From 79b712de657c05abd8284b67f03dba7e3ff4128a Mon Sep 17 00:00:00 2001 From: trfore Date: Wed, 3 Jul 2024 15:30:51 -0500 Subject: [PATCH 1/4] ci: add markdown formatter and lint task --- .markdownlint.yaml | 6 ++++++ .pre-commit-config.yaml | 12 ++++++++++++ .prettierignore | 5 ++--- 3 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 .markdownlint.yaml diff --git a/.markdownlint.yaml b/.markdownlint.yaml new file mode 100644 index 0000000..a42dd24 --- /dev/null +++ b/.markdownlint.yaml @@ -0,0 +1,6 @@ +default: true + +MD013: + line_length: 120 + code_blocks: false + tables: false diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 203b63e..2c5678e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -8,8 +8,20 @@ repos: - id: check-symlinks - id: check-json - id: check-yaml + args: [--allow-multiple-documents] - id: detect-private-key - id: end-of-file-fixer - id: no-commit-to-branch args: [--branch, main] - id: trailing-whitespace + args: [--markdown-linebreak-ext=md] + + - repo: https://github.com/pre-commit/mirrors-prettier + rev: v3.1.0 + hooks: + - id: prettier + + - repo: https://github.com/igorshubovych/markdownlint-cli + rev: v0.40.0 + hooks: + - id: markdownlint diff --git a/.prettierignore b/.prettierignore index c5f6634..dd5d7f1 100644 --- a/.prettierignore +++ b/.prettierignore @@ -1,3 +1,2 @@ -# linted by yamllint -*.yaml -*.yml +# dev environments +.venv From c858d2e6255712bef4b836fb05c705131f3dd7e4 Mon Sep 17 00:00:00 2001 From: trfore Date: Wed, 3 Jul 2024 15:31:21 -0500 Subject: [PATCH 2/4] docs: format using md linters --- .github/CODE_OF_CONDUCT.md | 8 ++-- README.md | 91 +++++++++++++++++++------------------- 2 files changed, 49 insertions(+), 50 deletions(-) diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md index dc6f5cd..630ee02 100644 --- a/.github/CODE_OF_CONDUCT.md +++ b/.github/CODE_OF_CONDUCT.md @@ -60,7 +60,7 @@ representative at an online or offline event. Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at -admin@trfore.dev. +. All complaints will be reviewed and investigated promptly and fairly. All community leaders are obligated to respect the privacy and security of the @@ -116,7 +116,7 @@ the community. This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.0, available at -https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. +. Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity). @@ -124,5 +124,5 @@ enforcement ladder](https://github.com/mozilla/diversity). [homepage]: https://www.contributor-covenant.org For answers to common questions about this code of conduct, see the FAQ at -https://www.contributor-covenant.org/faq. Translations are available at -https://www.contributor-covenant.org/translations. +. Translations are available at +. diff --git a/README.md b/README.md index 22cafa0..284abd7 100644 --- a/README.md +++ b/README.md @@ -5,9 +5,10 @@ A minimal systemd enabled debian12 Docker image for testing Ansible roles with Molecule. -NOTE: This image does NOT contain Ansible tooling, e.g. `ansible-core` or `yamllint`. Thus, the use case is as target host for Ansible controllers or within the Molecule `create`/`converge`/`test` cycle. +NOTE: This image does NOT contain Ansible tooling, e.g. `ansible-core` or `yamllint`. Thus, the use case is as target +host for Ansible controllers or within the Molecule `create`/`converge`/`test` cycle. -**Docker Pull Command** +## Docker Pull Command ```sh docker pull trfore/docker-debian12-systemd @@ -15,7 +16,8 @@ docker pull trfore/docker-debian12-systemd ## How to Build -This image is built on Docker Hub automatically any time the upstream OS image is rebuilt, and any time a commit is made or merged to the `main` branch. But if you need to build the image on your own locally, do the following: +This image is built on Docker Hub automatically any time the upstream OS image is rebuilt, and any time a commit is made +or merged to the `main` branch. But if you need to build the image on your own locally, do the following: 1. Install [docker] 2. Clone the repo, `git clone https://github.com/trfore/docker-debian12-systemd.git` @@ -26,53 +28,52 @@ This image is built on Docker Hub automatically any time the upstream OS image i ### Within Molecule Scenario -1. Add the following code to your molecule scenario file, e.g. `molecule/default/molecule.yml`. - -```yaml -platforms: - - name: instance - image: trfore/docker-debian12-systemd:latest - tmpfs: - - /run - - /tmp - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host - privileged: true - pre_build_image: true -``` +- Add the following code to your molecule scenario file, e.g. `molecule/default/molecule.yml`. + + ```yaml + platforms: + - name: instance + image: trfore/docker-debian12-systemd:latest + tmpfs: + - /run + - /tmp + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + ``` ### Interactively Using Docker -1. Install [docker] -2. Build an image locally (see above) or pull from Docker Hub: `docker pull trfore/docker-debian12-systemd:latest` -3. **On Docker with Cgroup V1 (e.g. Ubuntu 20.04)**, run a container from the image: +- Install [docker] +- Build an image locally (see above) or pull from Docker Hub: `docker pull trfore/docker-debian12-systemd:latest` +- **On Docker with Cgroup V1 (e.g. Ubuntu 20.04)**, run a container from the image: -```sh -docker run -d -it --name debian12-systemd --privileged --cgroupns=host --tmpfs=/run --tmpfs=/tmp --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro trfore/docker-debian12-systemd:latest -``` + ```sh + docker run -d -it --name debian12-systemd --privileged --cgroupns=host --tmpfs=/run --tmpfs=/tmp --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro trfore/docker-debian12-systemd:latest + ``` -3. **On Docker with Cgroup V2 (e.g. Ubuntu 22.04)**, run a container from the image: +- **On Docker with Cgroup V2 (e.g. Ubuntu 22.04)**, run a container from the image: -```sh -docker run -d -it --name debian12-systemd --privileged --cgroupns=host --tmpfs=/run --tmpfs=/tmp --volume=/sys/fs/cgroup:/sys/fs/cgroup:rw trfore/docker-debian12-systemd:latest -``` + ```sh + docker run -d -it --name debian12-systemd --privileged --cgroupns=host --tmpfs=/run --tmpfs=/tmp --volume=/sys/fs/cgroup:/sys/fs/cgroup:rw trfore/docker-debian12-systemd:latest + ``` -4. Use it, example: +- Use it, example: -```sh -docker exec -it debian12-systemd /bin/bash -``` + ```sh + docker exec -it debian12-systemd /bin/bash + ``` ### Using Podman -- Podman defaults to running containers in systemd mode, `--systemd=true`, and will mount the required tmpfs and cgroup filesystem. See [Podman Docs: Commands `run --systemd`] for details. - -```sh -podman run -d -it --name debian12-systemd docker.io/trfore/docker-debian12-systemd:latest -``` +- Podman defaults to running containers in systemd mode, `--systemd=true`, and will mount the required tmpfs and cgroup + filesystem. See [Podman Docs: Commands `run --systemd`] for details. -## Systemd with Cgroup V1 or V2 + ```sh + podman run -d -it --name debian12-systemd docker.io/trfore/docker-debian12-systemd:latest + ``` ## Additional Images @@ -89,26 +90,24 @@ podman run -d -it --name debian12-systemd docker.io/trfore/docker-debian12-syste ## Maintainers -Taylor Fore (https://github.com/trfore) +Taylor Fore () ## Acknowledgements -Inspired by Jeff Geerling's ([@geerlingguy](https://github.com/geerlingguy)), CentOS 8, Debian 10/11, and Ubuntu 20/22 docker images for ansible, [geerlingguy/docker-\*-ansible](https://github.com/geerlingguy?tab=repositories&q=docker-ansible). +Inspired by Jeff Geerling's ([@geerlingguy](https://github.com/geerlingguy)), CentOS 8, Debian 10/11, and Ubuntu 20/22 +docker images for ansible, [geerlingguy/docker-\*-ansible](https://github.com/geerlingguy?tab=repositories&q=docker-ansible). ## References -- https://molecule.readthedocs.io/en/stable/index.html -- https://molecule.readthedocs.io/en/stable/examples.html#systemd-container -- https://developers.redhat.com/blog/2016/09/13/running-systemd-in-a-non-privileged-container +- +- +- - [github runner - ubuntu 20.04] preinstalled software - [github runner - ubuntu 22.04] preinstalled software -[alpine]: https://hub.docker.com/_/alpine/ -[centos]: https://hub.docker.com/_/centos/ [centos-stream]: https://quay.io/repository/centos/centos?tab=tags [debian]: https://hub.docker.com/_/debian/ [docker]: https://docs.docker.com/engine/installation/ -[rocky]: https://hub.docker.com/r/rockylinux/ [ubuntu]: https://hub.docker.com/_/ubuntu/ [docker-centos8-systemd]: https://github.com/trfore/docker-centos8-systemd/blob/main/Dockerfile [docker-centos9-systemd]: https://github.com/trfore/docker-centos9-systemd/blob/main/Dockerfile From ad0628e2c225b8d5369281b456ee4a0e6a4e86ef Mon Sep 17 00:00:00 2001 From: trfore Date: Wed, 3 Jul 2024 15:31:53 -0500 Subject: [PATCH 3/4] style: format using updated prettier settings --- .github/dependabot.yml | 8 ++++---- .github/workflows/bot_auto_merge.yml | 2 +- .github/workflows/cd.yml | 8 ++++---- .github/workflows/update_base.yml | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index f451e16..ebcf3f6 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,8 +3,8 @@ version: 2 updates: - - package-ecosystem: 'github-actions' - directory: '/' + - package-ecosystem: "github-actions" + directory: "/" schedule: - interval: 'weekly' - day: 'wednesday' + interval: "weekly" + day: "wednesday" diff --git a/.github/workflows/bot_auto_merge.yml b/.github/workflows/bot_auto_merge.yml index 8954eab..b298fcf 100644 --- a/.github/workflows/bot_auto_merge.yml +++ b/.github/workflows/bot_auto_merge.yml @@ -18,7 +18,7 @@ jobs: id: metadata uses: dependabot/fetch-metadata@v2 with: - github-token: '${{ secrets.GITHUB_TOKEN }}' + github-token: "${{ secrets.GITHUB_TOKEN }}" - name: Auto-approve bot PR run: gh pr review --approve "$PR_URL" diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 59b4abc..b344d79 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -3,7 +3,7 @@ on: workflow_dispatch: inputs: manual_deploy: - description: 'deploy to docker hub' + description: "deploy to docker hub" default: false required: true type: boolean @@ -11,15 +11,15 @@ on: branches: [main] types: [closed] paths-ignore: - - 'LICENSE' - - 'README.md' + - "LICENSE" + - "README.md" jobs: deploy: if: ${{ github.event.pull_request.merged == true || inputs.manual_deploy == true }} uses: trfore/docker-image/.github/workflows/deploy_docker_hub.yml@main # remote repo with: - PLATFORMS: 'linux/amd64' + PLATFORMS: "linux/amd64" secrets: USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/update_base.yml b/.github/workflows/update_base.yml index 7ca973e..2cdfb5e 100644 --- a/.github/workflows/update_base.yml +++ b/.github/workflows/update_base.yml @@ -2,7 +2,7 @@ name: Check & Update Base OS Digest on: workflow_dispatch: schedule: - - cron: '0 2 * * 1,3,5' + - cron: "0 2 * * 1,3,5" jobs: update: From cc69817b069411fa4439a6aee48eb949f407078c Mon Sep 17 00:00:00 2001 From: trfore Date: Wed, 3 Jul 2024 15:32:45 -0500 Subject: [PATCH 4/4] ci: refactor to use remote workflow inputs --- .github/workflows/ci.yml | 41 +++++++++++++++++++++++++++++++++++----- 1 file changed, 36 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5fd1c4c..8cb400d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,12 +1,43 @@ name: CI on: - workflow_dispatch: push: - branches: [main] + branches: ["*"] paths: - - 'Dockerfile' + - "Dockerfile" pull_request: + branches: ["*"] + paths-ignore: + - "**.md" + - "LICENSE" + workflow_dispatch: + +concurrency: + group: ${{ github.workflow}}-${{ github.head_ref || github.ref }} + cancel-in-progress: true jobs: - test_build: - uses: trfore/docker-image/.github/workflows/test_systemd.yml@main # remote repo + cgroup-v1: + uses: trfore/docker-image/.github/workflows/test_systemd.yml@main + with: + continue-on-error: true + runner: ubuntu-20.04 + volume-permission: ro + + cgroup-v2: + uses: trfore/docker-image/.github/workflows/test_systemd.yml@main + with: + continue-on-error: false + runner: ubuntu-22.04 + volume-permission: rw + + check: + if: success() || failure() + needs: + - cgroup-v1 + - cgroup-v2 + runs-on: ubuntu-latest + steps: + - run: >- + python -c "assert set([ + '${{ needs.cgroup-v2.result }}', + ]) == {'success'}"