From f1c7618035bec55e409094f4c5e43afb5e4148d6 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Tue, 7 Nov 2023 16:36:21 +0100 Subject: [PATCH 1/6] refactor: migrate to woodpecker ci --- .chglog/config.yml | 2 +- .drone.yml | 213 -------------------------------- .gitsv/config.yml | 47 +++++++ .prettierignore | 1 - .woodpecker/build-container.yml | 76 ++++++++++++ .woodpecker/build-package.yml | 27 ++++ .woodpecker/docs.yml | 61 +++++++++ .woodpecker/notify.yml | 26 ++++ Dockerfile => Containerfile | 8 +- README.md | 20 ++- docker-compose.yml | 28 ----- 11 files changed, 251 insertions(+), 258 deletions(-) delete mode 100644 .drone.yml create mode 100644 .gitsv/config.yml create mode 100644 .woodpecker/build-container.yml create mode 100644 .woodpecker/build-package.yml create mode 100644 .woodpecker/docs.yml create mode 100644 .woodpecker/notify.yml rename Dockerfile => Containerfile (80%) delete mode 100644 docker-compose.yml diff --git a/.chglog/config.yml b/.chglog/config.yml index d1c6c5d..1c89e11 100755 --- a/.chglog/config.yml +++ b/.chglog/config.yml @@ -2,7 +2,7 @@ style: github template: CHANGELOG.tpl.md info: title: CHANGELOG - repository_url: https://gitea.rknet.org/docker/vaultwarden + repository_url: https://gitea.rknet.org/container/vaultwarden options: commit_groups: title_maps: diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 0cec3b3..0000000 --- a/.drone.yml +++ /dev/null @@ -1,213 +0,0 @@ ---- -kind: pipeline -name: test - -platform: - os: linux - arch: amd64 - -steps: - - name: markdownlint - image: thegeeklab/markdownlint-cli - commands: - - markdownlint 'README.md' - -trigger: - ref: - - refs/heads/main - - refs/pull/** - - refs/tags/** - ---- -kind: pipeline -name: build-container - -platform: - os: linux - arch: amd64 - -steps: - - name: binary - image: clux/muslrust:stable - commands: - - apt-get -qq update && apt-get install -yqq --no-install-recommends libpq-dev - - make build - - - name: verify - image: alpine - commands: - - src/target/x86_64-unknown-linux-musl/release/vaultwarden --help - - src/target/x86_64-unknown-linux-musl/release/vaultwarden --version - depends_on: - - binary - - - name: dryrun - image: thegeeklab/drone-docker-buildx:23 - settings: - dockerfile: Dockerfile - dry_run: true - provenance: false - repo: thegeeklab/${DRONE_REPO_NAME} - when: - ref: - - refs/pull/** - depends_on: - - verify - - - name: tags - image: thegeeklab/docker-autotag - environment: - DOCKER_AUTOTAG_FORCE_LATEST: True - DOCKER_AUTOTAG_IGNORE_PRERELEASE: True - DOCKER_AUTOTAG_OUTPUT_FILE: .tags - DOCKER_AUTOTAG_VERSION: ${DRONE_TAG} - when: - ref: - - refs/heads/main - - refs/tags/** - depends_on: - - dryrun - - - name: changelog-generate - image: thegeeklab/git-chglog - commands: - - git fetch -tq - - git-chglog --no-color --no-emoji -o CHANGELOG.md ${DRONE_TAG:---next-tag unreleased unreleased} - depends_on: - - tags - - - name: changelog-format - image: thegeeklab/alpine-tools - commands: - - prettier CHANGELOG.md - - prettier -w CHANGELOG.md - depends_on: - - changelog-generate - - - name: publish-dockerhub - image: thegeeklab/drone-docker-buildx:23 - settings: - dockerfile: Dockerfile - password: - from_secret: docker_password - provenance: false - repo: thegeeklab/${DRONE_REPO_NAME} - username: - from_secret: docker_username - when: - ref: - - refs/heads/main - - refs/tags/** - depends_on: - - changelog-format - - - name: publish-quay - image: thegeeklab/drone-docker-buildx:23 - settings: - dockerfile: Dockerfile - password: - from_secret: quay_password - provenance: false - registry: quay.io - repo: quay.io/thegeeklab/${DRONE_REPO_NAME} - username: - from_secret: quay_username - when: - ref: - - refs/heads/main - - refs/tags/** - depends_on: - - changelog-format - - - name: publish-gitea - image: plugins/gitea-release - settings: - api_key: - from_secret: gitea_token - base_url: https://gitea.rknet.org - note: CHANGELOG.md - overwrite: true - title: ${DRONE_TAG} - when: - ref: - - refs/tags/** - depends_on: - - publish-dockerhub - - publish-quay - -trigger: - ref: - - refs/heads/main - - refs/pull/** - - refs/tags/** - -depends_on: - - test - ---- -kind: pipeline -name: notifications - -platform: - os: linux - arch: amd64 - -steps: - - name: pushrm-dockerhub - image: chko/docker-pushrm:1 - environment: - DOCKER_PASS: - from_secret: docker_password - DOCKER_USER: - from_secret: docker_username - PUSHRM_FILE: README.md - PUSHRM_SHORT: Custom image for Vaultwarden password manager - PUSHRM_TARGET: thegeeklab/${DRONE_REPO_NAME} - when: - status: - - success - - - name: pushrm-quay - image: chko/docker-pushrm:1 - environment: - APIKEY__QUAY_IO: - from_secret: quay_token - PUSHRM_FILE: README.md - PUSHRM_TARGET: quay.io/thegeeklab/${DRONE_REPO_NAME} - when: - status: - - success - - - name: matrix - image: thegeeklab/drone-matrix - settings: - homeserver: - from_secret: matrix_homeserver - password: - from_secret: matrix_password - roomid: - from_secret: matrix_roomid - template: "Status: **{{ .Build.Status }}**
Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}
Message: {{ .Commit.Message.Title }}" - username: - from_secret: matrix_username - when: - status: - - success - - failure - -trigger: - ref: - - refs/heads/main - - refs/tags/** - status: - - success - - failure - -depends_on: - - build-container - ---- -kind: signature -hmac: 4ba2b1c8e702a25d354563333c9c332383f4887a64f7d5af37c054c31149119b - -... diff --git a/.gitsv/config.yml b/.gitsv/config.yml new file mode 100644 index 0000000..acaf506 --- /dev/null +++ b/.gitsv/config.yml @@ -0,0 +1,47 @@ +--- +version: "1.1" + +versioning: + update-major: [] + update-minor: [feat] + update-patch: [fix, perf, refactor, chore, test, ci, docs] + +tag: + pattern: "v%d.%d.%d" + +release-notes: + sections: + - name: Features + commit-types: [feat] + section-type: commits + - name: Bug Fixes + commit-types: [fix] + section-type: commits + - name: Performance Improvements + commit-types: [perf] + section-type: commits + - name: Code Refactoring + commit-types: [refactor] + section-type: commits + - name: Others + commit-types: [chore] + section-type: commits + - name: Testing + commit-types: [test] + section-type: commits + - name: CI Pipeline + commit-types: [ci] + section-type: commits + - name: Documentation + commit-types: [docs] + section-type: commits + - name: BREAKING CHANGES + section-type: breaking-changes + +commit-message: + footer: + issue: + key: issue + add-value-prefix: "#" + issue: + regex: "#?[0-9]+" diff --git a/.prettierignore b/.prettierignore index 23a4f05..135c35d 100644 --- a/.prettierignore +++ b/.prettierignore @@ -1,3 +1,2 @@ -.drone.yml *.tpl.md LICENSE diff --git a/.woodpecker/build-container.yml b/.woodpecker/build-container.yml new file mode 100644 index 0000000..50ef207 --- /dev/null +++ b/.woodpecker/build-container.yml @@ -0,0 +1,76 @@ +--- +when: + - event: [pull_request, tag] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + +steps: + binary: + image: docker.io/clux/muslrust:stable + commands: + - apt-get -qq update && apt-get install -yqq --no-install-recommends libpq-dev + - make build + + executable: + image: docker.io/alpine + commands: + - src/target/x86_64-unknown-linux-musl/release/vaultwarden --help + - src/target/x86_64-unknown-linux-musl/release/vaultwarden --version + + security-build: + image: quay.io/thegeeklab/wp-docker-buildx:1 + settings: + containerfile: Containerfile.multiarch + output: type=oci,dest=oci/${CI_REPO_NAME},tar=false + repo: thegeeklab/${CI_REPO_NAME} + + security-scan: + image: ghcr.io/aquasecurity/trivy + commands: + - trivy -v + - trivy image --input oci/${CI_REPO_NAME} + environment: + TRIVY_EXIT_CODE: "1" + TRIVY_IGNORE_UNFIXED: "true" + TRIVY_NO_PROGRESS: "true" + TRIVY_SEVERITY: HIGH,CRITICAL + TRIVY_TIMEOUT: 1m + TRIVY_SKIP_FILES: /usr/local/bin/gomplate + + publish-dockerhub: + group: container + image: quay.io/thegeeklab/wp-docker-buildx:1 + settings: + auto_tag: true + containerfile: Containerfile + password: + from_secret: docker_password + provenance: false + repo: thegeeklab/${CI_REPO_NAME} + username: + from_secret: docker_username + when: + - event: [tag] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + + publish-quay: + group: container + image: quay.io/thegeeklab/wp-docker-buildx:1 + settings: + auto_tag: true + containerfile: Containerfile + password: + from_secret: quay_password + provenance: false + registry: quay.io + repo: quay.io/thegeeklab/${CI_REPO_NAME} + username: + from_secret: quay_username + when: + - event: [tag] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} diff --git a/.woodpecker/build-package.yml b/.woodpecker/build-package.yml new file mode 100644 index 0000000..34a8589 --- /dev/null +++ b/.woodpecker/build-package.yml @@ -0,0 +1,27 @@ +--- +when: + - event: [pull_request, tag] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + +steps: + changelog: + image: quay.io/thegeeklab/git-sv + commands: + - git fetch --depth=2147483647 + - git sv current-version + - git sv release-notes -t ${CI_COMMIT_TAG:-next} -o CHANGELOG.md + - cat CHANGELOG.md + + publish-gitea: + image: plugins/gitea-release + settings: + api_key: + from_secret: gitea_token + base_url: https://gitea.rknet.org + note: CHANGELOG.md + overwrite: true + title: ${CI_COMMIT_TAG} + when: + - event: [tag] diff --git a/.woodpecker/docs.yml b/.woodpecker/docs.yml new file mode 100644 index 0000000..b62c261 --- /dev/null +++ b/.woodpecker/docs.yml @@ -0,0 +1,61 @@ +--- +when: + - event: [pull_request, tag] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + +steps: + markdownlint: + image: quay.io/thegeeklab/markdownlint-cli + commands: + - markdownlint 'README.md' + + spellcheck: + image: quay.io/thegeeklab/alpine-tools + commands: + - spellchecker --files '_docs/**/*.md' 'README.md' -d .dictionary -p spell indefinite-article syntax-urls + environment: + FORCE_COLOR: "true" + NPM_CONFIG_LOGLEVEL: "error" + + link-validation: + image: docker.io/lycheeverse/lychee + group: test + commands: + - lychee --no-progress --format detailed README.md + + pushrm-dockerhub: + image: docker.io/chko/docker-pushrm:1 + secrets: + - source: docker_password + target: DOCKER_PASS + - source: docker_username + target: DOCKER_USER + environment: + PUSHRM_FILE: README.md + PUSHRM_SHORT: Custom image for Vaultwarden password manager + PUSHRM_TARGET: thegeeklab/${CI_REPO_NAME} + when: + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + status: [success] + + pushrm-quay: + image: docker.io/chko/docker-pushrm:1 + secrets: + - source: quay_token + target: APIKEY__QUAY_IO + environment: + PUSHRM_FILE: README.md + PUSHRM_TARGET: quay.io/thegeeklab/${CI_REPO_NAME} + when: + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + status: [success] + +depends_on: + - build-package + - build-container diff --git a/.woodpecker/notify.yml b/.woodpecker/notify.yml new file mode 100644 index 0000000..a851904 --- /dev/null +++ b/.woodpecker/notify.yml @@ -0,0 +1,26 @@ +--- +when: + - event: [tag] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + +runs_on: [success, failure] + +steps: + matrix: + image: quay.io/thegeeklab/wp-matrix + settings: + homeserver: + from_secret: matrix_homeserver + password: + from_secret: matrix_password + roomid: + from_secret: matrix_roomid + username: + from_secret: matrix_username + when: + - status: [success, failure] + +depends_on: + - docs diff --git a/Dockerfile b/Containerfile similarity index 80% rename from Dockerfile rename to Containerfile index eed5856..8907fc1 100644 --- a/Dockerfile +++ b/Containerfile @@ -1,11 +1,11 @@ -FROM thegeeklab/alpine:latest@sha256:1a959e83114602716d5c44ebb97da156425b1730868a11800d7ceb41752cf50e +FROM quay.io/thegeeklab/alpine:latest@sha256:1a959e83114602716d5c44ebb97da156425b1730868a11800d7ceb41752cf50e LABEL maintainer="Robert Kaussow " LABEL org.opencontainers.image.authors="Robert Kaussow " LABEL org.opencontainers.image.title="vaultwarden" -LABEL org.opencontainers.image.url="https://gitea.rknet.org/docker/vaultwarden" -LABEL org.opencontainers.image.source="https://gitea.rknet.org/docker/vaultwarden" -LABEL org.opencontainers.image.documentation="https://gitea.rknet.org/docker/vaultwarden" +LABEL org.opencontainers.image.url="https://gitea.rknet.org/container/vaultwarden" +LABEL org.opencontainers.image.source="https://gitea.rknet.org/container/vaultwarden" +LABEL org.opencontainers.image.documentation="https://gitea.rknet.org/container/vaultwarden" ARG WEBVAULT_VERSION diff --git a/README.md b/README.md index 352df54..364fabb 100644 --- a/README.md +++ b/README.md @@ -2,22 +2,20 @@ Custom image for Vaultwarden password manager -[![Build Status](https://img.shields.io/drone/build/docker/vaultwarden?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/docker/vaultwarden) + + +[![Build Status](https://ci.rknet.org/api/badges/container/vaultwarden/status.svg)](https://ci.rknet.org/repos/container/vaultwarden) [![Docker Hub](https://img.shields.io/badge/dockerhub-latest-blue.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/thegeeklab/vaultwarden) [![Quay.io](https://img.shields.io/badge/quay-latest-blue.svg?logo=docker&logoColor=white)](https://quay.io/repository/thegeeklab/vaultwarden) -[![Source: Gitea](https://img.shields.io/badge/source-gitea-blue.svg?logo=gitea&logoColor=white)](https://gitea.rknet.org/docker/vaultwarden) -[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/docker/vaultwarden/src/branch/main/LICENSE) +[![Source: Gitea](https://img.shields.io/badge/source-gitea-blue.svg?logo=gitea&logoColor=white)](https://gitea.rknet.org/container/vaultwarden) +[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/container/vaultwarden/src/branch/main/LICENSE) -This is a rootless custom Docker image for [vaultwarden](https://github.com/dani-garcia/vaultwarden). Vaultwarden is a Bitwarden server API implementation written in Rust compatible with upstream Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal. + + +Custom rootless container image for [vaultwarden](https://github.com/dani-garcia/vaultwarden). Vaultwarden is a Bitwarden server API implementation written in Rust compatible with upstream Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal. > **WARNING**: This build supports SQLite and PostgreSQL database backend only. -## Usage - -### Docker Compose - -Please take a look at the [example](https://gitea.rknet.org/docker/vaultwarden/src/branch/main/docker-compose.yml) compose file from the git repo. - ## Configuration ```Shell @@ -76,4 +74,4 @@ VAULTWARDEN_ROCKET_WORKERS= ## License -This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/docker/vaultwarden/src/branch/main/LICENSE) file for details. +This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/container/vaultwarden/src/branch/main/LICENSE) file for details. diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index 12b99c1..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -version: "3" - -services: - postgres: - container_name: postgres - image: postgres - environment: - POSTGRES_DB: vaultwarden - POSTGRES_PASSWORD: pass - POSTGRES_USER: user - - vaultwarden: - container_name: vaultwarden - image: thegeeklab/vaultwarden - depends_on: - - postgres - ports: - - "80:8080" - volumes: - - data:/app/data - environment: - VAULTWARDEN_DATABASE_URL: postgresql://user:pass@vaultwarden_postgres:5432/vaultwarden - VAULTWARDEN_ADMIN_TOKEN: test - -volumes: - data: - driver: local -- 2.45.2 From 750f1a74f527be87c3bac37acf5e381043e6bfb9 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Tue, 7 Nov 2023 16:39:54 +0100 Subject: [PATCH 2/6] cleanup --- .chglog/CHANGELOG.tpl.md | 23 ----------------------- .chglog/config.yml | 25 ------------------------- 2 files changed, 48 deletions(-) delete mode 100755 .chglog/CHANGELOG.tpl.md delete mode 100755 .chglog/config.yml diff --git a/.chglog/CHANGELOG.tpl.md b/.chglog/CHANGELOG.tpl.md deleted file mode 100755 index cc0367b..0000000 --- a/.chglog/CHANGELOG.tpl.md +++ /dev/null @@ -1,23 +0,0 @@ -# Changelog - -{{ range .Versions -}} -## {{ if .Tag.Previous }}[{{ .Tag.Name }}]({{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}){{ else }}{{ .Tag.Name }}{{ end }} ({{ datetime "2006-01-02" .Tag.Date }}) - -{{ range .CommitGroups -}} -### {{ .Title }} - -{{ range .Commits -}} -- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ (regexReplaceAll "(.*)/issues/(.*)" (regexReplaceAll "(Co-\\w*-by.*)" .Subject "") "${1}/pulls/${2}") | trim }} -{{ end }} -{{- end -}} - -{{- if .NoteGroups -}} -{{ range .NoteGroups -}} -### {{ .Title }} - -{{ range .Notes }} -{{ .Body }} -{{ end }} -{{ end -}} -{{ end -}} -{{ end -}} diff --git a/.chglog/config.yml b/.chglog/config.yml deleted file mode 100755 index 1c89e11..0000000 --- a/.chglog/config.yml +++ /dev/null @@ -1,25 +0,0 @@ -style: github -template: CHANGELOG.tpl.md -info: - title: CHANGELOG - repository_url: https://gitea.rknet.org/container/vaultwarden -options: - commit_groups: - title_maps: - feat: Features - fix: Bug Fixes - perf: Performance Improvements - refactor: Code Refactoring - chore: Others - test: Testing - ci: CI Pipeline - docs: Documentation - header: - pattern: "^(\\w*)(?:\\(([\\w\\$\\.\\-\\*\\s]*)\\))?\\:\\s(.*)$" - pattern_maps: - - Type - - Scope - - Subject - notes: - keywords: - - BREAKING CHANGE -- 2.45.2 From 7c78de5c2e3d02ae66e2d297c45d3f8be84b6650 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Tue, 7 Nov 2023 16:42:16 +0100 Subject: [PATCH 3/6] add dictionary --- .dictionary | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 .dictionary diff --git a/.dictionary b/.dictionary new file mode 100644 index 0000000..e69de29 -- 2.45.2 From dc0c44dbfa89d4578a4655d84f2cdfd64a3ab804 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Tue, 7 Nov 2023 16:44:59 +0100 Subject: [PATCH 4/6] fix alpine digest --- Containerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containerfile b/Containerfile index 8907fc1..4bb41e4 100644 --- a/Containerfile +++ b/Containerfile @@ -1,4 +1,4 @@ -FROM quay.io/thegeeklab/alpine:latest@sha256:1a959e83114602716d5c44ebb97da156425b1730868a11800d7ceb41752cf50e +FROM quay.io/thegeeklab/alpine:latest@sha256:e86840e5ad608b2951e0d1c9e131756c1685f5b1bea408438e7f7b80c7c119f4 LABEL maintainer="Robert Kaussow " LABEL org.opencontainers.image.authors="Robert Kaussow " -- 2.45.2 From 2ec2351cdc9f312bcbaaed51270de54b60b1ac44 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Tue, 7 Nov 2023 21:37:17 +0100 Subject: [PATCH 5/6] fix ci --- .woodpecker/build-container.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.woodpecker/build-container.yml b/.woodpecker/build-container.yml index 50ef207..41d1663 100644 --- a/.woodpecker/build-container.yml +++ b/.woodpecker/build-container.yml @@ -21,7 +21,7 @@ steps: security-build: image: quay.io/thegeeklab/wp-docker-buildx:1 settings: - containerfile: Containerfile.multiarch + containerfile: Containerfile output: type=oci,dest=oci/${CI_REPO_NAME},tar=false repo: thegeeklab/${CI_REPO_NAME} -- 2.45.2 From 585f0489af04e6c6763c8170313e48bdea18729c Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Tue, 7 Nov 2023 21:56:44 +0100 Subject: [PATCH 6/6] fix ci --- .dictionary | 2 ++ README.md | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.dictionary b/.dictionary index e69de29..275e5b1 100644 --- a/.dictionary +++ b/.dictionary @@ -0,0 +1,2 @@ +(V|v)aultwarden +Bitwarden diff --git a/README.md b/README.md index 364fabb..2e5bb3b 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Custom image for Vaultwarden password manager Custom rootless container image for [vaultwarden](https://github.com/dani-garcia/vaultwarden). Vaultwarden is a Bitwarden server API implementation written in Rust compatible with upstream Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal. -> **WARNING**: This build supports SQLite and PostgreSQL database backend only. +> **WARNING**: This version only supports SQLite and PostgreSQL databases. ## Configuration -- 2.45.2