Skip to content

Commit

Permalink
Use pipe fail, quote array expansion and prevent word globbing (#96)
Browse files Browse the repository at this point in the history
The previous PRs failed to build because hadolint was mad. I think this
fixes the problem but I'm curious about unintended side affects.
  • Loading branch information
fredclausen authored Jun 2, 2024
2 parents cf7535f + 829f65a commit 311e562
Show file tree
Hide file tree
Showing 2 changed files with 94 additions and 6 deletions.
88 changes: 88 additions & 0 deletions .github/workflows/on_pr.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
---
name: Pull Request

on:
pull_request:
branches:
- main

push:
branches:
- main
# Don't trigger if it's just a documentation update
paths:
- "rust/**"
- "Dockerfile"
- "Dockerfile.build_binary"
- "rootfs/**"
- "downloads/**"
- ".env"

# Set workflow-wide environment variables
# - REPO: repo name on dockerhub
# - IMAGE: image name on dockerhub
env:
# DOCKERHUB_REPO: sdr-enthusiasts
# DOCKERHUB_IMAGE: vrs
GHCR_IMAGE: sdr-enthusiasts/docker-adsb-ultrafeeder
GHCR_REGISTRY: ghcr.io
GH_LABEL: main
GHCR_TAG: latest

jobs:
hadolint:
name: Run hadolint against docker files
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- name: Pull hadolint/hadolint:latest Image
run: docker pull hadolint/hadolint:latest
- name: Run hadolint against Dockerfiles
run: docker run --rm -i -v "$PWD":/workdir --workdir /workdir --entrypoint hadolint hadolint/hadolint --ignore DL3015 --ignore DL3003 --ignore DL3006 --ignore DL3010 --ignore DL4001 --ignore DL3007 --ignore DL3008 --ignore SC2068 --ignore DL3007 --ignore SC1091 --ignore DL3013 --ignore DL3010 $(find . -type f -iname "Dockerfile*")

deploy:
name: Deploy without telegraf
uses: sdr-enthusiasts/common-github-workflows/.github/workflows/build_and_push_image.yml@main
with:
push_enabled: false
push_destinations: ghcr.io
ghcr_repo_owner: ${{ github.repository_owner }}
ghcr_repo: ${{ github.repository }}
get_version_method: file_in_container:file=/CONTAINER_VERSION
# set build_latest to true if github.event.inputs.use_test_image is false
build_latest: true
build_baseimage_test: false
# only build the entire stack if we are not using the test image
build_version_specific: false
build_platform_specific: false
build_nohealthcheck: false
build_baseimage_url: docker-tar1090:latest/docker-tar1090:baseimage-test
secrets:
ghcr_token: ${{ secrets.GITHUB_TOKEN }}

# unfortunately we can't use build_and_push_image.yml to build the telegraf label because
# that GH Action doesn't have the capability to build specific custom-named labels

deploy_with_telegraf:
name: Deploy with telegraf and healthcheck
uses: sdr-enthusiasts/common-github-workflows/.github/workflows/build_and_push_image.yml@main
with:
push_enabled: false
push_destinations: ghcr.io
ghcr_repo_owner: ${{ github.repository_owner }}
ghcr_repo: ${{ github.repository }}
get_version_method: file_in_container:file=/CONTAINER_VERSION
# set build_latest to true if github.event.inputs.use_test_image is false
build_latest: true
build_baseimage_test: false
build_baseimage_url: docker-tar1090:telegraf/docker-tar1090:telegraf-baseimage-test
# only build the entire stack if we are not using the test image
build_version_specific: false
build_platform_specific: false
build_nohealthcheck: false
docker_latest_tag: telegraf
dockerfile_changes: |
docker-tar1090:latest/docker-tar1090:telegraf
secrets:
ghcr_token: ${{ secrets.GITHUB_TOKEN }}
12 changes: 6 additions & 6 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ ENV URL_MLAT_CLIENT_REPO="https://github.com/wiedehopf/mlat-client.git" \
PRIVATE_MLAT="false" \
MLAT_INPUT_TYPE="auto"

RUN set -x && \
TEMP_PACKAGES=() && \
SHELL ["/bin/bash", "-x", "-o", "pipefail", "-c"]
RUN TEMP_PACKAGES=() && \
KEPT_PACKAGES=() && \
# Git and net-tools are needed to install and run @Mikenye's HealthCheck framework
KEPT_PACKAGES+=(git) && \
Expand All @@ -31,8 +31,8 @@ RUN set -x && \
# Install all these packages:
apt-get update -q -y && \
apt-get install -o Dpkg::Options::="--force-confnew" -y --no-install-recommends -q \
${KEPT_PACKAGES[@]} \
${TEMP_PACKAGES[@]} && \
"${KEPT_PACKAGES[@]}" \
"${TEMP_PACKAGES[@]}" && \
#
# Compile and Install the mlat_client
mkdir -p /git && \
Expand All @@ -45,7 +45,7 @@ RUN set -x && \
rm -rf /git && \
#
# Clean up and install POST_PACKAGES:
apt-get remove -q -y ${TEMP_PACKAGES[@]} && \
apt-get remove -q -y "${TEMP_PACKAGES[@]}" && \
# apt-get install -o Dpkg::Options::="--force-confnew" -y --no-install-recommends -q \
# ${POST_PACKAGES[@]} && \
apt-get autoremove -q -o APT::Autoremove::RecommendsImportant=0 -o APT::Autoremove::SuggestsImportant=0 -y && \
Expand All @@ -63,7 +63,7 @@ COPY rootfs/ /
RUN set -x && \
branch="##BRANCH##" && \
[[ "${branch:0:1}" == "#" ]] && branch="main" || true && \
git clone --depth=1 -b $branch https://github.com/sdr-enthusiasts/docker-adsb-ultrafeeder.git /tmp/clone && \
git clone --depth=1 -b "$branch" https://github.com/sdr-enthusiasts/docker-adsb-ultrafeeder.git /tmp/clone && \
pushd /tmp/clone && \
echo "$(TZ=UTC date +%Y%m%d-%H%M%S)_$(git rev-parse --short HEAD)_$(git branch --show-current)" > /.CONTAINER_VERSION && \
popd && \
Expand Down

0 comments on commit 311e562

Please sign in to comment.