feat: add container library (#38)

Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
Reviewed-on: docker/vaultwarden-ldap#38
Co-authored-by: Robert Kaussow <xoxys@rknet.org>
Co-committed-by: Robert Kaussow <xoxys@rknet.org>

.chglog/CHANGELOG.tpl.md

@@ -6,13 +6,9 @@
 {{ range .CommitGroups -}}
 ### {{ .Title }}
 
-{{ $subjects := list }}
 {{ range .Commits -}}
-{{ if not (has .Subject $subjects) -}}
-- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
-{{ $subjects = append $subjects .Subject -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ (regexReplaceAll "(Co-\\w*-by.*)" .Subject "") | trim }}
 {{ end }}
-{{- end }}
 {{- end -}}
 
 {{- if .NoteGroups -}}

.drone.yml

@@ -7,16 +7,16 @@ platform:
   arch: amd64
 
 steps:
-- name: markdownlint
-  image: thegeeklab/markdownlint-cli
-  commands:
-  - markdownlint 'README.md'
+  - name: markdownlint
+    image: thegeeklab/markdownlint-cli
+    commands:
+      - markdownlint 'README.md'
 
 trigger:
   ref:
-  - refs/heads/main
-  - refs/pull/**
-  - refs/tags/**
+    - refs/heads/main
+    - refs/pull/**
+    - refs/tags/**
 
 ---
 kind: pipeline
@@ -27,116 +27,116 @@ platform:
   arch: amd64
 
 steps:
-- name: binary
-  image: clux/muslrust:nightly-2021-04-14
-  commands:
-  - make build
-  environment:
-    BUILD_VERSION: ${DRONE_TAG%-*}
+  - name: binary
+    image: clux/muslrust:nightly-2021-04-14
+    commands:
+      - make build
+    environment:
+      BUILD_VERSION: ${DRONE_TAG%-*}
 
-- name: dryrun
-  image: thegeeklab/drone-docker-buildx:20
-  settings:
-    dockerfile: Dockerfile
-    dry_run: true
-    password:
-      from_secret: docker_password
-    repo: thegeeklab/${DRONE_REPO_NAME}
-    username:
-      from_secret: docker_username
-  when:
-    ref:
-    - refs/pull/**
-  depends_on:
-  - binary
+  - name: dryrun
+    image: thegeeklab/drone-docker-buildx:20
+    settings:
+      dockerfile: Dockerfile
+      dry_run: true
+      password:
+        from_secret: docker_password
+      repo: thegeeklab/${DRONE_REPO_NAME}
+      username:
+        from_secret: docker_username
+    when:
+      ref:
+        - refs/pull/**
+    depends_on:
+      - binary
 
-- name: tags
-  image: thegeeklab/docker-autotag
-  environment:
-    DOCKER_AUTOTAG_FORCE_LATEST: True
-    DOCKER_AUTOTAG_IGNORE_PRERELEASE: True
-    DOCKER_AUTOTAG_OUTPUT_FILE: .tags
-    DOCKER_AUTOTAG_VERSION: ${DRONE_TAG}
-  when:
-    ref:
-    - refs/heads/main
-    - refs/tags/**
-  depends_on:
-  - dryrun
+  - name: tags
+    image: thegeeklab/docker-autotag
+    environment:
+      DOCKER_AUTOTAG_FORCE_LATEST: True
+      DOCKER_AUTOTAG_IGNORE_PRERELEASE: True
+      DOCKER_AUTOTAG_OUTPUT_FILE: .tags
+      DOCKER_AUTOTAG_VERSION: ${DRONE_TAG}
+    when:
+      ref:
+        - refs/heads/main
+        - refs/tags/**
+    depends_on:
+      - dryrun
 
-- name: changelog-generate
-  image: thegeeklab/git-chglog
-  commands:
-  - git fetch -tq
-  - git-chglog --no-color --no-emoji -o CHANGELOG.md ${DRONE_TAG:---next-tag unreleased unreleased}
-  depends_on:
-  - tags
+  - name: changelog-generate
+    image: thegeeklab/git-chglog
+    commands:
+      - git fetch -tq
+      - git-chglog --no-color --no-emoji -o CHANGELOG.md ${DRONE_TAG:---next-tag unreleased unreleased}
+    depends_on:
+      - tags
 
-- name: changelog-format
-  image: thegeeklab/alpine-tools
-  commands:
-  - prettier CHANGELOG.md
-  - prettier -w CHANGELOG.md
-  depends_on:
-  - changelog-generate
+  - name: changelog-format
+    image: thegeeklab/alpine-tools
+    commands:
+      - prettier CHANGELOG.md
+      - prettier -w CHANGELOG.md
+    depends_on:
+      - changelog-generate
 
-- name: publish-dockerhub
-  image: thegeeklab/drone-docker-buildx:20
-  settings:
-    dockerfile: Dockerfile
-    password:
-      from_secret: docker_password
-    repo: thegeeklab/${DRONE_REPO_NAME}
-    username:
-      from_secret: docker_username
-  when:
-    ref:
-    - refs/heads/main
-    - refs/tags/**
-  depends_on:
-  - changelog-format
+  - name: publish-dockerhub
+    image: thegeeklab/drone-docker-buildx:20
+    settings:
+      dockerfile: Dockerfile
+      password:
+        from_secret: docker_password
+      repo: thegeeklab/${DRONE_REPO_NAME}
+      username:
+        from_secret: docker_username
+    when:
+      ref:
+        - refs/heads/main
+        - refs/tags/**
+    depends_on:
+      - changelog-format
 
-- name: publish-quay
-  image: thegeeklab/drone-docker-buildx:20
-  settings:
-    dockerfile: Dockerfile
-    password:
-      from_secret: quay_password
-    registry: quay.io
-    repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
-    username:
-      from_secret: quay_username
-  when:
-    ref:
-    - refs/heads/main
-    - refs/tags/**
-  depends_on:
-  - changelog-format
+  - name: publish-quay
+    image: thegeeklab/drone-docker-buildx:20
+    settings:
+      dockerfile: Dockerfile
+      password:
+        from_secret: quay_password
+      registry: quay.io
+      repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
+      username:
+        from_secret: quay_username
+    when:
+      ref:
+        - refs/heads/main
+        - refs/tags/**
+    depends_on:
+      - changelog-format
 
-- name: publish-gitea
-  image: plugins/gitea-release
-  settings:
-    api_key:
-      from_secret: gitea_token
-    base_url: https://gitea.rknet.org
-    note: CHANGELOG.md
-    overwrite: true
-    title: ${DRONE_TAG}
-  when:
-    ref:
-    - refs/tags/**
-  depends_on:
-  - publish-dockerhub
-  - publish-quay
+  - name: publish-gitea
+    image: plugins/gitea-release
+    settings:
+      api_key:
+        from_secret: gitea_token
+      base_url: https://gitea.rknet.org
+      note: CHANGELOG.md
+      overwrite: true
+      title: ${DRONE_TAG}
+    when:
+      ref:
+        - refs/tags/**
+    depends_on:
+      - publish-dockerhub
+      - publish-quay
 
 trigger:
   ref:
-  - refs/heads/main
-  - refs/pull/**
-  - refs/tags/**
+    - refs/heads/main
+    - refs/pull/**
+    - refs/tags/**
 
 depends_on:
-- test
+  - test
 
 ---
 kind: pipeline
@@ -147,63 +147,63 @@ platform:
   arch: amd64
 
 steps:
-- name: pushrm-dockerhub
-  pull: always
-  image: chko/docker-pushrm:1
-  environment:
-    DOCKER_PASS:
-      from_secret: docker_password
-    DOCKER_USER:
-      from_secret: docker_username
-    PUSHRM_FILE: README.md
-    PUSHRM_SHORT: Custom image for the Vaultwarden LDAP connector
-    PUSHRM_TARGET: thegeeklab/${DRONE_REPO_NAME}
-  when:
-    status:
-    - success
+  - name: pushrm-dockerhub
+    pull: always
+    image: chko/docker-pushrm:1
+    environment:
+      DOCKER_PASS:
+        from_secret: docker_password
+      DOCKER_USER:
+        from_secret: docker_username
+      PUSHRM_FILE: README.md
+      PUSHRM_SHORT: Custom image for the Vaultwarden LDAP connector
+      PUSHRM_TARGET: thegeeklab/${DRONE_REPO_NAME}
+    when:
+      status:
+        - success
 
-- name: pushrm-quay
-  pull: always
-  image: chko/docker-pushrm:1
-  environment:
-    APIKEY__QUAY_IO:
-      from_secret: quay_token
-    PUSHRM_FILE: README.md
-    PUSHRM_TARGET: quay.io/thegeeklab/${DRONE_REPO_NAME}
-  when:
-    status:
-    - success
+  - name: pushrm-quay
+    pull: always
+    image: chko/docker-pushrm:1
+    environment:
+      APIKEY__QUAY_IO:
+        from_secret: quay_token
+      PUSHRM_FILE: README.md
+      PUSHRM_TARGET: quay.io/thegeeklab/${DRONE_REPO_NAME}
+    when:
+      status:
+        - success
 
-- name: matrix
-  image: plugins/matrix
-  settings:
-    homeserver:
-      from_secret: matrix_homeserver
-    password:
-      from_secret: matrix_password
-    roomid:
-      from_secret: matrix_roomid
-    template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}"
-    username:
-      from_secret: matrix_username
-  when:
-    status:
-    - success
-    - failure
+  - name: matrix
+    image: thegeeklab/drone-matrix
+    settings:
+      homeserver:
+        from_secret: matrix_homeserver
+      password:
+        from_secret: matrix_password
+      roomid:
+        from_secret: matrix_roomid
+      template: "Status: **{{ build.Status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.Link }}){{#if build.Branch}} ({{ build.Branch }}){{/if}} by {{ commit.Author }}<br/> Message: {{ commit.Message.Title }}"
+      username:
+        from_secret: matrix_username
+    when:
+      status:
+        - success
+        - failure
 
 trigger:
   ref:
-  - refs/heads/main
-  - refs/tags/**
+    - refs/heads/main
+    - refs/tags/**
   status:
-  - success
-  - failure
+    - success
+    - failure
 
 depends_on:
-- build-container
+  - build-container
 
 ---
 kind: signature
-hmac: b03e655c89137813302453a422df07b0d905cbd6cdfe9d0719cf45e167f7ea75
+hmac: f23406441a2cf3872a1990a14e60a888b375ef31f75ea455fe4d2aa5dfe850be
 
 ...

Dockerfile

@@ -1,4 +1,4 @@
-FROM thegeeklab/alpine:latest@sha256:3de659c1a479d9d80e9c3924227981450af3a068087545a47360cfc2e70a91cc
+FROM thegeeklab/alpine:latest@sha256:4361bc72c04bea35bb620d3641e73d7794246fac35b94e12049ba166d171d5bd
 
 LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
 LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"

overlay/usr/local/bin/entrypoint

@@ -1,40 +1,39 @@
 #!/usr/bin/env sh
 
+# shellcheck disable=SC3040
 set -eo pipefail
 
+# shellcheck disable=SC1091
+. /usr/local/lib/log.sh
+
 /usr/local/bin/gomplate -o /app/config.toml -f /etc/templates/config.toml.tmpl
 
-if [ -z "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" ] || [ -z "$VAULTWARDEN_LDAP_HOST" ]
-then
-  printf "Error: Vaultwarden and/or LDAP server not configured. Exiting ...\n"
+if [ -z "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" ] || [ -z "$VAULTWARDEN_LDAP_HOST" ]; then
+  log_error "Error: Vaultwarden and/or LDAP server not configured, exiting"
   exit 1
 fi
 
-if [ -n "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" ]
-then
+if [ -n "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" ]; then
   WAITFOR_BW_SCHEME=$(/usr/local/bin/url-parser scheme --url "$VAULTWARDEN_LDAP_VAULTWARDEN_URL")
   WAITFOR_BW_HOST=$(/usr/local/bin/url-parser host --url "$VAULTWARDEN_LDAP_VAULTWARDEN_URL")
   WAITFOR_BW_PORT=$(/usr/local/bin/url-parser port --url "$VAULTWARDEN_LDAP_VAULTWARDEN_URL")
 
-  if [ -z "$WAITFOR_BW_PORT" ]
-  then
+  if [ -z "$WAITFOR_BW_PORT" ]; then
     [ "$WAITFOR_BW_SCHEME" = "https" ] && WAITFOR_BW_PORT=433 || WAITFOR_BW_PORT=80
   fi
 
-  printf "Wait for vaultwarden server on '%s:%s'...\n" "${WAITFOR_BW_HOST}" "${WAITFOR_BW_PORT}"
+  log_info "Wait for Vaultwarden server on '${WAITFOR_BW_HOST}:${WAITFOR_BW_PORT}'"
   /usr/local/bin/wait-for "${WAITFOR_BW_HOST}":"${WAITFOR_BW_PORT}"
 fi
 
-if [ -n "$VAULTWARDEN_LDAP_HOST" ]
-then
+if [ -n "$VAULTWARDEN_LDAP_HOST" ]; then
   WAITFOR_LDAP_SSL=$(/usr/local/bin/gomplate -i '{{ getenv "VAULTWARDEN_LDAP_SSL" "true" | conv.Bool }}')
 
-  if [ -z "$VAULTWARDEN_LDAP_PORT" ]
-  then
+  if [ -z "$VAULTWARDEN_LDAP_PORT" ]; then
     [ "$WAITFOR_LDAP_SSL" = true ] && VAULTWARDEN_LDAP_PORT=636 || VAULTWARDEN_LDAP_PORT=389
   fi
 
-  printf "Wait for ldap server on '%s:%s'...\n" "${VAULTWARDEN_LDAP_HOST}" "${VAULTWARDEN_LDAP_PORT}"
+  log_info "Wait for LDAP server on '${VAULTWARDEN_LDAP_HOST}:${VAULTWARDEN_LDAP_PORT}'"
   /usr/local/bin/wait-for "${VAULTWARDEN_LDAP_HOST}":"${VAULTWARDEN_LDAP_PORT}"
 
   # TODO: add delay to minimize connection errors