squash
ci: when hadolint: DL3047 chore(deps): update dependency jinja2 to v2.11.3 (#1) Co-authored-by: Renovate Bot <renovate@mgrote.net> Co-committed-by: Renovate Bot <renovate@mgrote.net> chore(deps): update dependency pykeepass to v4.1.0 (#2) Co-authored-by: Renovate Bot <renovate@mgrote.net> Co-committed-by: Renovate Bot <renovate@mgrote.net> Syntax Test chore(deps): update dependency jinja2 to v3.1.4 (#3) Co-authored-by: Renovate Bot <renovate@mgrote.net> Co-committed-by: Renovate Bot <renovate@mgrote.net> t d fdgh 3 r dd dff ff df ff dfdf ff todo dd dd ff ff chore(deps): update woodpeckerci/plugin-git docker tag to v2.5.1 (#5) Co-authored-by: Renovate Bot <renovate@mgrote.net> Co-committed-by: Renovate Bot <renovate@mgrote.net> pip extra pykeepass==4.0.3 ff ff f apackages dd ff ff ff --root-user-action--root-user-action dd ff ff ff gg ff chore(deps): update dependency ansible-dev-tools to v24.7.2 (#6) Co-authored-by: Renovate Bot <renovate@mgrote.net> Co-committed-by: Renovate Bot <renovate@mgrote.net> chore(deps): update dependency ansible-manage-lvm to v0.2.12 (#7) Co-authored-by: Renovate Bot <renovate@mgrote.net> Co-committed-by: Renovate Bot <renovate@mgrote.net> chore(deps): update dependency community.crypto to v2.21.1 (#8) Co-authored-by: Renovate Bot <renovate@mgrote.net> Co-committed-by: Renovate Bot <renovate@mgrote.net> chore(deps): update docker docker tag to v27.1.0 (#9) Co-authored-by: Renovate Bot <renovate@mgrote.net> Co-committed-by: Renovate Bot <renovate@mgrote.net> chore(deps): update dependency ansible_role_gitea to v3.5.0 (#10) Co-authored-by: Renovate Bot <renovate@mgrote.net> Co-committed-by: Renovate Bot <renovate@mgrote.net> ffd d chore(deps): update docker docker tag to v27.1.1 (#11) Co-authored-by: Renovate Bot <renovate@mgrote.net> Co-committed-by: Renovate Bot <renovate@mgrote.net> ff f dd dd ff dsfsa dd chore(deps): update dependency pykeepass to v4.1.0 (#12) Co-authored-by: Renovate Bot <renovate@mgrote.net> Co-committed-by: Renovate Bot <renovate@mgrote.net> H
This commit is contained in:
commit
73c15af7b4
6 changed files with 192 additions and 0 deletions
61
.woodpecker/build.yml
Normal file
61
.woodpecker/build.yml
Normal file
|
@ -0,0 +1,61 @@
|
|||
---
|
||||
depends_on:
|
||||
- lint
|
||||
|
||||
clone:
|
||||
git:
|
||||
image: "woodpeckerci/plugin-git:2.5.1"
|
||||
settings:
|
||||
depth: 9999 # wird benötigt um die Commits zählen zu können
|
||||
lfs: false
|
||||
partial: false
|
||||
|
||||
steps:
|
||||
set_variables:
|
||||
image: "registry.mgrote.net/allzweckcontainer:latest"
|
||||
commands:
|
||||
# set version
|
||||
- |
|
||||
MAJOR="1"
|
||||
MINOR="0"
|
||||
PATCH="$(git rev-list --count "$CI_COMMIT_BRANCH")"
|
||||
VERSION="v$MAJOR.$MINOR.$PATCH"
|
||||
if [ "$CI_COMMIT_BRANCH" != "main" ] && [ "$CI_COMMIT_BRANCH" != "master" ]; then
|
||||
VERSION=$VERSION-dev
|
||||
fi
|
||||
echo "VERSION=$VERSION" >> .variables
|
||||
# set date
|
||||
- |
|
||||
DATE=$(date --iso-8601=seconds)
|
||||
echo "DATE=$DATE" >> .variables
|
||||
when:
|
||||
- event: [push, pull_request, cron, manual]
|
||||
evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'
|
||||
|
||||
build_and_push: # damit dieser Step laufen kann muss das Repo in der Woodpecker-GUI "privilegiert" sein
|
||||
image: "docker:27.1.1"
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
commands:
|
||||
- cat .variables
|
||||
- source .variables
|
||||
# https://unix.stackexchange.com/questions/748633/error-multiple-platforms-feature-is-currently-not-supported-for-docker-driver
|
||||
- docker buildx create --use --platform=linux/amd64 --name multi-platform-builder
|
||||
- docker buildx inspect --bootstrap
|
||||
- |
|
||||
docker buildx build \
|
||||
--platform=linux/amd64 \
|
||||
--push \
|
||||
--tag registry.mgrote.net/${CI_REPO_NAME}:${CI_COMMIT_SHA:0:8} \
|
||||
--tag registry.mgrote.net/${CI_REPO_NAME}:${CI_COMMIT_BRANCH} \
|
||||
--tag registry.mgrote.net/${CI_REPO_NAME}:latest \
|
||||
--tag registry.mgrote.net/${CI_REPO_NAME}:$VERSION \
|
||||
--label org.opencontainers.image.url=$CI_REPO_URL \
|
||||
--label org.opencontainers.image.source=$CI_REPO_URL \
|
||||
--label org.opencontainers.image.revision=$CI_COMMIT_SHA \
|
||||
--label org.opencontainers.image.created=$DATE \
|
||||
--file Dockerfile .
|
||||
when:
|
||||
- event: [push, pull_request, cron, manual]
|
||||
evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'
|
||||
...
|
33
.woodpecker/lint.yml
Normal file
33
.woodpecker/lint.yml
Normal file
|
@ -0,0 +1,33 @@
|
|||
---
|
||||
steps:
|
||||
gitleaks:
|
||||
image: zricethezav/gitleaks:v8.18.4
|
||||
commands:
|
||||
- gitleaks detect --no-git --verbose --source $CI_WORKSPACE
|
||||
when:
|
||||
- event: [push, pull_request, cron]
|
||||
evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'
|
||||
|
||||
hadolint:
|
||||
image: pipelinecomponents/hadolint:0.26.4
|
||||
commands:
|
||||
- hadolint Dockerfile
|
||||
when:
|
||||
- event: [push, pull_request, cron]
|
||||
evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'
|
||||
|
||||
shellcheck:
|
||||
image: "koalaman/shellcheck-alpine:v0.10.0"
|
||||
commands:
|
||||
- |
|
||||
find . -type f -not -path './.git/*' -not -path './collections/*' -exec file {} \; | while IFS= read -r line; do
|
||||
if echo "$line" | grep -q "shell script"; then
|
||||
file_path=$(echo "$line" | awk -F':' '{print $1}')
|
||||
shellcheck "$file_path"
|
||||
fi
|
||||
done
|
||||
when:
|
||||
- event: [push, pull_request, cron]
|
||||
evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'
|
||||
#ss
|
||||
...
|
39
Dockerfile
Normal file
39
Dockerfile
Normal file
|
@ -0,0 +1,39 @@
|
|||
FROM python:3.12.4-bookworm
|
||||
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
WORKDIR /
|
||||
COPY requirements.txt .
|
||||
COPY requirements.yaml .
|
||||
|
||||
# hadolint ignore=DL3013
|
||||
RUN python3 -m pip install --no-cache-dir --upgrade pip \
|
||||
&& python3 -m pip install --no-cache-dir -r requirements.txt
|
||||
|
||||
RUN ansible-galaxy install -r requirements.yaml --roles-path=/ansible/roles
|
||||
|
||||
# hadolint ignore=DL3008
|
||||
RUN apt-get update \
|
||||
&& apt-get -y --no-install-recommends install \
|
||||
vim \
|
||||
tmux \
|
||||
htop \
|
||||
git \
|
||||
dnsutils \
|
||||
mc \
|
||||
ca-certificates \
|
||||
tree \
|
||||
wget \
|
||||
curl \
|
||||
whois \
|
||||
net-tools \
|
||||
apt-transport-https \
|
||||
moreutils \
|
||||
acl \
|
||||
ripgrep \
|
||||
pwgen \
|
||||
keychain \
|
||||
bc \
|
||||
jq \
|
||||
&& rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/* requirements.txt requirements.yaml\
|
||||
&& apt-get clean
|
13
renovate.json
Normal file
13
renovate.json
Normal file
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": [
|
||||
":dependencyDashboard",
|
||||
":semanticPrefixFixDepsChoreOthers",
|
||||
":ignoreModulesAndTests",
|
||||
"group:monorepos",
|
||||
"group:recommended",
|
||||
"replacements:all",
|
||||
"workarounds:all",
|
||||
"mergeConfidence:all-badges"
|
||||
]
|
||||
}
|
4
requirements.txt
Normal file
4
requirements.txt
Normal file
|
@ -0,0 +1,4 @@
|
|||
pykeepass==4.1.0
|
||||
jmespath==1.0.1
|
||||
ansible==10.2.0
|
||||
ansible-dev-tools==24.7.2
|
42
requirements.yaml
Normal file
42
requirements.yaml
Normal file
|
@ -0,0 +1,42 @@
|
|||
collections:
|
||||
- name: community.general
|
||||
version: "9.2.0"
|
||||
- name: community.crypto
|
||||
version: "2.21.1"
|
||||
- name: ansible.posix
|
||||
version: "1.5.4"
|
||||
- name: community.docker
|
||||
version: "3.11.0"
|
||||
- name: viczem.keepass
|
||||
version: "0.7.5"
|
||||
roles:
|
||||
- name: ansible-role-bootstrap
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-bootstrap
|
||||
version: "7.0.2"
|
||||
- name: ansible-ufw
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-ufw
|
||||
version: "v4.1.13"
|
||||
- name: ansible-manage-lvm
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-manage-lvm
|
||||
version: "v0.2.12"
|
||||
- name: ansible-role-unattended-upgrades
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-unattended-upgrades
|
||||
version: "v4.6.0"
|
||||
- name: ansible-role-pip
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-pip
|
||||
version: "3.0.3"
|
||||
- name: ansible-role-nfs
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-nfs
|
||||
version: "2.0.0"
|
||||
- name: ansible-role-docker
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-docker
|
||||
version: "7.1.0"
|
||||
- name: ansible_role_ctop
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible_role_ctop
|
||||
version: "1.1.6"
|
||||
- name: ansible_role_gitea
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible_role_gitea
|
||||
version: "v3.5.0"
|
||||
- name: ansible-role-postgresql
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-postgresql
|
||||
version: "3.5.2"
|
Loading…
Reference in a new issue