From acccedc81ebcb170edf3c0657178a2efc3576886 Mon Sep 17 00:00:00 2001 From: Amir Zarrinkafsh Date: Sat, 26 Jul 2025 13:06:29 +1000 Subject: [PATCH 1/3] refactor: dockerfile adjustments, add lefthook and megalinter --- .circleci/config.yml | 23 ++++---- .editorconfig | 14 +++++ .github/workflows/mega-linter.yml | 55 +++++++++++++++++++ .gitignore | 1 + .lefthook.yml | 6 ++ .mega-linter.yml | 28 ++++++++++ Dockerfile | 37 +++++++------ overlay/etc/apt/apt.conf.d/dpkg-options | 4 +- overlay/hooks/entrypoint-pre.d/.gitkeep | 0 .../hooks/entrypoint-pre.d/00_asciilogo.sh | 16 +++--- overlay/init/entrypoint | 43 +++++++-------- overlay/init/supervisord | 16 +++--- run-tests.sh | 12 ++-- 13 files changed, 181 insertions(+), 74 deletions(-) create mode 100644 .editorconfig create mode 100644 .github/workflows/mega-linter.yml create mode 100644 .lefthook.yml create mode 100644 .mega-linter.yml delete mode 100644 overlay/hooks/entrypoint-pre.d/.gitkeep mode change 100644 => 100755 overlay/hooks/entrypoint-pre.d/00_asciilogo.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index fe4e951..566923c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,9 +8,9 @@ workflows: requires: - test filters: - branches: - only: - - master + branches: + only: + - master - build_children: context: circle-api requires: @@ -30,9 +30,9 @@ workflows: requires: - test filters: - branches: - only: - - master + branches: + only: + - master - build_children: context: circle-api requires: @@ -80,8 +80,7 @@ jobs: destination: docker-lancachenet-ubuntu.tar - persist_to_workspace: root: workspace - paths: - lancachenet-ubuntu.tar + paths: lancachenet-ubuntu.tar publish_latest: executor: testbuild-executor steps: @@ -100,7 +99,7 @@ jobs: - run: name: "Request API to build children" command: | - for child in {"ubuntu-nginx","lancache-dns"}; do - echo "Asking API to trigger build for $child" - curl -X POST --header "Content-Type: application/json" -d '{"branch":"master"}' https://circleci.com/api/v1.1/project/github/lancachenet/$child/build?circle-token=${CIRCLE_API_USER_TOKEN} - done + for child in {"ubuntu-nginx","lancache-dns"}; do + echo "Asking API to trigger build for $child" + curl -X POST --header "Content-Type: application/json" -d '{"branch":"master"}' https://circleci.com/api/v1.1/project/github/lancachenet/$child/build?circle-token=${CIRCLE_API_USER_TOKEN} + done diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..bcaa1e3 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,14 @@ +root = true + +[*] +indent_style = space +indent_size = 2 +trim_trailing_whitespace = true +end_of_line = lf +insert_final_newline = true + +[*.md] +indent_size = 0 + +[*.sh] +indent_style = tab diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml new file mode 100644 index 0000000..ebecca6 --- /dev/null +++ b/.github/workflows/mega-linter.yml @@ -0,0 +1,55 @@ +# MegaLinter GitHub Action configuration file +# More info at https://megalinter.io +--- +name: MegaLinter + +on: + pull_request: + branches: + - master + +env: + GITHUB_STATUS_REPORTER: true + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + megalinter: + name: MegaLinter + runs-on: ubuntu-latest + + permissions: + contents: write + issues: write + pull-requests: write + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + fetch-depth: 0 + + - name: MegaLinter + uses: oxsecurity/megalinter@v8 + id: ml + env: + VALIDATE_ALL_CODEBASE: >- + ${{ + github.event_name == 'push' && + github.ref == 'refs/heads/master' + }} + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Archive production artifacts + uses: actions/upload-artifact@v4 + if: success() || failure() + with: + name: MegaLinter reports + include-hidden-files: "true" + path: | + megalinter-reports + mega-linter.log diff --git a/.gitignore b/.gitignore index 27a3afb..4dbb08b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ reports +megalinter-reports diff --git a/.lefthook.yml b/.lefthook.yml new file mode 100644 index 0000000..15efcff --- /dev/null +++ b/.lefthook.yml @@ -0,0 +1,6 @@ +pre-commit: + parallel: true + jobs: + - name: megalinter + run: docker run --rm -e USER=$(id -u) -e GROUP=$(id -g) -v "$PWD:/tmp/lint" oxsecurity/megalinter:v8 + stage_fixed: true diff --git a/.mega-linter.yml b/.mega-linter.yml new file mode 100644 index 0000000..0687c88 --- /dev/null +++ b/.mega-linter.yml @@ -0,0 +1,28 @@ +# Configuration file for MegaLinter +# +# See all available variables at https://megalinter.io/latest/config-file/ and in +# linters documentation + +APPLY_FIXES: all +FLAVOR_SUGGESTIONS: false +PRINT_ALPACA: false +SHOW_ELAPSED_TIME: true + +ENABLE: + - ACTION + - BASH + - DOCKERFILE + - EDITORCONFIG + - MARKDOWN + - YAML + +DISABLE_LINTERS: + - MARKDOWN_MARKDOWNLINT + - YAML_V8R + +BASH_SHELLCHECK_ARGUMENTS: "-f gcc" +EDITORCONFIG_EDITORCONFIG_CHECKER_ARGUMENTS: "-f gcc" + +POST_COMMANDS: + - command: find . -user root -group root -exec chown ${USER}:${GROUP} {} \; + cwd: workspace diff --git a/Dockerfile b/Dockerfile index 7d58fce..7ba634f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,24 +1,29 @@ FROM ubuntu:24.04 -LABEL maintainer="LanCache.Net Team " + +LABEL org.opencontainers.image.authors="LanCache.Net Team " + ARG DEBIAN_FRONTEND=noninteractive -RUN \ - apt-get -y update && apt-get -y upgrade && \ - apt-get -y install supervisor curl wget bzip2 locales tzdata --no-install-recommends && \ - locale-gen en_GB.utf8 && \ - update-locale LANG=en_GB.utf8 && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* +# hadolint ignore=DL3008 +RUN < /dev/null || true +chmod +x /init/setup /hooks/{entrypoint-pre.d/*,entrypoint-run,entrypoint-exec,supervisord-pre.d/*,supervisord-ready} 2>/dev/null || true -entrypoint_pre=$(ls /hooks/entrypoint-pre.d/* 2>/dev/null | sort -n ) +entrypoint_pre=$(find /hooks/entrypoint-pre.d/ -maxdepth 1 -type f 2>/dev/null | sort -n) if [ "$entrypoint_pre" != "" ]; then for hook in $entrypoint_pre; do echo "Executing hook ${hook}" - /bin/bash -c "${hook}" - if [ "$?" != "0" ]; then - die "hook ${hook}} returned a non-zero exit status '$?'" + if ! /bin/bash -c "${hook}"; then + die "hook ${hook} returned a non-zero exit status '$?'" fi done fi @@ -48,21 +47,21 @@ fi [[ -f "/init/setup" ]] && /init/setup -eval ${SETUP:-} +eval "${SETUP:-}" case ${1} in - run) - check_depending_env - [[ -f "/hooks/entrypoint-run" ]] && /hooks/entrypoint-run - if [[ -e /init/supervisord && -d /etc/supervisor ]]; then - # Use exec so we replace our current process so signals can get through - exec /bin/bash /init/supervisord - else - exec /bin/bash - fi - ;; - *) - [[ -f "/hooks/entrypoint-exec" ]] && /hooks/entrypoint-exec - exec $* - ;; +run) + check_depending_env + [[ -f "/hooks/entrypoint-run" ]] && /hooks/entrypoint-run + if [[ -e /init/supervisord && -d /etc/supervisor ]]; then + # Use exec so we replace our current process so signals can get through + exec /bin/bash /init/supervisord + else + exec /bin/bash + fi + ;; +*) + [[ -f "/hooks/entrypoint-exec" ]] && /hooks/entrypoint-exec + exec "$@" + ;; esac diff --git a/overlay/init/supervisord b/overlay/init/supervisord index 5509a39..ddf1ac5 100755 --- a/overlay/init/supervisord +++ b/overlay/init/supervisord @@ -1,8 +1,8 @@ #!/bin/bash -[ ${DOCKER_DEBUG} ] && set -x +[ "${DOCKER_DEBUG}" ] && set -x -die () { +die() { echo "ERROR: ${1}" exit 1 } @@ -10,15 +10,15 @@ die () { # PID, trap, wait; all belongs to 'docker stop' signal handeling. # This is the same logic as the parent docker container, but rather this, # than creating a one-time process in supervisord to handle this logic. -PID=; trap '[[ ${PID} ]] && kill ${PID}; exit 0' SIGTERM +PID= +trap '[[ ${PID} ]] && kill ${PID}; exit 0' SIGTERM -supervisord_pre=$(ls /hooks/supervisord-pre.d/* 2>/dev/null | sort -n ) +supervisord_pre=$(find /hooks/supervisord-pre.d/ -maxdepth 1 -type f ! -name .gitkeep 2>/dev/null | sort -n) if [ "$supervisord_pre" != "" ]; then for hook in $supervisord_pre; do echo "Executing hook ${hook}" - /bin/bash -c "${hook}" - if [ "$?" != "0" ]; then - die "hook ${hook}} returned a non-zero exit status '$?'" + if ! /bin/bash -c "${hook}"; then + die "hook ${hook} returned a non-zero exit status '$?'" fi done fi @@ -28,4 +28,4 @@ fi echo "Starting Supervisord" -exec /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf -e ${SUPERVISORD_LOGLEVEL:-error} +exec /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf -e "${SUPERVISORD_LOGLEVEL:-error}" diff --git a/run-tests.sh b/run-tests.sh index beffdf4..47e3035 100755 --- a/run-tests.sh +++ b/run-tests.sh @@ -1,9 +1,9 @@ #!/bin/bash -if [[ "$@" == *" -- "* ]]; then - SD_LOGLEVEL="-e SUPERVISORD_LOGLEVEL=INFO" -else - SD_LOGLEVEL="-- -e SUPERVISORD_LOGLEVEL=INFO" -fi +SD_LOGLEVEL=(-- -e SUPERVISORD_LOGLEVEL=INFO) -curl -fsSL https://raw.githubusercontent.com/lancachenet/test-suite/master/dgoss-tests.sh | bash -s -- --imagename="lancachenet/ubuntu:goss-test" $@ $SD_LOGLEVEL +for arg in "$@"; do + [[ "${arg}" == "--" ]] && SD_LOGLEVEL=(-e SUPERVISORD_LOGLEVEL=INFO) && break +done + +curl -fsSL https://raw.githubusercontent.com/lancachenet/test-suite/master/dgoss-tests.sh | bash -s -- --imagename="lancachenet/ubuntu:goss-test" "$@" "${SD_LOGLEVEL[@]}" From fd185a79814ceaf9c138a33a150afd8747193764 Mon Sep 17 00:00:00 2001 From: Amir Zarrinkafsh Date: Sat, 26 Jul 2025 20:54:03 +1000 Subject: [PATCH 2/3] refactor: add .sh suffix to init scripts for linting --- Dockerfile | 4 +- overlay/init/entrypoint | 67 -------------------- overlay/init/entrypoint.sh | 67 ++++++++++++++++++++ overlay/init/{supervisord => supervisord.sh} | 16 ++--- 4 files changed, 77 insertions(+), 77 deletions(-) delete mode 100755 overlay/init/entrypoint create mode 100755 overlay/init/entrypoint.sh rename overlay/init/{supervisord => supervisord.sh} (79%) diff --git a/Dockerfile b/Dockerfile index 7ba634f..9970064 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,5 +25,5 @@ ENV \ COPY --link overlay/ / -ENTRYPOINT ["/bin/bash", "-e", "/init/entrypoint"] -CMD ["/init/supervisord"] +ENTRYPOINT ["/bin/bash", "-e", "/init/entrypoint.sh"] +CMD ["/init/supervisord.sh"] diff --git a/overlay/init/entrypoint b/overlay/init/entrypoint deleted file mode 100755 index cd9f018..0000000 --- a/overlay/init/entrypoint +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/env bash - -die() { - echo "ERROR: ${1}" - exit 1 -} - -check_depending_env() { - if [ -n "${DEPENDING_ENVIRONMENT_VARS}" ]; then - MISSING_ENVIRONMENT_VARS=() - echo -n "* Checking depending environment variables " - for e in ${DEPENDING_ENVIRONMENT_VARS}; do - if [ ! -v "${e}" ]; then - MISSING_ENVIRONMENT_VARS+=("${e}") - fi - done - if [ ${#MISSING_ENVIRONMENT_VARS[@]} -gt 0 ]; then - echo "[missing variables]" - for missing in "${MISSING_ENVIRONMENT_VARS[@]}"; do - echo " * ${missing}" - done - echo - die "Missing environment variables" - fi - echo -n "[done]" - echo - fi -} - -[[ ${DOCKER_DEBUG} ]] && set -x - -# Set exec-bit automatic. When adding hooks in a Dockerfile, we shoulnt also haveto think about setting +x -# in the Dockerfile for the same file. If you want to disable a hook, rename it. -chmod +x /init/setup /hooks/{entrypoint-pre.d/*,entrypoint-run,entrypoint-exec,supervisord-pre.d/*,supervisord-ready} 2>/dev/null || true - -entrypoint_pre=$(find /hooks/entrypoint-pre.d/ -maxdepth 1 -type f 2>/dev/null | sort -n) -if [ "$entrypoint_pre" != "" ]; then - for hook in $entrypoint_pre; do - echo "Executing hook ${hook}" - if ! /bin/bash -c "${hook}"; then - die "hook ${hook} returned a non-zero exit status '$?'" - fi - done -fi - -[[ -f "/hooks/entrypoint-pre" ]] && echo "The /hooks/entrypoint-pre hook has been replaced with /hooks/entrypoint-pre.d/*" && exit 1 - -[[ -f "/init/setup" ]] && /init/setup - -eval "${SETUP:-}" - -case ${1} in -run) - check_depending_env - [[ -f "/hooks/entrypoint-run" ]] && /hooks/entrypoint-run - if [[ -e /init/supervisord && -d /etc/supervisor ]]; then - # Use exec so we replace our current process so signals can get through - exec /bin/bash /init/supervisord - else - exec /bin/bash - fi - ;; -*) - [[ -f "/hooks/entrypoint-exec" ]] && /hooks/entrypoint-exec - exec "$@" - ;; -esac diff --git a/overlay/init/entrypoint.sh b/overlay/init/entrypoint.sh new file mode 100755 index 0000000..f354090 --- /dev/null +++ b/overlay/init/entrypoint.sh @@ -0,0 +1,67 @@ +#!/usr/bin/env bash + +die() { + echo "ERROR: ${1}" + exit 1 +} + +check_depending_env() { + if [ -n "${DEPENDING_ENVIRONMENT_VARS}" ]; then + MISSING_ENVIRONMENT_VARS=() + echo -n "* Checking depending environment variables " + for e in ${DEPENDING_ENVIRONMENT_VARS}; do + if [ ! -v "${e}" ]; then + MISSING_ENVIRONMENT_VARS+=("${e}") + fi + done + if [ ${#MISSING_ENVIRONMENT_VARS[@]} -gt 0 ]; then + echo "[missing variables]" + for missing in "${MISSING_ENVIRONMENT_VARS[@]}"; do + echo " * ${missing}" + done + echo + die "Missing environment variables" + fi + echo -n "[done]" + echo + fi +} + +[[ ${DOCKER_DEBUG} ]] && set -x + +# Set exec-bit automatic. When adding hooks in a Dockerfile, we shoulnt also haveto think about setting +x +# in the Dockerfile for the same file. If you want to disable a hook, rename it. +chmod +x /init/setup /hooks/{entrypoint-pre.d/*,entrypoint-run,entrypoint-exec,supervisord-pre.d/*,supervisord-ready} 2>/dev/null || true + +entrypoint_pre=$(find /hooks/entrypoint-pre.d/ -maxdepth 1 -type f 2>/dev/null | sort -n) +if [ "$entrypoint_pre" != "" ]; then + for hook in $entrypoint_pre; do + echo "Executing hook ${hook}" + if ! /bin/bash -c "${hook}"; then + die "hook ${hook} returned a non-zero exit status '$?'" + fi + done +fi + +[[ -f "/hooks/entrypoint-pre" ]] && echo "The /hooks/entrypoint-pre hook has been replaced with /hooks/entrypoint-pre.d/*" && exit 1 + +[[ -f "/init/setup" ]] && /init/setup + +eval "${SETUP:-}" + +case ${1} in +run) + check_depending_env + [[ -f "/hooks/entrypoint-run" ]] && /hooks/entrypoint-run + if [[ -e /init/supervisord && -d /etc/supervisor ]]; then + # Use exec so we replace our current process so signals can get through + exec /bin/bash /init/supervisord + else + exec /bin/bash + fi + ;; +*) + [[ -f "/hooks/entrypoint-exec" ]] && /hooks/entrypoint-exec + exec "$@" + ;; +esac diff --git a/overlay/init/supervisord b/overlay/init/supervisord.sh similarity index 79% rename from overlay/init/supervisord rename to overlay/init/supervisord.sh index ddf1ac5..453afc6 100755 --- a/overlay/init/supervisord +++ b/overlay/init/supervisord.sh @@ -3,8 +3,8 @@ [ "${DOCKER_DEBUG}" ] && set -x die() { - echo "ERROR: ${1}" - exit 1 + echo "ERROR: ${1}" + exit 1 } # PID, trap, wait; all belongs to 'docker stop' signal handeling. @@ -15,12 +15,12 @@ trap '[[ ${PID} ]] && kill ${PID}; exit 0' SIGTERM supervisord_pre=$(find /hooks/supervisord-pre.d/ -maxdepth 1 -type f ! -name .gitkeep 2>/dev/null | sort -n) if [ "$supervisord_pre" != "" ]; then - for hook in $supervisord_pre; do - echo "Executing hook ${hook}" - if ! /bin/bash -c "${hook}"; then - die "hook ${hook} returned a non-zero exit status '$?'" - fi - done + for hook in $supervisord_pre; do + echo "Executing hook ${hook}" + if ! /bin/bash -c "${hook}"; then + die "hook ${hook} returned a non-zero exit status '$?'" + fi + done fi [[ -f "/hooks/supervisord-pre" ]] && echo "The /hooks/supervisord-pre hook has been replaced with /hooks/supervisord-pre.d/*" && exit 1 From 600c2b3e981f13f2a2d26937ceb2e2457461ed04 Mon Sep 17 00:00:00 2001 From: Amir Zarrinkafsh Date: Sun, 27 Jul 2025 09:49:44 +1000 Subject: [PATCH 3/3] refactor: asciilogo with heredoc and fix clobber with tabs --- .editorconfig | 4 ++++ overlay/hooks/entrypoint-pre.d/00_asciilogo.sh | 18 ++++++++++-------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/.editorconfig b/.editorconfig index bcaa1e3..8183e6b 100644 --- a/.editorconfig +++ b/.editorconfig @@ -12,3 +12,7 @@ indent_size = 0 [*.sh] indent_style = tab + +[00_asciilogo.sh] +indent_style = space +indent_size = unset diff --git a/overlay/hooks/entrypoint-pre.d/00_asciilogo.sh b/overlay/hooks/entrypoint-pre.d/00_asciilogo.sh index 458566c..920f235 100755 --- a/overlay/hooks/entrypoint-pre.d/00_asciilogo.sh +++ b/overlay/hooks/entrypoint-pre.d/00_asciilogo.sh @@ -1,9 +1,11 @@ #!/bin/bash -echo " _ _____ _ _ " -echo " | | / ____| | | | | " -echo " | | __ _ _ __ | | __ _ ___| |__ ___ _ __ ___| |_ " -echo " | | / _\` | '_ \| | / _\` |/ __| '_ \ / _ \ | '_ \ / _ \ __| " -echo " | |___| (_| | | | | |___| (_| | (__| | | | __/_| | | | __/ |_ " -echo " |______\__,_|_| |_|\_____\__,_|\___|_| |_|\___(_)_| |_|\___|\__| " -echo "" -echo "" +cat <<'EOF' + _ _____ _ _ + | | / ____| | | | | + | | __ _ _ __ | | __ _ ___| |__ ___ _ __ ___| |_ + | | / _` | '_ \| | / _` |/ __| '_ \ / _ \ | '_ \ / _ \ __| + | |___| (_| | | | | |___| (_| | (__| | | | __/_| | | | __/ |_ + |______\__,_|_| |_|\_____\__,_|\___|_| |_|\___(_)_| |_|\___|\__| + + +EOF