From a8bb81132a32f9b5d058a134dcaf4b754616aafe Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sat, 6 Jul 2024 12:25:56 +0200 Subject: [PATCH] initial commit --- .dictionary | 4 ++ .gitignore | 1 + .gitsv/config.yml | 47 ++++++++++++++++++++++ .markdownlint.yml | 6 +++ .prettierignore | 2 + .woodpecker/build-container.yml | 69 +++++++++++++++++++++++++++++++++ .woodpecker/build-package.yml | 25 ++++++++++++ .woodpecker/docs.yml | 62 +++++++++++++++++++++++++++++ .woodpecker/notify.yml | 26 +++++++++++++ Containerfile.multiarch | 37 ++++++++++++++++++ LICENSE | 21 ++++++++++ README.md | 19 +++++++++ renovate.json | 4 ++ 13 files changed, 323 insertions(+) create mode 100644 .dictionary create mode 100644 .gitignore create mode 100644 .gitsv/config.yml create mode 100644 .markdownlint.yml create mode 100644 .prettierignore create mode 100644 .woodpecker/build-container.yml create mode 100644 .woodpecker/build-package.yml create mode 100644 .woodpecker/docs.yml create mode 100644 .woodpecker/notify.yml create mode 100644 Containerfile.multiarch create mode 100644 LICENSE create mode 100644 README.md create mode 100644 renovate.json diff --git a/.dictionary b/.dictionary new file mode 100644 index 0000000..fd16dd4 --- /dev/null +++ b/.dictionary @@ -0,0 +1,4 @@ +openldap +OpenLDAP +preconfigured +UID diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1b763b1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +CHANGELOG.md diff --git a/.gitsv/config.yml b/.gitsv/config.yml new file mode 100644 index 0000000..acaf506 --- /dev/null +++ b/.gitsv/config.yml @@ -0,0 +1,47 @@ +--- +version: "1.1" + +versioning: + update-major: [] + update-minor: [feat] + update-patch: [fix, perf, refactor, chore, test, ci, docs] + +tag: + pattern: "v%d.%d.%d" + +release-notes: + sections: + - name: Features + commit-types: [feat] + section-type: commits + - name: Bug Fixes + commit-types: [fix] + section-type: commits + - name: Performance Improvements + commit-types: [perf] + section-type: commits + - name: Code Refactoring + commit-types: [refactor] + section-type: commits + - name: Others + commit-types: [chore] + section-type: commits + - name: Testing + commit-types: [test] + section-type: commits + - name: CI Pipeline + commit-types: [ci] + section-type: commits + - name: Documentation + commit-types: [docs] + section-type: commits + - name: BREAKING CHANGES + section-type: breaking-changes + +commit-message: + footer: + issue: + key: issue + add-value-prefix: "#" + issue: + regex: "#?[0-9]+" diff --git a/.markdownlint.yml b/.markdownlint.yml new file mode 100644 index 0000000..b59a114 --- /dev/null +++ b/.markdownlint.yml @@ -0,0 +1,6 @@ +--- +default: True +MD013: False +MD041: False +MD004: + style: dash diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 0000000..135c35d --- /dev/null +++ b/.prettierignore @@ -0,0 +1,2 @@ +*.tpl.md +LICENSE diff --git a/.woodpecker/build-container.yml b/.woodpecker/build-container.yml new file mode 100644 index 0000000..6c92cb5 --- /dev/null +++ b/.woodpecker/build-container.yml @@ -0,0 +1,69 @@ +--- +when: + - event: [pull_request, tag] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + +steps: + - name: security-build + image: quay.io/thegeeklab/wp-docker-buildx:4 + settings: + containerfile: Containerfile.multiarch + output: type=oci,dest=oci/${CI_REPO_NAME},tar=false + repo: thegeeklab/${CI_REPO_NAME} + + - name: security-scan + image: ghcr.io/aquasecurity/trivy + commands: + - trivy -v + - trivy image --input oci/${CI_REPO_NAME} + environment: + TRIVY_EXIT_CODE: "1" + TRIVY_IGNORE_UNFIXED: "true" + TRIVY_NO_PROGRESS: "true" + TRIVY_SEVERITY: HIGH,CRITICAL + TRIVY_TIMEOUT: 1m + + - name: publish-dockerhub + image: quay.io/thegeeklab/wp-docker-buildx:4 + group: container + settings: + auto_tag: true + containerfile: Containerfile.multiarch + password: + from_secret: docker_password + platforms: + - linux/amd64 + - linux/arm64 + provenance: false + repo: thegeeklab/${CI_REPO_NAME} + username: + from_secret: docker_username + when: + - event: [tag] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + + - name: publish-quay + image: quay.io/thegeeklab/wp-docker-buildx:4 + group: container + settings: + auto_tag: true + containerfile: Containerfile.multiarch + password: + from_secret: quay_password + platforms: + - linux/amd64 + - linux/arm64 + provenance: false + registry: quay.io + repo: quay.io/thegeeklab/${CI_REPO_NAME} + username: + from_secret: quay_username + when: + - event: [tag] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} diff --git a/.woodpecker/build-package.yml b/.woodpecker/build-package.yml new file mode 100644 index 0000000..44951b2 --- /dev/null +++ b/.woodpecker/build-package.yml @@ -0,0 +1,25 @@ +--- +when: + - event: [pull_request, tag] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + +steps: + - name: changelog + image: quay.io/thegeeklab/git-sv + commands: + - git sv current-version + - git sv release-notes -t ${CI_COMMIT_TAG:-next} -o CHANGELOG.md + - cat CHANGELOG.md + + - name: publish-gitea + image: quay.io/thegeeklab/wp-gitea-release + settings: + api_key: + from_secret: gitea_token + base_url: https://gitea.rknet.org + note: CHANGELOG.md + title: ${CI_COMMIT_TAG} + when: + - event: [tag] diff --git a/.woodpecker/docs.yml b/.woodpecker/docs.yml new file mode 100644 index 0000000..6edb7c3 --- /dev/null +++ b/.woodpecker/docs.yml @@ -0,0 +1,62 @@ +--- +when: + - event: [pull_request, tag] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + +steps: + - name: markdownlint + image: quay.io/thegeeklab/markdownlint-cli + group: test + commands: + - markdownlint 'README.md' + + - name: spellcheck + image: quay.io/thegeeklab/alpine-tools + group: test + commands: + - spellchecker --files '_docs/**/*.md' 'README.md' -d .dictionary -p spell indefinite-article syntax-urls + environment: + FORCE_COLOR: "true" + + - name: link-validation + image: docker.io/lycheeverse/lychee + group: test + commands: + - lychee --no-progress --format detailed README.md + + - name: pushrm-dockerhub + image: docker.io/chko/docker-pushrm:1 + secrets: + - source: docker_password + target: DOCKER_PASS + - source: docker_username + target: DOCKER_USER + environment: + PUSHRM_FILE: README.md + PUSHRM_SHORT: OpenLDAP server + PUSHRM_TARGET: thegeeklab/${CI_REPO_NAME} + when: + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + status: [success] + + - name: pushrm-quay + image: docker.io/chko/docker-pushrm:1 + secrets: + - source: quay_token + target: APIKEY__QUAY_IO + environment: + PUSHRM_FILE: README.md + PUSHRM_TARGET: quay.io/thegeeklab/${CI_REPO_NAME} + when: + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + status: [success] + +depends_on: + - build-package + - build-container diff --git a/.woodpecker/notify.yml b/.woodpecker/notify.yml new file mode 100644 index 0000000..9957125 --- /dev/null +++ b/.woodpecker/notify.yml @@ -0,0 +1,26 @@ +--- +when: + - event: [tag] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + +runs_on: [success, failure] + +steps: + - name: matrix + image: quay.io/thegeeklab/wp-matrix + settings: + homeserver: + from_secret: matrix_homeserver + password: + from_secret: matrix_password + roomid: + from_secret: matrix_roomid + username: + from_secret: matrix_username + when: + - status: [success, failure] + +depends_on: + - docs diff --git a/Containerfile.multiarch b/Containerfile.multiarch new file mode 100644 index 0000000..d87153e --- /dev/null +++ b/Containerfile.multiarch @@ -0,0 +1,37 @@ +FROM docker.io/alpine:3.20@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd + +LABEL maintainer="Robert Kaussow " +LABEL org.opencontainers.image.authors="Robert Kaussow " +LABEL org.opencontainers.image.title="openldap" +LABEL org.opencontainers.image.url="https://gitea.rknet.org/container/openldap" +LABEL org.opencontainers.image.source="https://gitea.rknet.org/container/openldap" +LABEL org.opencontainers.image.documentation="https://gitea.rknet.org/container/openldap" + +ARG TARGETOS +ARG TARGETARCH +ARG TARGETVARIANT + +ARG CONTAINER_LIBRARY + +# renovate: datasource=repology depName=alpine_3_20/openldap versioning=loose +ENV OPENLDAP_VERSION=2.6.7-r0 + +ADD overlay/ / + +RUN addgroup -g 1001 -S ldap && \ + adduser -S -D -H -u 1001 -h /var/www -s /usr/lib/openldap -G ldap -g ldap ldap && \ + apk --update add --virtual .build-deps curl && \ + apk --update --no-cache add openldap=${OPENLDAP_VERSION} openldap-back-mdb=${OPENLDAP_VERSION} \ + openldap-clients=${OPENLDAP_VERSION} && \ + apk del .build-deps && \ + rm -rf /var/cache/apk/* && \ + rm -rf /tmp/* + +EXPOSE 389 636 + +USER 1001 + +STOPSIGNAL SIGTERM + +WORKDIR /var/lib/openldap +CMD ["/usr/sbin/slapd", "-d", "stats", "-u", "ldap", "-g", "ldap", "-f", "/etc/openldap/slapd.conf", "-h", "ldaps://"] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..3812eb4 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2022 Robert Kaussow + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice (including the next +paragraph) shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS +OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF +OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..c548c73 --- /dev/null +++ b/README.md @@ -0,0 +1,19 @@ +# openldap + +OpenLDAP server + + + +[![Build Status](https://ci.rknet.org/api/badges/container/openldap/status.svg)](https://ci.rknet.org/repos/container/openldap) +[![Docker Hub](https://img.shields.io/badge/dockerhub-latest-blue.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/thegeeklab/openldap) +[![Quay.io](https://img.shields.io/badge/quay-latest-blue.svg?logo=docker&logoColor=white)](https://quay.io/repository/thegeeklab/openldap) +[![Source: Gitea](https://img.shields.io/badge/source-gitea-blue.svg?logo=gitea&logoColor=white)](https://gitea.rknet.org/container/openldap) +[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/container/openldap/src/branch/main/LICENSE) + + + +OpenLDAP container based on Alpine. The preconfigured non-root user is a system user named `ldap` with the UID `1001`. There is also a primary group with the same values. + +## License + +This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/container/openldap/src/branch/main/LICENSE) file for details. diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..5f02575 --- /dev/null +++ b/renovate.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["github>thegeeklab/renovate-presets:docker"] +}