Initial commit

homecentr · Jun 29, 2020 · f8477cf · f8477cf
commit f8477cf
Show file tree

Hide file tree

Showing 33 changed files with 803 additions and 0 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,7 @@
+* text=auto
+*.sh            eol=lf
+*.yml           eol=lf
+**/run          eol=lf
+**/finish       eol=lf
+**/services.d/**   eol=lf
+**/cont-init.d/**  eol=lf
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,32 @@
+version: 2
+updates:
+- package-ecosystem: docker
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  labels:
+    - dependencies
+  commit-message:
+    prefix: fix
+    include: scope
+- package-ecosystem: gradle
+  directory: "/tests"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  labels:
+    - dependencies
+  commit-message:
+    prefix: chore
+    include: scope
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  labels:
+    - dependencies
+  commit-message:
+    prefix: ci
+    include: scope
diff --git a/.github/semantic.yml b/.github/semantic.yml
@@ -0,0 +1,11 @@
+titleOnly: true
+types:
+  - feat
+  - fix
+  - docs
+  - refactor
+  - test
+  - build
+  - ci
+  - chore
+  - revert
diff --git a/.github/settings.yml b/.github/settings.yml
@@ -0,0 +1,35 @@
+# https://developer.github.com/v3/repos/#edit
+repository:
+  name: docker-$$IMAGE_NAME$$
+  description: ""
+  homepage: https://homecentr.github.io/
+  private: false
+  has_issues: true
+  has_wiki: false
+  has_downloads: false
+  has_projects: false
+  archived: false
+
+  default_branch: master
+  allow_squash_merge: true
+  allow_merge_commit: false
+  allow_rebase_merge: false
+
+# https://developer.github.com/v3/repos/branches/#update-branch-protection
+branches:
+  - name: master
+    protection:
+      required_status_checks:
+        strict: true
+        contexts: [ "build" ]
+      required_pull_request_reviews: null
+      enforce_admins: false
+      restrictions:
+
+labels:
+  - name: bug
+    color: d73a4a
+  - name: feature
+    color: a2eeef
+  - name: question
+    color: d876e3
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,39 @@
+name: CI PR/Branch
+on:
+  push:
+    branches-ignore:
+      - master
+  pull_request:
+
+env:
+  IMAGE_NAME: "homecentr/$$IMAGE_NAME$$"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+
+      - name: Set up java for tests execution
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+
+      - name: Set tag var
+        id: vars
+        run: echo ::set-output name=docker_tag::$(echo ${GITHUB_REF} | cut -d'/' -f3)-${GITHUB_SHA}
+
+      - name: Verify Dockerfile with Hadolint
+        uses: brpaz/hadolint-action@master      
+
+      - name: Build Docker image
+        run: docker build . -t ${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.docker_tag }}
+
+      - name: Test Docker image
+        run: cd tests && sudo gradle test --info -Ddocker_image_tag=${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.docker_tag }}
+
+      - name: Scan with Phonito Security
+        uses: phonito/phonito-scanner-action@master
+        with:
+          image: ${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.docker_tag }}
+          phonito-token: '${{ secrets.PHONITO_TOKEN }}'      
diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml
@@ -0,0 +1,74 @@
+name: CI/CD on master
+on:
+  push:
+    branches:
+      - master
+
+env:
+  IMAGE_NAME: "homecentr/$$IMAGE_NAME$$"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+
+      - name: Set up java for tests execution
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+
+      - name: "Determine release version"
+        uses: codfish/semantic-release-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Verify Dockerfile with Hadolint
+        uses: brpaz/hadolint-action@master
+
+      - name: "Build Docker image"
+        if: env.RELEASE_VERSION != ''
+        run: |
+          docker build . -t "$IMAGE_NAME:$RELEASE_VERSION" \
+              --label "org.label-schema.schema-version=1.0" \
+              --label "org.label-schema.vcs-ref=${GITHUB_SHA}" \
+              --label "org.label-schema.vcs-url=https://github.com/${GITHUB_REPOSITORY}" \
+              --label "org.label-schema.url=https://github.com/${GITHUB_REPOSITORY}" \
+              --label "org.label-schema.vendor=HomeCentr" \
+              --label "version=$RELEASE_VERSION" \
+              --label "org.label-schema.build-date=$(date '+%F %T')"
+
+      - name: Test Docker image
+        if: env.RELEASE_VERSION != ''
+        run: cd tests && sudo gradle test -Ddocker_image_tag=${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}
+
+      - name: Scan with Phonito Security
+        if: env.RELEASE_VERSION != ''
+        uses: phonito/phonito-scanner-action@master
+        with:
+          image: ${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}
+          phonito-token: '${{ secrets.PHONITO_TOKEN }}'
+
+      - name: "Tag image as latest"
+        if: env.RELEASE_VERSION != ''
+        run: "docker tag $IMAGE_NAME:$RELEASE_VERSION $IMAGE_NAME:latest"
+
+      - name: "Log into Docker Hub"
+        if: env.RELEASE_VERSION != ''
+        run: "echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login --username ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin"
+
+      - name: "Push versioned image"
+        if: env.RELEASE_VERSION != ''
+        run: "docker push $IMAGE_NAME:$RELEASE_VERSION"
+
+      - name: "Push latest image"
+        if: env.RELEASE_VERSION != ''
+        run: "docker push $IMAGE_NAME:latest"
+
+      - name: "Update Docker Hub description"
+        if: env.RELEASE_VERSION != ''
+        uses: peter-evans/[email protected]
+        env:
+          DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+          DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
+          DOCKERHUB_REPOSITORY: ${{ env.IMAGE_NAME }}
diff --git a/.github/workflows/regular_scan.yml b/.github/workflows/regular_scan.yml
@@ -0,0 +1,20 @@
+name: Regular Docker image vulnerability scan
+on:
+  schedule:
+    - cron: '0 6 * * *'
+
+env:
+  IMAGE_NAME: "homecentr/$$IMAGE_NAME$$"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Pull Docker image
+        run: docker pull ${{ env.IMAGE_NAME }}:latest
+
+      - name: Scan image for vulnerabilities
+        uses: phonito/phonito-scanner-action@master
+        with:
+          image: ${{ env.IMAGE_NAME }}:latest
+          phonito-token: '${{ secrets.PHONITO_TOKEN }}'
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,19 @@
+*.class
+*.jar
+*.war
+*.ear
+.gradle
+build
+.gradletasknamecache
+
+**/.idea/workspace.xml
+**/.idea/tasks.xml
+
+# Ignore Gradle GUI config
+gradle-app.setting
+
+# Avoid ignoring Gradle wrapper jar file (.jar files are usually ignored)
+!gradle-wrapper.jar
+
+# Cache of project
+.gradletasknamecache
diff --git a/.releaserc b/.releaserc
@@ -0,0 +1,8 @@
+{
+  branch: 'master',
+  plugins: [
+    '@semantic-release/commit-analyzer',
+    '@semantic-release/release-notes-generator',
+    '@semantic-release/github',
+  ],
+}
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1 @@
+FROM alpine
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 homecentr
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
@@ -0,0 +1,47 @@
+[![Project status](https://badgen.net/badge/project%20status/stable%20%26%20actively%20maintaned?color=green)](https://github.com/homecentr/docker-$$IMAGE_NAME$$/graphs/commit-activity) [![](https://badgen.net/github/label-issues/homecentr/docker-$$IMAGE_NAME$$/bug?label=open%20bugs&color=green)](https://github.com/homecentr/docker-$$IMAGE_NAME$$/labels/bug) [![](https://badgen.net/github/release/homecentr/docker-$$IMAGE_NAME$$)](https://hub.docker.com/repository/docker/homecentr/$$IMAGE_NAME$$)
+[![](https://badgen.net/docker/pulls/homecentr/$$IMAGE_NAME$$)](https://hub.docker.com/repository/docker/homecentr/$$IMAGE_NAME$$) 
+[![](https://badgen.net/docker/size/homecentr/$$IMAGE_NAME$$)](https://hub.docker.com/repository/docker/homecentr/$$IMAGE_NAME$$)
+
+![CI/CD on master](https://github.com/homecentr/docker-$$IMAGE_NAME$$/workflows/CI/CD%20on%20master/badge.svg)
+![Regular Docker image vulnerability scan](https://github.com/homecentr/docker-$$IMAGE_NAME$$/workflows/Regular%20Docker%20image%20vulnerability%20scan/badge.svg)
+
+
+# HomeCentr - $$IMAGE_NAME$$
+
+
+## Usage
+
+```yml
+version: "3.7"
+services:
+  $$IMAGE_NAME$$:
+    build: .
+    image: homecentr/$$IMAGE_NAME$$
+```
+
+## Environment variables
+
+| Name | Default value | Description |
+|------|---------------|-------------|
+| PUID | 7077 | UID of the user $$IMAGE_NAME$$ should be running as. |
+| PGID | 7077 | GID of the user $$IMAGE_NAME$$ should be running as. |
+
+## Exposed ports
+
+| Port | Protocol | Description |
+|------|------|-------------|
+| 80 | TCP | Some useful details |
+
+## Volumes
+
+| Container path | Description |
+|------------|---------------|
+| /config | Some useful details |
+
+## Security
+The container is regularly scanned for vulnerabilities and updated. Further info can be found in the [Security tab](https://github.com/homecentr/docker-$$IMAGE_NAME$$/security).
+
+### Container user
+The container supports privilege drop. Even though the container starts as root, it will use the permissions only to perform the initial set up. The $$IMAGE_NAME$$ process runs as UID/GID provided in the PUID and PGID environment variables.
+
+:warning: Do not change the container user directly using the `user` Docker compose property or using the `--user` argument. This would break the privilege drop logic.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,15 @@
+# Security policy
+
+## Disclosure policy
+
+In case you find a security issues with this docker image, please reach out to me at [email protected] and provide 5 business days to release a fixed version.
+
+## Security update policy
+
+Known security issues will be published in GitHub repository's Security / Security advisories.
+
+## Automated processes
+
+The Docker image is scanned for vulnerabilities every 24 hours using [Phonito.io](https://phonito.io/?b=a). You can see the scan status under the actions tab / Regular Docker image vulnerability scan.
+
+The dependencies are automatically scanned using [Dependabot](https://dependabot.com/). Dependencies are regularly updated. You can check for pending dependency updates by listing open Pull requests with the "dependencies" label.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,6 @@
+version: "3.7"
+services:
+  $$IMAGE_NAME$$:
+    build: .
+    image: homecentr/$$IMAGE_NAME$$
+    restart: unless-stopped
diff --git a/package.json b/package.json
@@ -0,0 +1,15 @@
+{ 
+  "name": "homecentr-$$IMAGE_NAME$$",
+  "version": "1.0.0",
+  "description": "",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/homecentr/docker-$$IMAGE_NAME$$.git"
+  },
+  "author": "",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/homecentr/docker-$$IMAGE_NAME$$/issues"
+  },
+  "homepage": "https://github.com/homecentr/docker-$$IMAGE_NAME$$#readme"
+}
diff --git a/tests/.classpath b/tests/.classpath
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" output="bin/test" path="src/test/java">
+		<attributes>
+			<attribute name="gradle_scope" value="test"/>
+			<attribute name="gradle_used_by_scope" value="test"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="src" output="bin/test" path="src/test/resources">
+		<attributes>
+			<attribute name="gradle_scope" value="test"/>
+			<attribute name="gradle_used_by_scope" value="test"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8/"/>
+	<classpathentry kind="con" path="org.eclipse.buildship.core.gradleclasspathcontainer"/>
+	<classpathentry kind="output" path="bin/default"/>
+</classpath>
diff --git a/tests/.idea/.gitignore b/tests/.idea/.gitignore