Skip to content

Commit 94d088a

Browse files
authored
Merge branch 'main' into dependabot/github_actions/DavidAnson/markdownlint-cli2-action-21
2 parents 4475bf9 + 287139c commit 94d088a

6 files changed

Lines changed: 116 additions & 1 deletion

File tree

.github/workflows/shellcheck.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ jobs:
2222
actions: read
2323
steps:
2424
- name: Repository checkout
25-
uses: actions/checkout@v5
25+
uses: actions/checkout@v6
2626
with:
2727
# Differential ShellCheck requires full git history
2828
fetch-depth: 0

Containerfile

Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,74 @@
1+
ARG BASE_IMAGE=docker.io/library/ruby:3.2-alpine
2+
3+
FROM $BASE_IMAGE AS builder
4+
5+
# Gems have to be ARG and ENV because they are used as reference in the Gemfile
6+
ARG RUBYGEM_BUNDLER
7+
ARG RUBYGEM_OPENBOLT
8+
9+
ENV RUBYGEM_BUNDLER=${RUBYGEM_BUNDLER:-2.7.2}
10+
ENV RUBYGEM_OPENBOLT=${RUBYGEM_OPENBOLT:-5.2.0}
11+
12+
COPY openbolt/Gemfile /
13+
14+
RUN apk update \
15+
&& apk upgrade \
16+
&& apk add --no-cache --update alpine-sdk yaml-dev \
17+
&& rm -rf /usr/local/lib/ruby/gems/*/gems/bundler-* \
18+
&& rm -rf /usr/local/lib/ruby/gems/*/specifications/default/bundler-*.gemspec \
19+
&& gem install bundler -v ${RUBYGEM_BUNDLER} \
20+
&& bundle config set path.system true \
21+
&& bundle config set jobs $(nproc) \
22+
&& bundle install --gemfile=/Gemfile \
23+
&& bundle clean --force \
24+
&& rm -rf /usr/local/lib/ruby/gems/*/cache/* \
25+
&& rm -rf /usr/local/lib/ruby/gems/*/gems/cgi-* \
26+
&& rm -rf /usr/local/lib/ruby/gems/*/specifications/default/cgi-*.gemspec \
27+
&& rm -rf /usr/local/lib/ruby/gems/*/gems/stringio-* \
28+
&& rm -rf /usr/local/lib/ruby/gems/*/specifications/default/stringio-*.gemspec \
29+
&& rm -rf /usr/local/lib/ruby/gems/*/gems/rdoc-* \
30+
&& rm -rf /usr/local/lib/ruby/gems/*/specifications/default/rdoc-*.gemspec \
31+
&& rm -rf /usr/local/lib/ruby/gems/*/gems/rexml-* \
32+
&& rm -rf /usr/local/lib/ruby/gems/*/specifications/rexml-*.gemspec \
33+
&& rm -rf /usr/local/lib/ruby/gems/*/gems/racc-* \
34+
&& rm -rf /usr/local/lib/ruby/gems/*/specifications/default/racc-*.gemspec \
35+
&& rm -rf /usr/local/lib/ruby/gems/*/gems/drb-* \
36+
&& rm -rf /usr/local/lib/ruby/gems/*/specifications/default/drb-*.gemspec \
37+
&& rm -rf /usr/local/lib/ruby/gems/*/gems/csv-* \
38+
&& rm -rf /usr/local/lib/ruby/gems/*/specifications/default/csv-*.gemspec \
39+
&& rm -rf /usr/local/lib/ruby/gems/*/gems/minitest-* \
40+
&& rm -rf /usr/local/lib/ruby/gems/*/specifications/minitest-*.gemspec
41+
42+
###############################################################################
43+
44+
FROM $BASE_IMAGE AS final
45+
46+
LABEL org.label-schema.maintainer="Voxpupuli Team <voxpupuli@groups.io>" \
47+
org.label-schema.vendor="Voxpupuli" \
48+
org.label-schema.url="https://github.com/openvoxproject/container-openbolt^" \
49+
org.label-schema.name="Vox Pupuli OpenBolt" \
50+
org.label-schema.license="AGPL-3.0-or-later" \
51+
org.label-schema.vcs-url="https://github.com/openvoxproject/container-openbolt" \
52+
org.label-schema.schema-version="1.0" \
53+
org.label-schema.dockerfile="/Containerfile"
54+
55+
RUN apk update \
56+
&& apk upgrade \
57+
&& rm -rf /usr/local/lib/ruby/gems \
58+
&& addgroup -g 1001 -S openbolt \
59+
&& adduser -u 1001 -S -G openbolt openbolt \
60+
&& rm -rf /usr/local/lib/ruby/gems \
61+
&& mkdir /data \
62+
&& chown openbolt:openbolt /data
63+
64+
COPY --from=builder /usr/local/lib/ruby/gems /usr/local/lib/ruby/gems
65+
COPY --from=builder /usr/local/bundle /usr/local/bundle
66+
COPY --from=builder /Gemfile.lock /Gemfile.lock
67+
COPY Containerfile /
68+
COPY openbolt/Gemfile /
69+
70+
WORKDIR /data
71+
USER openbolt
72+
73+
ENTRYPOINT [ "bolt" ]
74+
CMD [ "-h" ]

build_platforms.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
---
2+
platforms:
3+
- platform: amd64
4+
runner: ubuntu-24.04
5+
- platform: arm64
6+
runner: ubuntu-24.04-arm

build_versions.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
include:
3+
- base_image: 'docker.io/library/ruby:3.2-alpine'
4+
rubygem_bundler: '2.7.2'
5+
rubygem_openbolt: '5.2.0'

matrix.sh

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
#!/bin/bash
2+
3+
yq -o=json build_platforms.yaml > build_platforms.json
4+
yq -o=json build_versions.yaml > build_versions.json
5+
6+
if [ "$1" == "build" ]; then
7+
jq -rc --slurp '{ include: [ .[1].include[] as $i | .[0].platforms[] as $p | $i + {"platform": $p.platform, "runner": $p.runner} ] }' build_platforms.json build_versions.json
8+
fi
9+
10+
if [ "$1" == "tag" ]; then
11+
jq -cr '.include |= map({ rubygem_openbolt: .rubygem_openbolt })' build_versions.json
12+
fi
13+
14+
rm build_platforms.json
15+
rm build_versions.json

openbolt/Gemfile

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
# frozen_string_literal: true
2+
3+
source ENV['GEM_SOURCE'] || 'https://rubygems.org'
4+
5+
gem 'openbolt', ENV['RUBYGEM_OPENBOLT']
6+
7+
# CVE fixes
8+
gem 'cgi', '~> 0.5' # cgi 0.1.0 has CVEs - remove default and install upstream replacement
9+
gem 'csv', '~> 3.2' # csv 3.1.2 has CVEs - remove default and install upstream replacement
10+
gem 'drb', '~> 2.2' # drb 2.1.1 has CVEs - remove default and install upstream replacement
11+
gem 'minitest', '~> 5.25' # minitest 5.16.3 has CVEs - remove default and install upstream replacement
12+
gem 'racc', '~> 1.8' # racc 1.6.2 has CVEs - remove default and install upstream replacement
13+
gem 'rdoc', '~> 6.14' # rdoc 6.2.1 has CVEs - remove default and install upstream replacement
14+
gem 'rexml', '~> 3.4' # rexml < 3.3 has CVEs - remove default and install upstream replacement
15+
gem 'stringio', '~> 3.1' # stringio 0.1.0 has CVEs - remove default and install upstream replacement

0 commit comments

Comments
 (0)