diff --git a/.dockerignore b/.dockerignore index 9c9bd57..74a63f3 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1 +1,3 @@ -#*/ +* +!index* +!Caddyfile diff --git a/.github/actions/spelling/excludes.txt b/.github/actions/spelling/excludes.txt index d84bbd6..9d7f4d1 100644 --- a/.github/actions/spelling/excludes.txt +++ b/.github/actions/spelling/excludes.txt @@ -3,14 +3,14 @@ (?:^|/)(?i)LICEN[CS]E (?:^|/)(?i)third[-_]?party/ (?:^|/)3rdparty/ +(?:^|/)\.keep$ (?:^|/)generated/ (?:^|/)go\.sum$ (?:^|/)package(?:-lock|)\.json$ (?:^|/)Pipfile$ (?:^|/)pyproject.toml -(?:^|/|\b)requirements(?:-dev|-doc|-test|)\.txt$ (?:^|/)vendor/ -ignore$ +(?:^|/|\b)requirements(?:-dev|-doc|-test|)\.txt$ \.a$ \.ai$ \.all-contributorsrc$ @@ -82,3 +82,4 @@ ignore$ \.zip$ ^\.github/actions/spelling/ ^\Q.github/workflows/spelling.yml\E$ +ignore$ diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index 5f439e6..0e9e46c 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -1 +1,7 @@ Caddyfile +garnercorp +google +iam +jenkins +workflows +yml diff --git a/.github/actions/spelling/patterns.txt b/.github/actions/spelling/patterns.txt index 470a2df..52f4df6 100644 --- a/.github/actions/spelling/patterns.txt +++ b/.github/actions/spelling/patterns.txt @@ -8,6 +8,10 @@ gtag\(.*\) # https/http/file urls (?:\b(?:https?|ftp|file)://)[-A-Za-z0-9+&@#/*%?=~_|!:,.;]+[-A-Za-z0-9+&@#/*%=~_|] +# hit-count: 2 file-count: 1 +# GitHub actions +\buses:\s+[-\w.]+/[-\w./]+@[-\w.]+ + # Questionably acceptable forms of `in to` # Personally, I prefer `log into`, but people object # https://www.tprteaching.com/log-into-log-in-to-login/ @@ -53,3 +57,4 @@ gtag\(.*\) # ignore long runs of a single character: \b([A-Za-z])\g{-1}{3,}\b + diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..dbbad9e --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,91 @@ +name: Image CI +on: + push: + branches: + - main + pull_request: + +permissions: + contents: read + +env: + artifact_registry: us-central1-docker.pkg.dev + artifact_repository: polished-enigma-247013/images + image_name: maintenance + +concurrency: + group: ${{ github.workflow_ref }}-${{ github.actor }} + cancel-in-progress: true + +jobs: + image: + name: Build and Push Image + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + steps: + - name: Checkout for pushing to protected branch + uses: actions/checkout@v4 + id: checkout-protected + if: github.event_name == 'push' && github.ref_name == github.event.repository.default_branch + with: + ssh-key: "${{ secrets.CHECK_SPELLING }}" + + - name: Checkout + uses: actions/checkout@v4 + if: steps.checkout-protected.conclusion == 'skipped' + + - name: Authenticate to Google Cloud + id: auth-work-identity + uses: "google-github-actions/auth@v2" + with: + workload_identity_provider: "projects/552057127791/locations/global/workloadIdentityPools/github/providers/github" + service_account: "container-builder@helical-crowbar-220917.iam.gserviceaccount.com" + + - name: Get version + id: get-version + if: steps.checkout-protected.conclusion == 'skipped' + shell: bash + run: | + version=$(head -1 version) + echo "version=$version" >> $GITHUB_OUTPUT + - name: Bump version + id: bump-version + uses: garnercorp/build-actions/bump-version@main + if: steps.checkout-protected.conclusion != 'skipped' + with: + version-type: raw + version-file-path: version + git-name: "jenkins" + git-email: "jenkins@garnercorp.com" + major: changelogs/major + minor: changelogs/minor + + - name: Build and Push Docker Image + id: build + uses: garnercorp/build-actions/image@main + env: + version: ${{ steps.get-version.outputs.version || steps.bump-version.outputs.version }} + with: + container-registry: ${{ env.artifact_registry }} + container-project: ${{ secrets.PROJECT_ID }} + image-name: ${{ env.image_name }} + rc-tag: ${{ env.version }} + image-tag: ${{ env.version }} + additional-image-tags: | + ${{ env.artifact_registry }}/${{ env.artifact_repository }}/${{ env.image_name }}:rc-${{ github.sha }} + - name: Copy image to extra repositories + if: ${{ github.event_name == 'push' && github.ref_name == 'main' }} + uses: GarnerCorp/build-actions/copy-image@main + env: + rest: >- + ${{ steps.bump-version.outputs.version && format('images/{0}:prod-{1}', env.image_name, steps.bump-version.outputs.version) || + format('images/{0}:rc-{1}-{2}', env.image_name, steps.get-version.outputs.version, github.sha) }} + with: + source: ${{ steps.build.outputs.image }} + destinations: >- + ${{ format('{0}/{1}', secrets.ARTIFACT_REPOSITORY_1, env.rest) }} + ${{ format('{0}/{1}', secrets.ARTIFACT_REPOSITORY_2, env.rest) }} + ${{ format('{0}/{1}', secrets.ARTIFACT_REPOSITORY_3, env.rest) }} + ${{ format('{0}/{1}', secrets.ARTIFACT_REPOSITORY_4, env.rest) }} diff --git a/changelogs/major/.keep b/changelogs/major/.keep new file mode 100644 index 0000000..e69de29 diff --git a/changelogs/minor/.keep b/changelogs/minor/.keep new file mode 100644 index 0000000..e69de29 diff --git a/version b/version new file mode 100644 index 0000000..8a9ecc2 --- /dev/null +++ b/version @@ -0,0 +1 @@ +0.0.1 \ No newline at end of file