diff --git a/.github/.ruby-version b/.github/.ruby-version new file mode 100644 index 0000000..bea438e --- /dev/null +++ b/.github/.ruby-version @@ -0,0 +1 @@ +3.3.1 diff --git a/.github/Gemfile b/.github/Gemfile new file mode 100644 index 0000000..ff72eaf --- /dev/null +++ b/.github/Gemfile @@ -0,0 +1,6 @@ +source 'https://rubygems.org' + +ruby file: ".ruby-version" + +gem "fpm" +gem "package_cloud" diff --git a/.github/Gemfile.lock b/.github/Gemfile.lock new file mode 100644 index 0000000..d05f444 --- /dev/null +++ b/.github/Gemfile.lock @@ -0,0 +1,68 @@ +GEM + remote: https://rubygems.org/ + specs: + arr-pm (0.0.12) + backports (3.25.0) + cabin (0.9.0) + clamp (1.0.1) + domain_name (0.6.20240107) + dotenv (3.1.2) + fpm (1.15.1) + arr-pm (~> 0.0.11) + backports (>= 2.6.2) + cabin (>= 0.6.0) + clamp (~> 1.0.0) + pleaserun (~> 0.0.29) + rexml + stud + highline (2.0.3) + http-accept (1.7.0) + http-cookie (1.0.5) + domain_name (~> 0.5) + insist (1.0.0) + json_pure (2.3.1) + mime-types (3.5.2) + mime-types-data (~> 3.2015) + mime-types-data (3.2024.0507) + mustache (0.99.8) + netrc (0.11.0) + package_cloud (0.3.14) + highline (~> 2.0.0) + json_pure (~> 2.3.0) + rainbow (= 2.2.2) + rest-client (~> 2.0) + thor (~> 1.2) + pleaserun (0.0.32) + cabin (> 0) + clamp + dotenv + insist + mustache (= 0.99.8) + stud + rainbow (2.2.2) + rake + rake (13.2.1) + rest-client (2.1.0) + http-accept (>= 1.7.0, < 2.0) + http-cookie (>= 1.0.2, < 2.0) + mime-types (>= 1.16, < 4.0) + netrc (~> 0.8) + rexml (3.2.8) + strscan (>= 3.0.9) + strscan (3.1.0) + stud (0.0.23) + thor (1.3.1) + +PLATFORMS + arm64-darwin-23 + ruby + +DEPENDENCIES + fpm + package_cloud + +RUBY VERSION + ruby 3.3.1p55 + +BUNDLED WITH + 2.5.9 diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 48bd3e7..19a6d43 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,10 @@ --- version: 2 updates: + - package-ecosystem: "bundler" + directory: "/.github" + schedule: + interval: "daily" - package-ecosystem: "docker" directory: "/" schedule: diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml new file mode 100644 index 0000000..9894bf2 --- /dev/null +++ b/.github/workflows/bump-version.yml @@ -0,0 +1,52 @@ +--- +name: "bump-version" + +# yamllint disable-line rule:truthy +on: + workflow_dispatch: + inputs: + bump_type: + description: "Bump type" + default: "patch" + required: true + type: choice + options: + - patch + - minor + - major + +env: + GITHUB_ACCESS_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }} + +jobs: + bump-version: + name: bump-version + runs-on: ubuntu-22.04 + + steps: + - name: Checkout + uses: actions/checkout@v4.1.4 + with: + fetch-depth: 0 + token: ${{ env.GITHUB_ACCESS_TOKEN }} + + - name: Get Latest Tag + id: latest-tag + run: | + echo GIT_LATEST_TAG="$(git describe --tags "$(git rev-list --tags --max-count=1)")" >>"$GITHUB_OUTPUT" + + - name: Compute Next Tag + id: next-tag + uses: docker://ghcr.io/dokku/semver-generator:latest + with: + bump: ${{ github.event.inputs.bump_type }} + input: ${{ steps.latest-tag.outputs.GIT_LATEST_TAG }} + + - name: Create and Push Tag + run: | + git config --global user.name 'Dokku Bot' + git config --global user.email no-reply@dokku.com + git tag "$GIT_NEXT_TAG" + git push origin "$GIT_NEXT_TAG" + env: + GIT_NEXT_TAG: ${{ steps.next-tag.outputs.version }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2e3c34b..b2a3398 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,65 +5,33 @@ name: CI on: pull_request: branches: - - '*' + - "*" push: branches: - - 'master' - - 'release' + - "main" jobs: build: name: build runs-on: ubuntu-22.04 - strategy: - fail-fast: true - steps: - uses: actions/checkout@v4 - - name: extract branch name - shell: bash - run: | - if [[ "$GITHUB_REF" == *"/pull/"* ]]; then - echo "branch=${GITHUB_HEAD_REF#refs/heads/}" >> $GITHUB_OUTPUT - else - echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT - fi - id: extract_branch - - name: setup run: | - make version - if [[ "$CI_BRANCH" == "release" ]]; then - export PACKAGECLOUD_REPOSITORY=dokku/dokku - make .env.docker - fi - make ci-setup + make version ci-setup env: - CI_BRANCH: ${{ steps.extract_branch.outputs.branch }} PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} GITHUB_ACCESS_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }} - name: build run: make build-docker-image build-in-docker - env: - CI_BRANCH: ${{ steps.extract_branch.outputs.branch }} - name: test run: make validate-in-docker - env: - CI_BRANCH: ${{ steps.extract_branch.outputs.branch }} - name: upload packages uses: actions/upload-artifact@v4 with: name: build path: build - - - name: release - run: | - if [[ "$CI_BRANCH" == "release" ]]; then - make release-in-docker release-packagecloud-in-docker - fi - env: - CI_BRANCH: ${{ steps.extract_branch.outputs.branch }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 82227cb..77fb634 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,14 +1,14 @@ --- -name: 'lint' +name: "lint" # yamllint disable-line rule:truthy on: pull_request: branches: - - '*' + - "*" push: branches: - - 'master' + - "main" jobs: hadolint: @@ -19,7 +19,6 @@ jobs: uses: actions/checkout@v4 - name: Run hadolint uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf - # v1.6.0 => d7b38582334d9ac11c12021c16f21d63015fa250 markdown-lint: name: markdown-lint @@ -29,10 +28,9 @@ jobs: uses: actions/checkout@v4 - name: Run markdown-lint uses: avto-dev/markdown-lint@04d43ee9191307b50935a753da3b775ab695eceb - # v1.5.0 => 04d43ee9191307b50935a753da3b775ab695eceb with: - config: '.github/linters/.markdown-lint.yml' - args: './README.md' + config: ".github/linters/.markdown-lint.yml" + args: "./README.md" shellcheck: name: shellcheck @@ -42,7 +40,6 @@ jobs: uses: actions/checkout@v4 - name: Run shellcheck uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 - # 1.1.0 => 94e0aab03ca135d11a35e5bfc14e6746dc56e7e9 env: SHELLCHECK_OPTS: -e SC2034 @@ -54,7 +51,6 @@ jobs: uses: actions/checkout@v4 - name: Run shfmt uses: luizm/action-sh-checker@c6edb3de93e904488b413636d96c6a56e3ad671a - # v0.3.0 => 7f44869033b40ee4ffe7dc76c87a1bc66e3d025a env: SHFMT_OPTS: -l -bn -ci -i 2 -d with: @@ -68,6 +64,5 @@ jobs: uses: actions/checkout@v4 - name: Run yamllint uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c - # v3.0.4 => ed2b6e911569708ed121c14b87d513860a7e36a7 with: - config_file: '.github/linters/.yamllint.yml' + config_file: ".github/linters/.yamllint.yml" diff --git a/.github/workflows/tagged-release.yml b/.github/workflows/tagged-release.yml new file mode 100644 index 0000000..cdc374e --- /dev/null +++ b/.github/workflows/tagged-release.yml @@ -0,0 +1,69 @@ +--- +name: "tagged-release" + +# yamllint disable-line rule:truthy +on: + push: + tags: + - "*" + +permissions: + attestations: write + id-token: write + contents: write + +jobs: + tagged-release: + name: tagged-release + runs-on: ubuntu-22.04 + env: + CI_BRANCH: release + PACKAGECLOUD_REPOSITORY: dokku/dokku + VERSION: ${{ github.ref_name }} + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Get Repository Name + id: repo-name + run: | + echo "REPOSITORY_NAME=$(echo "${{ github.repository }}" | cut -d '/' -f 2)" >> $GITHUB_OUTPUT + + - name: Build binaries + run: | + mkdir -p dist + make version build/linux/${{ steps.repo-name.outputs.REPOSITORY_NAME }} + cp build/linux/${{ steps.repo-name.outputs.REPOSITORY_NAME }} dist/${{ steps.repo-name.outputs.REPOSITORY_NAME }} + + - name: Setup Ruby + uses: ruby/setup-ruby@v1.176.0 + with: + bundler-cache: true + working-directory: .github + + - name: Build Debian Packages + run: | + bundle exec make build/deb/${{ steps.repo-name.outputs.REPOSITORY_NAME }}_${{ github.ref_name }}_all.deb + cp build/deb/*.deb dist/ + env: + BUNDLE_GEMFILE: .github/Gemfile + + - name: Upload Artifacts + uses: actions/upload-artifact@v4 + with: + name: dist + path: dist/* + + - name: Release to PackageCloud + run: bundle exec make release-packagecloud + env: + BUNDLE_GEMFILE: .github/Gemfile + PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + + - name: Release + uses: softprops/action-gh-release@v2 + with: + files: dist/* + generate_release_notes: true + make_latest: "true" diff --git a/Makefile b/Makefile index 589b41f..2092f21 100644 --- a/Makefile +++ b/Makefile @@ -127,6 +127,7 @@ release-packagecloud: release-packagecloud-deb: build/deb/$(NAME)_$(VERSION)_all.deb package_cloud push $(PACKAGECLOUD_REPOSITORY)/ubuntu/focal build/deb/$(NAME)_$(VERSION)_all.deb package_cloud push $(PACKAGECLOUD_REPOSITORY)/ubuntu/jammy build/deb/$(NAME)_$(VERSION)_all.deb + package_cloud push $(PACKAGECLOUD_REPOSITORY)/ubuntu/noble build/deb/$(NAME)_$(VERSION)_all.deb package_cloud push $(PACKAGECLOUD_REPOSITORY)/debian/bullseye build/deb/$(NAME)_$(VERSION)_all.deb package_cloud push $(PACKAGECLOUD_REPOSITORY)/debian/bookworm build/deb/$(NAME)_$(VERSION)_all.deb package_cloud push $(PACKAGECLOUD_REPOSITORY)/raspbian/bullseye build/deb/$(NAME)_$(VERSION)_all.deb diff --git a/README.md b/README.md index ed36068..7f1a52e 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,5 @@ # sshcommand -[![Build Status](https://github.com/dokku/sshcommand/workflows/CI/badge.svg)](https://github.com/dokku/sshcommand/actions?query=workflow%3ACI) - Simplifies running a single command over SSH, and manages authorized keys (ACL) and users in order to do so. It basically simplifies running: