diff --git a/.github/workflows/pull.yml b/.github/workflows/pull.yml deleted file mode 100644 index 395bcb1..0000000 --- a/.github/workflows/pull.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -name: Pull - -on: - workflow_run: - workflows: ["Build"] - types: - - completed - -permissions: - contents: read - -jobs: - detect: - runs-on: arc - if: ${{ github.event.workflow_run.conclusion == 'success' }} - outputs: - images: ${{ steps.find.outputs.images }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Find all images - id: find - run: | - images=$(find . -maxdepth 2 -name Containerfile | cut -d'/' -f2 | jq -R -s -c 'split("\n") | map(select(length > 0))') - echo "images=$images" >> "$GITHUB_OUTPUT" - - import: - needs: detect - if: needs.detect.outputs.images != '[]' - runs-on: arc - strategy: - matrix: - image: ${{ fromJson(needs.detect.outputs.images) }} - - steps: - - name: Install OpenShift CLI - uses: redhat-actions/oc-installer@v1 - - - name: Login to OpenShift - uses: redhat-actions/oc-login@v1 - with: - openshift_server_url: ${{ secrets.OPENSHIFT_SERVER_URL }} - openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} - insecure_skip_tls_verify: true - - - name: Import image to OpenShift - run: | - oc import-image ${{ matrix.image }}:latest \ - --from=ghcr.io/makeitworkcloud/${{ matrix.image }}:latest \ - -n public-registry \ - --confirm \ - --reference-policy=local || true diff --git a/opencode.json b/opencode.json new file mode 100644 index 0000000..b8bcd68 --- /dev/null +++ b/opencode.json @@ -0,0 +1,37 @@ +{ + "$schema": "https://opencode.ai/config.json", + "mcp": { + "agent-hub": {"type": "local", "command": ["npx", "-y", "agent-hub-mcp@latest"], "enabled": true}, + "context-mode": {"type": "local", "command": ["context-mode"], "enabled": true}, + "context7": {"type": "remote", "url": "https://mcp.context7.com/mcp", "enabled": true}, + "github": {"type": "remote", "url": "https://api.githubcopilot.com/mcp/", "enabled": true, "headers": {"Authorization": "Bearer {env:GITHUB_TOKEN}"}}, + "opencode-docs": {"enabled": false}, + "opentofu-docs": {"enabled": false}, + "aws-docs": {"enabled": false}, + "kubernetes": {"enabled": false}, + "tmux": {"enabled": false}, + "linear": {"enabled": false}, + "notion": {"enabled": false}, + "aws-api-staging": {"enabled": false}, + "aws-api-prod": {"enabled": false}, + "grafana": {"enabled": false}, + "terraform-docs": {"enabled": false}, + "argocd-staging-eks": {"enabled": false}, + "argocd-prod-eks": {"enabled": false} + }, + "tools": { + "opencode-docs_*": false, + "opentofu-docs_*": false, + "aws-docs_*": false, + "kubernetes_*": false, + "tmux_*": false, + "linear_*": false, + "notion_*": false, + "aws-api-staging_*": false, + "aws-api-prod_*": false, + "grafana_*": false, + "terraform-docs_*": false, + "argocd-staging-eks_*": false, + "argocd-prod-eks_*": false + } +} diff --git a/tfroot-runner/Containerfile b/tfroot-runner/Containerfile index 832c2e2..65165fd 100644 --- a/tfroot-runner/Containerfile +++ b/tfroot-runner/Containerfile @@ -7,8 +7,8 @@ RUN apk add --no-cache \ build-base libffi-dev git # Install Python packages that need compilation -ARG CHECKOV_VERSION=3.2.504 -ARG PRECOMMIT_VERSION=4.5.1 +ARG CHECKOV_VERSION=3.2.525 +ARG PRECOMMIT_VERSION=4.6.0 RUN pip install --no-cache-dir --break-system-packages --root=/install --prefix=/usr \ pre-commit==${PRECOMMIT_VERSION} checkov==${CHECKOV_VERSION} @@ -20,7 +20,6 @@ LABEL description="Alpine-based IaC runner for OpenTofu/Terraform on AMD64 archi # Install runtime dependencies # cdrkit provides genisoimage equivalent (mkisofs) # binutils provides strip for binary size reduction -# gcompat provides glibc compatibility for oc binary # hadolint ignore=DL3018 RUN apk add --no-cache \ curl unzip gnupg \ @@ -32,20 +31,20 @@ RUN apk add --no-cache \ cdrkit \ bash \ binutils \ - gcompat \ make # Copy Python packages from builder COPY --from=builder /install / # Tool versions -ARG OPENTOFU_VERSION=1.11.5 -ARG SOPS_VERSION=3.11.0 -ARG TERRAFORM_DOCS_VERSION=0.21.0 -ARG TFUPDATE_VERSION=0.9.1 +ARG OPENTOFU_VERSION=1.11.6 +ARG SOPS_VERSION=3.12.2 +ARG TERRAFORM_DOCS_VERSION=0.22.0 +ARG TFUPDATE_VERSION=0.9.3 ARG HCLEDIT_VERSION=0.2.17 -ARG TFLINT_VERSION=0.61.0 -ARG INFRACOST_VERSION=0.10.43 +ARG TFLINT_VERSION=0.62.0 +ARG INFRACOST_VERSION=0.10.44 +ARG KUBECTL_VERSION=1.36.0 # Install all binary tools in a single layer, strip debug symbols, clean up # hadolint ignore=DL3003,DL4006 @@ -57,9 +56,9 @@ RUN set -eux; \ # OpenTofu (and symlink as terraform) curl --proto '=https' --tlsv1.2 -fsSL https://get.opentofu.org/install-opentofu.sh | sh -s -- --install-method standalone --opentofu-version "${OPENTOFU_VERSION}"; \ ln -s /usr/local/bin/tofu /usr/local/bin/terraform; \ - # OpenShift CLI - curl -L https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable/openshift-client-linux.tar.gz | tar xz -C /usr/local/bin oc; \ - chmod +x /usr/local/bin/oc; \ + # kubectl + curl -fsSL "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl" -o /usr/local/bin/kubectl; \ + chmod +x /usr/local/bin/kubectl; \ # Kustomize (script outputs to current directory) cd /tmp && curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash; \ mv /tmp/kustomize /usr/local/bin/; \ @@ -82,7 +81,7 @@ RUN set -eux; \ # Strip debug symbols from all Go/Rust binaries strip /usr/local/bin/sops \ /usr/local/bin/tofu \ - /usr/local/bin/oc \ + /usr/local/bin/kubectl \ /usr/local/bin/kustomize \ /usr/local/bin/terraform-docs \ /usr/local/bin/tfupdate \ diff --git a/tfroot-runner/pre-commit-config.yaml b/tfroot-runner/pre-commit-config.yaml index 4e048ac..9f0a89a 100644 --- a/tfroot-runner/pre-commit-config.yaml +++ b/tfroot-runner/pre-commit-config.yaml @@ -5,7 +5,7 @@ # To update hooks for all tfroot repos, modify this file and rebuild the image. repos: - repo: https://github.com/compilerla/conventional-pre-commit - rev: v4.3.0 + rev: v4.4.0 hooks: - id: conventional-pre-commit stages: [commit-msg]