From 6a2cca0af609383a02db7f20e84d4c74865bd05e Mon Sep 17 00:00:00 2001 From: MrMeeb Date: Sun, 12 May 2024 09:21:23 +0000 Subject: [PATCH 01/11] Enable Renovate --- renovate.json | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 renovate.json diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..d3e4131 --- /dev/null +++ b/renovate.json @@ -0,0 +1,28 @@ +{ + "extends": [":automergeMinor", ":automergePr", ":automergeRequireAllStatusChecks", ":dependencyDashboard", ":disableRateLimiting", ":rebaseStalePrs"], + "baseBranches": ["main"], + "major": { + "dependencyDashboardApproval": true + }, + "customManagers": [ + { + "customType": "regex", + "fileMatch": ["Dockerfile"], + "matchStrings": ["ARG S6_OVERLAY_VERSION=[\"](?.*)[\"]"], + "datasourceTemplate": "github-releases", + "depNameTemplate": "just-containers/s6-overlay" + } + ], + "packageRules": [ + { + "matchDatasources": ["github-releases"], + "matchDepNames": ["just-containers/s6-overlay"], + "extractVersion": "^v(?.*)$", + "versioning": "loose" + }, + { + "matchPackagePatterns": ["certbot"], + "groupName": "certbot" + } + ] +} \ No newline at end of file From 15a0cb3a16cf3b201589f231daa3d25a6ed3197a Mon Sep 17 00:00:00 2001 From: MrMeeb Date: Sun, 12 May 2024 09:21:44 +0000 Subject: [PATCH 02/11] Version control for Certbot packages --- Dockerfile | 3 ++- requirements.txt | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 requirements.txt diff --git a/Dockerfile b/Dockerfile index 865be2f..976d953 100644 --- a/Dockerfile +++ b/Dockerfile @@ -57,10 +57,11 @@ RUN python3 -m venv /app/certbot/ && /app/certbot/bin/pip install --upgrade pip #Get required packages for building, build, then cleanup #Added additional pip steps to fix cython 3.0.0 issue - https://github.com/yaml/pyyaml/issues/601 +COPY requirements.txt /app/certbot/requirements.txt RUN apk add --no-cache --virtual .deps gcc python3-dev libc-dev libffi-dev && \ /app/certbot/bin/pip install wheel && \ /app/certbot/bin/pip install "Cython<3.0" pyyaml --no-build-isolation && \ - /app/certbot/bin/pip install certbot certbot-dns-cloudflare && \ + /app/certbot/bin/pip install -r /app/certbot/requirements.txt && \ ln -s /app/certbot/bin/certbot /usr/bin/certbot &&\ apk del .deps diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..da8860e --- /dev/null +++ b/requirements.txt @@ -0,0 +1,4 @@ +# For pinning Certbot packages to then be parsed by Renovate + +certbot ==2.9.0 +certbot-dns-cloudflare ==2.9.0 \ No newline at end of file From ef7fff219ddf05323d59c6d4b2cb79780a2eb91e Mon Sep 17 00:00:00 2001 From: MrMeeb Date: Sun, 12 May 2024 09:22:08 +0000 Subject: [PATCH 03/11] Update S6 to 3.1.6.2 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 976d953..e74b84c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ ENV S6_OVERLAY_ARCH=aarch64 FROM base-${TARGETARCH}${TARGETVARIANT} -ARG S6_OVERLAY_VERSION=3.1.5.0 +ARG S6_OVERLAY_VERSION="3.1.6.2" # Core variables ENV PUID=1000 From 8ba971571c0acc449a50cc7d83ba7bf137985567 Mon Sep 17 00:00:00 2001 From: MrMeeb Date: Sun, 12 May 2024 09:22:25 +0000 Subject: [PATCH 04/11] Rebase to Alpine 3.19.1 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e74b84c..0a68427 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:latest as base +FROM alpine:3.19.1 as base ARG TARGETARCH FROM base AS base-amd64 From 9906cf6c0aa6937ba2114397dca87383c6d6dacc Mon Sep 17 00:00:00 2001 From: MrMeeb Date: Sun, 12 May 2024 09:24:53 +0000 Subject: [PATCH 05/11] Update goreleaser syntax --- .goreleaser-gitea.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.goreleaser-gitea.yaml b/.goreleaser-gitea.yaml index e4e1962..4f0bce4 100644 --- a/.goreleaser-gitea.yaml +++ b/.goreleaser-gitea.yaml @@ -1,8 +1,8 @@ dist: dist-gitea -build: - skip: true +builds: +- skip: true archives: - format: binary From a259156875ea282654fa0dce768f2f49a7959921 Mon Sep 17 00:00:00 2001 From: MrMeeb Date: Sun, 12 May 2024 09:25:01 +0000 Subject: [PATCH 06/11] Change release formatting --- .goreleaser-gitea.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.goreleaser-gitea.yaml b/.goreleaser-gitea.yaml index 4f0bce4..1306ea2 100644 --- a/.goreleaser-gitea.yaml +++ b/.goreleaser-gitea.yaml @@ -9,6 +9,13 @@ archives: release: draft: true + + header: | + # Certbot Cron v{{ .Tag }} + + ## Docker Image: + `git.mrmeeb.stream/mrmeeb/certbot-cron:{{ .Tag }}` + gitea: owner: MrMeeb name: certbot-cron-docker From c213e9214c0455af49d9b4fc7f5dea89391a9d95 Mon Sep 17 00:00:00 2001 From: MrMeeb Date: Sun, 12 May 2024 10:57:43 +0000 Subject: [PATCH 07/11] Add gitea actions --- .drone.yml | 176 --------------------- .gitea/workflows/build-develop.yaml | 88 +++++++++++ .gitea/workflows/build-main.yaml | 88 +++++++++++ .gitea/workflows/build-tagged-release.yaml | 80 ++++++++++ .gitea/workflows/test-pr.yaml | 47 ++++++ 5 files changed, 303 insertions(+), 176 deletions(-) delete mode 100644 .drone.yml create mode 100644 .gitea/workflows/build-develop.yaml create mode 100644 .gitea/workflows/build-main.yaml create mode 100644 .gitea/workflows/build-tagged-release.yaml create mode 100644 .gitea/workflows/test-pr.yaml diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 3fc571a..0000000 --- a/.drone.yml +++ /dev/null @@ -1,176 +0,0 @@ -kind: pipeline -type: docker -name: build-release-images -trigger: - event: - exclude: - - pull_request - ref: - - refs/tags/** - -platform: - os: linux - arch: amd64 - -steps: - -- name: get-tags - image: docker:git - commands: - - git fetch --tags - depends_on: - - clone - -- name: make-tags - image: node - commands: - - echo -n "${DRONE_TAG}, latest" > .tags - depends_on: - - get-tags - -- name: build-gitea - image: thegeeklab/drone-docker-buildx - privileged: true - settings: - provenance: false - registry: git.mrmeeb.stream - username: - from_secret: docker_username - password: - from_secret: docker_password - repo: git.mrmeeb.stream/mrmeeb/certbot-cron - platforms: - - linux/arm64 - - linux/amd64 - depends_on: - - make-tags - -- name: release-gitea - image: goreleaser/goreleaser - environment: - GITEA_TOKEN: - from_secret: gitea_token - commands: - - goreleaser release -f .goreleaser-gitea.yaml - depends_on: - - build-gitea - -- name: notify - image: plugins/slack - when: - status: - - success - - failure - settings: - webhook: - from_secret: slack_webhook - depends_on: - - release-gitea - ---- -kind: pipeline -type: docker -name: build-main-images -trigger: - event: - exclude: - - pull_request - ref: - - refs/heads/master - -platform: - os: linux - arch: amd64 - -steps: - -- name: make-tags - image: node - commands: - - echo -n "${DRONE_COMMIT_SHA:0:8}, latest" > .tags - when: - ref: - - refs/heads/master - depends_on: - - clone - -- name: build-gitea - image: thegeeklab/drone-docker-buildx - privileged: true - settings: - provenance: false - registry: git.mrmeeb.stream - username: - from_secret: docker_username - password: - from_secret: docker_password - repo: git.mrmeeb.stream/mrmeeb/certbot-cron - platforms: - - linux/arm64 - - linux/amd64 - depends_on: - - make-tags - -- name: notify - image: plugins/slack - when: - status: - - success - - failure - settings: - webhook: - from_secret: slack_webhook - depends_on: - - build-gitea - ---- -kind: pipeline -type: docker -name: build-develop-images -trigger: - event: - exclude: - - pull_request - branch: - - develop - -platform: - os: linux - arch: amd64 - -steps: - # Set tags for develop branch - git commit SHA and 'develop' -- name: make-tags - image: node - commands: - - echo -n "develop-${DRONE_COMMIT_SHA:0:8}, develop" > .tags - - # Build containers from develop branch -- name: build-gitea - image: thegeeklab/drone-docker-buildx - privileged: true - settings: - provenance: false - registry: git.mrmeeb.stream - username: - from_secret: docker_username - password: - from_secret: docker_password - repo: git.mrmeeb.stream/mrmeeb/certbot-cron - platforms: - - linux/arm64 - - linux/amd64 - depends_on: - - make-tags - -- name: notify - image: plugins/slack - when: - status: - - success - - failure - settings: - webhook: - from_secret: slack_webhook - depends_on: - - build-gitea \ No newline at end of file diff --git a/.gitea/workflows/build-develop.yaml b/.gitea/workflows/build-develop.yaml new file mode 100644 index 0000000..83c5a59 --- /dev/null +++ b/.gitea/workflows/build-develop.yaml @@ -0,0 +1,88 @@ +name: Build Image +on: + push: + branches: + - 'develop' + +env: + TEST_TAG: mrmeeb/certbot-cron:test + FULL_TAG: git.mrmeeb.stream/mrmeeb/certbot-cron:develop + +jobs: + "Validate Image": + runs-on: [ubuntu-docker-latest, linux/amd64] + steps: + - name: Build locally + uses: docker/build-push-action@v5 + with: + load: true + tags: ${{ env.TEST_TAG }} + provenance: false + - name: Test certificate issuing + id: test + run: | + # First create a volume + docker volume create ${{ gitea.sha }} && \ + # Then issue a certificate + docker run --rm -v ${{ gitea.sha }}:/config -e STAGING=true -e EMAIL=${{ secrets.EMAIL }} -e DOMAINS=${{ gitea.sha }}.mrmeeb.stream -e PLUGIN=cloudflare -e CLOUDFLARE_TOKEN=${{ secrets.CLOUDFLARE_TOKEN }} -e ONE_SHOT=true -e GENERATE_DHPARAM=false ${{ env.TEST_TAG }} && \ + # Then revoke it again + docker run --rm --entrypoint "/usr/bin/certbot" -v ${{ gitea.sha }}:/config ${{ env.TEST_TAG }} revoke --non-interactive --agree-tos --email ${{ secrets.EMAIL }} --staging --config-dir /config/letsencrypt --work-dir /config/.tmp --logs-dir /config/logs --cert-path /config/letsencrypt/live/${{ gitea.sha }}.mrmeeb.stream/fullchain.pem + - name: Tidy up + if: always() + run: | + echo "Removing docker volume ${{ gitea.sha }}" && \ + docker volume rm ${{ gitea.sha }} + - name: Test Failure + uses: rjstone/discord-webhook-notify@v1 + if: failure() + with: + severity: error + details: Test Failed! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} + + "Publish Image": + runs-on: [ubuntu-docker-latest, linux/amd64] + needs: ["Validate Image"] + steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Gitea Container Registry + uses: docker/login-action@v3 + with: + registry: git.mrmeeb.stream + username: ${{ env.GITHUB_ACTOR }} + password: ${{ secrets.GTCR_TOKEN }} + - name: Build and push + uses: docker/build-push-action@v5 + with: + push: true + platforms: linux/amd64,linux/arm64 + tags: ${{ env.FULL_TAG }} + provenance: false + - name: Build Failure + uses: rjstone/discord-webhook-notify@v1 + if: failure() + with: + severity: error + details: Build Failed! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} + + "Notify": + runs-on: [ubuntu-docker-latest, linux/amd64] + needs: ["Build Image", "Validate Image"] + steps: + - name: Notify of success + uses: rjstone/discord-webhook-notify@v1 + if: success() + with: + severity: info + details: Build succeeded! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} \ No newline at end of file diff --git a/.gitea/workflows/build-main.yaml b/.gitea/workflows/build-main.yaml new file mode 100644 index 0000000..fca21de --- /dev/null +++ b/.gitea/workflows/build-main.yaml @@ -0,0 +1,88 @@ +name: Build Image +on: + push: + branches: + - 'main' + +env: + TEST_TAG: mrmeeb/certbot-cron:test + FULL_TAG: git.mrmeeb.stream/mrmeeb/certbot-cron:latest + +jobs: + "Validate Image": + runs-on: [ubuntu-docker-latest, linux/amd64] + steps: + - name: Build locally + uses: docker/build-push-action@v5 + with: + load: true + tags: ${{ env.TEST_TAG }} + provenance: false + - name: Test certificate issuing + id: test + run: | + # First create a volume + docker volume create ${{ gitea.sha }} && \ + # Then issue a certificate + docker run --rm -v ${{ gitea.sha }}:/config -e STAGING=true -e EMAIL=${{ secrets.EMAIL }} -e DOMAINS=${{ gitea.sha }}.mrmeeb.stream -e PLUGIN=cloudflare -e CLOUDFLARE_TOKEN=${{ secrets.CLOUDFLARE_TOKEN }} -e ONE_SHOT=true -e GENERATE_DHPARAM=false ${{ env.TEST_TAG }} && \ + # Then revoke it again + docker run --rm --entrypoint "/usr/bin/certbot" -v ${{ gitea.sha }}:/config ${{ env.TEST_TAG }} revoke --non-interactive --agree-tos --email ${{ secrets.EMAIL }} --staging --config-dir /config/letsencrypt --work-dir /config/.tmp --logs-dir /config/logs --cert-path /config/letsencrypt/live/${{ gitea.sha }}.mrmeeb.stream/fullchain.pem + - name: Tidy up + if: always() + run: | + echo "Removing docker volume ${{ gitea.sha }}" && \ + docker volume rm ${{ gitea.sha }} + - name: Test Failure + uses: rjstone/discord-webhook-notify@v1 + if: failure() + with: + severity: error + details: Test Failed! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} + + "Publish Image": + runs-on: [ubuntu-docker-latest, linux/amd64] + needs: ["Validate Image"] + steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Gitea Container Registry + uses: docker/login-action@v3 + with: + registry: git.mrmeeb.stream + username: ${{ env.GITHUB_ACTOR }} + password: ${{ secrets.GTCR_TOKEN }} + - name: Build and push + uses: docker/build-push-action@v5 + with: + push: true + platforms: linux/amd64,linux/arm64 + tags: ${{ env.FULL_TAG }} + provenance: false + - name: Build Failure + uses: rjstone/discord-webhook-notify@v1 + if: failure() + with: + severity: error + details: Build Failed! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} + + "Notify": + runs-on: [ubuntu-docker-latest, linux/amd64] + needs: ["Build Image", "Validate Image"] + steps: + - name: Notify of success + uses: rjstone/discord-webhook-notify@v1 + if: success() + with: + severity: info + details: Build succeeded! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} \ No newline at end of file diff --git a/.gitea/workflows/build-tagged-release.yaml b/.gitea/workflows/build-tagged-release.yaml new file mode 100644 index 0000000..219669e --- /dev/null +++ b/.gitea/workflows/build-tagged-release.yaml @@ -0,0 +1,80 @@ +name: Build Tagged Release Image +on: + push: + tags: + - '*' + +env: + FULL_TAG: git.mrmeeb.stream/mrmeeb/certbot-cron + +jobs: + "Build Image": + runs-on: [ubuntu-docker-latest, linux/amd64] + steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Gitea Container Registry + uses: docker/login-action@v3 + with: + registry: git.mrmeeb.stream + username: ${{ env.GITHUB_ACTOR }} + password: ${{ secrets.GTCR_TOKEN }} + - name: Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.FULL_TAG }} + tags: | + type=pep440,pattern={{version}} + - name: Build and push + uses: docker/build-push-action@v5 + with: + push: true + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + provenance: false + - name: Notify on failure + uses: rjstone/discord-webhook-notify@v1 + if: failure() + with: + severity: error + details: Build failed! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} + "Create Release": + runs-on: ubuntu-latest + needs: ["Build Image"] + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: 1.22.2 + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v5 + with: + distribution: goreleaser + version: latest + args: release --clean -f .goreleaser-gitea.yaml + env: + GITEA_TOKEN: ${{ secrets.GORELEASER_TOKEN }} + + "Notify": + runs-on: [ubuntu-docker-latest, linux/amd64] + needs: ["Build Image", "Create Release"] + steps: + - name: Notify of success + uses: rjstone/discord-webhook-notify@v1 + if: success() + with: + severity: info + details: Build succeeded! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} \ No newline at end of file diff --git a/.gitea/workflows/test-pr.yaml b/.gitea/workflows/test-pr.yaml new file mode 100644 index 0000000..e4597f8 --- /dev/null +++ b/.gitea/workflows/test-pr.yaml @@ -0,0 +1,47 @@ +name: Test Pull Request +on: + pull_request: + branches: + - 'main' + - 'develop' + +env: + FULL_TAG: git.mrmeeb.stream/mrmeeb/certbot-cron:develop + +jobs: + "Build Image": + runs-on: [ubuntu-docker-latest, linux/amd64] + steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Build + uses: docker/build-push-action@v5 + with: + push: false + platforms: linux/amd64,linux/arm64 + tags: ${{ env.FULL_TAG }} + provenance: false + - name: Notify on failure + uses: rjstone/discord-webhook-notify@v1 + if: failure() + with: + severity: error + details: Build failed! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} + "Notify": + runs-on: [ubuntu-docker-latest, linux/amd64] + needs: ["Build Image"] + steps: + - name: Notify of success + uses: rjstone/discord-webhook-notify@v1 + if: success() + with: + severity: info + details: Build succeeded! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} \ No newline at end of file From a82028cde54916bd8c4834e17b77c326e8bbc1fa Mon Sep 17 00:00:00 2001 From: MrMeeb Date: Sun, 12 May 2024 10:58:19 +0000 Subject: [PATCH 08/11] Remove Drone build badges --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 9dfde86..25c3564 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,5 @@ # Certbot Cron Docker -![Drone (self-hosted) with branch](https://img.shields.io/drone/build/MrMeeb/certbot-cron-docker/master?label=latest&server=https%3A%2F%2Fdrone.mrmeeb.stream&style=for-the-badge) ![Drone (self-hosted) with branch](https://img.shields.io/drone/build/MrMeeb/certbot-cron-docker/develop?label=develop&server=https%3A%2F%2Fdrone.mrmeeb.stream&style=for-the-badge) - Dockerised Certbot that utilises cron to schedule creating and renewing SSL certificates. Supports standalone, webroot or Cloudflare methods. Automatic renewal attempt happens every 6 hours by default. ## Tags From ff6dcbccd19d845819f92a4de81d5959b362d0b7 Mon Sep 17 00:00:00 2001 From: MrMeeb Date: Sun, 12 May 2024 10:59:37 +0000 Subject: [PATCH 09/11] Add gitea actions --- .drone.yml | 176 --------------------- .gitea/workflows/build-develop.yaml | 88 +++++++++++ .gitea/workflows/build-main.yaml | 88 +++++++++++ .gitea/workflows/build-tagged-release.yaml | 80 ++++++++++ .gitea/workflows/test-pr.yaml | 47 ++++++ 5 files changed, 303 insertions(+), 176 deletions(-) delete mode 100644 .drone.yml create mode 100644 .gitea/workflows/build-develop.yaml create mode 100644 .gitea/workflows/build-main.yaml create mode 100644 .gitea/workflows/build-tagged-release.yaml create mode 100644 .gitea/workflows/test-pr.yaml diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 3fc571a..0000000 --- a/.drone.yml +++ /dev/null @@ -1,176 +0,0 @@ -kind: pipeline -type: docker -name: build-release-images -trigger: - event: - exclude: - - pull_request - ref: - - refs/tags/** - -platform: - os: linux - arch: amd64 - -steps: - -- name: get-tags - image: docker:git - commands: - - git fetch --tags - depends_on: - - clone - -- name: make-tags - image: node - commands: - - echo -n "${DRONE_TAG}, latest" > .tags - depends_on: - - get-tags - -- name: build-gitea - image: thegeeklab/drone-docker-buildx - privileged: true - settings: - provenance: false - registry: git.mrmeeb.stream - username: - from_secret: docker_username - password: - from_secret: docker_password - repo: git.mrmeeb.stream/mrmeeb/certbot-cron - platforms: - - linux/arm64 - - linux/amd64 - depends_on: - - make-tags - -- name: release-gitea - image: goreleaser/goreleaser - environment: - GITEA_TOKEN: - from_secret: gitea_token - commands: - - goreleaser release -f .goreleaser-gitea.yaml - depends_on: - - build-gitea - -- name: notify - image: plugins/slack - when: - status: - - success - - failure - settings: - webhook: - from_secret: slack_webhook - depends_on: - - release-gitea - ---- -kind: pipeline -type: docker -name: build-main-images -trigger: - event: - exclude: - - pull_request - ref: - - refs/heads/master - -platform: - os: linux - arch: amd64 - -steps: - -- name: make-tags - image: node - commands: - - echo -n "${DRONE_COMMIT_SHA:0:8}, latest" > .tags - when: - ref: - - refs/heads/master - depends_on: - - clone - -- name: build-gitea - image: thegeeklab/drone-docker-buildx - privileged: true - settings: - provenance: false - registry: git.mrmeeb.stream - username: - from_secret: docker_username - password: - from_secret: docker_password - repo: git.mrmeeb.stream/mrmeeb/certbot-cron - platforms: - - linux/arm64 - - linux/amd64 - depends_on: - - make-tags - -- name: notify - image: plugins/slack - when: - status: - - success - - failure - settings: - webhook: - from_secret: slack_webhook - depends_on: - - build-gitea - ---- -kind: pipeline -type: docker -name: build-develop-images -trigger: - event: - exclude: - - pull_request - branch: - - develop - -platform: - os: linux - arch: amd64 - -steps: - # Set tags for develop branch - git commit SHA and 'develop' -- name: make-tags - image: node - commands: - - echo -n "develop-${DRONE_COMMIT_SHA:0:8}, develop" > .tags - - # Build containers from develop branch -- name: build-gitea - image: thegeeklab/drone-docker-buildx - privileged: true - settings: - provenance: false - registry: git.mrmeeb.stream - username: - from_secret: docker_username - password: - from_secret: docker_password - repo: git.mrmeeb.stream/mrmeeb/certbot-cron - platforms: - - linux/arm64 - - linux/amd64 - depends_on: - - make-tags - -- name: notify - image: plugins/slack - when: - status: - - success - - failure - settings: - webhook: - from_secret: slack_webhook - depends_on: - - build-gitea \ No newline at end of file diff --git a/.gitea/workflows/build-develop.yaml b/.gitea/workflows/build-develop.yaml new file mode 100644 index 0000000..83c5a59 --- /dev/null +++ b/.gitea/workflows/build-develop.yaml @@ -0,0 +1,88 @@ +name: Build Image +on: + push: + branches: + - 'develop' + +env: + TEST_TAG: mrmeeb/certbot-cron:test + FULL_TAG: git.mrmeeb.stream/mrmeeb/certbot-cron:develop + +jobs: + "Validate Image": + runs-on: [ubuntu-docker-latest, linux/amd64] + steps: + - name: Build locally + uses: docker/build-push-action@v5 + with: + load: true + tags: ${{ env.TEST_TAG }} + provenance: false + - name: Test certificate issuing + id: test + run: | + # First create a volume + docker volume create ${{ gitea.sha }} && \ + # Then issue a certificate + docker run --rm -v ${{ gitea.sha }}:/config -e STAGING=true -e EMAIL=${{ secrets.EMAIL }} -e DOMAINS=${{ gitea.sha }}.mrmeeb.stream -e PLUGIN=cloudflare -e CLOUDFLARE_TOKEN=${{ secrets.CLOUDFLARE_TOKEN }} -e ONE_SHOT=true -e GENERATE_DHPARAM=false ${{ env.TEST_TAG }} && \ + # Then revoke it again + docker run --rm --entrypoint "/usr/bin/certbot" -v ${{ gitea.sha }}:/config ${{ env.TEST_TAG }} revoke --non-interactive --agree-tos --email ${{ secrets.EMAIL }} --staging --config-dir /config/letsencrypt --work-dir /config/.tmp --logs-dir /config/logs --cert-path /config/letsencrypt/live/${{ gitea.sha }}.mrmeeb.stream/fullchain.pem + - name: Tidy up + if: always() + run: | + echo "Removing docker volume ${{ gitea.sha }}" && \ + docker volume rm ${{ gitea.sha }} + - name: Test Failure + uses: rjstone/discord-webhook-notify@v1 + if: failure() + with: + severity: error + details: Test Failed! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} + + "Publish Image": + runs-on: [ubuntu-docker-latest, linux/amd64] + needs: ["Validate Image"] + steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Gitea Container Registry + uses: docker/login-action@v3 + with: + registry: git.mrmeeb.stream + username: ${{ env.GITHUB_ACTOR }} + password: ${{ secrets.GTCR_TOKEN }} + - name: Build and push + uses: docker/build-push-action@v5 + with: + push: true + platforms: linux/amd64,linux/arm64 + tags: ${{ env.FULL_TAG }} + provenance: false + - name: Build Failure + uses: rjstone/discord-webhook-notify@v1 + if: failure() + with: + severity: error + details: Build Failed! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} + + "Notify": + runs-on: [ubuntu-docker-latest, linux/amd64] + needs: ["Build Image", "Validate Image"] + steps: + - name: Notify of success + uses: rjstone/discord-webhook-notify@v1 + if: success() + with: + severity: info + details: Build succeeded! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} \ No newline at end of file diff --git a/.gitea/workflows/build-main.yaml b/.gitea/workflows/build-main.yaml new file mode 100644 index 0000000..fca21de --- /dev/null +++ b/.gitea/workflows/build-main.yaml @@ -0,0 +1,88 @@ +name: Build Image +on: + push: + branches: + - 'main' + +env: + TEST_TAG: mrmeeb/certbot-cron:test + FULL_TAG: git.mrmeeb.stream/mrmeeb/certbot-cron:latest + +jobs: + "Validate Image": + runs-on: [ubuntu-docker-latest, linux/amd64] + steps: + - name: Build locally + uses: docker/build-push-action@v5 + with: + load: true + tags: ${{ env.TEST_TAG }} + provenance: false + - name: Test certificate issuing + id: test + run: | + # First create a volume + docker volume create ${{ gitea.sha }} && \ + # Then issue a certificate + docker run --rm -v ${{ gitea.sha }}:/config -e STAGING=true -e EMAIL=${{ secrets.EMAIL }} -e DOMAINS=${{ gitea.sha }}.mrmeeb.stream -e PLUGIN=cloudflare -e CLOUDFLARE_TOKEN=${{ secrets.CLOUDFLARE_TOKEN }} -e ONE_SHOT=true -e GENERATE_DHPARAM=false ${{ env.TEST_TAG }} && \ + # Then revoke it again + docker run --rm --entrypoint "/usr/bin/certbot" -v ${{ gitea.sha }}:/config ${{ env.TEST_TAG }} revoke --non-interactive --agree-tos --email ${{ secrets.EMAIL }} --staging --config-dir /config/letsencrypt --work-dir /config/.tmp --logs-dir /config/logs --cert-path /config/letsencrypt/live/${{ gitea.sha }}.mrmeeb.stream/fullchain.pem + - name: Tidy up + if: always() + run: | + echo "Removing docker volume ${{ gitea.sha }}" && \ + docker volume rm ${{ gitea.sha }} + - name: Test Failure + uses: rjstone/discord-webhook-notify@v1 + if: failure() + with: + severity: error + details: Test Failed! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} + + "Publish Image": + runs-on: [ubuntu-docker-latest, linux/amd64] + needs: ["Validate Image"] + steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Gitea Container Registry + uses: docker/login-action@v3 + with: + registry: git.mrmeeb.stream + username: ${{ env.GITHUB_ACTOR }} + password: ${{ secrets.GTCR_TOKEN }} + - name: Build and push + uses: docker/build-push-action@v5 + with: + push: true + platforms: linux/amd64,linux/arm64 + tags: ${{ env.FULL_TAG }} + provenance: false + - name: Build Failure + uses: rjstone/discord-webhook-notify@v1 + if: failure() + with: + severity: error + details: Build Failed! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} + + "Notify": + runs-on: [ubuntu-docker-latest, linux/amd64] + needs: ["Build Image", "Validate Image"] + steps: + - name: Notify of success + uses: rjstone/discord-webhook-notify@v1 + if: success() + with: + severity: info + details: Build succeeded! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} \ No newline at end of file diff --git a/.gitea/workflows/build-tagged-release.yaml b/.gitea/workflows/build-tagged-release.yaml new file mode 100644 index 0000000..219669e --- /dev/null +++ b/.gitea/workflows/build-tagged-release.yaml @@ -0,0 +1,80 @@ +name: Build Tagged Release Image +on: + push: + tags: + - '*' + +env: + FULL_TAG: git.mrmeeb.stream/mrmeeb/certbot-cron + +jobs: + "Build Image": + runs-on: [ubuntu-docker-latest, linux/amd64] + steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Gitea Container Registry + uses: docker/login-action@v3 + with: + registry: git.mrmeeb.stream + username: ${{ env.GITHUB_ACTOR }} + password: ${{ secrets.GTCR_TOKEN }} + - name: Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.FULL_TAG }} + tags: | + type=pep440,pattern={{version}} + - name: Build and push + uses: docker/build-push-action@v5 + with: + push: true + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + provenance: false + - name: Notify on failure + uses: rjstone/discord-webhook-notify@v1 + if: failure() + with: + severity: error + details: Build failed! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} + "Create Release": + runs-on: ubuntu-latest + needs: ["Build Image"] + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: 1.22.2 + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v5 + with: + distribution: goreleaser + version: latest + args: release --clean -f .goreleaser-gitea.yaml + env: + GITEA_TOKEN: ${{ secrets.GORELEASER_TOKEN }} + + "Notify": + runs-on: [ubuntu-docker-latest, linux/amd64] + needs: ["Build Image", "Create Release"] + steps: + - name: Notify of success + uses: rjstone/discord-webhook-notify@v1 + if: success() + with: + severity: info + details: Build succeeded! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} \ No newline at end of file diff --git a/.gitea/workflows/test-pr.yaml b/.gitea/workflows/test-pr.yaml new file mode 100644 index 0000000..e4597f8 --- /dev/null +++ b/.gitea/workflows/test-pr.yaml @@ -0,0 +1,47 @@ +name: Test Pull Request +on: + pull_request: + branches: + - 'main' + - 'develop' + +env: + FULL_TAG: git.mrmeeb.stream/mrmeeb/certbot-cron:develop + +jobs: + "Build Image": + runs-on: [ubuntu-docker-latest, linux/amd64] + steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Build + uses: docker/build-push-action@v5 + with: + push: false + platforms: linux/amd64,linux/arm64 + tags: ${{ env.FULL_TAG }} + provenance: false + - name: Notify on failure + uses: rjstone/discord-webhook-notify@v1 + if: failure() + with: + severity: error + details: Build failed! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} + "Notify": + runs-on: [ubuntu-docker-latest, linux/amd64] + needs: ["Build Image"] + steps: + - name: Notify of success + uses: rjstone/discord-webhook-notify@v1 + if: success() + with: + severity: info + details: Build succeeded! + webhookUrl: ${{ secrets.DISCORD_WEBHOOK }} + username: Gitea + avatarUrl: ${{ vars.RUNNER_ICON_URL }} \ No newline at end of file From 93ed0281a13b0ceda5ec073ac5af52cd758403bc Mon Sep 17 00:00:00 2001 From: MrMeeb Date: Sun, 12 May 2024 11:22:16 +0000 Subject: [PATCH 10/11] Correct workflow dependency graph --- .gitea/workflows/build-develop.yaml | 2 +- .gitea/workflows/build-main.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/build-develop.yaml b/.gitea/workflows/build-develop.yaml index 83c5a59..20aea31 100644 --- a/.gitea/workflows/build-develop.yaml +++ b/.gitea/workflows/build-develop.yaml @@ -75,7 +75,7 @@ jobs: "Notify": runs-on: [ubuntu-docker-latest, linux/amd64] - needs: ["Build Image", "Validate Image"] + needs: ["Validate Image", "Publish Image"] steps: - name: Notify of success uses: rjstone/discord-webhook-notify@v1 diff --git a/.gitea/workflows/build-main.yaml b/.gitea/workflows/build-main.yaml index fca21de..83af6eb 100644 --- a/.gitea/workflows/build-main.yaml +++ b/.gitea/workflows/build-main.yaml @@ -75,7 +75,7 @@ jobs: "Notify": runs-on: [ubuntu-docker-latest, linux/amd64] - needs: ["Build Image", "Validate Image"] + needs: ["Validate Image", "Publish Image"] steps: - name: Notify of success uses: rjstone/discord-webhook-notify@v1 From 76ee09a143c8b442d0109735290e0eed429b7dda Mon Sep 17 00:00:00 2001 From: MrMeeb Date: Sun, 12 May 2024 11:33:34 +0000 Subject: [PATCH 11/11] Correct build-main workflow --- .gitea/workflows/build-main.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.gitea/workflows/build-main.yaml b/.gitea/workflows/build-main.yaml index d694d6f..83af6eb 100644 --- a/.gitea/workflows/build-main.yaml +++ b/.gitea/workflows/build-main.yaml @@ -75,11 +75,7 @@ jobs: "Notify": runs-on: [ubuntu-docker-latest, linux/amd64] -<<<<<<< HEAD - needs: ["Build Image", "Validate Image"] -======= needs: ["Validate Image", "Publish Image"] ->>>>>>> automation steps: - name: Notify of success uses: rjstone/discord-webhook-notify@v1