From d8a5b0919a96cd83a8b9652288d7f36f73653cbd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= <1005065+DeepDiver1975@users.noreply.github.com> Date: Fri, 27 Mar 2026 12:26:13 +0100 Subject: [PATCH] ci: use GitHub workflows --- .drone.star | 380 ------------------------------------ .github/dependabot.yml | 7 + .github/workflows/main.yml | 47 +++++ v20.04/Dockerfile.multiarch | 2 +- v22.04/Dockerfile.multiarch | 2 +- v24.04/Dockerfile.multiarch | 2 +- 6 files changed, 57 insertions(+), 383 deletions(-) delete mode 100644 .drone.star create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/main.yml diff --git a/.drone.star b/.drone.star deleted file mode 100644 index ecf0a47..0000000 --- a/.drone.star +++ /dev/null @@ -1,380 +0,0 @@ -DOCKER_PUSHRM_IMAGE = "docker.io/chko/docker-pushrm:1" -DRONE_DOCKER_BUILDX_IMAGE = "docker.io/owncloudci/drone-docker-buildx:4" - -def main(ctx): - versions = [ - { - "value": "24.04", - "tags": ["noble"], - }, - { - "value": "22.04", - "tags": ["jammy"], - }, - { - "value": "20.04", - "tags": ["focal"], - }, - ] - - config = { - "version": None, - "description": "ownCloud PHP and webserver base image", - "repo": ctx.repo.name, - } - - stages = [] - shell = [] - linter = lint(config) - - for version in versions: - config["version"] = version - config["version"]["path"] = "v%s" % config["version"]["value"] - - shell.extend(shellcheck(config)) - inner = [] - - config["internal"] = "%s-%s-%s" % (ctx.build.commit, "${DRONE_BUILD_NUMBER}", config["version"]["path"]) - config["version"]["tags"] = version.get("tags", []) - config["version"]["tags"].append(config["version"]["value"]) - - d = docker(config) - d["depends_on"].append(linter["name"]) - inner.append(d) - - stages.extend(inner) - - linter["steps"].extend(shell) - - after = [ - documentation(config), - rocketchat(config), - ] - - for s in stages: - for a in after: - a["depends_on"].append(s["name"]) - - return [linter] + stages + after - -def docker(config): - return { - "kind": "pipeline", - "type": "docker", - "name": "%s" % (config["version"]["path"]), - "platform": { - "os": "linux", - "arch": "amd64", - }, - "steps": steps(config), - "volumes": volumes(config), - "depends_on": [], - "trigger": { - "ref": [ - "refs/heads/master", - "refs/pull/**", - ], - }, - } - -def documentation(config): - return { - "kind": "pipeline", - "type": "docker", - "name": "documentation", - "platform": { - "os": "linux", - "arch": "amd64", - }, - "steps": [ - { - "name": "link-check", - "image": "ghcr.io/tcort/markdown-link-check:stable", - "commands": [ - "/src/markdown-link-check README.md", - ], - }, - { - "name": "publish", - "image": DOCKER_PUSHRM_IMAGE, - "environment": { - "DOCKER_PASS": { - "from_secret": "public_password", - }, - "DOCKER_USER": { - "from_secret": "public_username", - }, - "PUSHRM_FILE": "README.md", - "PUSHRM_TARGET": "owncloud/%s" % config["repo"], - "PUSHRM_SHORT": config["description"], - }, - "when": { - "ref": [ - "refs/heads/master", - ], - }, - }, - ], - "depends_on": [], - "trigger": { - "ref": [ - "refs/heads/master", - "refs/tags/**", - "refs/pull/**", - ], - }, - } - -def rocketchat(config): - return { - "kind": "pipeline", - "type": "docker", - "name": "rocketchat", - "platform": { - "os": "linux", - "arch": "amd64", - }, - "clone": { - "disable": True, - }, - "steps": [ - { - "name": "notify", - "image": "docker.io/plugins/slack", - "failure": "ignore", - "settings": { - "webhook": { - "from_secret": "rocketchat_talk_webhook", - }, - "channel": { - "from_secret": "rocketchat_talk_channel", - }, - }, - }, - ], - "depends_on": [], - "trigger": { - "ref": [ - "refs/heads/master", - "refs/tags/**", - ], - "status": [ - "changed", - "failure", - ], - }, - } - -def prepublish(config): - return [ - { - "name": "prepublish", - "image": DRONE_DOCKER_BUILDX_IMAGE, - "settings": { - "username": { - "from_secret": "internal_username", - }, - "password": { - "from_secret": "internal_password", - }, - "tags": config["internal"], - "secrets": ["id=mirror-auth\\\\,src=/drone/src/mirror-auth", "id=mirror-url\\\\,src=/drone/src/mirror-url"], - "dockerfile": "%s/Dockerfile.multiarch" % (config["version"]["path"]), - "repo": "registry.drone.owncloud.com/owncloud/%s" % config["repo"], - "registry": "registry.drone.owncloud.com", - "context": config["version"]["path"], - "purge": False, - }, - "environment": { - "BUILDKIT_NO_CLIENT_TOKEN": True, - }, - }, - ] - -def sleep(config): - return [ - { - "name": "sleep", - "image": "docker.io/owncloudci/alpine", - "environment": { - "DOCKER_USER": { - "from_secret": "internal_username", - }, - "DOCKER_PASSWORD": { - "from_secret": "internal_password", - }, - }, - "commands": [ - "regctl registry login registry.drone.owncloud.com --user $DOCKER_USER --pass $DOCKER_PASSWORD", - "retry -- 'regctl image digest registry.drone.owncloud.com/owncloud/%s:%s'" % (config["repo"], config["internal"]), - ], - }, - ] - -# container vulnerability scanning, see: https://github.com/aquasecurity/trivy -def trivy(config): - return [ - { - "name": "trivy-presets", - "image": "docker.io/owncloudci/alpine", - "commands": [ - 'retry -t 3 -s 5 -- "curl -sSfL https://github.com/owncloud-docker/trivy-presets/archive/refs/heads/main.tar.gz | tar xz --strip-components=2 trivy-presets-main/base/"', - ], - }, - { - "name": "trivy-scan", - "image": "ghcr.io/aquasecurity/trivy", - "environment": { - "TRIVY_AUTH_URL": "https://registry.drone.owncloud.com", - "TRIVY_USERNAME": { - "from_secret": "internal_username", - }, - "TRIVY_PASSWORD": { - "from_secret": "internal_password", - }, - "TRIVY_NO_PROGRESS": True, - "TRIVY_IGNORE_UNFIXED": True, - "TRIVY_TIMEOUT": "5m", - "TRIVY_EXIT_CODE": "1", - "TRIVY_SEVERITY": "HIGH,CRITICAL", - "TRIVY_SKIP_FILES": "/usr/bin/gomplate,/usr/bin/wait-for", - }, - "commands": [ - "trivy -v", - "trivy image registry.drone.owncloud.com/owncloud/%s:%s" % (config["repo"], config["internal"]), - ], - }, - ] - -def publish(config): - return [ - { - "name": "publish", - "image": DRONE_DOCKER_BUILDX_IMAGE, - "settings": { - "username": { - "from_secret": "public_username", - }, - "password": { - "from_secret": "public_password", - }, - "platforms": [ - "linux/amd64", - "linux/arm64", - ], - "tags": config["version"]["tags"], - "secrets": ["id=mirror-auth\\\\,src=/drone/src/mirror-auth", "id=mirror-url\\\\,src=/drone/src/mirror-url"], - "dockerfile": "%s/Dockerfile.multiarch" % (config["version"]["path"]), - "repo": "owncloud/%s" % config["repo"], - "context": config["version"]["path"], - "pull_image": False, - }, - "when": { - "ref": [ - "refs/heads/master", - ], - }, - }, - ] - -def setup(config): - return [ - { - "name": "setup", - "image": "docker.io/owncloudci/alpine", - "failure": "ignore", - "environment": { - "DEB_MIRROR_URL": { - "from_secret": "DEB_MIRROR_URL", - }, - "DEB_MIRROR_LOGIN": { - "from_secret": "DEB_MIRROR_LOGIN", - }, - "DEB_MIRROR_PWD": { - "from_secret": "DEB_MIRROR_PWD", - }, - }, - "commands": [ - 'echo "machine $DEB_MIRROR_URL login $DEB_MIRROR_LOGIN password $DEB_MIRROR_PWD" > mirror-auth', - 'echo "$DEB_MIRROR_URL" > mirror-url', - ], - }, - ] - -def cleanup(config): - return [ - { - "name": "cleanup", - "image": "docker.io/owncloudci/alpine", - "failure": "ignore", - "environment": { - "DOCKER_USER": { - "from_secret": "internal_username", - }, - "DOCKER_PASSWORD": { - "from_secret": "internal_password", - }, - }, - "commands": [ - "rm -f mirror-auth", - "rm -f mirror-url", - "regctl registry login registry.drone.owncloud.com --user $DOCKER_USER --pass $DOCKER_PASSWORD", - "regctl tag rm registry.drone.owncloud.com/owncloud/%s:%s" % (config["repo"], config["internal"]), - ], - "when": { - "status": [ - "success", - "failure", - ], - }, - }, - ] - -def volumes(config): - return [ - { - "name": "docker", - "temp": {}, - }, - ] - -def lint(config): - return { - "kind": "pipeline", - "type": "docker", - "name": "lint", - "steps": [ - { - "name": "starlark-format", - "image": "docker.io/owncloudci/bazel-buildifier", - "commands": [ - "buildifier -d -diff_command='diff -u' .drone.star", - ], - }, - { - "name": "editorconfig-format", - "image": "docker.io/mstruebing/editorconfig-checker", - }, - ], - "depends_on": [], - "trigger": { - "ref": [ - "refs/heads/master", - "refs/pull/**", - ], - }, - } - -def shellcheck(config): - return [ - { - "name": "shellcheck-%s" % (config["version"]["path"]), - "image": "docker.io/koalaman/shellcheck-alpine:stable", - "commands": [ - "grep -ErlI '^#!(.*/|.*env +)(sh|bash|ksh)' %s/overlay/ | xargs -r shellcheck" % (config["version"]["path"]), - ], - }, - ] - -def steps(config): - return setup(config) + prepublish(config) + sleep(config) + trivy(config) + publish(config) + cleanup(config) diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..00b49a4 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" # Location of package manifests + schedule: + interval: "weekly" + diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..0625e3f --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,47 @@ +name: Docker CI + +on: + push: + branches: [master] + tags: ["*"] + pull_request: + schedule: + - cron: 0 0 * * 0 + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + + - uses: editorconfig-checker/action-editorconfig-checker@840e866d93b8e032123c23bac69dece044d4d84c + + - run: editorconfig-checker + + build: + needs: lint + uses: owncloud-docker/ubuntu/.github/workflows/docker-build.yml@master + with: + docker-repo-name: owncloud/${{ github.event.repository.name }} + docker-tag: ${{ matrix.version.value }} + docker-context: v${{ matrix.version }} + docker-file: v${{ matrix.version }}/Dockerfile.multiarch + docker-hub-username: ${{ vars.DOCKERHUB_USERNAME }} + push: ${{ github.ref == 'refs/heads/master' }} + secrets: + docker-hub-password: ${{ secrets.DOCKERHUB_TOKEN }} + + strategy: + matrix: + version: ["20.04", "22.04", "24.04"] + + update-docker-hub-description: + needs: build + if: github.ref == 'refs/heads/master' + uses: owncloud-docker/ubuntu/.github/workflows/docker-hub-desc.yml@master + with: + docker-repo-name: owncloud/${{ github.event.repository.name }} + docker-repo-description: ownCloud PHP and webserver base image + docker-hub-username: ${{ vars.DOCKERHUB_USERNAME }} + secrets: + docker-hub-password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/v20.04/Dockerfile.multiarch b/v20.04/Dockerfile.multiarch index 05fc390..fb9ec7e 100644 --- a/v20.04/Dockerfile.multiarch +++ b/v20.04/Dockerfile.multiarch @@ -1,4 +1,4 @@ -FROM docker.io/owncloud/ubuntu:20.04@sha256:32f1f7cc0aa436f8b5220437b6e26c9424485ac310f3e71ea73eaeffcabe4d45 +FROM owncloud/ubuntu:20.04@sha256:435fd6ab43a16f51e3d0ccce52bace9b508d34eeb28ee97a07384344ec80cfd7 LABEL maintainer="ownCloud GmbH " \ org.opencontainers.image.authors="ownCloud DevOps " \ diff --git a/v22.04/Dockerfile.multiarch b/v22.04/Dockerfile.multiarch index 2bf758d..b2ec767 100644 --- a/v22.04/Dockerfile.multiarch +++ b/v22.04/Dockerfile.multiarch @@ -1,4 +1,4 @@ -FROM docker.io/owncloud/ubuntu:22.04@sha256:ec32568354f644f822dc8918fc3f620d3c3b058a5c37acfd6fbbc4f1387de48a +FROM owncloud/ubuntu:22.04@sha256:339ac00c403e94583fb4a7bc889104306c5c915c98c7669f7fcff006904f3f03 LABEL maintainer="ownCloud GmbH " \ org.opencontainers.image.authors="ownCloud DevOps " \ diff --git a/v24.04/Dockerfile.multiarch b/v24.04/Dockerfile.multiarch index cbf915c..df5a1e1 100644 --- a/v24.04/Dockerfile.multiarch +++ b/v24.04/Dockerfile.multiarch @@ -1,4 +1,4 @@ -FROM owncloud/ubuntu:24.04@sha256:a4f3663b7ba9c2b37842f41d6ceff2e65b162fedd074270b15fd69c20d3c8ee3 +FROM owncloud/ubuntu:24.04@sha256:8cff39fc52f7f61d6c33c5907a807dcf2fdeef76670a6b20798c4f8a89a8e176 LABEL maintainer="ownCloud GmbH " \ org.opencontainers.image.authors="wnCloud DevOps " \