From feacbc9f6b279a5b36c5b613fb4f1483dc71065e Mon Sep 17 00:00:00 2001 From: Predrag Racanovic Date: Fri, 8 Nov 2024 11:29:39 +0100 Subject: [PATCH 1/2] feat: DK-5158 initial commit --- .github/workflows/main.yaml | 35 ++ .github/workflows/package-retention.yaml | 27 ++ .github/workflows/pr-actions.yaml | 47 +++ .github/workflows/pr-build.yaml | 44 +++ .github/workflows/pr-close.yaml | 20 ++ .github/workflows/pr-command.yaml | 26 ++ .github/workflows/pr-gitleaks.yaml | 27 ++ .github/workflows/pr-stale.yaml | 21 ++ .github/workflows/pr-verify.yaml | 64 ++++ .github/workflows/publish-release.yaml | 37 +++ .github/workflows/renovate.yaml | 37 +++ .gitignore | 404 +---------------------- CODEOWNERS | 4 + README.md | 6 +- renovate.json | 4 + 15 files changed, 403 insertions(+), 400 deletions(-) create mode 100644 .github/workflows/main.yaml create mode 100644 .github/workflows/package-retention.yaml create mode 100644 .github/workflows/pr-actions.yaml create mode 100644 .github/workflows/pr-build.yaml create mode 100644 .github/workflows/pr-close.yaml create mode 100644 .github/workflows/pr-command.yaml create mode 100644 .github/workflows/pr-gitleaks.yaml create mode 100644 .github/workflows/pr-stale.yaml create mode 100644 .github/workflows/pr-verify.yaml create mode 100644 .github/workflows/publish-release.yaml create mode 100644 .github/workflows/renovate.yaml create mode 100644 CODEOWNERS create mode 100644 renovate.json diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml new file mode 100644 index 0000000..af4ae0d --- /dev/null +++ b/.github/workflows/main.yaml @@ -0,0 +1,35 @@ +name: main +on: + push: + branches: + - master + - main + - beta + - next + - next-major +jobs: + release: + permissions: + contents: write + issues: write + pull-requests: write + runs-on: + labels: + - minimalistic-v2 + concurrency: release + steps: + - name: Checkout source + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + with: + fetch-depth: 0 + - name: Get shared actions + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + with: + repository: 'DoodleScheduling/actions' + ref: v3 + path: './.actions' + token: ${{ secrets.GH_ACTIONS }} + - uses: ./.actions/release + with: + token: ${{ secrets.GH_ACTIONS }} + timeout-minutes: 45 diff --git a/.github/workflows/package-retention.yaml b/.github/workflows/package-retention.yaml new file mode 100644 index 0000000..37298d9 --- /dev/null +++ b/.github/workflows/package-retention.yaml @@ -0,0 +1,27 @@ +name: package-retention +on: + schedule: + - cron: '0 11 * * *' +jobs: + package-retention: + permissions: + packages: write + runs-on: + labels: + - minimalistic-v2 + steps: + - name: Get shared actions + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + repository: 'DoodleScheduling/actions' + ref: v3 + path: './.actions' + token: ${{ secrets.GH_ACTIONS }} + - uses: ./.actions/package-retention + name: Delete app images older than 90 days + with: + package-name: ${{ github.event.repository.name }} + package-type: container + age: 2160h + container-match-tags: "[0-9a-f]{8}" + timeout-minutes: 45 diff --git a/.github/workflows/pr-actions.yaml b/.github/workflows/pr-actions.yaml new file mode 100644 index 0000000..d0f28a1 --- /dev/null +++ b/.github/workflows/pr-actions.yaml @@ -0,0 +1,47 @@ +name: pr-actions +on: + pull_request: + types: + - opened + - synchronize + - reopened +permissions: {} +jobs: + validate-workflows: + permissions: + contents: read + runs-on: + labels: + - minimalistic-v2 + if: ${{ github.event.pull_request.state == 'open' }} + steps: + - name: Checkout source + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + - name: Get shared actions + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + repository: 'DoodleScheduling/actions' + ref: v3 + path: './.actions' + token: ${{ secrets.GH_ACTIONS }} + - uses: './.actions/validate-workflow' + timeout-minutes: 45 + ensure-pinned-actions: + permissions: + contents: read + runs-on: + labels: + - minimalistic-v2 + if: ${{ github.event.pull_request.state == 'open' }} + steps: + - name: Checkout source + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + - name: Get shared actions + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + repository: 'DoodleScheduling/actions' + ref: v3 + path: './.actions' + token: ${{ secrets.GH_ACTIONS }} + - uses: './.actions/ensure-pinned-actions' + timeout-minutes: 45 diff --git a/.github/workflows/pr-build.yaml b/.github/workflows/pr-build.yaml new file mode 100644 index 0000000..f685038 --- /dev/null +++ b/.github/workflows/pr-build.yaml @@ -0,0 +1,44 @@ +name: pr-build +on: + pull_request: + types: + - opened + - synchronize + - reopened +jobs: + build: + permissions: + packages: write + contents: read + statuses: read + actions: write + id-token: write + runs-on: + labels: + - generic-v2 + steps: + - name: Checkout source + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + with: + fetch-depth: 0 + - name: Get shared actions + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + with: + repository: 'DoodleScheduling/actions' + ref: v3 + path: './.actions' + token: ${{ secrets.GH_ACTIONS }} + - uses: ./.actions/short-sha + id: short-sha + - uses: ./.actions/container-image + with: + tags: ghcr.io/doodlescheduling/${{ github.event.repository.name }}:${{ steps.short-sha.outputs.ref }} + dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }} + ghcr-password: ${{ secrets.GITHUB_TOKEN }} + cosign-private-key: ${{ secrets.COSIGN_PRIV_KEY }} + platforms: linux/amd64,linux/arm64 + timeout-minutes: 45 +concurrency: + group: ${{ github.ref }} + cancel-in-progress: true diff --git a/.github/workflows/pr-close.yaml b/.github/workflows/pr-close.yaml new file mode 100644 index 0000000..c4464b4 --- /dev/null +++ b/.github/workflows/pr-close.yaml @@ -0,0 +1,20 @@ +name: pr-close +on: + pull_request: + types: [closed] +jobs: + cleanup: + runs-on: + labels: + - minimalistic-v2 + timeout-minutes: 3 + if: ${{ github.actor != 'dependabot[bot]' }} + steps: + - name: Get shared actions + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + repository: 'DoodleScheduling/actions' + ref: v3 + path: './.actions' + token: ${{ secrets.GH_ACTIONS }} + - uses: ./.actions/cancel-workflow diff --git a/.github/workflows/pr-command.yaml b/.github/workflows/pr-command.yaml new file mode 100644 index 0000000..a7c2519 --- /dev/null +++ b/.github/workflows/pr-command.yaml @@ -0,0 +1,26 @@ +name: pr-command +on: + pull_request: + types: [opened] + issue_comment: + types: [created] +jobs: + slash-command: + runs-on: + labels: [minimalistic-v2] + steps: + - name: Checkout source + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + fetch-depth: 0 + - name: Get shared actions + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + repository: 'DoodleScheduling/actions' + ref: v3 + path: './.actions' + token: ${{ secrets.GH_ACTIONS }} + - uses: ./.actions/slash-command + with: + token: ${{ secrets.GH_ACTIONS }} + timeout-minutes: 45 diff --git a/.github/workflows/pr-gitleaks.yaml b/.github/workflows/pr-gitleaks.yaml new file mode 100644 index 0000000..291db04 --- /dev/null +++ b/.github/workflows/pr-gitleaks.yaml @@ -0,0 +1,27 @@ +name: pr-gitleaks +on: + pull_request: + types: + - opened + - synchronize + - reopened +jobs: + gitleaks: + runs-on: + labels: + - minimalistic-v2 + if: ${{ github.actor != 'dependabot[bot]' }} + steps: + - name: Checkout + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + with: + fetch-depth: 0 + - name: Get shared actions + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + with: + repository: 'DoodleScheduling/actions' + ref: v3 + path: './.actions' + token: ${{ secrets.GH_ACTIONS }} + - uses: ./.actions/gitleaks + timeout-minutes: 45 diff --git a/.github/workflows/pr-stale.yaml b/.github/workflows/pr-stale.yaml new file mode 100644 index 0000000..c0fb597 --- /dev/null +++ b/.github/workflows/pr-stale.yaml @@ -0,0 +1,21 @@ +name: pr-stale +on: + schedule: + - cron: '30 1 * * *' +jobs: + stale: + runs-on: + labels: + - minimalistic-v2 + steps: + - name: Get shared actions + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + repository: 'DoodleScheduling/actions' + ref: v3 + path: './.actions' + token: ${{ secrets.GH_ACTIONS }} + - uses: ./.actions/stale + with: + repo-token: ${{ secrets.GH_ACTIONS }} + timeout-minutes: 45 diff --git a/.github/workflows/pr-verify.yaml b/.github/workflows/pr-verify.yaml new file mode 100644 index 0000000..1b838b0 --- /dev/null +++ b/.github/workflows/pr-verify.yaml @@ -0,0 +1,64 @@ +name: pr-verify +on: + pull_request: + types: + - opened + - synchronize + - reopened +jobs: + size-label: + runs-on: + labels: + - minimalistic-v2 + if: ${{ github.actor != 'dependabot[bot]' }} + steps: + - name: Get shared actions + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + repository: 'DoodleScheduling/actions' + ref: v3 + path: './.actions' + token: ${{ secrets.GH_ACTIONS }} + - uses: ./.actions/pull-request-size + with: + token: ${{ secrets.GH_ACTIONS }} + timeout-minutes: 45 + pr-title: + runs-on: + labels: + - minimalistic-v2 + if: ${{ github.actor != 'dependabot[bot]' }} + steps: + - name: Get shared actions + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + repository: 'DoodleScheduling/actions' + ref: v3 + path: './.actions' + token: ${{ secrets.GH_ACTIONS }} + - uses: ./.actions/pull-request-title + with: + token: ${{ secrets.GH_ACTIONS }} + timeout-minutes: 45 + release-label: + runs-on: + labels: + - minimalistic-v2 + if: ${{ github.actor != 'dependabot[bot]' }} + steps: + - name: Checkout source + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + ref: ${{ github.event.pull_request.head.sha }} + fetch-depth: 0 + - name: Get shared actions + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + repository: 'DoodleScheduling/actions' + ref: v3 + path: './.actions' + token: ${{ secrets.GH_ACTIONS }} + - uses: ./.actions/preview-release + with: + token: ${{ secrets.GH_ACTIONS }} + timeout-minutes: 45 diff --git a/.github/workflows/publish-release.yaml b/.github/workflows/publish-release.yaml new file mode 100644 index 0000000..beb1721 --- /dev/null +++ b/.github/workflows/publish-release.yaml @@ -0,0 +1,37 @@ +name: publish-release +on: + release: + types: [published] +jobs: + publish-release: + runs-on: + labels: + - generic-v2 + concurrency: publish + steps: + - run: echo 'package ${{ github.ref_name }}' + - name: Checkout source + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + with: + fetch-depth: 0 + - name: Get shared actions + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + with: + repository: 'DoodleScheduling/actions' + ref: v3 + path: './.actions' + token: ${{ secrets.GH_ACTIONS }} + - uses: ./.actions/container-image + with: + tags: ghcr.io/doodlescheduling/${{ github.event.repository.name }}:${{ github.ref_name }} + dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }} + ghcr-username: ${{ github.actor }} + ghcr-password: ${{ secrets.GITHUB_TOKEN }} + cosign-private-key: ${{ secrets.COSIGN_PRIV_KEY }} + platforms: linux/amd64,linux/arm64 + permissions: + packages: write + contents: read + id-token: write + timeout-minutes: 45 diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml new file mode 100644 index 0000000..0410574 --- /dev/null +++ b/.github/workflows/renovate.yaml @@ -0,0 +1,37 @@ +name: renovate +on: + schedule: + - cron: '0 */2 * * *' + workflow_dispatch: + push: + branches: + - master + - main + - beta + - next + - next-major +concurrency: + group: ${{ github.ref }} + cancel-in-progress: true +jobs: + renovate: + runs-on: + labels: + - minimalistic-v2 + steps: + - name: Checkout source + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + fetch-depth: 0 + - name: Get shared actions + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + repository: 'DoodleScheduling/actions' + ref: v3 + path: './.actions' + token: ${{ secrets.GH_ACTIONS }} + - uses: ./.actions/renovate + with: + lib-grafana-private-key: ${{ secrets.PRIVATE_SSH_KEY_LIB_GRAFANA }} + token: ${{ secrets.GH_ACTIONS }} + timeout-minutes: 45 diff --git a/.gitignore b/.gitignore index 8a30d25..124d350 100644 --- a/.gitignore +++ b/.gitignore @@ -1,398 +1,6 @@ -## Ignore Visual Studio temporary files, build results, and -## files generated by popular Visual Studio add-ons. -## -## Get latest from https://github.com/github/gitignore/blob/main/VisualStudio.gitignore - -# User-specific files -*.rsuser -*.suo -*.user -*.userosscache -*.sln.docstates - -# User-specific files (MonoDevelop/Xamarin Studio) -*.userprefs - -# Mono auto generated files -mono_crash.* - -# Build results -[Dd]ebug/ -[Dd]ebugPublic/ -[Rr]elease/ -[Rr]eleases/ -x64/ -x86/ -[Ww][Ii][Nn]32/ -[Aa][Rr][Mm]/ -[Aa][Rr][Mm]64/ -bld/ -[Bb]in/ -[Oo]bj/ -[Ll]og/ -[Ll]ogs/ - -# Visual Studio 2015/2017 cache/options directory -.vs/ -# Uncomment if you have tasks that create the project's static files in wwwroot -#wwwroot/ - -# Visual Studio 2017 auto generated files -Generated\ Files/ - -# MSTest test Results -[Tt]est[Rr]esult*/ -[Bb]uild[Ll]og.* - -# NUnit -*.VisualState.xml -TestResult.xml -nunit-*.xml - -# Build Results of an ATL Project -[Dd]ebugPS/ -[Rr]eleasePS/ -dlldata.c - -# Benchmark Results -BenchmarkDotNet.Artifacts/ - -# .NET Core -project.lock.json -project.fragment.lock.json -artifacts/ - -# ASP.NET Scaffolding -ScaffoldingReadMe.txt - -# StyleCop -StyleCopReport.xml - -# Files built by Visual Studio -*_i.c -*_p.c -*_h.h -*.ilk -*.meta -*.obj -*.iobj -*.pch -*.pdb -*.ipdb -*.pgc -*.pgd -*.rsp -*.sbr -*.tlb -*.tli -*.tlh -*.tmp -*.tmp_proj -*_wpftmp.csproj -*.log -*.tlog -*.vspscc -*.vssscc -.builds -*.pidb -*.svclog -*.scc - -# Chutzpah Test files -_Chutzpah* - -# Visual C++ cache files -ipch/ -*.aps -*.ncb -*.opendb -*.opensdf -*.sdf -*.cachefile -*.VC.db -*.VC.VC.opendb - -# Visual Studio profiler -*.psess -*.vsp -*.vspx -*.sap - -# Visual Studio Trace Files -*.e2e - -# TFS 2012 Local Workspace -$tf/ - -# Guidance Automation Toolkit -*.gpState - -# ReSharper is a .NET coding add-in -_ReSharper*/ -*.[Rr]e[Ss]harper -*.DotSettings.user - -# TeamCity is a build add-in -_TeamCity* - -# DotCover is a Code Coverage Tool -*.dotCover - -# AxoCover is a Code Coverage Tool -.axoCover/* -!.axoCover/settings.json - -# Coverlet is a free, cross platform Code Coverage Tool -coverage*.json -coverage*.xml -coverage*.info - -# Visual Studio code coverage results -*.coverage -*.coveragexml - -# NCrunch -_NCrunch_* -.*crunch*.local.xml -nCrunchTemp_* - -# MightyMoose -*.mm.* -AutoTest.Net/ - -# Web workbench (sass) -.sass-cache/ - -# Installshield output folder -[Ee]xpress/ - -# DocProject is a documentation generator add-in -DocProject/buildhelp/ -DocProject/Help/*.HxT -DocProject/Help/*.HxC -DocProject/Help/*.hhc -DocProject/Help/*.hhk -DocProject/Help/*.hhp -DocProject/Help/Html2 -DocProject/Help/html - -# Click-Once directory -publish/ - -# Publish Web Output -*.[Pp]ublish.xml -*.azurePubxml -# Note: Comment the next line if you want to checkin your web deploy settings, -# but database connection strings (with potential passwords) will be unencrypted -*.pubxml -*.publishproj - -# Microsoft Azure Web App publish settings. Comment the next line if you want to -# checkin your Azure Web App publish settings, but sensitive information contained -# in these scripts will be unencrypted -PublishScripts/ - -# NuGet Packages -*.nupkg -# NuGet Symbol Packages -*.snupkg -# The packages folder can be ignored because of Package Restore -**/[Pp]ackages/* -# except build/, which is used as an MSBuild target. -!**/[Pp]ackages/build/ -# Uncomment if necessary however generally it will be regenerated when needed -#!**/[Pp]ackages/repositories.config -# NuGet v3's project.json files produces more ignorable files -*.nuget.props -*.nuget.targets - -# Microsoft Azure Build Output -csx/ -*.build.csdef - -# Microsoft Azure Emulator -ecf/ -rcf/ - -# Windows Store app package directories and files -AppPackages/ -BundleArtifacts/ -Package.StoreAssociation.xml -_pkginfo.txt -*.appx -*.appxbundle -*.appxupload - -# Visual Studio cache files -# files ending in .cache can be ignored -*.[Cc]ache -# but keep track of directories ending in .cache -!?*.[Cc]ache/ - -# Others -ClientBin/ -~$* -*~ -*.dbmdl -*.dbproj.schemaview -*.jfm -*.pfx -*.publishsettings -orleans.codegen.cs - -# Including strong name files can present a security risk -# (https://github.com/github/gitignore/pull/2483#issue-259490424) -#*.snk - -# Since there are multiple workflows, uncomment next line to ignore bower_components -# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) -#bower_components/ - -# RIA/Silverlight projects -Generated_Code/ - -# Backup & report files from converting an old project file -# to a newer Visual Studio version. Backup files are not needed, -# because we have git ;-) -_UpgradeReport_Files/ -Backup*/ -UpgradeLog*.XML -UpgradeLog*.htm -ServiceFabricBackup/ -*.rptproj.bak - -# SQL Server files -*.mdf -*.ldf -*.ndf - -# Business Intelligence projects -*.rdl.data -*.bim.layout -*.bim_*.settings -*.rptproj.rsuser -*- [Bb]ackup.rdl -*- [Bb]ackup ([0-9]).rdl -*- [Bb]ackup ([0-9][0-9]).rdl - -# Microsoft Fakes -FakesAssemblies/ - -# GhostDoc plugin setting file -*.GhostDoc.xml - -# Node.js Tools for Visual Studio -.ntvs_analysis.dat -node_modules/ - -# Visual Studio 6 build log -*.plg - -# Visual Studio 6 workspace options file -*.opt - -# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) -*.vbw - -# Visual Studio 6 auto-generated project file (contains which files were open etc.) -*.vbp - -# Visual Studio 6 workspace and project file (working project files containing files to include in project) -*.dsw -*.dsp - -# Visual Studio 6 technical files -*.ncb -*.aps - -# Visual Studio LightSwitch build output -**/*.HTMLClient/GeneratedArtifacts -**/*.DesktopClient/GeneratedArtifacts -**/*.DesktopClient/ModelManifest.xml -**/*.Server/GeneratedArtifacts -**/*.Server/ModelManifest.xml -_Pvt_Extensions - -# Paket dependency manager -.paket/paket.exe -paket-files/ - -# FAKE - F# Make -.fake/ - -# CodeRush personal settings -.cr/personal - -# Python Tools for Visual Studio (PTVS) -__pycache__/ -*.pyc - -# Cake - Uncomment if you are using it -# tools/** -# !tools/packages.config - -# Tabs Studio -*.tss - -# Telerik's JustMock configuration file -*.jmconfig - -# BizTalk build output -*.btp.cs -*.btm.cs -*.odx.cs -*.xsd.cs - -# OpenCover UI analysis results -OpenCover/ - -# Azure Stream Analytics local run output -ASALocalRun/ - -# MSBuild Binary and Structured Log -*.binlog - -# NVidia Nsight GPU debugger configuration file -*.nvuser - -# MFractors (Xamarin productivity tool) working folder -.mfractor/ - -# Local History for Visual Studio -.localhistory/ - -# Visual Studio History (VSHistory) files -.vshistory/ - -# BeatPulse healthcheck temp database -healthchecksdb - -# Backup folder for Package Reference Convert tool in Visual Studio 2017 -MigrationBackup/ - -# Ionide (cross platform F# VS Code tools) working folder -.ionide/ - -# Fody - auto-generated XML schema -FodyWeavers.xsd - -# VS Code files for those working on multiple tools -.vscode/* -!.vscode/settings.json -!.vscode/tasks.json -!.vscode/launch.json -!.vscode/extensions.json -*.code-workspace - -# Local History for Visual Studio Code -.history/ - -# Windows Installer files from build outputs -*.cab -*.msi -*.msix -*.msm -*.msp - -# JetBrains Rider -*.sln.iml +.DS_Store +### IntelliJ IDEA ### +.idea +*.iws +*.iml +*.ipr \ No newline at end of file diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..1aa313c --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,4 @@ +Dockerfile @DoodleScheduling/DevOps +CODEOWNERS @DoodleScheduling/DevOps +.github/workflows @DoodleScheduling/DevOps +renovate.json @DoodleScheduling/DevOps diff --git a/README.md b/README.md index 8f6aa04..03cff04 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,4 @@ -# derp-server -Repository for building mutiplatform image of derp-server +# Multiplatform docker image for derp-server + +Repository for building mutiplatform image of derp-server. +Default setup includes `linux/amd64` and `linux/arm64` support. Additional platforms can be added in the github actions platform flag. diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..58029e4 --- /dev/null +++ b/renovate.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["github>doodlescheduling/renovate"] +} From 6de8ac4d88efd253afc358fe781f81ae1b0b7ea4 Mon Sep 17 00:00:00 2001 From: Predrag Racanovic Date: Fri, 8 Nov 2024 15:45:07 +0100 Subject: [PATCH 2/2] DK-5158 add Dockerfile --- Dockerfile | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..704bbca --- /dev/null +++ b/Dockerfile @@ -0,0 +1,37 @@ +FROM golang as builder + +WORKDIR /app + +# Install tailscale derper +# https://tailscale.com/kb/1118/custom-derp-servers/ + +RUN git clone https://github.com/tailscale/tailscale/ && \ + cd tailscale && \ + CGO_ENABLED=0 go build -o derper ./cmd/derper/ + + +FROM busybox + +ENV LANG C.UTF-8 + +ENV DERP_DOMAIN example.com +ENV DERP_CERT_MODE letsencrypt +ENV DERP_CERT_DIR /app/certs +ENV DERP_ADDR :443 +ENV DERP_STUN true +ENV DERP_HTTP_PORT 80 +ENV DERP_VERIFY_CLIENTS false + +WORKDIR /app + +COPY --from=builder /app/tailscale/derper . + + +CMD /app/derper -hostname=$DERP_DOMAIN \ + -certmode=$DERP_CERT_MODE \ + -certdir=$DERP_CERT_DIR \ + -a=$DERP_ADDR \ + -stun=$DERP_STUN \ + -http-port=$DERP_HTTP_PORT \ + -verify-clients=$DERP_VERIFY_CLIENTS + \ No newline at end of file