diff --git a/.github/workflows/cve-scan.yml b/.github/workflows/cve-scan.yml deleted file mode 100644 index 31cbceddc..000000000 --- a/.github/workflows/cve-scan.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: "CVE Scan" -on: - schedule: - - cron: '0 0 * * *' - workflow_dispatch: { } -jobs: - scan-images: - name: Scan latest public image - runs-on: ubuntu-latest - continue-on-error: true - strategy: - matrix: - image: [ kroki, kroki-mermaid, kroki-bpmn, kroki-excalidraw, kroki-diagramsnet ] - tag: [ latest ] - steps: - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: 'docker.io/yuzutech/${{ matrix.image }}:${{ matrix.tag }}' - severity: 'CRITICAL,HIGH' - format: 'table' - # we can set to 0 to avoid breaking the pipeline - exit-code: '0' diff --git a/.github/workflows/dockerhub-description.yml b/.github/workflows/dockerhub-description.yml deleted file mode 100644 index c46683ac7..000000000 --- a/.github/workflows/dockerhub-description.yml +++ /dev/null @@ -1,58 +0,0 @@ -name: Docker Hub Description -on: - workflow_dispatch: - push: - tags: - - 'v*' - - .github/workflows/dockerhub-description.yml -jobs: - docker-hub-description: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4.1.1 - - - name: Docker Hub Description - uses: peter-evans/dockerhub-description@v3.4.2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - repository: yuzutech/kroki - short-description: ${{ github.event.repository.description }} - readme-filepath: ./DOCKERHUB.md - - - name: Docker Hub Description - bpmn - uses: peter-evans/dockerhub-description@v3.4.2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - repository: yuzutech/kroki-bpmn - short-description: Companion server for Kroki that provides BPMN - readme-filepath: ./DOCKERHUB-COMPANION.md - - - name: Docker Hub Description - excalidraw - uses: peter-evans/dockerhub-description@v3.4.2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - repository: yuzutech/kroki-excalidraw - short-description: Companion server for Kroki that provides Excalidraw - readme-filepath: ./DOCKERHUB-COMPANION.md - - - name: Docker Hub Description - mermaid - uses: peter-evans/dockerhub-description@v3.4.2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - repository: yuzutech/kroki-mermaid - short-description: Companion server for Kroki that provides Mermaid - readme-filepath: ./DOCKERHUB-COMPANION.md - - - name: Docker Hub Description - diagramsnet - uses: peter-evans/dockerhub-description@v3.4.2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - repository: yuzutech/kroki-diagramsnet - short-description: Companion server for Kroki that provides diagrams.net (formerly draw.io) - readme-filepath: ./DOCKERHUB-COMPANION.md - diff --git a/.github/workflows/docs-ci.yml b/.github/workflows/docs-ci.yml deleted file mode 100644 index a0ccca7da..000000000 --- a/.github/workflows/docs-ci.yml +++ /dev/null @@ -1,121 +0,0 @@ -name: Docs CI - -on: - push: - paths: - - 'docs/**' - branches: - - main - pull_request: - paths: - - 'docs/**' - branches: - - '*' - workflow_dispatch: - -jobs: - test-kind-multipod: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - name: Install Kubernetes Kind - run: | - curl -Lo ./kind "https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64" - chmod +x ./kind - ./kind version - - - name: Install kubectl - run: | - curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.21.3/bin/linux/amd64/kubectl - chmod +x ./kubectl - - - name: Create cluster - run: ./kind create cluster - - - name: Install Kroki using Multiple Pods - run: ./kubectl apply -f docs/modules/setup/examples/k8s-multi-pod - - - name: Kubectl version - run: ./kubectl version - - - name: Wait until available - run: ./kubectl wait --for=condition=available --timeout=120s --all deployments.apps - - - name: Check pod - run: ./kubectl get pod - - - name: Forward port 8000 (background) - run: ./kubectl port-forward service/kroki 8000:8000 & - - - name: Test SeqDiag - run: curl -o /dev/null -s -w "%{http_code}\n" http://localhost:8000/seqdiag/svg/eNorTi1MyUxMV6jmUlBIKsovL04tUtC1UyhPTQKyyoCc6JzEpNQcBVsFJXfXEAX9zLyU1Aq9jJLcHKVYayQ9Nrq6CE3WhA0L8A8GmpaUk5-un5yfm5uaVwIxD6EWqDElsSQxKbE4FUmfp1-wa1CIAg49IFfANOFxXS0A68hQUg== | grep 200 - - - name: Uninstall Kroki - run: ./kubectl delete -f docs/modules/setup/examples/k8s-multi-pod - - - name: Delete cluster - run: ./kind delete cluster - - test-kind-singlepod: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - name: Install Kubernetes Kind - run: | - curl -Lo ./kind "https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64" - chmod +x ./kind - ./kind version - - - name: Install kubectl - run: | - curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.21.3/bin/linux/amd64/kubectl - chmod +x ./kubectl - - - name: Create cluster - run: ./kind create cluster - - - name: Install Kroki using a Single Pod - run: ./kubectl apply -f docs/modules/setup/examples/k8s-single-pod - - - name: Kubectl version - run: ./kubectl version - - - name: Wait until available - run: ./kubectl wait --for=condition=available --timeout=120s --all deployments.apps - - - name: Check pod - run: ./kubectl get pod - - - name: Forward port 8000 (background) - run: ./kubectl port-forward service/kroki 8000:8000 & - - - name: Test SeqDiag - run: curl -o /dev/null -s -w "%{http_code}\n" http://localhost:8000/seqdiag/svg/eNorTi1MyUxMV6jmUlBIKsovL04tUtC1UyhPTQKyyoCc6JzEpNQcBVsFJXfXEAX9zLyU1Aq9jJLcHKVYayQ9Nrq6CE3WhA0L8A8GmpaUk5-un5yfm5uaVwIxD6EWqDElsSQxKbE4FUmfp1-wa1CIAg49IFfANOFxXS0A68hQUg== | grep 200 - - - name: Uninstall Kroki - run: ./kubectl delete -f docs/modules/setup/examples/k8s-single-pod - - - name: Delete cluster - run: ./kind delete cluster - - test-dockercompose: - runs-on: ubuntu-22.04 - - steps: - - uses: actions/checkout@v4 - - name: Setup Docker - # taken from https://github.com/docker/github-actions/blob/0f18e2abad9a4ac2963d2516246787375b5ec917/Dockerfile#L32 - run: curl -fL https://download.docker.com/linux/static/stable/x86_64/docker-20.10.21.tgz | tar xzO docker/docker > docker && sudo mv -f docker /usr/bin/docker && sudo chmod +x /usr/bin/docker - - - name: docker-compose up - run: docker-compose -f docs/modules/setup/examples/kroki-docker-compose.yml up -d - - - name: Wait until available - run: | - ./ci/tests/wait-for-it.sh localhost:8000 --timeout=40 - sleep 20 - - - name: Test SeqDiag - run: curl -o /dev/null -s -w "%{http_code}\n" http://localhost:8000/seqdiag/svg/eNorTi1MyUxMV6jmUlBIKsovL04tUtC1UyhPTQKyyoCc6JzEpNQcBVsFJXfXEAX9zLyU1Aq9jJLcHKVYayQ9Nrq6CE3WhA0L8A8GmpaUk5-un5yfm5uaVwIxD6EWqDElsSQxKbE4FUmfp1-wa1CIAg49IFfANOFxXS0A68hQUg== | grep 200 diff --git a/.github/workflows/docs-notify.yml b/.github/workflows/docs-notify.yml deleted file mode 100644 index 6ac16d8b5..000000000 --- a/.github/workflows/docs-notify.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: Docs Notify - -on: - push: - paths: - - 'docs/**' - branches: - - main - -jobs: - trigger_publish: - runs-on: ubuntu-latest - - steps: - - name: Notify docs.kroki.io - uses: peter-evans/repository-dispatch@v2.1.2 - with: - token: ${{ secrets.REPO_ACCESS_TOKEN }} - repository: yuzutech/docs.kroki.io - event-type: kroki diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml deleted file mode 100644 index e96340101..000000000 --- a/.github/workflows/main.yaml +++ /dev/null @@ -1,246 +0,0 @@ -name: CI - -on: - push: - paths-ignore: - - 'docs/**' - branches: - - main - pull_request: - paths-ignore: - - 'docs/**' - branches: - - '*' - workflow_call: - inputs: - build_multiarch: - default: false - required: true - type: boolean - -jobs: - test-containers: - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - - - name: Free up disk space - #if: ${{ inputs.build_multiarch }} - shell: bash - # workaround: https://github.com/jlumbroso/free-disk-space/issues/9 - # copied from https://github.com/hirnidrin/free-disk-space/blob/4bacba7c412c8ace26b87b5b79977da05137e69d/action.yml - run: | - # ====== - # MACROS - # ====== - - # macro to print a line of equals - # (silly but works) - printSeparationLine() { - str=${1:=} - num=${2:-80} - counter=1 - output="" - while [ $counter -le $num ] - do - output="${output}${str}" - counter=$((counter+1)) - done - echo "${output}" - } - - # macro to compute available space - # REF: https://unix.stackexchange.com/a/42049/60849 - # REF: https://stackoverflow.com/a/450821/408734 - getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); } - - # macro to make Kb human readable (assume the input is Kb) - # REF: https://unix.stackexchange.com/a/44087/60849 - formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); } - - # macro to output saved space - printSavedSpace() { - saved=${1} - title=${2:-} - - echo "" - printSeparationLine '*' 80 - if [ ! -z "${title}" ]; then - echo "=> ${title}: Saved $(formatByteCount $saved)" - else - echo "=> Saved $(formatByteCount $saved)" - fi - printSeparationLine '*' 80 - echo "" - } - - # macro to print output of dh with caption - printDH() { - caption=${1:-} - - printSeparationLine '=' 80 - echo "${caption}" - echo "" - echo "$ dh -h /" - echo "" - df -h / - echo "$ dh -a /" - echo "" - df -a / - echo "$ dh -a" - echo "" - df -a - printSeparationLine '=' 80 - } - - # ====== - # SCRIPT - # ====== - - # Display initial disk space stats - - AVAILABLE_INITIAL=$(getAvailableSpace) - AVAILABLE_ROOT_INITIAL=$(getAvailableSpace '/') - - printDH "BEFORE CLEAN-UP:" - echo "" - - # Remove Android library - BEFORE=$(getAvailableSpace) - - sudo rm -rf /usr/local/lib/android - - AFTER=$(getAvailableSpace) - SAVED=$((AFTER-BEFORE)) - printSavedSpace $SAVED "Android library" - - BEFORE=$(getAvailableSpace) - - # https://github.community/t/bigger-github-hosted-runners-disk-space/17267/11 - sudo rm -rf /usr/share/dotnet - - AFTER=$(getAvailableSpace) - SAVED=$((AFTER-BEFORE)) - printSavedSpace $SAVED ".NET runtime" - - BEFORE=$(getAvailableSpace) - - sudo rm -rf /opt/ghc - - AFTER=$(getAvailableSpace) - SAVED=$((AFTER-BEFORE)) - printSavedSpace $SAVED "Haskell runtime" - - # Remove large packages - # REF: https://github.com/apache/flink/blob/master/tools/azure-pipelines/free_disk_space.sh - - BEFORE=$(getAvailableSpace) - - sudo apt-get remove -y '^aspnetcore-.*' - sudo apt-get remove -y '^dotnet-.*' - sudo apt-get remove -y '^llvm-.*' - sudo apt-get remove -y 'php.*' - sudo apt-get remove -y '^mongodb-.*' - sudo apt-get remove -y '^mysql-.*' - sudo apt-get remove -y azure-cli google-chrome-stable firefox powershell mono-devel libgl1-mesa-dri - sudo apt-get autoremove -y - sudo apt-get clean - - AFTER=$(getAvailableSpace) - SAVED=$((AFTER-BEFORE)) - printSavedSpace $SAVED "Large misc. packages" - - # Remove Docker images - BEFORE=$(getAvailableSpace) - - sudo docker image prune --all --force - - AFTER=$(getAvailableSpace) - SAVED=$((AFTER-BEFORE)) - printSavedSpace $SAVED "Docker images" - - # Remove Swap storage - BEFORE=$(getAvailableSpace) - - sudo swapoff -a - sudo rm -f /mnt/swapfile - free -h - - AFTER=$(getAvailableSpace) - SAVED=$((AFTER-BEFORE)) - printSavedSpace $SAVED "Swap storage" - - # Output saved space statistic - - AVAILABLE_END=$(getAvailableSpace) - AVAILABLE_ROOT_END=$(getAvailableSpace '/') - - echo "" - printDH "AFTER CLEAN-UP:" - - echo "" - echo "" - - echo "/dev/root:" - printSavedSpace $((AVAILABLE_ROOT_END - AVAILABLE_ROOT_INITIAL)) - echo "overall:" - printSavedSpace $((AVAILABLE_END - AVAILABLE_INITIAL)) - - - name: Install GraphViz - run: sudo apt-get install graphviz -y - - - name: Set up JDK 17 - uses: actions/setup-java@v4 - with: - java-version: 17 - distribution: temurin - - - name: Build Java server - run: make buildServer - - - name: Set up QEMU - if: ${{ inputs.build_multiarch }} - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - config-inline: | - [worker.oci] - max-parallelism = 2 - - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Build container images - run: make buildDockerImages - env: - BUILD_MULTIARCH: ${{ inputs.build_multiarch }} - CACHE_FROM: 'type=local,src=/tmp/.buildx-cache' - CACHE_TO: 'type=local,dest=/tmp/.buildx-cache-new' - - - name: 'Setup Node.js 18' - uses: actions/setup-node@v4 - with: - node-version: 18 - - - name: Install Node dependencies - run: npm install - - - name: Run smoke tests - run: make smokeTests - - # This ugly bit is necessary if you don't want your cache to grow forever until it hits GitHub's limit of 5GB. - # Temp fix - # https://github.com/docker/build-push-action/issues/252 - # https://github.com/moby/buildkit/issues/1896 - - name: Move cache - run: | - rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache - diff --git a/.github/workflows/mermaid-ci.yaml b/.github/workflows/mermaid-ci.yaml deleted file mode 100644 index 03a644b8c..000000000 --- a/.github/workflows/mermaid-ci.yaml +++ /dev/null @@ -1,29 +0,0 @@ -name: Mermaid CI - -on: - push: - paths: - - 'mermaid/**' - branches: - - main - pull_request: - paths: - - 'mermaid/**' - branches: - - '*' - -jobs: - mermaid-ci: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: 'Setup Node.js 18' - uses: actions/setup-node@v4 - with: - node-version: 18 - - name: Install Node dependencies - run: npm i - working-directory: mermaid - - name: Lint & tests - run: npm run lint && npm t - working-directory: mermaid diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml deleted file mode 100644 index 37d38f7f7..000000000 --- a/.github/workflows/nightly.yaml +++ /dev/null @@ -1,11 +0,0 @@ -name: CI (nightly) - -on: - schedule: - - cron: '0 2 * * *' - -jobs: - test-containers-multiarch: - uses: ./.github/workflows/main.yaml - with: - build_multiarch: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8420b5d6e..c6586ae54 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,32 +6,6 @@ on: - 'v*' # Push events to matching v*, i.e. v1.0, v2.1.3 jobs: - release: - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - - name: Install GraphViz - run: sudo apt-get install graphviz -y - - name: Set up JDK 17 - uses: actions/setup-java@v4 - with: - java-version: 17 - distribution: temurin - - name: Build Java server - run: make buildServer - - run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV - - name: Generate checksums - run: | - cp kroki-server.jar kroki-standalone-server-${{ env.RELEASE_VERSION }}.jar - sha512sum kroki-standalone-server-${{ env.RELEASE_VERSION }}.jar > kroki-standalone-server-${{ env.RELEASE_VERSION }}.sha512sum.txt - md5sum kroki-standalone-server-${{ env.RELEASE_VERSION }}.jar > kroki-standalone-server-${{ env.RELEASE_VERSION }}.md5sum.txt - working-directory: server/target - - name: Create release - run: | - gh release create "${{ env.RELEASE_VERSION }}" - gh release upload "${{ env.RELEASE_VERSION }}" ./server/target/kroki-standalone-server-* --clobber - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} publish_dockerhub: runs-on: ubuntu-22.04 steps: @@ -51,11 +25,11 @@ jobs: uses: docker/setup-buildx-action@v3 with: config: .github/buildkitd.toml - - name: Login to Docker Hub - run: | - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin - env: - DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Publish Docker images run: RELEASE_VERSION=${GITHUB_REF#refs/*/v*} make publishDockerImages diff --git a/Makefile b/Makefile index 6f47677f1..1b0330092 100644 --- a/Makefile +++ b/Makefile @@ -24,7 +24,7 @@ publishDockerImages: ifndef RELEASE_VERSION $(error RELEASE_VERSION is undefined) endif - docker buildx bake -f docker-bake.hcl -f docker-bake-release.hcl kroki companion-images --push --set "*.platform=linux/arm64,linux/amd64" + docker buildx bake -f docker-bake.hcl -f docker-bake-release.hcl kroki --push --set "*.platform=linux/arm64,linux/amd64" smokeTests: TAG=smoketests docker buildx bake kroki companion-images --load --set "*.cache-from=$(CACHE_FROM)" --set "*.cache-to=$(CACHE_TO)" diff --git a/docker-bake.hcl b/docker-bake.hcl index 87fa43729..ca1ffea2d 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -10,7 +10,7 @@ target "oci-labels" { labels = { "org.opencontainers.image.description" = "Kroki provides a unified API supporting multiple diagramming formats, making it easy to create diagrams from textual descriptions." "org.opencontainers.image.url" = "https://kroki.io" - "org.opencontainers.image.source" = "https://github.com/yuzutech/kroki" + "org.opencontainers.image.source" = "https://github.com/StaflSystems/kroki" "org.opencontainers.image.licenses" = "MIT" } } @@ -26,7 +26,7 @@ target "kroki" { tikz = "./tikz" } dockerfile = "ops/docker/jdk17-jammy/Dockerfile" - tags = ["yuzutech/kroki:${TAG}"] + tags = ["StaflSystems/kroki:${TAG}"] inherits = ["oci-labels"] labels = { "org.opencontainers.image.title" = "Kroki" @@ -35,7 +35,7 @@ target "kroki" { target "kroki-mermaid" { context = "mermaid" - tags = ["yuzutech/kroki-mermaid:${TAG}"] + tags = ["StaflSystems/kroki-mermaid:${TAG}"] inherits = ["oci-labels"] labels = { "org.opencontainers.image.title" = "Kroki - Mermaid" @@ -44,7 +44,7 @@ target "kroki-mermaid" { target "kroki-bpmn" { context = "bpmn" - tags = ["yuzutech/kroki-bpmn:${TAG}"] + tags = ["StaflSystems/kroki-bpmn:${TAG}"] inherits = ["oci-labels"] labels = { "org.opencontainers.image.title" = "Kroki - BPMN" @@ -53,7 +53,7 @@ target "kroki-bpmn" { target "kroki-excalidraw" { context = "excalidraw" - tags = ["yuzutech/kroki-excalidraw:${TAG}"] + tags = ["StaflSystems/kroki-excalidraw:${TAG}"] inherits = ["oci-labels"] labels = { "org.opencontainers.image.title" = "Kroki - Excalidraw" @@ -62,7 +62,7 @@ target "kroki-excalidraw" { target "kroki-diagramsnet" { context = "diagrams.net" - tags = ["yuzutech/kroki-diagramsnet:${TAG}"] + tags = ["StaflSystems/kroki-diagramsnet:${TAG}"] inherits = ["oci-labels"] labels = { "org.opencontainers.image.title" = "Kroki - diagrams.net"