Merge pull request #12 from linuxserver-labs/nemchik

Nemchik

.editorconfig

@@ -0,0 +1,20 @@
+# This file is globally distributed to all container image projects from
+# https://github.com/linuxserver/docker-jenkins-builder/blob/master/.editorconfig
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+# trim_trailing_whitespace may cause unintended issues and should not be globally set true
+trim_trailing_whitespace = false
+
+[{Dockerfile*,**.yml}]
+indent_style = space
+indent_size = 2
+
+[{**.sh,root/etc/cont-init.d/**,root/etc/services.d/**}]
+indent_style = space
+indent_size = 4

.github/CONTRIBUTING.md

@@ -0,0 +1,123 @@
+# Contributing to fail2ban
+
+## Gotchas
+
+* While contributing make sure to make all your changes before creating a Pull Request, as our pipeline builds each commit after the PR is open.
+* Read, and fill the Pull Request template
+  * If this is a fix for a typo (in code, documentation, or the README) please file an issue and let us sort it out. We do not need a PR
+  * If the PR is addressing an existing issue include, closes #\<issue number>, in the body of the PR commit message
+* If you want to discuss changes, you can also bring it up in [#dev-talk](https://discordapp.com/channels/354974912613449730/757585807061155840) in our [Discord server](https://discord.gg/YWrKVTn)
+
+## Common files
+
+| File | Use case |
+| :----: | --- |
+| `Dockerfile` | Dockerfile used to build amd64 images |
+| `Dockerfile.aarch64` | Dockerfile used to build 64bit ARM architectures |
+| `Dockerfile.armhf` | Dockerfile used to build 32bit ARM architectures |
+| `Jenkinsfile` | This file is a product of our builder and should not be edited directly. This is used to build the image |
+| `jenkins-vars.yml` | This file is used to generate the `Jenkinsfile` mentioned above, it only affects the build-process |
+| `package_versions.txt` | This file is generated as a part of the build-process and should not be edited directly. It lists all the installed packages and their versions |
+| `README.md` | This file is a product of our builder and should not be edited directly. This displays the readme for the repository and image registries |
+| `readme-vars.yml` | This file is used to generate the `README.md` |
+
+## Readme
+
+If you would like to change our readme, please __**do not**__ directly edit the readme, as it is auto-generated on each commit.
+Instead edit the [readme-vars.yml](https://github.com/linuxserver/docker-fail2ban/edit/master/readme-vars.yml).
+
+These variables are used in a template for our [Jenkins Builder](https://github.com/linuxserver/docker-jenkins-builder) as part of an ansible play.
+Most of these variables are also carried over to [docs.linuxserver.io](https://docs.linuxserver.io/images/docker-fail2ban)
+
+### Fixing typos or clarify the text in the readme
+
+There are variables for multiple parts of the readme, the most common ones are:
+
+| Variable | Description |
+| :----: | --- |
+| `project_blurb` | This is the short excerpt shown above the project logo. |
+| `app_setup_block` | This is the text that shows up under "Application Setup" if enabled |
+
+### Parameters
+
+The compose and run examples are also generated from these variables.
+
+We have a [reference file](https://github.com/linuxserver/docker-jenkins-builder/blob/master/vars/_container-vars-blank) in our Jenkins Builder.
+
+These are prefixed with `param_` for required parameters, or `opt_param` for optional parameters, except for `cap_add`.
+Remember to enable param, if currently disabled. This differs between parameters, and can be seen in the reference file.
+
+Devices, environment variables, ports and volumes expects its variables in a certain way.
+
+### Devices
+
+```yml
+param_devices:
+  - { device_path: "/dev/dri", device_host_path: "/dev/dri", desc: "For hardware transcoding" }
+opt_param_devices:
+  - { device_path: "/dev/dri", device_host_path: "/dev/dri", desc: "For hardware transcoding" }
+```
+
+### Environment variables
+
+```yml
+param_env_vars:
+  - { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London." }
+opt_param_env_vars:
+  - { env_var: "VERSION", env_value: "latest", desc: "Supported values are LATEST, PLEXPASS or a specific version number." }
+```
+
+### Ports
+
+```yml
+param_ports:
+  - { external_port: "80", internal_port: "80", port_desc: "Application WebUI" }
+opt_param_ports:
+  - { external_port: "80", internal_port: "80", port_desc: "Application WebUI" }
+```
+
+### Volumes
+
+```yml
+param_volumes:
+  - { vol_path: "/config", vol_host_path: "</path/to/appdata/config>", desc: "Configuration files." }
+opt_param_volumes:
+  - { vol_path: "/config", vol_host_path: "</path/to/appdata/config>", desc: "Configuration files." }
+```
+
+### Testing template changes
+
+After you make any changes to the templates, you can use our [Jenkins Builder](https://github.com/linuxserver/docker-jenkins-builder) to have the files updated from the modified templates. Please use the command found under `Running Locally` [on this page](https://github.com/linuxserver/docker-jenkins-builder/blob/master/README.md) to generate them prior to submitting a PR.
+
+## Dockerfiles
+
+We use multiple Dockerfiles in our repos, this is because sometimes some CPU architectures needs different packages to work.
+If you are proposing additional packages to be added, ensure that you added the packages to all the Dockerfiles in alphabetical order.
+
+### Testing your changes
+
+```bash
+git clone https://github.com/linuxserver/docker-fail2ban.git
+cd docker-fail2ban
+docker build \
+  --no-cache \
+  --pull \
+  -t linuxserver/fail2ban:latest .
+```
+
+The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static`
+
+```bash
+docker run --rm --privileged multiarch/qemu-user-static:register --reset
+```
+
+Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64`.
+
+## Update the changelog
+
+If you are modifying the Dockerfiles or any of the startup scripts in [root](https://github.com/linuxserver/docker-fail2ban/tree/master/root), add an entry to the changelog
+
+```yml
+changelogs:
+  - { date: "DD.MM.YY:", desc: "Added some love to templates" }
+```

.github/FUNDING.yml

@@ -0,0 +1,2 @@
+github: linuxserver
+open_collective: linuxserver

.github/ISSUE_TEMPLATE/config.yml

@@ -9,5 +9,5 @@ contact_links:
     about: Post on our community forum.
 
   - name: Documentation
-    url: https://docs.linuxserver.io/images/fail2ban
+    url: https://docs.linuxserver.io/images/docker-fail2ban
     about: Documentation - information about all of our containers.

.github/ISSUE_TEMPLATE/issue.bug.md

@@ -4,7 +4,7 @@ about: Create a report to help us improve
 
 ---
 [linuxserverurl]: https://linuxserver.io
-[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/lsio-labs-wide.png)](https://linuxserver.io)
+[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl]
 
 <!--- If you are new to Docker or this application our issue tracker is **ONLY** used for reporting bugs or requesting features. Please use [our discord server](https://discord.gg/YWrKVTn) for general support. --->
 
@@ -37,4 +37,4 @@ about: Create a report to help us improve
 <!--- Provide your docker create/run command or compose yaml snippet, or a screenshot of settings if using a gui to create the container -->
 
 ## Docker logs
-<!--- Provide a full docker log, output of "docker logs your_spotify" -->
+<!--- Provide a full docker log, output of "docker logs fail2ban" -->

.github/ISSUE_TEMPLATE/issue.feature.md

@@ -4,7 +4,7 @@ about: Suggest an idea for this project
 
 ---
 [linuxserverurl]: https://linuxserver.io
-[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/lsio-labs-wide.png)](https://linuxserver.io)
+[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl]
 
 <!--- If you are new to Docker or this application our issue tracker is **ONLY** used for reporting bugs or requesting features. Please use [our discord server](https://discord.gg/YWrKVTn) for general support. --->
 

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,7 +1,8 @@
 <!--- Provide a general summary of your changes in the Title above -->
 
 [linuxserverurl]: https://linuxserver.io
-[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/lsio-labs-wide.png)](https://linuxserver.io)
+[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl]
+
 
 <!--- Before submitting a pull request please check the following -->
 
@@ -11,6 +12,7 @@
 <!---  You have included links to any files / patches etc your PR may be using in the body of the PR commit message -->
 <!--- We maintain a changelog of major revisions to the container at the end of readme-vars.yml in the root of this repository, please add your changes there if appropriate -->
 
+
 <!--- Coding guidelines: -->
 <!--- 1. Installed packages in the Dockerfiles should be in alphabetical order -->
 <!--- 2. Changes to Dockerfile should be replicated in Dockerfile.armhf and Dockerfile.aarch64 if applicable -->
@@ -19,7 +21,7 @@
 
 ------------------------------
 
- - [ ] I have read the [contributing](https://github.com/linuxserver-labs/docker-fail2ban/blob/main/.github/CONTRIBUTING.md) guideline and understand that I have made the correct modifications
+ - [ ] I have read the [contributing](https://github.com/linuxserver/docker-fail2ban/blob/master/.github/CONTRIBUTING.md) guideline and understand that I have made the correct modifications
 
 ------------------------------
 
@@ -36,5 +38,6 @@
 <!--- Include details of your testing environment, and the tests you ran to -->
 <!--- see how your change affects other areas of the code, etc. -->
 
+
 ## Source / References:
 <!--- Please include any forum posts/github links relevant to the PR -->

.github/workflows/call-baseimage-update.yml

@@ -10,7 +10,7 @@ jobs:
     with:
       repo_owner: ${{ github.repository_owner }}
       baseimage: "alpine"
-      basebranch: "3.14"
+      basebranch: "3.16"
       app_name: "fail2ban"
     secrets:
       repo_release_token: ${{ secrets.repo_release_token }}

.github/workflows/call-build-image.yml

@@ -13,7 +13,7 @@ jobs:
       app_name: fail2ban
       release_type: alpine
       release_name: fail2Ban
-      release_url: "v3.14/main"
+      release_url: "v3.16/main"
       target-arch: "all"
     secrets:
       scarf_token: ${{ secrets.SCARF_TOKEN }}

.github/workflows/call-check-and-release.yml

@@ -12,7 +12,7 @@ jobs:
       repo_owner: ${{ github.repository_owner }}
       app_name: "fail2ban"
       release_type: "alpine"
-      release_url: "v3.14/main"
+      release_url: "v3.16/main"
       release_name: "fail2ban"
       branch: "master"
     secrets:

.github/workflows/external_trigger.yml

@@ -0,0 +1,93 @@
+name: External Trigger Main
+
+on:
+  workflow_dispatch:
+
+jobs:
+  external-trigger-master:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/[email protected]
+
+      - name: External Trigger
+        if: github.ref == 'refs/heads/master'
+        run: |
+          if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_FAIL2BAN_MASTER }}" ]; then
+            echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_FAIL2BAN_MASTER is set; skipping trigger. ****"
+            exit 0
+          fi
+          echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_FAIL2BAN_MASTER\". ****"
+          echo "**** Retrieving external version ****"
+          EXT_RELEASE=$(curl -sL "http://nl.alpinelinux.org/alpine/v3.16/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \
+            && awk '/^P:'"fail2ban"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://')
+          if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
+            echo "**** Can't retrieve external version, exiting ****"
+            FAILURE_REASON="Can't retrieve external version for fail2ban branch master"
+            GHA_TRIGGER_URL="https://github.com/linuxserver/docker-fail2ban/actions/runs/${{ github.run_id }}"
+            curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
+              "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n**Trigger URL:** '"${GHA_TRIGGER_URL}"' \n"}],
+              "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
+            exit 1
+          fi
+          EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g')
+          echo "**** External version: ${EXT_RELEASE} ****"
+          echo "**** Retrieving last pushed version ****"
+          image="linuxserver/fail2ban"
+          tag="latest"
+          token=$(curl -sX GET \
+            "https://ghcr.io/token?scope=repository%3Alinuxserver%2Ffail2ban%3Apull" \
+            | jq -r '.token')
+            multidigest=$(curl -s \
+              --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+              --header "Authorization: Bearer ${token}" \
+              "https://ghcr.io/v2/${image}/manifests/${tag}" \
+              | jq -r 'first(.manifests[].digest)')
+            digest=$(curl -s \
+              --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+              --header "Authorization: Bearer ${token}" \
+              "https://ghcr.io/v2/${image}/manifests/${multidigest}" \
+              | jq -r '.config.digest')
+          image_info=$(curl -sL \
+            --header "Authorization: Bearer ${token}" \
+            "https://ghcr.io/v2/${image}/blobs/${digest}" \
+            | jq -r '.container_config')
+          IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}')
+          IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}')
+          if [ -z "${IMAGE_VERSION}" ]; then
+            echo "**** Can't retrieve last pushed version, exiting ****"
+            FAILURE_REASON="Can't retrieve last pushed version for fail2ban tag latest"
+            curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
+              "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
+              "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
+            exit 1
+          fi
+          echo "**** Last pushed version: ${IMAGE_VERSION} ****"
+          if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then
+            echo "**** Version ${EXT_RELEASE} already pushed, exiting ****"
+            exit 0
+          elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-fail2ban/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
+            echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****"
+            exit 0
+          else
+            echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****"
+            response=$(curl -iX POST \
+              https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-fail2ban/job/master/buildWithParameters?PACKAGE_CHECK=false \
+              --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
+            echo "**** Jenkins job queue url: ${response%$'\r'} ****"
+            echo "**** Sleeping 10 seconds until job starts ****"
+            sleep 10
+            buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
+            buildurl="${buildurl%$'\r'}"
+            echo "**** Jenkins job build url: ${buildurl} ****"
+            echo "**** Attempting to change the Jenkins job description ****"
+            curl -iX POST \
+              "${buildurl}submitDescription" \
+              --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
+              --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
+              --data-urlencode "Submit=Submit"
+            echo "**** Notifying Discord ****"
+            TRIGGER_REASON="A version change was detected for fail2ban tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}"
+            curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
+              "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}],
+              "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
+          fi

.github/workflows/external_trigger_scheduler.yml

@@ -0,0 +1,43 @@
+name: External Trigger Scheduler
+
+on:
+  schedule:
+    - cron:  '02 * * * *'
+  workflow_dispatch:
+
+jobs:
+  external-trigger-scheduler:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/[email protected]
+        with:
+          fetch-depth: '0'
+
+      - name: External Trigger Scheduler
+        run: |
+          echo "**** Branches found: ****"
+          git for-each-ref --format='%(refname:short)' refs/remotes
+          echo "**** Pulling the yq docker image ****"
+          docker pull ghcr.io/linuxserver/yq
+          for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
+          do
+            br=$(echo "$br" | sed 's|origin/||g')
+            echo "**** Evaluating branch ${br} ****"
+            ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-fail2ban/${br}/jenkins-vars.yml \
+              | docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch)
+            if [ "$br" == "$ls_branch" ]; then
+              echo "**** Branch ${br} appears to be live; checking workflow. ****"
+              if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-fail2ban/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then
+                echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****."
+                curl -iX POST \
+                  -H "Authorization: token ${{ secrets.CR_PAT }}" \
+                  -H "Accept: application/vnd.github.v3+json" \
+                  -d "{\"ref\":\"refs/heads/${br}\"}" \
+                  https://api.github.com/repos/linuxserver/docker-fail2ban/actions/workflows/external_trigger.yml/dispatches
+              else
+                echo "**** Workflow doesn't exist; skipping trigger. ****"
+              fi
+            else
+              echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
+            fi
+          done

.github/workflows/greetings.yml

@@ -8,6 +8,6 @@ jobs:
     steps:
     - uses: actions/first-interaction@v1
       with:
-        issue-message: 'Thanks for opening your first issue here! Be sure to follow the [bug](https://github.com/linuxserver-labs/docker-your_spotify/blob/main/.github/ISSUE_TEMPLATE/issue.bug.md) or [feature](https://github.com/linuxserver-labs/docker-your_spotify/blob/main/.github/ISSUE_TEMPLATE/issue.feature.md) issue templates!'
-        pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver-labs/docker-your_spotify/blob/main/.github/PULL_REQUEST_TEMPLATE.md)!'
+        issue-message: 'Thanks for opening your first issue here! Be sure to follow the [bug](https://github.com/linuxserver/docker-fail2ban/blob/master/.github/ISSUE_TEMPLATE/issue.bug.md) or [feature](https://github.com/linuxserver/docker-fail2ban/blob/master/.github/ISSUE_TEMPLATE/issue.feature.md) issue templates!'
+        pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-fail2ban/blob/master/.github/PULL_REQUEST_TEMPLATE.md)!'
         repo-token: ${{ secrets.GITHUB_TOKEN }}