diff --git a/.config/cspell.json b/.config/cspell.json new file mode 100644 index 0000000..0d31e71 --- /dev/null +++ b/.config/cspell.json @@ -0,0 +1,54 @@ +{ + "version": "0.2", + "language": "en", + "words": [ + "cpus", + "Hapag", + "Infracost", + "javadoc", + "javadocs", + "oidc", + "Repology", + "sonatype", + "tflint", + "tfsec" + ], + "ignoreWords": [ + "Buildx", + "DOCKERHUB", + "amannn", + "aquasecurity", + "automerge", + "automerged", + "buildcache", + "buildx", + "codeowners", + "codeql", + "conventionalcommits", + "datasource", + "dorny", + "hadolint", + "hlag", + "hmarr", + "ibiqlik", + "kayma", + "kayman", + "ludeeus", + "markdownlint", + "mktemp", + "nullglob", + "ossrh", + "pascalfrenz", + "releaserc", + "rhysd", + "ruleset", + "sarif", + "shellcheck", + "shuf", + "shunsuke", + "signoff", + "temurin", + "tfstate", + "vuln" + ] +} diff --git a/.config/markdownlint.yml b/.config/markdownlint.yml new file mode 100644 index 0000000..5ed51f8 --- /dev/null +++ b/.config/markdownlint.yml @@ -0,0 +1,12 @@ +--- +# Default state for all rules +default: true + +# MD013/line-length - Line length +MD013: + # Number of characters + line_length: 132 + # Number of characters for headings + heading_line_length: 132 + # Number of characters for code blocks + code_block_line_length: 132 diff --git a/.config/yamllint.yml b/.config/yamllint.yml new file mode 100644 index 0000000..25e3962 --- /dev/null +++ b/.config/yamllint.yml @@ -0,0 +1,8 @@ +--- +extends: default + +rules: + line-length: + max: 132 + comments: + min-spaces-from-content: 1 # Renovate uses 1 space only diff --git a/.github/.pre-commit-config.yaml b/.github/.pre-commit-config.yaml new file mode 100644 index 0000000..b6dfba6 --- /dev/null +++ b/.github/.pre-commit-config.yaml @@ -0,0 +1,21 @@ +--- +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.1.0 + hooks: + - id: fix-byte-order-marker + - id: check-added-large-files + args: + - "--maxkb=20" + - id: check-case-conflict + - id: check-yaml + - id: check-json + - id: end-of-file-fixer + - id: trailing-whitespace + - id: mixed-line-ending + - id: check-merge-conflict + - id: check-shebang-scripts-are-executable + - repo: https://github.com/pre-commit/mirrors-prettier + rev: v2.6.0 + hooks: + - id: prettier diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..d6e1c87 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,4 @@ +* @hapag-lloyd/organization-defaults + +# license file shouldn't be changed and needs to be reviewed by lawyers +LICENSE @hapag-lloyd/organization-defaults diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 0000000..01223a5 --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1,25 @@ +# Contribution guide + +We appreciate your thought to contribute to open source. :heart: We want to make contributing as easy as possible. You are welcome to: + +- Report a bug +- Discuss the current state of the code +- Submit a fix +- Propose new features + +We use [Github Flow](https://guides.github.com/introduction/flow/index.html), so all code changes happen through pull +requests. We actively welcome your pull requests: + +1. Fork the repo and create your branch from `main`. +2. If you've added code, check one of the examples. +3. Make sure your code lints. +4. Raise a pull request. + +## Documentation + +We use [pre-commit](https://pre-commit.com/) for some default checks which are fast and find the most common errors. + +## License + +By contributing, you agree that your contributions will be licensed under the license available at +[LICENSE](blob/main/LICENSE). diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..1dd2b61 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,32 @@ +--- +name: Bug report +about: Found a bug? Report it! +title: '' +labels: new, bug +assignees: '' +--- + + + +# Describe the bug + +A clear and concise description of what the bug is. + +# To Reproduce + +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +# Expected behavior + +A clear and concise description of what you expected to happen. + +# Additional context + +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..437c9db --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,39 @@ +--- +name: Feature Request +about: Propose a new feature +title: '' +labels: new, enhancement +assignees: '' +--- + +# Describe the solution you'd like + + + +# Describe alternatives you've considered + + + +# Suggest a solution + + + +# Additional context + + diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..11d70f3 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,21 @@ +# Description + +What is the overall goal of your PR? Which problem does it solve? Please also include relevant motivation and context. +List any dependencies that are required for this change. + +Fixes #(issue number) + +# Migrations required + +yes: please describe the migration +no: please delete the whole paragraph + +# Verification + +Please describe the test cases you used to verify your code. Did you check the change in your environment? + +# Checklist + +- [ ] My code follows the style guidelines of the project +- [ ] I have performed a self-review of my own code +- [ ] I have made corresponding changes to the documentation diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 0000000..f088a2d --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,4 @@ +{ + $schema: "https://docs.renovatebot.com/renovate-schema.json", + extends: ["github>Hapag-Lloyd/Renovate-Global-Configuration"], +} diff --git a/.github/update_init_branches.sh b/.github/update_init_branches.sh new file mode 100755 index 0000000..0b45f6f --- /dev/null +++ b/.github/update_init_branches.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +set -euo pipefail + +# +# This script rebases all init branches on the main branch. +# + +git checkout main +git pull + +# for all init branches +for branch in $(git branch --list "init-*"); do + git checkout "$branch" + git merge main + git push +done diff --git a/.github/update_templates.sh b/.github/update_templates.sh new file mode 100755 index 0000000..7604314 --- /dev/null +++ b/.github/update_templates.sh @@ -0,0 +1,109 @@ +#!/usr/bin/env bash +set -euo pipefail + +# +# This script updates the current repository with the latest version of the templates. It creates a new branch and a pull request. +# + +function ensure_dependencies_or_exit() { + if ! command -v gh &> /dev/null; then + echo "gh is not installed. Please install it from https://cli.github.com/" + exit 1 + fi +} + +function ensure_repo_preconditions_or_exit() { + # ensure main branch + if [ "$(git branch --show-current)" != "main" ]; then + echo "The current branch is not main. Please switch to the main branch." + exit 1 + fi + + # ensure a clean working directory + if [ -n "$(git status --porcelain)" ]; then + echo "The working directory is not clean. Please use a clean copy so no unintended changes are merged." + exit 1 + fi +} + +function create_and_show_pr_for_init_branch() { + local branch_name=$1 + + if git branch | grep -q "$branch_name"; then + git checkout "$branch_name" + + title=$(head -n1 pr-description.md) + body=$(tail -n2 pr-description.md) + + rm pr-description.md + git add . + git commit -m "remove the PR description" + git push + + gh pr create --title "$title" --body "$body" --base main --head "$branch_name" + gh pr view --web + fi +} + +ensure_dependencies_or_exit +ensure_repo_preconditions_or_exit + +latest_template_path=$(mktemp -d -t repository-template-XXXXX) +new_branch_name=$(basename "$latest_template_path") + +# clone the default branch to get the latest version of the template files +gh repo clone https://github.com/Hapag-Lloyd/Repository-Template-Maven.git "$latest_template_path" + +# create a new branch to update the templates +git checkout -b "$new_branch_name" + +# update issue templates +cp -r "$latest_template_path/.github/ISSUE_TEMPLATE" .github/ + +# update pull request template +cp "$latest_template_path/.github/PULL_REQUEST_TEMPLATE.md" .github/ + +# update contributing guidelines +cp "$latest_template_path/.github/CONTRIBUTING.md" .github/ + +# update the update scripts +cp "$latest_template_path/.github"/update_*.sh .github/ + +# create a commit, push it and open a pull request +git add .github +git commit -m "chore: update project templates" +git push --set-upstream origin "$new_branch_name" + +gh pr create --title "chore: update project templates" --body "This PR updates the project templates." --base main --head "$new_branch_name" + +echo "The project templates have been updated. Please review and merge the pull request." +gh pr view --web + +# create PR to initialize the CODEOWNERS file +branch_name="kayma/init-codeowners" + +if git branch | grep -q "$branch_name"; then + git checkout "$branch_name" + + title=$(head -n1 pr-description.md) + body=$(tail -n2 pr-description.md) + + rm pr-description.md + git add . + git commit -m "remove the PR description" + git push + + gh pr create --title "$title" --body "$body" --base main --head "$branch_name" + gh pr view --web +fi + +# initialize the LICENSE and CODEOWNERS file + +# find all init- branches +init_branches=$(git branch | grep "init-") + +for init_branch in $init_branches; do + create_and_show_pr_for_init_branch "$init_branch" +done + +rm -rf "$latest_template_path" diff --git a/.github/update_workflows.sh b/.github/update_workflows.sh new file mode 100755 index 0000000..98dbf64 --- /dev/null +++ b/.github/update_workflows.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash + +# +# This script updates the current repository with the latest version of the workflows. It creates a new branch and a pull request. +# + +function ensure_dependencies_or_exit() { + if ! command -v gh &> /dev/null; then + echo "gh is not installed. Please install it from https://cli.github.com/" + exit 1 + fi +} + +function ensure_repo_preconditions_or_exit() { + # ensure main branch + if [ "$(git branch --show-current)" != "main" ]; then + echo "The current branch is not main. Please switch to the main branch." + exit 1 + fi + + # ensure a clean working directory + if [ -n "$(git status --porcelain)" ]; then + echo "The working directory is not clean. Please use a clean copy so no unintended changes are merged." + exit 1 + fi +} + +ensure_dependencies_or_exit +ensure_repo_preconditions_or_exit + +current_directory=$(pwd) +latest_workflows_path=$(mktemp -d -t workflow-template-XXXXX) + +gh repo clone https://github.com/Hapag-Lloyd/Workflow-Templates.git "$latest_workflows_path" + +# update the workflows +( + cd "$latest_workflows_path" || exit 7 + + ./update-workflows.sh "$current_directory" docker +) + +rm -rf "$latest_workflows_path" diff --git a/.github/workflows/dockerhub_release.yml b/.github/workflows/dockerhub_release.yml new file mode 100644 index 0000000..ab69ddc --- /dev/null +++ b/.github/workflows/dockerhub_release.yml @@ -0,0 +1,33 @@ +--- +name: Build & Push Docker Image + +# Only builds the image if a release was created. +# This guarantees the commit is tagged and on main branch. +# (see https://docs.github.com/en/repositories/releasing-projects-on-github/about-releases) + +# yamllint disable-line rule:truthy +on: + # don't run this workflow initially. we have an init-branch to fix that + workflow_dispatch: + +jobs: + default: + # yamllint disable-line rule:line-length + uses: Hapag-Lloyd/Workflow-Templates/.github/workflows/docker_dockerhub_release_callable.yml@733afe1105fc85fafc25cddbc3c34b48c2c3d6fa + secrets: inherit + with: + # TODO insert correct value for image-name + # type: string + # required: true + # description: Name of the image. Usually it is sensible to set this to the repository name + image-name: "my-special-value" + # TODO insert correct value for push + # type: boolean + # required: false + # description: Flag to enable the workflow to actually push the built image to the registry + push: "my-special-value" + # TODO insert correct value for upload-security-scan-results + # type: boolean + # required: false + # description: Upload results of trivy scan of docker image to Github Security page + upload-security-scan-results: "my-special-value" diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml new file mode 100644 index 0000000..ba60799 --- /dev/null +++ b/.github/workflows/linter.yml @@ -0,0 +1,11 @@ +--- +name: Lint files + +# yamllint disable-line rule:truthy +on: + pull_request: + +jobs: + default: + uses: Hapag-Lloyd/Workflow-Templates/.github/workflows/default_linter_callable.yml@733afe1105fc85fafc25cddbc3c34b48c2c3d6fa + secrets: inherit diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml new file mode 100644 index 0000000..35b6ce0 --- /dev/null +++ b/.github/workflows/pull_request.yml @@ -0,0 +1,18 @@ +--- +name: "Pull Request" + +# yamllint disable-line rule:truthy +on: + pull_request_target: + types: + - opened + - edited + - synchronize + branches-ignore: + - "release-please--branches--*" + +jobs: + default: + # yamllint disable-line rule:line-length + uses: Hapag-Lloyd/Workflow-Templates/.github/workflows/default_pull_request_callable.yml@733afe1105fc85fafc25cddbc3c34b48c2c3d6fa + secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..fe90816 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,14 @@ +--- +name: Release + +# yamllint disable-line rule:truthy +on: + push: + branches: + - main + +jobs: + default: + # using a GitHub only release here. Use .github/update_workflows.sh to switch to a Docker release + uses: Hapag-Lloyd/Workflow-Templates/.github/workflows/default_release_callable.yml@733afe1105fc85fafc25cddbc3c34b48c2c3d6fa + secrets: inherit diff --git a/.github/workflows/release_dry_run.yml b/.github/workflows/release_dry_run.yml new file mode 100644 index 0000000..19ada4a --- /dev/null +++ b/.github/workflows/release_dry_run.yml @@ -0,0 +1,14 @@ +--- +name: Release Test + +# yamllint disable-line rule:truthy +on: + push: + branches: + - release-dry-run + +jobs: + default: + # yamllint disable-line rule:line-length + uses: Hapag-Lloyd/Workflow-Templates/.github/workflows/default_release_dry_run_callable.yml@733afe1105fc85fafc25cddbc3c34b48c2c3d6fa + secrets: inherit diff --git a/.github/workflows/renovate_auto_approve.yml b/.github/workflows/renovate_auto_approve.yml new file mode 100644 index 0000000..a8675ba --- /dev/null +++ b/.github/workflows/renovate_auto_approve.yml @@ -0,0 +1,12 @@ +--- +name: Approve all Renovate PRs automatically + +# yamllint disable-line rule:truthy +on: + pull_request_target + +jobs: + default: + # yamllint disable-line rule:line-length + uses: Hapag-Lloyd/Workflow-Templates/.github/workflows/default_renovate_auto_approve_callable.yml@733afe1105fc85fafc25cddbc3c34b48c2c3d6fa + secrets: inherit diff --git a/.github/workflows/slash_ops_command_help.yml b/.github/workflows/slash_ops_command_help.yml new file mode 100644 index 0000000..a4008cd --- /dev/null +++ b/.github/workflows/slash_ops_command_help.yml @@ -0,0 +1,14 @@ +--- +name: Execute ChatOps command + +# yamllint disable-line rule:truthy +on: + repository_dispatch: + types: + - help-command + +jobs: + default: + # yamllint disable-line rule:line-length + uses: Hapag-Lloyd/Workflow-Templates/.github/workflows/default_slash_ops_command_help_callable.yml@733afe1105fc85fafc25cddbc3c34b48c2c3d6fa + secrets: inherit diff --git a/.github/workflows/slash_ops_comment_dispatch.yml b/.github/workflows/slash_ops_comment_dispatch.yml new file mode 100644 index 0000000..f32c9ec --- /dev/null +++ b/.github/workflows/slash_ops_comment_dispatch.yml @@ -0,0 +1,14 @@ +--- +name: PR commented + +# yamllint disable-line rule:truthy +on: + issue_comment: + types: + - created + +jobs: + default: + # yamllint disable-line rule:line-length + uses: Hapag-Lloyd/Workflow-Templates/.github/workflows/default_slash_ops_comment_dispatch_callable.yml@733afe1105fc85fafc25cddbc3c34b48c2c3d6fa + secrets: inherit diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml new file mode 100644 index 0000000..f6c3e48 --- /dev/null +++ b/.github/workflows/spelling.yml @@ -0,0 +1,11 @@ +--- +name: "Check spelling" + +# yamllint disable-line rule:truthy +on: + pull_request: + +jobs: + default: + uses: Hapag-Lloyd/Workflow-Templates/.github/workflows/default_spelling_callable.yml@733afe1105fc85fafc25cddbc3c34b48c2c3d6fa + secrets: inherit diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000..2a0ac62 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,12 @@ +--- +name: "Close stale issues and PRs" + +# yamllint disable-line rule:truthy +on: + schedule: + - cron: "25 2 * * *" + +jobs: + default: + uses: Hapag-Lloyd/Workflow-Templates/.github/workflows/default_stale_callable.yml@733afe1105fc85fafc25cddbc3c34b48c2c3d6fa + secrets: inherit diff --git a/.github/workflows/welcome_message.yml b/.github/workflows/welcome_message.yml new file mode 100644 index 0000000..b4941b4 --- /dev/null +++ b/.github/workflows/welcome_message.yml @@ -0,0 +1,14 @@ +--- +name: PR opened + +# yamllint disable-line rule:truthy +on: + pull_request_target: + types: + - opened + +jobs: + default: + # yamllint disable-line rule:line-length + uses: Hapag-Lloyd/Workflow-Templates/.github/workflows/default_welcome_message_callable.yml@733afe1105fc85fafc25cddbc3c34b48c2c3d6fa + secrets: inherit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..65b01b3 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +# IntelliJ +.idea/ +*.iml + diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c35f1b5 --- /dev/null +++ b/Dockerfile @@ -0,0 +1 @@ +FROM scratch diff --git a/README.md b/README.md index a73b53c..98a7ea8 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,33 @@ # Repository-Template-Docker -Template repository for Docker projects + +Template repository for Docker projects which are published on [DockerHub](https://hub.docker.com/r/hlag). Don't forget to update +the README.md file with the project information and initially run + +```shell +git checkout main +.github/update_templates.sh + +# strongly suggested! +pre-commit install -c .github/pre-commit-config.yaml +``` + +In case a major release is published on the Workflow-Template repository, run `.github/update_workflows.sh`. This creates a PR +with the changes in the workflows. Carefully check the changes and merge them into the `main` branch. + +## Development + +### Usage + +This repository is used as a template repository for new Docker projects. Thus the newly created repository will have the same +structure and configurations as this one. + +After merging into the `main` branch, use `.github/update_init_branches.sh` to merge these changes into the `init-` branches as +well. + +### `init-` branches + +The `init-` branches are used to initialize the project with the necessary files and configurations. Create them in this repository +and add a `pr-description.md` file with the description of the changes to be made. The first line contains the title of the PR +followed by a blank line and then the description. + +Never merge these branches directly into the `main` branch.