diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..8ee771c --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,22 @@ +name: Build PR + +on: + pull_request: + branches: [ mainline ] + # enable manual running in the actions ui + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v2 + + # Do safety check using the most recent version of the image + - name: Run Safety on Requirements.txt + run: cat requirements.txt | docker run -i --rm pyupio/safety safety check --stdin + + - name: Run Safety on Requirements-float.txt + run: cat requirements-float.txt | docker run -i --rm pyupio/safety safety check --stdin diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..5085962 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,48 @@ +name: Build And Push Image + +on: + push: + branches: [ mainline ] + # enable manual running in the actions ui + workflow_dispatch: + branches: [ mainline ] + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + build: + # The type of runner that the job will run on + runs-on: ubuntu-latest + env: + DOCKER_USERNAME: pzelnip + + steps: + - uses: actions/checkout@v2 + + # Do safety check using the most recent version of the image + - name: Run Safety on Requirements.txt + run: cat requirements.txt | docker run -i --rm pyupio/safety safety check --stdin + + - name: Run Safety on Requirements-float.txt + run: cat requirements-float.txt | docker run -i --rm pyupio/safety safety check --stdin + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Build and push + id: docker_build + uses: docker/build-push-action@v2 + with: + push: true + tags: | + pzelnip/codependentcodrbase:latest + pzelnip/codependentcodrbase:${{ github.sha }} diff --git a/.pyup.yml b/.pyup.yml index a479c10..cc56198 100644 --- a/.pyup.yml +++ b/.pyup.yml @@ -2,9 +2,17 @@ update: all schedule: "every day" -branch: master +branch: mainline label_prs: pyup assignees: - pzelnip + +requirements: + - requirements-float.txt: + update: False + pin: False + - requirements.txt: + update: all + pin: True diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 70a8c8c..0000000 --- a/.travis.yml +++ /dev/null @@ -1,18 +0,0 @@ -language: bash - -sudo: required - -services: -- docker - -script: -- make deploy - -branches: - only: - - master - -notifications: - email: false - slack: - secure: "km7RBKh+IcKOXPz/CLrjmLStdfbRLlI28bDnApZcZR6rA+iSO9HW8tEYIIPAMq6GDfOcnZgpSw5kiJXDjSyuuXoNjP41D4Uyt8z+q9aXcF3QxUBP44hfcF2M+6XnFNin02nZCRPJutK8nMH+DzspmaEZTraG660Oc3ZZPyE8Gvn7uaIyyB7aJe1NlI2hbOCw7A4A2wvjkmHEnNKmE0tpE7FSxHE0YQ/xj7PGAtot7io603brBneZwkNoQ5t5x8DdoD0IVdyvXQQ/W3WX84ePW02JPpBtNLfN+dnzPeZZO86X6ZTKvQjgOqVUDop+MPcWbPO0Wa8IukKj5Sg7MdXwCs+DhsljXr14Hcm1ynnVstEjKTwHFfLXQjRTmcIc3GcRCBaR5FJNh5SvfousDWpE14Vp48RZ744ac80fgxt3treMCkk9eDacW8l1olYoOn32WkMoI6sHnLn4omLqttqXMi842b+Cmzq3Tip2/9jxGtjC7rM+9KrHq1Naldak3rAVGGzB8IDrHf7o+8R6GCIkaDMb39l0vnOSOhMXFO3DS+VFy6nPu1N3WKn13FUaw4GHkND1gHmvH6YlmpiD0W96cuz9BoHcwenCH1gwUsqRR4nA1n1KfwPrtveufHdzWXVzTKoiB1d90b4gV5/U1OAoA56vU9YrdhxvsHQAKzLRfIw=" diff --git a/Dockerfile b/Dockerfile index cb92a53..d9e08e8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,22 +10,12 @@ FROM alpine:latest # image for CDC builds RUN apk add --no-cache --update \ - python3 nodejs-current-npm make git curl + python3 make git curl -RUN python3 -m ensurepip -RUN pip3 install --upgrade pip +RUN python3 -m ensurepip && python3 -m pip install --upgrade pip --no-cache-dir -RUN npm install -g markdownlint-cli - -# needed for Pylint 2.0.0 COPY requirements.txt /build/requirements.txt +COPY requirements-float.txt /build/requirements-float.txt -# Note that these 3 commands have to be combined to save on built -# image size. If we separate into multiple Docker commands then -# doing the del after the fact has no effect because Docker *layers* -# the filesystem. See: https://github.com/gliderlabs/docker-alpine/issues/45 -# With this all as one command I found I saved over 100MB on the final -# built image. -RUN apk add --no-cache --update python3-dev gcc build-base && \ - pip3 install -r /build/requirements.txt && \ - apk del python3-dev gcc build-base +RUN python3 -m pip install -r /build/requirements-float.txt --no-cache-dir && \ + python3 -m pip install -r /build/requirements.txt --no-cache-dir diff --git a/Makefile b/Makefile deleted file mode 100644 index 6dbef76..0000000 --- a/Makefile +++ /dev/null @@ -1,26 +0,0 @@ -SITE_NAME=codependentcodrbase -USER_NAME=pzelnip -SHA := $(shell git rev-parse --short HEAD) - -dockerbuild: - docker build -t $(SITE_NAME):latest . - -safety: dockerbuild - docker run -it --rm $(SITE_NAME):latest safety check -r /build/requirements.txt --full-report - -dockerpush: - echo "$(DOCKER_PASSWORD)" | docker login -u "$(DOCKER_USERNAME)" --password-stdin - docker tag $(SITE_NAME) $(USER_NAME)/$(SITE_NAME):latest - docker tag $(SITE_NAME) $(USER_NAME)/$(SITE_NAME):$(SHA) - docker push $(USER_NAME)/$(SITE_NAME):latest - docker push $(USER_NAME)/$(SITE_NAME):$(SHA) - -triggerdownstream: - curl -s -X POST -H "Content-Type: application/json" -H "Accept: application/json" -H "Travis-API-Version: 3" -H "Authorization: token $(TRAVIS_TOKEN)" -d '{ "request": { "branch":"master" }}' https://api.travis-ci.com/repo/pzelnip%2Fwww.codependentcodr.com/requests - -deploy: dockerbuild safety dockerpush triggerdownstream - -clean: - docker images | grep $(SITE_NAME) | awk {'print $3'} | xargs docker rmi - -.PHONY: dockerbuild dockerpush deploy safety diff --git a/Readme.md b/Readme.md index 0b76689..54081a5 100644 --- a/Readme.md +++ b/Readme.md @@ -1,6 +1,8 @@ # Codependent Codr Base Image -[![Build Status](https://travis-ci.com/pzelnip/codependentcodrbase.svg?branch=master)](https://travis-ci.com/pzelnip/codependentcodrbase) +[![Actions Status](https://github.com/pzelnip/codependentcodrbase/workflows/Build%20And%20Push%20Image/badge.svg)](https://github.com/pzelnip/codependentcodrbase/actions) +[![Updates](https://pyup.io/repos/github/pzelnip/codependentcodrbase/shield.svg)](https://pyup.io/repos/github/pzelnip/codependentcodrbase/) +[![Python 3](https://pyup.io/repos/github/pzelnip/codependentcodrbase/python-3-shield.svg)](https://pyup.io/repos/github/pzelnip/codependentcodrbase/) This is the base Docker image that I use for my blog. @@ -16,7 +18,6 @@ that installing git, curl, npm, etc on every build when I posted a new blog post really made for some long builds. Those packages almost never change, so I pulled that stuff out -into the Dockerfile you find here in this repo. This gets built -nightly by Travis, and pushed to Dockerhub. I then use that +into the Dockerfile you find here in this repo. I then use that built image as the base image for CDC builds, which speeds up my build times for that repo. diff --git a/requirements-float.txt b/requirements-float.txt new file mode 100644 index 0000000..794c4f6 --- /dev/null +++ b/requirements-float.txt @@ -0,0 +1,4 @@ +# These are dependencies that are allowed to "float", ie not be +# version pinned. For pinned dependencies see requirements.txt +awscli +boto3 diff --git a/requirements.txt b/requirements.txt index 55728ba..1c0a1a9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,11 +1,2 @@ -autopep8==1.4.1 -awscli==1.16.39 -bandit==1.5.1 -black==18.9b0 -boto3==1.9.29 -flake8==3.5.0 -Markdown==3.0.1 -pelican==3.7.1 -pydocstyle==3.0.0 -pylint==2.1.1 -safety==1.8.4 +Markdown==3.4.1 +pelican==4.8.0