com/cicd-tools-org/pre-commit.git - rev: c58cb72acbf89070f7496957599e79ce17afe9f8 + rev: 58afbc3e8a53a5e941fa183cd3785125685cfb0c hooks: - id: format-shell args: