Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add psql image #943

Merged
merged 4 commits into from
Jan 19, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
116 changes: 116 additions & 0 deletions .github/workflows/psql.branches.workflow.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
concurrency:
cancel-in-progress: true
group: "psql-${{ github.ref }}"
jobs:
build:
name: Build
needs:
- Lint
outputs:
digest: "${{ steps.docker_push.outputs.digest }}"
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- id: docker_meta
uses: "crazy-max/ghaction-docker-meta@f6efe56d565add159ad605568120f5b22712a870"
with:
images: ghcr.io/socialgouv/docker/psql
labels: |
org.opencontainers.image.title=psql
org.opencontainers.image.documentation=https://github.com/SocialGouv/docker/tree/${{ github.sha }}/psql
tags: |
type=sha
type=raw,value=sha-${{ github.sha }}
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- id: docker_buildx
name: Set up Docker Buildx
uses: "docker/setup-buildx-action@abe5d8f79a1606a2d3e218847032f3f2b1726ab0"
with: {}
- if: "${{ github.event_name != 'pull_request' }}"
name: Login to ghcr.io/socialgouv Registry
uses: "docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9"
with:
password: "${{ secrets.GHCR_REGISTRY_TOKEN }}"
registry: ghcr.io
username: "${{ secrets.SOCIALGROOVYBOT_NAME }}"
- id: docker_push
name: Push
uses: "docker/build-push-action@1bc1040caef9e604eb543693ba89b5bf4fc80935"
with:
builder: "${{ steps.docker_buildx.outputs.name }}"
cache-from: type=gha
cache-to: "type=gha,mode=max"
context: "./psql"
labels: "${{ steps.docker_meta.outputs.labels }}"
push: 'true'
tags: "${{ steps.docker_meta.outputs.tags }}"
- name: Image digest
run: |
echo "${{ steps.docker_push.outputs.digest }}"
container_test:
name: Container Test
needs:
- Build
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- name: Container structure test
uses: "docker://gcr.io/gcp-runtimes/container-structure-test:v1.10.0@sha256:78c0abfdc3696ec9fb35840d62342cf28f65d890d56beceb2113638d59f2cce8"
with:
args: "test --config psql/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/psql@${{ needs.Build.outputs.digest }} --pull"
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./psql/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
- Build
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: "docker pull ghcr.io/socialgouv/docker/psql:sha-${{ github.sha }}"
- name: Run Trivy vulnerability scanner
uses: "aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b"
with:
image-ref: "ghcr.io/socialgouv/docker/psql:sha-${{ github.sha }}"
- name: Export Trivy Results as sarif
uses: "aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b"
with:
format: template
image-ref: "ghcr.io/socialgouv/docker/psql:sha-${{ github.sha }}"
output: trivy-results.sarif
template: "@/contrib/sarif.tpl"
- name: Change hardcoded Dockerfile path
run: "sed -i 's/\"uri\": \"Dockerfile\"/\"uri\": \"psql\\/Dockerfile\"/' trivy-results.sarif"
- uses: "github/codeql-action/upload-sarif@a3a8231e64d3db0e7da0f3b56b9521dcccdfe412"
with:
sarif_file: trivy-results.sarif
version_test:
container: "docker://ghcr.io/socialgouv/docker/psql:sha-${{ github.sha }}"
name: Test Version
needs:
- Build
runs-on: ubuntu-latest
steps:
- run: psql --version
name: "psql (branch)"
on:
push:
branches-ignore:
- master
- next
- next-major
- beta
- alpha
- "+([0-9])?(.{+([0-9]),x}).x"
paths:
- "psql/**"
- ".github/workflows/psql.branches.workflow.yaml"
115 changes: 115 additions & 0 deletions .github/workflows/psql.main.workflow.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
concurrency:
cancel-in-progress: true
group: "psql-${{ github.ref }}"
jobs:
build:
name: Build
needs:
- Lint
outputs:
digest: "${{ steps.docker_push.outputs.digest }}"
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- id: docker_meta
uses: "crazy-max/ghaction-docker-meta@f6efe56d565add159ad605568120f5b22712a870"
with:
images: ghcr.io/socialgouv/docker/psql
labels: |
org.opencontainers.image.title=psql
org.opencontainers.image.documentation=https://github.com/SocialGouv/docker/tree/${{ github.sha }}/psql
tags: |
type=sha
type=raw,value=sha-${{ github.sha }}
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- id: docker_buildx
name: Set up Docker Buildx
uses: "docker/setup-buildx-action@abe5d8f79a1606a2d3e218847032f3f2b1726ab0"
with: {}
- if: "${{ github.event_name != 'pull_request' }}"
name: Login to ghcr.io/socialgouv Registry
uses: "docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9"
with:
password: "${{ secrets.GHCR_REGISTRY_TOKEN }}"
registry: ghcr.io
username: "${{ secrets.SOCIALGROOVYBOT_NAME }}"
- id: docker_push
name: Push
uses: "docker/build-push-action@1bc1040caef9e604eb543693ba89b5bf4fc80935"
with:
builder: "${{ steps.docker_buildx.outputs.name }}"
cache-from: type=gha
cache-to: "type=gha,mode=max"
context: "./psql"
labels: "${{ steps.docker_meta.outputs.labels }}"
push: 'true'
tags: "${{ steps.docker_meta.outputs.tags }}"
- name: Image digest
run: |
echo "${{ steps.docker_push.outputs.digest }}"
container_test:
name: Container Test
needs:
- Build
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- name: Container structure test
uses: "docker://gcr.io/gcp-runtimes/container-structure-test:v1.10.0@sha256:78c0abfdc3696ec9fb35840d62342cf28f65d890d56beceb2113638d59f2cce8"
with:
args: "test --config psql/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/psql@${{ needs.Build.outputs.digest }} --pull"
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./psql/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
- Build
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: "docker pull ghcr.io/socialgouv/docker/psql:sha-${{ github.sha }}"
- name: Run Trivy vulnerability scanner
uses: "aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b"
with:
image-ref: "ghcr.io/socialgouv/docker/psql:sha-${{ github.sha }}"
- name: Export Trivy Results as sarif
uses: "aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b"
with:
format: template
image-ref: "ghcr.io/socialgouv/docker/psql:sha-${{ github.sha }}"
output: trivy-results.sarif
template: "@/contrib/sarif.tpl"
- name: Change hardcoded Dockerfile path
run: "sed -i 's/\"uri\": \"Dockerfile\"/\"uri\": \"psql\\/Dockerfile\"/' trivy-results.sarif"
- uses: "github/codeql-action/upload-sarif@a3a8231e64d3db0e7da0f3b56b9521dcccdfe412"
with:
sarif_file: trivy-results.sarif
version_test:
container: "docker://ghcr.io/socialgouv/docker/psql:sha-${{ github.sha }}"
name: Test Version
needs:
- Build
runs-on: ubuntu-latest
steps:
- run: psql --version
name: "psql (main)"
on:
push:
branches:
- master
- next
- next-major
- beta
- alpha
- "+([0-9])?(.{+([0-9]),x}).x"
tags:
- "v*"
2 changes: 1 addition & 1 deletion CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ $ docker run --rm -i ghcr.io/hadolint/hadolint < ./<image>/Dockerfile
$ docker run --rm -i ghcr.io/hadolint/hadolint < ./helm/Dockerfile
```

## Generate GitLab Workflow
## Generate GitHub Workflow

### Lint Dockerfiles

Expand Down
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ $ docker pull ghcr.io/socialgouv/docker/<image>
| **dhall** | `docker pull ghcr.io/socialgouv/docker/dhall:6.69.1` | [![README](https://img.shields.io/badge/README--green.svg)](./dhall/README.md) |
| **nginx** | `docker pull ghcr.io/socialgouv/docker/nginx:6.69.1` | [![README](https://img.shields.io/badge/README--green.svg)](./nginx/README.md) |
| **nginx4spa** | `docker pull ghcr.io/socialgouv/docker/nginx4spa:6.69.1` | [![README](https://img.shields.io/badge/README--green.svg)](./nginx4spa/README.md) |
| **psql** | `docker pull ghcr.io/socialgouv/docker/psql:6.69.1` | [![README](https://img.shields.io/badge/README--green.svg)](./psql/README.md) |
| **wait-for-http** | `docker pull ghcr.io/socialgouv/docker/wait-for-http:6.69.1` | [![README](https://img.shields.io/badge/README--green.svg)](./wait-for-http/README.md) |
| **wait-for-postgres** | `docker pull ghcr.io/socialgouv/docker/wait-for-postgres:6.69.1` | [![README](https://img.shields.io/badge/README--green.svg)](./wait-for-postgres/README.md) |

Expand Down
1 change: 1 addition & 0 deletions psql/.env
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=socialgouv_docker_psql
22 changes: 22 additions & 0 deletions psql/.github/AssemblyLine.dhall
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
let AssemblyLine =
../../.github/dhall/workflows/AssemblyLine.dhall
sha256:2bab6cac12fe90f5a724f023c87129b3354a0103826aebb8013353bd3a7785a9

let InceptionJob =
../../.github/dhall/jobs/Inception.dhall
sha256:037f4c6e58bcec39375d74afb5ded6db30caa1e372b399bf7f30da1d6c1cdc4f

let GithubActions =
https://raw.githubusercontent.com/SocialGouv/.github/9fe59f60d6a941dd76df40d67b3428fdf85865aa/dhall/github-actions/package.dhall
sha256:61e7d862f54e9514379feaadbc80a85b7bd870dad5e31e2e83d8b3dd9eda8e1b

let name = "psql"

let version_test =
InceptionJob
{ package = name }
{ name = "Test Version"
, steps = [ GithubActions.Step::{ run = Some "psql --version" } ]
}

in AssemblyLine.Worklflow { name, jobs = toMap { version_test } }
8 changes: 8 additions & 0 deletions psql/.github/branches.workflow.dhall
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
let On =
../../.github/dhall/workflows/On.dhall
sha256:d1cce9f45a9ccada3c6152cc684d23678d27bb58410c642b7396c13c3f7f99c9

in ./AssemblyLine.dhall
sha256:91d7d10f27ce446fabf02d690abc68e90c3da668c129280043cc58628c92da43
with on = On.match On.Event.FeatureBranches "psql"
with name = "psql (branch)"
8 changes: 8 additions & 0 deletions psql/.github/main.workflow.dhall
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
let On =
../../.github/dhall/workflows/On.dhall
sha256:d1cce9f45a9ccada3c6152cc684d23678d27bb58410c642b7396c13c3f7f99c9

in ./AssemblyLine.dhall
sha256:91d7d10f27ce446fabf02d690abc68e90c3da668c129280043cc58628c92da43
with on = On.match On.Event.ReleasesBranches "psql"
with name = "psql (main)"
5 changes: 5 additions & 0 deletions psql/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
FROM alpine:3.14

RUN apk --no-cache add bash=5.1.4-r0 postgresql-client=13.5-r0 jq=1.6-r1

ENTRYPOINT []
19 changes: 19 additions & 0 deletions psql/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
#

DOCKER_COMPOSE = docker-compose
BATS_BIN = $$(yarn bin)/bats

all: test build lint

lint:
$(DOCKER_COMPOSE) run --rm lint

build: lint
$(DOCKER_COMPOSE) build

test: build test_structure

test_structure:
$(DOCKER_COMPOSE) run --rm test


3 changes: 3 additions & 0 deletions psql/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# psql

Image with `psql` and `jq`
31 changes: 31 additions & 0 deletions psql/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
services:
alpine:
build:
context: .
deploy:
replicas: 0
#

lint:
image: ghcr.io/hadolint/hadolint:v2.8.0-alpine
entrypoint: hadolint
command: Dockerfile
volumes:
- .:/home/socialgouv
working_dir: /home/socialgouv

#

test:
image: gcr.io/gcp-runtimes/container-structure-test:v1.11.0
depends_on:
- alpine
command: >
test
--config tests/container-structure-test.yml
--image ${COMPOSE_PROJECT_NAME}_alpine
-v debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- .:/home/socialgouv
working_dir: /home/socialgouv
11 changes: 11 additions & 0 deletions psql/tests/container-structure-test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
schemaVersion: "2.0.0"

commandTests:
- name: "psql version"
command: "psql"
args: ["--version"]
expectedOutput: ["psql \\(PostgreSQL\\) \\d+\\.\\d+"]
- name: "jq version"
command: "jq"
args: ["--version"]
expectedOutput: ["jq-master-v.*"]