verdigado-images/container-pre-commit
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages 2 Wiki Activity

Compare commits

base: verdigado-images:224df51fe39a7647eb163665c7673608867e80c9
Branches Tags
verdigado-images:main
verdigado-images:renovate-all-minor-patch
verdigado-images:renovate-all
verdigado-images:renovate-pre-commit
verdigado-images:run-pre-commit
verdigado-images:feature/gitleaks
verdigado-images:bugfix/add-ruby-devel
..
compare: verdigado-images:3d63abe0298a7f14974e6e19f622fdae918a9dc6
Branches Tags
verdigado-images:renovate-all-minor-patch
verdigado-images:renovate-all
verdigado-images:main
verdigado-images:renovate-pre-commit
verdigado-images:run-pre-commit
verdigado-images:feature/gitleaks
verdigado-images:bugfix/add-ruby-devel

2 commits
224df51fe3 ... 3d63abe029

Author SHA1 Message Date
Henrik Hüttemann
3d63abe029
Add tests for pre-commit container
Some checks failed
ci/woodpecker/push/build Pipeline was successful
Details
ci/woodpecker/push/test Pipeline failed
Details 
Run pre-commit on the freshly built container against salt and rc2matrix
 2024-06-20 23:39:40 +02:00
Henrik Hüttemann
7b022827a1
Remove dependencies to let pre-commit install them
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2024-06-20 16:26:50 +02:00
3 changed files with 8 additions and 64 deletions
Show stats Expand all files Collapse all files

11
.woodpecker/.build.yaml
View file

@ -1,8 +1,10 @@
when:
path: '*Dockerfile*'
steps: steps:
build main: build main:
when: when:
- event: push branch: main
branch: main
image: woodpeckerci/plugin-docker-buildx:4.0.0@sha256:9d24b71c37d7a958d79252e608c4d1a04b02f2e74d4e26003b43e0830038bde0 image: woodpeckerci/plugin-docker-buildx:4.0.0@sha256:9d24b71c37d7a958d79252e608c4d1a04b02f2e74d4e26003b43e0830038bde0
pull: true pull: true
settings: settings:
@ -18,9 +20,8 @@ steps:
build branch: build branch:
when: when:
- event: push branch:
branch: exclude: ['main']
exclude: ['main']
image: woodpeckerci/plugin-docker-buildx:4.0.0@sha256:9d24b71c37d7a958d79252e608c4d1a04b02f2e74d4e26003b43e0830038bde0 image: woodpeckerci/plugin-docker-buildx:4.0.0@sha256:9d24b71c37d7a958d79252e608c4d1a04b02f2e74d4e26003b43e0830038bde0
pull: true pull: true
settings: settings:

46
README.md
View file

@ -22,52 +22,10 @@ steps:
- pre-commit run --all-files - pre-commit run --all-files
``` ```
If renovate is set up for your repo, it'll add and update the pinned digest/hash of the image. If renovate is set up, it'll add and update the pinned digest/hash of the image.
## Development ## Development
Generally you should have `Docker` or something alike installed.
If you need to copy files into the container, don't forget to add exclusions to the general _exclude all_ in `.dockerignore`. If you need to copy files into the container, don't forget to add exclusions to the general _exclude all_ in `.dockerignore`.
To **update the base image** (like `3.12.4-alpine3.20` to a newer Alpine version), manual work is still required, but supported by a little script. **Renovate might not create a PR for newer image tags.** To update the base image (like `3.12.4-alpine3.20` to a newer Alpine version), manual work is still required. In the `Dockerfile`, update the Alpine version for the image, the renovate comments (`# renovate: datasource=repology depName=alpine_3_20/gcc versioning=loose`), and the package versions for that OS version from the repo (Like on the [Alpine Package Page for gcc](https://pkgs.alpinelinux.org/packages?name=gcc&branch=v3.20&repo=&arch=x86_64)).
1. In the `Dockerfile`, update the Alpine version for the image and the renovate comments (`# renovate: datasource=repology depName=alpine_3_20/gcc versioning=loose`).
```diff
- FROM python:3-alpine3.19@sha256:00c0ffeeacab...
+ FROM python:3-alpine3.20 # You can omit the sha256 digest, the script prints it out
# ...
- # renovate: datasource=repology depName=alpine_3_19/build-base versioning=loose
+ # renovate: datasource=repology depName=alpine_3_20/build-base versioning=loose
ENV BUILD_BASE_VERSION="0.8.15"
# ...
```
1. Now run `./get_pkg_versions.sh`. It pulls the alpine image from the Dockerfile, prints it's digest and the latest packages it could find via `apk` inside that container and prints out the names and versions.
Example output of `./get_pkg_versions.sh` for a new image, which is not yet pulled:
```plain
Unable to find image 'python:3.12.3-alpine3.18' locally
3.12.3-alpine3.18: Pulling from library/python
619be1103602: Pull complete
[...]
0eb61f1af52e: Pull complete
Digest: sha256:24680ddf8422899b24756d62b31eb5de782fbb42e9c2bb1c70f1f55fcf891721
Status: Downloaded newer image for python:3.12.3-alpine3.18
[Script output starts here]
Checking 5/5 latest package versions on python:3.12.3-alpine3.18
Image digest found: sha256:24680ddf8422899b24756d62b31eb5de782fbb42e9c2bb1c70f1f55fcf891721
---
build-base-0.5-r3
gcc-12.2.1_git20220924-r10
git-2.40.1-r0
openssh-keygen-9.3_p2-r1
ruby-3.2.4-r0
```
1. Copy the package versions and update the respective `ENV` with it manually in the `Dockerfile`. You also might add the digest to the base image.
1. Test building the image and you can commit it.

15
get_pkg_versions.sh
View file

@ -1,15 +0,0 @@
#!/bin/bash
set -euo pipefail
IFS=$'\n\t'
IMAGE=$(grep -oP 'FROM \K.*alpine[^ ]+' Dockerfile)
PACKAGES=$(grep -oP '#.+depName=alpine.+/\K[^ ]+' Dockerfile)
# shellcheck disable=SC2086
PACKAGES_NO_BR=$(echo ${PACKAGES} | tr -d '\n')
PACKAGES_VERSIONS=$(docker run --rm -t --entrypoint /bin/sh "$IMAGE" -c "apk --update --no-cache list $PACKAGES_NO_BR | cut -d ' ' -f 1 | grep -v '^fetch$'")
DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' "$IMAGE" | cut -d '@' -f2)
echo "Checking $(echo "$PACKAGES" | wc -l)/$(echo "$PACKAGES_VERSIONS" | wc -l) latest package versions on $IMAGE"
echo "Image digest found: $DIGEST"
echo "---"
echo "$PACKAGES_VERSIONS"