From cefadedc68dfbe10a0f7c82124151b546526fd2b Mon Sep 17 00:00:00 2001 From: Daniele Piaggesi Date: Thu, 28 Mar 2024 12:31:59 +0100 Subject: [PATCH] first_import --- .github/workflows/ci.yml | 110 +++++++++++++++++++++++++++++++++++++++ .gitignore | 2 + .hadolint.yaml | 10 ++++ Dockerfile | 22 ++++++++ LICENSE | 21 ++++++++ config.json | 41 +++++++++++++++ 6 files changed, 206 insertions(+) create mode 100644 .github/workflows/ci.yml create mode 100644 .gitignore create mode 100644 .hadolint.yaml create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 config.json diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..9cbfe86 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,110 @@ +--- +name: CI Bmeme NG-CLI container images +on: + push: + branches: + - "*" + - "*/*" + - "**" + - "!main" + +env: + registry: docker.io + repository: bmeme/ng-cli + +jobs: + + configure: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + steps: + - + name: Checkout to repository + uses: actions/checkout@v3 + - + name: Set matrix data + id: set-matrix + run: echo "matrix=$(jq -c . < ./config.json)" >> $GITHUB_OUTPUT + + build: + name: Build and test Bmeme NG-CLI container images using Docker + runs-on: ubuntu-latest + needs: configure + strategy: + matrix: ${{ fromJson(needs.configure.outputs.matrix) }} + steps: + - + name: Check out the codebase. + uses: actions/checkout@v3 + - + name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Lint Dockerfile + id: lint + uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: ./Dockerfile + config: .hadolint.yaml + - + name: Build images + id: build + env: + NG_CLI_MAJOR_VERSION: ${{ matrix.ng_cli_major_version }} + NODE_MAJOR_VERSION: ${{ matrix.node_major_version }} + PRETTY_TAG: ${{ matrix.name }} + run: | + { + docker build \ + --build-arg NODE_MAJOR_VERSION=${NODE_MAJOR_VERSION} \ + --build-arg NG_CLI_MAJOR_VERSION=${NG_CLI_MAJOR_VERSION} \ + -t ${{ env.registry}}/${{ env.repository }}:${PRETTY_TAG} \ + -f ./Dockerfile .; \ + + export NG_CLI_VERSION=$(docker run --rm ${{ env.registry}}/${{ env.repository }}:${PRETTY_TAG} /bin/bash -c \ + "cat /home/node/.ng_cli_version"); \ + + docker tag ${{ env.registry}}/${{ env.repository }}:${PRETTY_TAG} ${{ env.registry}}/${{ env.repository }}:${NG_CLI_VERSION}-${NODE_MAJOR_VERSION}; \ + + docker images | grep ng; \ + + if ${{ matrix.latest }}; then + docker tag ${{ env.registry}}/${{ env.repository }}:${PRETTY_TAG} ${{ env.registry}}/${{ env.repository }}:latest; \ + fi + } + # - + # name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@master + # id: trivy + # with: + # image-ref: ${{ env.registry }}/${{ env.repository }}:${{ matrix.name }} + # format: 'sarif' + # exit-code: '0' + # ignore-unfixed: true + # vuln-type: 'os,library' + # severity: 'CRITICAL' + # output: 'trivy-results-${{ matrix.name }}.sarif' + # - + # name: Upload Trivy scan results to GitHub Security tab + # id: trivy-upload + # uses: github/codeql-action/upload-sarif@v2 + # with: + # sarif_file: 'trivy-results-${{ matrix.name }}.sarif' + # - + # name: Scan image + # id: scan + # uses: anchore/scan-action@v3 + # with: + # image: ${{ env.registry }}/${{ env.repository }}:${{ matrix.name }} + # severity-cutoff: critical + # fail-build: false + # - + # name: upload Anchore scan SARIF report + # id: scan-upload + # uses: github/codeql-action/upload-sarif@v2 + # with: + # sarif_file: ${{ steps.scan.outputs.sarif }} \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f66d762 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/.idea +/.vscode \ No newline at end of file diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 0000000..e6adf42 --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,10 @@ +ignored: + - DL3000 + - DL3008 + - DL3018 + - DL4006 + - SC1010 + - SC2086 + +trustedRegistries: + - docker.io diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..075ad56 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,22 @@ +ARG NODE_MAJOR_VERSION +FROM node:${NODE_MAJOR_VERSION}-slim + +ARG NG_CLI_MAJOR_VERSION +ENV NG_CLI_MAJOR_VERSION ${NG_CLI_MAJOR_VERSION} + +RUN set -eux; \ + apt-get update && apt-get install --no-install-recommends -y \ + chromium \ + ca-certificates \ + dialog \ + apt-utils; \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*; + +RUN npm install -g @angular/cli@${NG_CLI_MAJOR_VERSION} + +USER node + +RUN INTERACTIVE=false ng version | grep 'Angular CLI' | awk -F: '{print $2}' | tr -d ' ' >> ${HOME}/.ng_cli_version + +ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD true +ENV SCULLY_PUPPETEER_EXECUTABLE_PATH '/usr/bin/chromium' \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..71063b4 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2021 Bonsaimeme Srl + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/config.json b/config.json new file mode 100644 index 0000000..0dfbe7c --- /dev/null +++ b/config.json @@ -0,0 +1,41 @@ +{ + "include": + [ + { + "name": "16-18", + "ng_cli_major_version": "16", + "node_major_version": "18", + "latest": true + }, + { + "name": "16-16", + "ng_cli_major_version": "16", + "node_major_version": "16", + "latest": false + }, + { + "name": "16-14", + "ng_cli_major_version": "16", + "node_major_version": "14", + "latest": false + }, + { + "name": "15-18", + "ng_cli_major_version": "15", + "node_major_version": "18", + "latest": false + }, + { + "name": "15-16", + "ng_cli_major_version": "15", + "node_major_version": "16", + "latest": false + }, + { + "name": "15-14", + "ng_cli_major_version": "15", + "node_major_version": "14", + "latest": false + } + ] +} \ No newline at end of file