gha upgrade (#46)

2026-02-14 13:09:50 +00:00 · 2022-05-15 18:02:27 -04:00
parent 1d617af967
commit 3cc0fa0837
8 changed files with 208 additions and 54 deletions
--- a/.github/linters/.dockerfilelintrc
+++ b/.github/linters/.dockerfilelintrc
@@ -1,2 +0,0 @@
-rules:
-  missing_tag: off
--- a/.github/linters/.hadolint.yaml
+++ b/.github/linters/.hadolint.yaml
@@ -1,3 +1,11 @@
+# README: https://github.com/hadolint/hadolint
+
+# Often it's a good idea to do inline disables rather that repo-wide in this file.
+# Example of inline Dockerfile rules:
+# hadolint ignore=DL3018
+#RUN apk add --no-cache git
+
+# or just ignore rules repo-wide
 ignored:
  - DL3003 #ignore that we use cd sometimes
  - DL3006 #image pin versions
@@ -7,4 +15,28 @@ ignored:
  - DL3028 #gem install pin versions
  - DL3059 #multiple consecutive runs
  - DL4006 #we don't need pipefail in this
-  - SC2016 #we want single quotes sometimes
+  - SC2016 #we want single quotes sometimes
+
+
+# FULL TEMPLATE
+# failure-threshold: string               # name of threshold level (error | warning | info | style | ignore | none)
+# format: string                          # Output format (tty | json | checkstyle | codeclimate | gitlab_codeclimate | gnu | codacy)
+# ignored: [string]                       # list of rules
+# label-schema:                           # See Linting Labels below for specific label-schema details
+#   author: string                        # Your name
+#   contact: string                       # email address
+#   created: timestamp                    # rfc3339 datetime
+#   version: string                       # semver
+#   documentation: string                 # url
+#   git-revision: string                  # hash
+#   license: string                       # spdx
+# no-color: boolean                       # true | false
+# no-fail: boolean                        # true | false
+# override:
+#   error: [string]                       # list of rules
+#   warning: [string]                     # list of rules
+#   info: [string]                        # list of rules
+#   style: [string]                       # list of rules
+# strict-labels: boolean                  # true | false
+# disable-ignore-pragma: boolean          # true | false
+# trustedRegistries: string | [string]    # registry or list of registries
--- a/.github/linters/.markdown-lint.yml
+++ b/.github/linters/.markdown-lint.yml
@@ -1,7 +1,9 @@
 # MD013/line-length - Line length
 MD013:
-  # Number of characters
-  line_length: 150
+  # Number of characters, default is 80
+  # I'm OK with long lines. All editors now have wordwrap
+  line_length: 9999
  # Number of characters for headings
  heading_line_length: 100
-  code_blocks: false
+  # check code blocks?
+  code_blocks: false
--- a/.github/linters/.yaml-lint.yml
+++ b/.github/linters/.yaml-lint.yml
@@ -0,0 +1,53 @@
+---
+###########################################
+# These are the rules used for            #
+# linting all the yaml files in the stack #
+# NOTE:                                   #
+# You can disable line with:              #
+# # yamllint disable-line                 #
+###########################################
+rules:
+  braces:
+    level: warning
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    min-spaces-inside-empty: 1
+    max-spaces-inside-empty: 5
+  brackets:
+    level: warning
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    min-spaces-inside-empty: 1
+    max-spaces-inside-empty: 5
+  colons:
+    level: warning
+    max-spaces-before: 0
+    max-spaces-after: 1
+  commas:
+    level: warning
+    max-spaces-before: 0
+    min-spaces-after: 1
+    max-spaces-after: 1
+  comments: disable
+  comments-indentation: disable
+  document-end: disable
+  document-start: disable
+  empty-lines:
+    level: warning
+    max: 2
+    max-start: 0
+    max-end: 0
+  hyphens:
+    level: warning
+    max-spaces-after: 1
+  indentation:
+    level: warning
+    spaces: consistent
+    indent-sequences: true
+    check-multi-line-strings: false
+  key-duplicates: enable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines:
+    type: unix
+  trailing-spaces: disable
--- a/.github/workflows/call-docker-build.yaml
+++ b/.github/workflows/call-docker-build.yaml
@@ -0,0 +1,81 @@
+---
+# template source: https://github.com/bretfisher/docker-build-workflow/blob/main/templates/call-docker-build.yaml
+name: Docker Build
+
+on:
+  push:
+    branches:
+      - main
+    # don't rebuild image if someone only edited unrelated files
+    paths-ignore:
+      - 'README.md'
+      - '.github/linters/**'
+  pull_request:
+    # don't rebuild image if someone only edited unrelated files
+    paths-ignore:
+      - 'README.md'
+      - '.github/linters/**'
+
+jobs:
+  call-docker-build:
+
+    name: Call Docker Build
+
+    uses: bretfisher/docker-build-workflow/.github/workflows/reusable-docker-build.yaml@main
+
+    permissions:
+      contents: read
+      packages: write # needed to push docker image to ghcr.io
+      pull-requests: write # needed to create and update comments in PRs
+    
+    secrets:
+
+      # Only needed if with:dockerhub-enable is true below
+      dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
+
+      # Only needed if with:dockerhub-enable is true below
+      # https://hub.docker.com/settings/security
+      dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
+
+    with:
+      
+      ### REQUIRED
+      ### ENABLE ONE OR BOTH REGISTRIES
+      ### tell docker where to push.
+      ### NOTE if Docker Hub is set to true, you must set secrets above and also add account/repo/tags below
+      dockerhub-enable: true
+      ghcr-enable: true
+
+      ### REQUIRED 
+      ### A list of the account/repo names for docker build. List should match what's enabled above
+      ### defaults to:
+      image-names: |
+        bretfisher/shpod
+        ghcr.io/${{ github.repository }}
+
+      ### REQUIRED set rules for tagging images, based on special action syntax:
+      ### https://github.com/docker/metadata-action#tags-input
+      ### defaults to:
+      # tag-rules: |
+      #   type=raw,value=latest,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }}
+      #   type=ref,event=pr
+      #   type=ref,event=branch
+      #   type=semver,pattern={{version}}
+      
+      ### path to where docker should copy files into image
+      ### defaults to root of repository (.)
+      # context: .
+      
+      ### Dockerfile alternate name. Default is Dockerfile (relative to context path)
+      # file: Containerfile
+
+      ### build stage to target, defaults to empty, which builds to last stage in Dockerfile
+      # target:
+      
+      ### platforms to build for, defaults to linux/amd64
+      ### other options: linux/amd64,linux/arm64,linux/arm/v7
+      # platforms: linux/amd64
+      
+      ### Create a PR comment with image tags and labels
+      ### defaults to false
+      # comment-enable: false
--- a/.github/workflows/call-super-linter.yaml
+++ b/.github/workflows/call-super-linter.yaml
@@ -0,0 +1,36 @@
+---
+# template source: https://github.com/bretfisher/super-linter-workflow/blob/main/templates/call-super-linter.yaml
+name: Lint Code Base
+
+on:
+  
+  push:
+    branches: [main]
+  
+  pull_request:
+
+jobs:
+  call-super-linter:
+
+    name: Call Super-Linter
+    
+    permissions:
+      contents: read # clone the repo to lint
+      statuses: write #read/write to repo custom statuses
+
+    ### use Reusable Workflows to call my workflow remotely
+    ### https://docs.github.com/en/actions/learn-github-actions/reusing-workflows
+    ### you can also call workflows from inside the same repo via file path
+
+    uses: bretfisher/super-linter-workflow/.github/workflows/reusable-super-linter.yaml@main
+    
+    ### Optional settings examples
+    
+    # with:
+      ### For a DevOps-focused repository. Prevents some code-language linters from running
+      ### defaults to false
+      # devops-only: false
+      
+      ### A regex to exclude files from linting
+      ### defaults to empty
+      # filter-regex-exclude: src/.*
--- a/.github/workflows/docker-build-and-push.yml
+++ b/.github/workflows/docker-build-and-push.yml
@@ -1,34 +0,0 @@
---
-name: Build and Push Image
-
-on:
-  # we want pull requests so we can build(test) but not push to image registry
-  pull_request:
-    branches:
-      - 'main'
-    # only build when important files change
-    paths-ignore:
-      - 'README.md'
-      - '.github/workflows/linter.yml'
-      - '.github/linters/**'
-  push:
-    branches:
-      - 'main'
-    # only build when important files change
-    paths-ignore:
-      - 'README.md'
-      - '.github/workflows/linter.yml'
-      - '.github/linters/**'
-  schedule:
-    # re-run montly to keep image fesh with upstream base images
-    - cron: '0 12 15 * *'
-  workflow_dispatch:
-    # run whenever we want!
-
-jobs:
-  call-docker-workflow:
-    # use Reusable Workflows
-    # https://docs.github.com/en/actions/learn-github-actions/reusing-workflows
-    uses: bretfisher/github-actions-templates/.github/workflows/docker-build-and-push.yaml@main
-    secrets:
-      dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -1,14 +0,0 @@
---
-name: Lint Code Base
-
-on:
-  push:
-    branches: [main]
-  pull_request:
-    branches: [main]
-
-jobs:
-  call-super-linter:
-    # use Reusable Workflows to call my linter config remotely
-    # https://docs.github.com/en/actions/learn-github-actions/reusing-workflows
-    uses: bretfisher/super-linter-workflow/.github/workflows/super-linter.yaml@main