Pour tout problème contactez-nous par mail : support@froggit.fr | La FAQ :grey_question: | Rejoignez-nous sur le Chat :speech_balloon:

Skip to content
Snippets Groups Projects
Commit 844f614d authored by Karine Bauch's avatar Karine Bauch Committed by Dorian Turba
Browse files

Bump version: 0.0.0 → 1.0.0

parent 52355ef6
No related branches found
No related tags found
No related merge requests found
[tool.bumpversion]
commit = true
current_version = "1.0.0"
parse = "(?P<major>\\d+)\\.(?P<minor>\\d+)\\.(?P<patch>\\d+)"
replace = "{new_version}"
search = "{current_version}"
serialize = [
"{major}.{minor}.{patch}",
]
tag = false
[[tool.bumpversion.files]]
filename = "CHANGELOG.md"
replace = """## [Unreleased]
## [{new_version}] - {now:%Y-%m-%d}
"""
search = """## [Unreleased]
"""
include:
- remote: 'https://gitlab.com/swepy/cicd-templates/docker-build/-/raw/0.2.0/templates/docker-build.yml'
- remote: 'https://gitlab.com/swepy/cicd-templates/release-by-changelog/-/raw/0.4.2/templates/release-by-changelog.yml'
release_by_changelog:
rules:
- if: '$CI_PIPELINE_SOURCE != "pipeline" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
next_version:
stage: build
image: alpine:latest
variables:
PACKAGE_NAME: ruff
IMAGE_NAME: swepy/ruff
script:
#!/bin/bash
- apk update
- apk add --no-cache curl jq
# get docker tags
- echo "Image name=$IMAGE_NAME"
- docker_url="https://registry.hub.docker.com/v2/repositories/$IMAGE_NAME/tags"
- tags=""
# get all tags
- while [ -n "$docker_url" ]; do
- docker_response=$(curl -s "$docker_url")
- if [ "$(echo "$docker_response" | jq -r '.results | length')" -eq 0 ]; then
- break
- fi
- tags="$tags $(echo "$docker_response" | jq -r '.results[].name')"
- docker_url=$(echo "$docker_response" | jq -r '.next')
- if [ "$docker_url" = "null" ]; then
- docker_url=""
- fi
- done
- echo "tags on docker=$tags"
# pypi
- pypi_url="https://pypi.org/pypi/$PACKAGE_NAME/json"
- pypi_response=$(curl -s "$pypi_url")
- releases=$(echo "$pypi_response" | jq -r '.releases | keys[]')
- echo "releases on pypi:"
- printf "%s " $releases
# find missing releases
- missing_releases=""
- eval 'for release in $releases; do found=0; for tag in $tags; do if [ "$release" = "$tag" ]; then found=1; break; fi; done; if [ $found -eq 0 ]; then missing_releases="$missing_releases $release"; fi; done'
- missing_releases=$(echo $missing_releases)
- echo "missing tags=$missing_releases"
# regex pattern for versioning (adjust if needed)
#regex='^[0-9]+(\.[0-9]+)*$'
- regex='^((0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*))(-((0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(\+([0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*))?$'
- sorted_releases=$(printf "%s\n" $missing_releases | grep -E "$regex" | sort -t. -k1,1n -k2,2n -k3,3n)
# print the sorted versions
- echo "Sorted releases:"
- printf "%s " $sorted_releases
- version_to_publish=$(echo $sorted_releases | awk '{print $1}')
- 'echo "Version to publish: $version_to_publish"'
- echo "$version_to_publish" > version.txt
- cat version.txt
artifacts:
name: "version"
paths:
- version.txt
expire_in: 1 day
rules:
- if: $CI_PIPELINE_SOURCE == "pipeline"
docker_build:
variables:
TAG: $CI_COMMIT_SHA
REPOSITORY: ruff
PACKAGE_NAME: ruff
IMAGE_NAME: $DOCKER_USER/$REPOSITORY
TARGET_IMAGE: $CI_REGISTRY_IMAGE:$TAG
PROJECT_PATH: .
before_script:
- cat version.txt
- KANIKO_OPTIONS="--build-arg VERSION=$(cat version.txt)"
- echo "Kaniko options=$KANIKO_OPTIONS"
needs:
- job: next_version
artifacts: true
rules:
- if: $CI_PIPELINE_SOURCE == "pipeline"
test_ruff_image:
image: $SRC_IMAGE
stage: test
variables:
SRC_IMAGE: $CI_REGISTRY_IMAGE:$TAG
TAG: $CI_COMMIT_SHA
tags:
- docker
script:
- ruff --help
rules:
- if: $CI_PIPELINE_SOURCE == "pipeline"
trivy:
stage: test
image: docker:stable
variables:
SRC_IMAGE: $CI_REGISTRY_IMAGE:$TAG
TAG: $CI_COMMIT_SHA
TRIVY_VERSION: "latest"
services:
- name: docker:dind
entrypoint: ["env", "-u", "DOCKER_HOST"]
command: ["dockerd-entrypoint.sh"]
tags:
- docker
before_script:
- echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin lab.frogg.it:5050
- docker info
- docker pull aquasec/trivy:$TRIVY_VERSION
- wget --no-verbose https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/gitlab.tpl -P /usr/local/bin/
- docker pull $SRC_IMAGE
allow_failure: true
script:
# Build report using Trivy Docker image
- docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $CI_PROJECT_DIR:/root aquasec/trivy:$TRIVY_VERSION image --no-progress --exit-code 0 --format template --template "/usr/local/bin/gitlab.tpl" -o /root/gl-container-scanning-report.json $SRC_IMAGE
# Print report
- docker run --rm -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy:$TRIVY_VERSION image --no-progress --exit-code 0 --severity HIGH $SRC_IMAGE
# Fail on severe vulnerabilities
- docker run --rm -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy:$TRIVY_VERSION image --no-progress --exit-code 1 --severity CRITICAL $SRC_IMAGE
cache:
paths:
- .trivycache/
rules:
- if: $CI_PIPELINE_SOURCE == "pipeline"
docker_push:
image: docker:latest
services:
- docker:dind
variables:
DOCKER_REPO: ruff
TARGET_IMAGE: swepy/$DOCKER_REPO
SRC_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
stage: deploy
tags:
- docker
before_script:
- echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin lab.frogg.it:5050
- VERSION=$(cat version.txt)
script:
# Pull the image
- docker pull $SRC_IMAGE
# Get the Ruff version by running the container
- RUFF_VERSION=${VERSION}
- RUFF_MINOR=${RUFF_VERSION%.*}
- RUFF_MAJOR=${RUFF_VERSION%%.*}
- echo $RUFF_VERSION
# Tag the image
- docker tag $SRC_IMAGE $TARGET_IMAGE:$RUFF_VERSION
- docker tag $SRC_IMAGE $TARGET_IMAGE:$RUFF_MINOR
- docker tag $SRC_IMAGE $TARGET_IMAGE:$RUFF_MAJOR
- docker tag $SRC_IMAGE $TARGET_IMAGE:latest
# Login to Docker Hub using DOCKER_AUTH_CONFIG
- docker login -u $DOCKER_USER -p $DOCKER_PASSWORD
- docker push $TARGET_IMAGE:$RUFF_VERSION
- docker push $TARGET_IMAGE:$RUFF_MINOR
- docker push $TARGET_IMAGE:$RUFF_MAJOR
- docker push $TARGET_IMAGE:latest
rules:
- if: $CI_PIPELINE_SOURCE == "pipeline"
# Changelog
All notable changes to this job will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
## [1.0.0] - 2024-06-24
* Initial version
# This dockerfile can generate a docker image with ruff since ruff firsts version,
# with a few changes in configuration. Those changes are required since early versions
# of ruff compilation stage rely on "open64", wich is not available in recent alpine
# linux.
ARG APP_ROOT=/app
ARG APP_USER=app
ARG APP_UID=1000
ARG APP_GID=1000
# Default environment with a non priviledged user.
# For ruff < 0.0.20, uncomment following line
FROM python:3.12.0-alpine3.18 as base
# For ruff < 0.0.20, comment following line
#FROM python:alpine as base
ARG APP_ROOT
ARG APP_USER
ARG APP_UID
ARG APP_GID
RUN mkdir -p $APP_ROOT/.local/bin && \
adduser $APP_USER -h $APP_ROOT -u $APP_UID -g $APP_GID -DH && \
chown -R $APP_UID:$APP_GID $APP_ROOT # force the user to be the owner of the app directory
FROM base as builder
ARG VERSION=""
ARG APP_UID
ARG APP_ROOT
ENV VERSION=${VERSION}
ENV PATH=$APP_ROOT/venv/bin:$PATH
# For ruff < 0.0.20, uncomment following line
RUN apk add --no-cache maturin cargo
# Never build with root because we don't need priviledged access to
# build, preventing external source code from running as root.
USER $APP_UID
WORKDIR $APP_ROOT
RUN python3 -m venv --upgrade-deps $APP_ROOT/venv
# disable pip cache to reduce the image size
RUN pip install --prefer-binary --no-cache-dir ruff==${VERSION}
FROM base
ARG APP_ROOT
ARG APP_USER
ARG APP_UID
ARG APP_GID
ARG VERSION=""
# For ruff < 0.0.20, uncomment following line
RUN apk add libgcc
USER $APP_UID
WORKDIR $APP_ROOT
ENV PATH=$APP_ROOT/venv/bin:$PATH
ENV VERSION=${VERSION}
COPY --from=builder --chown=$APP_UID:$APP_GID $APP_ROOT/venv ./venv
LABEL maintainers="Dorian Turba <contact.docker.cblm4@simplelogin.com>, osoc@devkontrol.slmail.me"
LABEL description="Lightweight image to run Ruff, the extremely fast Python linter and code formatter, written in Rust."
LABEL version="${VERSION}"
LABEL license="MIT"
LABEL org.opencontainers.image.source="https://lab.frogg.it/swepy/containers/ruff"
LABEL org.opencontainers.image.source.gitlab_com="https://gitlab.com/swepy/containers/ruff"
LABEL org.opencontainers.image.issues="https://lab.frogg.it/swepy/containers/ruff/-/issues"
LABEL org.opencontainers.image.created="$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
LABEL org.opencontainers.image.title="Ruff"
LABEL org.opencontainers.image.url="https://astral.sh/ruff"
LABEL org.opencontainers.image.revision="0.1.0"
Copyright 2024 dorian turba
Permission is hereby granted, free of charge, to any person obtaining a copy of this
software and associated documentation files (the “Software”), to deal in the Software
without restriction, including without limitation the rights to use, copy, modify,
merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to the following
conditions:
The above copyright notice and this permission notice shall be included in all copies or
substantial portions of the Software.
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
# Python Ruff
Docker image for python with Ruff installed
\ No newline at end of file
Docker image for python with Ruff installed
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment