diff --git a/.gitea/CODEOWNERS b/.gitea/CODEOWNERS new file mode 100644 index 0000000..e286c1e --- /dev/null +++ b/.gitea/CODEOWNERS @@ -0,0 +1 @@ +* @luke diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml new file mode 100644 index 0000000..884766c --- /dev/null +++ b/.gitea/workflows/ci.yml @@ -0,0 +1,51 @@ +name: CI +on: + pull_request: + types: + - opened + - edited + - synchronize + - reopened + +jobs: + ci: + runs-on: ubuntu-latest + steps: + - name: Check out repository code + uses: actions/checkout@v6.0.1 + with: + fetch-depth: 0 + + - name: Run Hadolint + uses: hadolint/hadolint-action@v3.3.0 + with: + dockerfile: Dockerfile + output-file: hadolint.out + format: tty + no-fail: true + + - name: Print Hadolint Results + if: ${{ always() }} + run: cat hadolint.out + + # - name: SonarQube Scan + # uses: SonarSource/sonarqube-scan-action@v5.2.0 + # env: + # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }} + # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + + # - name: Snyk SAST Scan + # uses: snyk/actions/python@master + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # with: + # # command: snyk + # args: snyk code test --all-projects --exclude=.archive + + - name: Snyk Vulnerability Scan + uses: snyk/actions/python@master + continue-on-error: true # Sometimes vulns aren't immediately fixable + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: test --all-projects diff --git a/.gitea/workflows/conventional_commit.yml b/.gitea/workflows/conventional_commit.yml new file mode 100644 index 0000000..a2ce159 --- /dev/null +++ b/.gitea/workflows/conventional_commit.yml @@ -0,0 +1,16 @@ +name: Validate PR Title +on: + pull_request: + types: + - opened + - edited + - synchronize + - reopened + +jobs: + validate: + runs-on: ubuntu-latest + steps: + - uses: https://git.tainton.uk/actions/conventional-commits-check-action@v1.3.0 + with: + commit-message: ${{ gitea.event.pull_request.title }} diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml new file mode 100644 index 0000000..a4a5e2b --- /dev/null +++ b/.gitea/workflows/release.yml @@ -0,0 +1,102 @@ +name: Release +on: + workflow_dispatch: + # push: + # branches: + # - main + schedule: + - cron: '0 9 * * 0' + +jobs: + + tag: + name: Tag release + uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/release-with-tag.yaml@main + + create_release: + name: Create Release + needs: tag + uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/create-release-preexisting-tag.yaml@main + with: + tag: ${{ needs.tag.outputs.tag_name }} + body: ${{ needs.tag.outputs.changelog }} + secrets: + ACTIONS_TOKEN: ${{ secrets.ACTIONS_TOKEN }} + + create_docker: + name: Publish Docker Images + runs-on: ubuntu-latest + needs: [tag, create_release] + steps: + - name: Update Docker configuration + continue-on-error: true + run: | + mkdir -p /etc/default + mkdir -p /etc/docker + touch -a /etc/default/docker + touch -a /etc/docker/daemon.json + echo "DOCKER_OPTS=\"--insecure-registry ${{ vars.PACKAGES_REGISTRY_URL }}\"" >> /etc/default/docker + echo "{\"insecure-registries\": [\"${{ vars.PACKAGES_REGISTRY_URL }}\"]}" > /etc/docker/daemon.json + + - name: Get repo name + id: split + run: echo "repo=${REPO##*/}" >> "$GITEA_OUTPUT" + env: + REPO: ${{ gitea.repository }} + + - name: Check out repository + uses: actions/checkout@v6.0.1 + with: + fetch-depth: 0 + ref: ${{ needs.tag.outputs.tag_name }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Gitea Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ vars.PACKAGES_REGISTRY_URL }} + username: ${{ vars.ACTIONS_USERNAME }} + password: ${{ secrets.ACTIONS_TOKEN }} + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ vars.GHCR_USERNAME }} + password: ${{ secrets.GHCR_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + tags: type=semver,pattern=v{{version}},value=${{ needs.tag.outputs.tag_name }} + images: | + ghcr.io/${{ vars.GHCR_USERNAME }}/${{ steps.split.outputs.repo }} + ${{ vars.PACKAGES_REGISTRY_URL }}/${{ gitea.repository }} + + - name: Print metadata + run: | + printf "Annotations:\n${{ steps.meta.outputs.annotations }}" + echo "" + printf "Labels:\n${{ steps.meta.outputs.labels }}" + echo "" + printf "Tags:\n${{ steps.meta.outputs.tags }}" + + - name: Build images + uses: docker/build-push-action@v6 + with: + context: . + push: false + load: true + annotations: ${{ steps.meta.outputs.annotations }} + labels: ${{ steps.meta.outputs.labels }} + tags: ${{ steps.meta.outputs.tags }} + + - name: Push images + run: | + strtags="${{ steps.meta.outputs.tags }}" + readarray -t lines <<<"$strtags" + for element in "${lines[@]}"; do docker push "$element"; done + unset strtags lines diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 24da7b0..0000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: Build Docker Image -on: - workflow_dispatch: - push: - branches: [master] - -jobs: - analyse: - name: SonarQube - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - uses: sonarsource/sonarqube-scan-action@master - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} - - build: - name: GitHub Container Registry - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Set outputs - id: vars - run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - - name: Check outputs - run: echo ${{ steps.vars.outputs.sha_short }} - - name: Login to GitHub Container Registry - run: echo ${{ secrets.GHCR_ACCESS_TOKEN }} | docker login ghcr.io -u luketainton --password-stdin - - name: Build image for GitHub Package Registry - run: docker build . --file Dockerfile --tag ghcr.io/luketainton/docker-radius:${{ steps.vars.outputs.sha_short }} --tag ghcr.io/luketainton/docker-radius:latest - - name: Push image to GitHub Package Registry - run: | - docker push ghcr.io/luketainton/docker-radius:latest - docker push ghcr.io/luketainton/docker-radius:${{ steps.vars.outputs.sha_short }} diff --git a/CODEOWNERS b/CODEOWNERS deleted file mode 100644 index 0d35f6e..0000000 --- a/CODEOWNERS +++ /dev/null @@ -1 +0,0 @@ -* @luketainton \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 83a365b..316effb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.22.1 as build LABEL maintainer="Luke Tainton " -LABEL org.opencontainers.image.source="https://github.com/luketainton/docker-radius" +LABEL org.opencontainers.image.source="https://git.tainton.uk/repos/docker-radius" FROM build as webproc ENV WEBPROCVERSION 0.4.0 diff --git a/docker-compose.yml b/docker-compose.yml index 24ca7bf..f83b4fe 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,6 @@ -version: "3" services: app: - image: "ghcr.io/luketainton/docker-radius:latest" + image: "git.tainton.uk/repos/docker-radius:latest" restart: "unless-stopped" volumes: - "./clients.conf:/etc/raddb/clients.conf" diff --git a/sonar-project.properties b/sonar-project.properties deleted file mode 100644 index 35e3bfa..0000000 --- a/sonar-project.properties +++ /dev/null @@ -1 +0,0 @@ -sonar.projectKey=luketainton_docker-radius_e37b9305-5bf9-4f67-97d9-85eee00bb9d0