verdigado-images/container-pre-commit
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages 2 Wiki Activity
Container image for our pre-commit hooks
43 commits 7 branches 0 tags 313 KiB
Dockerfile 66.8%
Shell 33.2%
Find a file
Henrik Hüttemann 126d943d61
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
WIP
2024-06-20 14:31:16 +02:00
.dockerignore Run pre-commit to warm up cache 2024-06-19 17:18:32 +02:00
.editorconfig Run pre-commit to warm up cache 2024-06-19 17:18:32 +02:00
.markdown-style.rb Add README 2024-06-20 12:00:53 +02:00
.mdlrc Add README 2024-06-20 12:00:53 +02:00
.pre-commit-config.yaml Update gitleaks to use native hook 2024-06-20 11:37:19 +02:00
.prettierrc.yaml Run pre-commit to warm up cache 2024-06-19 17:18:32 +02:00
.woodpecker.yaml WIP 2024-06-20 14:31:16 +02:00
Dockerfile Run pre-commit to warm up cache 2024-06-19 17:18:32 +02:00
get_pkg_versions.sh Add package version script 2024-06-20 14:19:23 +02:00
README.md Add package version script 2024-06-20 14:19:23 +02:00
renovate.json Run pre-commit to warm up cache 2024-06-19 17:18:32 +02:00

README.md

verdigado pre-commit container

A container image to include all dependencies (and a warmed up cache) used in our pre-commit hooks/CI steps to speed up execution.

If you see any pre-commit CI jobs installing dependencies:

  • Make sure to execute pre-commit using this container
  • Add the hook to this repo's .pre-commit-config.yaml
  • Optionally install dependencies in the Dockerfile with the versions set up for Renovate

Usage

In your .woodpecker.yaml, adapt and add the following block:

steps:
  check-pre-commit:
    image: git.verdigado.com/verdigado-images/container-pre-commit:latest
    environment:
      - SKIP=no-commit-to-branch # Ignore "don't commit to protected branch" check
    commands:
      - pre-commit run --all-files

If renovate is set up for your repo, it'll add and update the pinned digest/hash of the image.

Development

If you need to copy files into the container, don't forget to add exclusions to the general exclude all in .dockerignore.

To update the base image (like 3.12.4-alpine3.20 to a newer Alpine version), manual work is still required, but supported by a little script. Renovate might not create a PR for newer image tags.

  1. In the Dockerfile, update the Alpine version for the image and the renovate comments (# renovate: datasource=repology depName=alpine_3_20/gcc versioning=loose).

    - FROM python:3-alpine3.19@sha256:00c0ffeeacab...
+ FROM python:3-alpine3.20 # You can omit the sha256 digest, the script prints it out
# ...

- # renovate: datasource=repology depName=alpine_3_19/build-base versioning=loose
+ # renovate: datasource=repology depName=alpine_3_20/build-base versioning=loose
ENV BUILD_BASE_VERSION="0.8.15"
# ...

  2. Now run ./get_pkg_versions.sh. It pulls the alpine image from the Dockerfile, prints it's digest and the latest packages it could find via apk inside that container and prints out the names and versions.

    Example output of ./get_pkg_versions.sh for a new image, which is not yet pulled:

    Unable to find image 'python:3.12.3-alpine3.18' locally
3.12.3-alpine3.18: Pulling from library/python
619be1103602: Pull complete
  [...]
0eb61f1af52e: Pull complete
Digest: sha256:24680ddf8422899b24756d62b31eb5de782fbb42e9c2bb1c70f1f55fcf891721
Status: Downloaded newer image for python:3.12.3-alpine3.18
  [Script output starts here]
Checking 5/5 latest package versions on python:3.12.3-alpine3.18
Image digest found: sha256:24680ddf8422899b24756d62b31eb5de782fbb42e9c2bb1c70f1f55fcf891721
---
build-base-0.5-r3
gcc-12.2.1_git20220924-r10
git-2.40.1-r0
openssh-keygen-9.3_p2-r1
ruby-3.2.4-r0

  3. Copy the package versions and update the respective ENV with it manually in the Dockerfile. You also might add the digest to the base image.

  4. Test building the image and you can commit it.