diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..6396afc --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1 @@ +github: WyriHaximus diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 0000000..ab543ff --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "github>WyriHaximus/renovate-config:docker-image", + "github>WyriHaximus/renovate-config:php-project" + ] +} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..5c5360e --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,174 @@ +name: Continuous Integration +env: + DOCKER_IMAGE: wyrihaximusnet/testinfra +on: + push: +# schedule: +# - cron: '0 0 * * 0' +jobs: + supported-arch-matrix: + name: Supported processor architectures + runs-on: ubuntu-latest + outputs: + platform: ${{ steps.supported-arch-matrix.outputs.platform }} + steps: + # Note: No checkout needed, the action will handle that for you in the most optimized way possible + - id: supported-arch-matrix + name: Generate Arch + uses: wyrihaximus/github-action-oci-image-supported-platforms@main + with: + dockerfile: ./Dockerfile + lint-dockerfile: + name: Lint Dockerfile + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Lint Dockerfile + uses: docker://hadolint/hadolint:latest-debian + with: + entrypoint: hadolint + args: ./Dockerfile + build-docker-image: + name: Build ${{ matrix.platform }} image + strategy: + fail-fast: false + matrix: + platform: ${{ fromJson(needs.supported-arch-matrix.outputs.platform) }} + needs: + - supported-arch-matrix + - lint-dockerfile + runs-on: ubuntu-latest + steps: + - name: Prepare + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY_IMAGE }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - uses: actions/checkout@v4 + - run: mkdir ./docker-image + - run: docker image build --platform=${{ matrix.platform }} --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` --build-arg VCS_REF=`git rev-parse --short HEAD` -t "${DOCKER_IMAGE}:${{ env.PLATFORM_PAIR }}" --no-cache . + - run: docker save "${DOCKER_IMAGE}:${{ env.PLATFORM_PAIR }}" -o ./docker-image/docker_image-${{ env.PLATFORM_PAIR }}.tar + - uses: actions/upload-artifact@v4 + with: + name: docker-image-${{ env.PLATFORM_PAIR }} + path: ./docker-image + scan-vulnerability: + name: Scan for vulnerabilities (${{ matrix.platform }}) + strategy: + fail-fast: false + matrix: + platform: ${{ fromJson(needs.supported-arch-matrix.outputs.arch) }} + needs: + - supported-arch-matrix + - build-docker-image + runs-on: ubuntu-latest + steps: + - name: Prepare + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - uses: actions/checkout@v4 + - uses: actions/download-artifact@v4 + with: + name: docker-image-${{ env.PLATFORM_PAIR }} + path: /tmp/docker-image + - run: docker load --input /tmp/docker-image/docker_image-${{ env.PLATFORM_PAIR }}.tar + - run: rm -Rf /tmp/docker-image/ + - run: echo -e "${{ env.DOCKER_IMAGE }}:${{ env.PLATFORM_PAIR }}" | xargs -I % sh -c 'docker run -v /tmp/trivy:/var/lib/trivy -v /var/run/docker.sock:/var/run/docker.sock -t aquasec/trivy:latest --cache-dir /var/lib/trivy image --exit-code 1 --no-progress --format table % || true' +# tests: +# name: Test ${{ matrix.platform }} +# needs: +# - supported-arch-matrix +# - scan-vulnerability +# strategy: +# fail-fast: false +# matrix: +# platform: ${{ fromJson(needs.supported-arch-matrix.outputs.arch) }} +# runs-on: ubuntu-latest +# steps: +# - name: Prepare +# run: | +# platform=${{ matrix.platform }} +# echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV +# - name: Set up QEMU +# uses: docker/setup-qemu-action@v3 +# - uses: actions/checkout@v4 +# - uses: actions/download-artifact@v4 +# with: +# name: docker-image-${{ env.PLATFORM_PAIR }} +# path: /tmp/docker-image +# - run: docker load --input /tmp/docker-image/docker_image-${{ env.PLATFORM_PAIR }}.tar +# - run: docker image ls -a +# - run: ./tests.sh "${DOCKER_IMAGE}:${{ env.PLATFORM_PAIR }}" + push-image: + if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' + name: Push + needs: + - supported-arch-matrix +# - tests + runs-on: ubuntu-latest + services: + registry: + image: registry:2 + ports: + - 5000:5000 + steps: + - name: Get Time + id: time + uses: nanzm/get-time-action@v2.0 + with: + format: 'YYYY.MM.DD' + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver-opts: network=host + - uses: actions/download-artifact@v4 + with: + pattern: docker-image-* + path: /tmp/docker-image + merge-multiple: true + - run: ls -lasth /tmp/docker-image/ + - run: | + for f in /tmp/docker-image/docker_image-*.tar; do + docker load --input $f + done + - run: rm -Rf /tmp/docker-image/ + - run: docker images + - run: | + archs=${{ join(fromJson(needs.supported-arch-matrix.outputs.arch), ',') }} + for arch in ${archs//,/ } + do + docker tag "${{ env.DOCKER_IMAGE }}:${arch//\//-}" "localhost:5000/${{ env.DOCKER_IMAGE }}:${arch//\//-}" + docker push "localhost:5000/${{ env.DOCKER_IMAGE }}:${arch//\//-}" + done + - run: docker images + - name: Login to GitHub Container Registry + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GHCR_TOKEN }} + - name: Docker info + run: docker info + - name: Create merge Dockerfile + run: echo "FROM localhost:5000/${{ env.DOCKER_IMAGE }}:\${TARGETOS}-\${TARGETARCH}" >> docker-file-${{ matrix.registry }}-wyrihaximusnet-testinfra + - run: cat docker-file-${{ matrix.registry }}-wyrihaximusnet-testinfra + - name: Merged different arch images into one + uses: docker/build-push-action@v6 + with: + push: ${{ github.event_name != 'pull_request' }} + context: . + file: docker-file-${{ matrix.registry }}-wyrihaximusnet-testinfra + tags: ghcr.io/${{ env.DOCKER_IMAGE }}:latest,ghcr.io/${{ env.DOCKER_IMAGE }}:${{ steps.time.outputs.time }} + platforms: ${{ join(fromJson(needs.supported-arch-matrix.outputs.arch), ',') }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..bcb7024 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,28 @@ +FROM alpine:3.21.0 + +# Build-time metadata as defined at http://label-schema.org and https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys +LABEL org.label-schema.title="Testinfra Docker container" \ + org.label-schema.description="Testinfra Docker container" \ + org.label-schema.url="https://github.com/wyrihaximusnet/docker-testinfra" \ + org.label-schema.vcs-url="https://github.com/wyrihaximusnet/docker-testinfra" \ + org.label-schema.vendor="WyriHaximus.net" \ + org.label-schema.schema-version="1.0" \ + org.opencontainers.image.source="https://github.com/wyrihaximusnet/docker-testinfra" \ + org.opencontainers.image.url="https://github.com/wyrihaximusnet/docker-testinfra" \ + org.opencontainers.image.documentation="https://github.com/wyrihaximusnet/docker-testinfra" \ + org.opencontainers.image.title="Testinfra Docker container" \ + org.opencontainers.image.description="Testinfra Docker container" \ + org.opencontainers.image.licenses="MIT" \ + org.opencontainers.image.base.name="alpine:3.21.0" \ + org.opencontainers.image.vendor="WyriHaximus.net" \ + org.opencontainers.image.authors="Cees-Jan Kiewiet " + +WORKDIR /project + +# hadolint ignore=DL3018 +RUN apk add --no-cache docker python3 py-pip +# hadolint ignore=DL3013 +RUN pip install --no-cache-dir docker --break-system-packages && \ + pip install --no-cache-dir pytest-testinfra --break-system-packages + +ENTRYPOINT ["py.test", "-p", "no:cacheprovider"] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..490af37 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2025 Cees-Jan Kiewiet + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index fd1f3ad..24330e2 100644 --- a/README.md +++ b/README.md @@ -1,2 +1 @@ -# docker-testinfra -Testinfra Docker container +# Testinfra Docker container