Container image for our pre-commit hooks
Find a file
Henrik Hüttemann 224df51fe3
Some checks failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
Add tests for pre-commit container
Run pre-commit on the freshly built container against salt and rc2matrix
2024-06-20 23:35:49 +02:00
.woodpecker Add tests for pre-commit container 2024-06-20 23:35:49 +02:00
.dockerignore Run pre-commit to warm up cache 2024-06-19 17:18:32 +02:00
.editorconfig Run pre-commit to warm up cache 2024-06-19 17:18:32 +02:00
.markdown-style.rb Add README 2024-06-20 12:00:53 +02:00
.mdlrc Add README 2024-06-20 12:00:53 +02:00
.pre-commit-config.yaml Update gitleaks to use native hook 2024-06-20 11:37:19 +02:00
.prettierrc.yaml Run pre-commit to warm up cache 2024-06-19 17:18:32 +02:00
Dockerfile Remove dependencies to let pre-commit install them 2024-06-20 23:35:49 +02:00
get_pkg_versions.sh Add package version script 2024-06-20 14:43:51 +02:00
README.md Add package version script 2024-06-20 14:43:51 +02:00
renovate.json Run pre-commit to warm up cache 2024-06-19 17:18:32 +02:00

verdigado pre-commit container

A container image to include all dependencies (and a warmed up cache) used in our pre-commit hooks/CI steps to speed up execution.

If you see any pre-commit CI jobs installing dependencies:

  • Make sure to execute pre-commit using this container
  • Add the hook to this repo's .pre-commit-config.yaml
  • Optionally install dependencies in the Dockerfile with the versions set up for Renovate

Usage

In your .woodpecker.yaml, adapt and add the following block:

steps:
  check-pre-commit:
    image: git.verdigado.com/verdigado-images/container-pre-commit:latest
    environment:
      - SKIP=no-commit-to-branch # Ignore "don't commit to protected branch" check
    commands:
      - pre-commit run --all-files

If renovate is set up for your repo, it'll add and update the pinned digest/hash of the image.

Development

Generally you should have Docker or something alike installed.

If you need to copy files into the container, don't forget to add exclusions to the general exclude all in .dockerignore.

To update the base image (like 3.12.4-alpine3.20 to a newer Alpine version), manual work is still required, but supported by a little script. Renovate might not create a PR for newer image tags.

  1. In the Dockerfile, update the Alpine version for the image and the renovate comments (# renovate: datasource=repology depName=alpine_3_20/gcc versioning=loose).

    - FROM python:3-alpine3.19@sha256:00c0ffeeacab...
    + FROM python:3-alpine3.20 # You can omit the sha256 digest, the script prints it out
    # ...
    
    - # renovate: datasource=repology depName=alpine_3_19/build-base versioning=loose
    + # renovate: datasource=repology depName=alpine_3_20/build-base versioning=loose
    ENV BUILD_BASE_VERSION="0.8.15"
    # ...
    
  2. Now run ./get_pkg_versions.sh. It pulls the alpine image from the Dockerfile, prints it's digest and the latest packages it could find via apk inside that container and prints out the names and versions.

    Example output of ./get_pkg_versions.sh for a new image, which is not yet pulled:

    Unable to find image 'python:3.12.3-alpine3.18' locally
    3.12.3-alpine3.18: Pulling from library/python
    619be1103602: Pull complete
      [...]
    0eb61f1af52e: Pull complete
    Digest: sha256:24680ddf8422899b24756d62b31eb5de782fbb42e9c2bb1c70f1f55fcf891721
    Status: Downloaded newer image for python:3.12.3-alpine3.18
      [Script output starts here]
    Checking 5/5 latest package versions on python:3.12.3-alpine3.18
    Image digest found: sha256:24680ddf8422899b24756d62b31eb5de782fbb42e9c2bb1c70f1f55fcf891721
    ---
    build-base-0.5-r3
    gcc-12.2.1_git20220924-r10
    git-2.40.1-r0
    openssh-keygen-9.3_p2-r1
    ruby-3.2.4-r0
    
  3. Copy the package versions and update the respective ENV with it manually in the Dockerfile. You also might add the digest to the base image.

  4. Test building the image and you can commit it.