Compare commits
10 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
f00f72c065
|
|||
| 2a83f4f541 | |||
|
2734497185
|
|||
|
fb98cc0f47
|
|||
| f67391f377 | |||
|
797f1643aa
|
|||
| a8badbec38 | |||
| f7774eb4e0 | |||
| 0a0c6deedd | |||
|
38cf952378
|
@ -7,14 +7,15 @@ when:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: security-build
|
- name: security-build
|
||||||
image: quay.io/thegeeklab/wp-docker-buildx:4
|
image: quay.io/thegeeklab/wp-docker-buildx:5
|
||||||
settings:
|
settings:
|
||||||
containerfile: Containerfile.multiarch
|
containerfile: Containerfile.multiarch
|
||||||
output: type=oci,dest=oci/${CI_REPO_NAME},tar=false
|
output: type=oci,dest=oci/${CI_REPO_NAME},tar=false
|
||||||
repo: thegeeklab/${CI_REPO_NAME}
|
repo: thegeeklab/${CI_REPO_NAME}
|
||||||
|
|
||||||
- name: security-scan
|
- name: security-scan
|
||||||
image: ghcr.io/aquasecurity/trivy
|
image: docker.io/aquasec/trivy
|
||||||
|
depends_on: security-build
|
||||||
commands:
|
commands:
|
||||||
- trivy -v
|
- trivy -v
|
||||||
- trivy image --input oci/${CI_REPO_NAME}
|
- trivy image --input oci/${CI_REPO_NAME}
|
||||||
@ -24,10 +25,11 @@ steps:
|
|||||||
TRIVY_NO_PROGRESS: "true"
|
TRIVY_NO_PROGRESS: "true"
|
||||||
TRIVY_SEVERITY: HIGH,CRITICAL
|
TRIVY_SEVERITY: HIGH,CRITICAL
|
||||||
TRIVY_TIMEOUT: 1m
|
TRIVY_TIMEOUT: 1m
|
||||||
|
TRIVY_DB_REPOSITORY: docker.io/aquasec/trivy-db:2
|
||||||
|
|
||||||
- name: publish-dockerhub
|
- name: publish-dockerhub
|
||||||
image: quay.io/thegeeklab/wp-docker-buildx:4
|
image: quay.io/thegeeklab/wp-docker-buildx:5
|
||||||
group: container
|
depends_on: security-scan
|
||||||
settings:
|
settings:
|
||||||
auto_tag: true
|
auto_tag: true
|
||||||
containerfile: Containerfile.multiarch
|
containerfile: Containerfile.multiarch
|
||||||
@ -47,8 +49,8 @@ steps:
|
|||||||
- ${CI_REPO_DEFAULT_BRANCH}
|
- ${CI_REPO_DEFAULT_BRANCH}
|
||||||
|
|
||||||
- name: publish-quay
|
- name: publish-quay
|
||||||
image: quay.io/thegeeklab/wp-docker-buildx:4
|
image: quay.io/thegeeklab/wp-docker-buildx:5
|
||||||
group: container
|
depends_on: security-scan
|
||||||
settings:
|
settings:
|
||||||
auto_tag: true
|
auto_tag: true
|
||||||
containerfile: Containerfile.multiarch
|
containerfile: Containerfile.multiarch
|
||||||
|
|||||||
@ -8,13 +8,11 @@ when:
|
|||||||
steps:
|
steps:
|
||||||
- name: markdownlint
|
- name: markdownlint
|
||||||
image: quay.io/thegeeklab/markdownlint-cli
|
image: quay.io/thegeeklab/markdownlint-cli
|
||||||
group: test
|
|
||||||
commands:
|
commands:
|
||||||
- markdownlint 'README.md'
|
- markdownlint 'README.md'
|
||||||
|
|
||||||
- name: spellcheck
|
- name: spellcheck
|
||||||
image: quay.io/thegeeklab/alpine-tools
|
image: quay.io/thegeeklab/alpine-tools
|
||||||
group: test
|
|
||||||
commands:
|
commands:
|
||||||
- spellchecker --files '_docs/**/*.md' 'README.md' -d .dictionary -p spell indefinite-article syntax-urls
|
- spellchecker --files '_docs/**/*.md' 'README.md' -d .dictionary -p spell indefinite-article syntax-urls
|
||||||
environment:
|
environment:
|
||||||
@ -22,18 +20,17 @@ steps:
|
|||||||
|
|
||||||
- name: link-validation
|
- name: link-validation
|
||||||
image: docker.io/lycheeverse/lychee
|
image: docker.io/lycheeverse/lychee
|
||||||
group: test
|
|
||||||
commands:
|
commands:
|
||||||
- lychee --no-progress --format detailed README.md
|
- lychee --no-progress --format detailed README.md
|
||||||
|
|
||||||
- name: pushrm-dockerhub
|
- name: pushrm-dockerhub
|
||||||
image: docker.io/chko/docker-pushrm:1
|
image: docker.io/chko/docker-pushrm:1
|
||||||
secrets:
|
depends_on: [markdownlint, spellcheck, link-validation]
|
||||||
- source: docker_password
|
|
||||||
target: DOCKER_PASS
|
|
||||||
- source: docker_username
|
|
||||||
target: DOCKER_USER
|
|
||||||
environment:
|
environment:
|
||||||
|
DOCKER_PASS:
|
||||||
|
from_secret: docker_password
|
||||||
|
DOCKER_USER:
|
||||||
|
from_secret: docker_username
|
||||||
PUSHRM_FILE: README.md
|
PUSHRM_FILE: README.md
|
||||||
PUSHRM_SHORT: OpenLDAP server
|
PUSHRM_SHORT: OpenLDAP server
|
||||||
PUSHRM_TARGET: thegeeklab/${CI_REPO_NAME}
|
PUSHRM_TARGET: thegeeklab/${CI_REPO_NAME}
|
||||||
@ -45,10 +42,10 @@ steps:
|
|||||||
|
|
||||||
- name: pushrm-quay
|
- name: pushrm-quay
|
||||||
image: docker.io/chko/docker-pushrm:1
|
image: docker.io/chko/docker-pushrm:1
|
||||||
secrets:
|
depends_on: [markdownlint, spellcheck, link-validation]
|
||||||
- source: quay_token
|
|
||||||
target: APIKEY__QUAY_IO
|
|
||||||
environment:
|
environment:
|
||||||
|
APIKEY__QUAY_IO:
|
||||||
|
from_secret: quay_token
|
||||||
PUSHRM_FILE: README.md
|
PUSHRM_FILE: README.md
|
||||||
PUSHRM_TARGET: quay.io/thegeeklab/${CI_REPO_NAME}
|
PUSHRM_TARGET: quay.io/thegeeklab/${CI_REPO_NAME}
|
||||||
when:
|
when:
|
||||||
|
|||||||
@ -13,12 +13,12 @@ steps:
|
|||||||
settings:
|
settings:
|
||||||
homeserver:
|
homeserver:
|
||||||
from_secret: matrix_homeserver
|
from_secret: matrix_homeserver
|
||||||
password:
|
room_id:
|
||||||
from_secret: matrix_password
|
from_secret: matrix_room_id
|
||||||
roomid:
|
user_id:
|
||||||
from_secret: matrix_roomid
|
from_secret: matrix_user_id
|
||||||
username:
|
access_token:
|
||||||
from_secret: matrix_username
|
from_secret: matrix_access_token
|
||||||
when:
|
when:
|
||||||
- status: [success, failure]
|
- status: [success, failure]
|
||||||
|
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
FROM docker.io/alpine:3.20@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0
|
FROM docker.io/alpine:3.20@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d
|
||||||
|
|
||||||
LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
|
LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
|
||||||
LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
|
LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
|
||||||
@ -11,20 +11,18 @@ ARG TARGETOS
|
|||||||
ARG TARGETARCH
|
ARG TARGETARCH
|
||||||
ARG TARGETVARIANT
|
ARG TARGETVARIANT
|
||||||
|
|
||||||
ARG CONTAINER_LIBRARY
|
|
||||||
|
|
||||||
# renovate: datasource=repology depName=alpine_3_20/openldap versioning=loose
|
# renovate: datasource=repology depName=alpine_3_20/openldap versioning=loose
|
||||||
ENV OPENLDAP_VERSION=2.6.7-r0
|
ENV OPENLDAP_VERSION=2.6.8-r0
|
||||||
|
|
||||||
RUN addgroup -g 1001 -S ldap && \
|
RUN addgroup -g 1001 -S ldap && \
|
||||||
adduser -S -D -H -u 1001 -h /var/www -s /usr/lib/openldap -G ldap -g ldap ldap && \
|
adduser -S -D -H -u 1001 -h /openldap -G ldap -g ldap ldap && \
|
||||||
apk --update add --virtual .build-deps curl && \
|
apk --update add --virtual .build-deps curl && \
|
||||||
apk --update --no-cache add openldap=${OPENLDAP_VERSION} \
|
apk --update --no-cache add openldap \
|
||||||
openldap-back-ldap=${OPENLDAP_VERSION} \
|
openldap-back-ldap \
|
||||||
openldap-back-mdb=${OPENLDAP_VERSION} \
|
openldap-back-mdb \
|
||||||
openldap-overlay-rwm=${OPENLDAP_VERSION} \
|
openldap-overlay-rwm \
|
||||||
openldap-overlay-memberof=${OPENLDAP_VERSION} \
|
openldap-overlay-memberof \
|
||||||
openldap-clients=${OPENLDAP_VERSION} && \
|
openldap-clients && \
|
||||||
mkdir -p /openldap/conf /openldap/data && \
|
mkdir -p /openldap/conf /openldap/data && \
|
||||||
cp /etc/openldap/slapd.conf /openldap/conf/slapd.conf && \
|
cp /etc/openldap/slapd.conf /openldap/conf/slapd.conf && \
|
||||||
chown -R ldap:ldap /openldap && \
|
chown -R ldap:ldap /openldap && \
|
||||||
@ -41,4 +39,4 @@ USER 1001
|
|||||||
STOPSIGNAL SIGTERM
|
STOPSIGNAL SIGTERM
|
||||||
|
|
||||||
WORKDIR /openldap
|
WORKDIR /openldap
|
||||||
CMD ["/usr/sbin/slapd", "-d", "stats", "-u", "ldap", "-g", "ldap", "-f", "/openldap/conf/slapd.conf", "-h", "ldaps://", "ldap://"]
|
CMD ["/usr/sbin/slapd", "-d", "stats", "-u", "ldap", "-g", "ldap", "-f", "/openldap/conf/slapd.conf", "-h", "ldaps:// ldap://"]
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user