Container image for our pre-commit hooks

Go to file

Renovate Bot d44a4ef685 All checks were successful ci/woodpecker/push/build Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details Renovate: Update woodpeckerci/plugin-git Docker digest to a878e6f		2024-07-26 09:02:59 +00:00
.woodpecker	Renovate: Update woodpeckerci/plugin-git Docker digest to a878e6f	2024-07-26 09:02:59 +00:00
.dockerignore	Run pre-commit to warm up cache	2024-06-19 17:18:32 +02:00
.editorconfig	Run pre-commit to warm up cache	2024-06-19 17:18:32 +02:00
.markdown-style.rb	Add README	2024-06-20 12:00:53 +02:00
.mdlrc	Add README	2024-06-20 12:00:53 +02:00
.pre-commit-config.yaml	Renovate: Update pre-commit hook gitleaks/gitleaks to v8.18.4	2024-07-03 16:56:32 +00:00
.prettierrc.yaml	Run pre-commit to warm up cache	2024-06-19 17:18:32 +02:00
Dockerfile	Renovate: Update all dependencies	2024-07-24 13:02:38 +00:00
get_pkg_versions.sh	Add package version script	2024-06-25 16:18:57 +02:00
README.md	Add package version script	2024-06-25 16:18:57 +02:00
renovate.json	Renovate: migrate config renovate.json	2024-07-25 14:23:03 +00:00

README.md

verdigado pre-commit container

A container image to include all dependencies (and a warmed up cache) used in our pre-commit hooks/CI steps to speed up execution.

If you see any pre-commit CI jobs installing dependencies:

Make sure to execute pre-commit using this container
Add the hook to this repo's .pre-commit-config.yaml
Optionally install dependencies in the Dockerfile with the versions set up for Renovate

Usage

In your .woodpecker.yaml, adapt and add the following block:

steps:
  check-pre-commit:
    image: git.verdigado.com/verdigado-images/container-pre-commit:latest
    environment:
      - SKIP=no-commit-to-branch # Ignore "don't commit to protected branch" check
    commands:
      - pre-commit run --all-files

If renovate is set up for your repo, it'll add and update the pinned digest/hash of the image.

Development

Generally you should have Docker or something alike installed.

If you need to copy files into the container, don't forget to add exclusions to the general exclude all in .dockerignore.

To update the base image (like 3.12.4-alpine3.20 to a newer Alpine version), manual work is still required, but supported by a little script. Renovate might not create a PR for newer image tags.

In the Dockerfile, update the Alpine version for the image and the renovate comments (# renovate: datasource=repology depName=alpine_3_20/gcc versioning=loose).

- FROM python:3-alpine3.19@sha256:00c0ffeeacab...
+ FROM python:3-alpine3.20 # You can omit the sha256 digest, the script prints it out
# ...

- # renovate: datasource=repology depName=alpine_3_19/build-base versioning=loose
+ # renovate: datasource=repology depName=alpine_3_20/build-base versioning=loose
ENV BUILD_BASE_VERSION="0.8.15"
# ...

Now run ./get_pkg_versions.sh. It pulls the alpine image from the Dockerfile, prints it's digest and the latest packages it could find via apk inside that container and prints out the names and versions.

Example output of ./get_pkg_versions.sh for a new image, which is not yet pulled:

Unable to find image 'python:3.12.3-alpine3.18' locally
3.12.3-alpine3.18: Pulling from library/python
619be1103602: Pull complete
  [...]
0eb61f1af52e: Pull complete
Digest: sha256:24680ddf8422899b24756d62b31eb5de782fbb42e9c2bb1c70f1f55fcf891721
Status: Downloaded newer image for python:3.12.3-alpine3.18
  [Script output starts here]
Checking 5/5 latest package versions on python:3.12.3-alpine3.18
Image digest found: sha256:24680ddf8422899b24756d62b31eb5de782fbb42e9c2bb1c70f1f55fcf891721
---
build-base-0.5-r3
gcc-12.2.1_git20220924-r10
git-2.40.1-r0
openssh-keygen-9.3_p2-r1
ruby-3.2.4-r0

Copy the package versions and update the respective ENV with it manually in the Dockerfile. You also might add the digest to the base image.
Test building the image and you can commit it.