diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index e2d3d45..bea3553 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,2 +1,2 @@ -# PRs require approval from the earthly core team -* @earthly/core +# PRs require approval from the EarthBuild core team +* @EarthBuild/fork-admins diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 0000000..c34b9a1 --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,24 @@ +{ + $schema: 'https://docs.renovatebot.com/renovate-schema.json', + extends: [ + 'config:best-practices', + 'security:openssf-scorecard', + ':semanticCommits', + ':pinVersions', + ], + configMigration: true, + dockerfile: { + managerFilePatterns: ['/Earthfile/'], + }, + customManagers: [ + { + customType: 'regex', + description: 'Update _version ARGs and ENVs in Earthfile', + managerFilePatterns: ['/^Earthfile$/'], + matchStrings: [ + '#\\s*renovate:\\s*datasource=(?[a-z-]+?)(?:\\s+depName=(?.+?))?\\s+packageName=(?.+?)(?:\\s+versioning=(?[a-z-]+?))?\\s+(?:ENV|ARG)\\s+.+?(_VERSION|_VER|_version)=(?.+?)\\s', + ], + }, + ], + labels: ['renovate'], +} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 785fb7f..63bbca5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,54 +9,67 @@ on: concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true - + jobs: test: name: +test - runs-on: [earthly-satellite#gha-lib] # https://docs.earthly.dev/earthly-cloud/satellites/gha-runners + runs-on: ubuntu-24.04 env: FORCE_COLOR: 1 EARTHLY_CONVERSION_PARALLELISM: "5" EARTHLY_TOKEN: "${{ secrets.EARTHLY_TOKEN }}" EARTHLY_INSTALL_ID: "earthly-lib-githubactions" steps: - - uses: actions/checkout@v2 - - name: Docker mirror login (non fork only) - run: docker login registry-1.docker.io.mirror.corp.earthly.dev --username "${{ secrets.DOCKERHUB_MIRROR_USERNAME }}" --password "${{ secrets.DOCKERHUB_MIRROR_PASSWORD }}" - if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository - - name: Configure Earthly to use mirror (non fork only) - run: |- - earthly config global.buildkit_additional_config "'[registry.\"docker.io\"] - mirrors = [\"registry-1.docker.io.mirror.corp.earthly.dev\"]'" + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - uses: docker/login-action@v3 + # if fork no secret access, so skip and take chances on rate limiting. if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository + with: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: earthly/actions-setup@bda7cee4972033c6d6b77d77165e787f389f8752 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} - name: Run tests - run: |- - earthly config git "{github.com: {auth: ssh, user: git}}" && \ - eval $(ssh-agent) && \ - earthly secrets --org earthly-technologies --project core get littleredcorvette-id_rsa | ssh-add - && \ - earthly --ci -P +test + run: | + earthly config git "{github.com: {auth: ssh, user: git}}" + eval $(ssh-agent) + mkdir -p ~/.ssh + chmod 700 ~/.ssh + printf '%s\n' "${{ secrets.EARTHBUILDCI_GITHUB_USER_SSH_PRIVATE_KEY }}" | tr -d '\r' > ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 + ssh-add ~/.ssh/id_ed25519 + earthly --ci -P --secret-file earthbuildci_id_ed25519=~/.ssh/id_ed25519 +test test-native-arm: name: +test-native-arm - runs-on: [earthly-satellite#gha-arm-lib] # https://docs.earthly.dev/earthly-cloud/satellites/gha-runners + runs-on: ubuntu-24.04-arm env: FORCE_COLOR: 1 EARTHLY_CONVERSION_PARALLELISM: "5" EARTHLY_TOKEN: "${{ secrets.EARTHLY_TOKEN }}" EARTHLY_INSTALL_ID: "earthly-lib-githubactions" steps: - - uses: actions/checkout@v2 - - name: Docker mirror login (non fork only) - run: docker login registry-1.docker.io.mirror.corp.earthly.dev --username "${{ secrets.DOCKERHUB_MIRROR_USERNAME }}" --password "${{ secrets.DOCKERHUB_MIRROR_PASSWORD }}" - if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository - - name: Configure Earthly to use mirror (non fork only) - run: |- - earthly config global.buildkit_additional_config "'[registry.\"docker.io\"] - mirrors = [\"registry-1.docker.io.mirror.corp.earthly.dev\"]'" + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - uses: docker/login-action@v3 + # if fork no secret access, so skip and take chances on rate limiting. if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository + with: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: earthly/actions-setup@bda7cee4972033c6d6b77d77165e787f389f8752 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} - name: Run tests - run: |- - earthly config git "{github.com: {auth: ssh, user: git}}" && \ - eval $(ssh-agent) && \ - earthly secrets --org earthly-technologies --project core get littleredcorvette-id_rsa | ssh-add - && \ - earthly --ci -P ./utils/dind+test + run: | + earthly config git "{github.com: {auth: ssh, user: git}}" + eval $(ssh-agent) + mkdir -p ~/.ssh + chmod 700 ~/.ssh + printf '%s\n' "${{ secrets.EARTHBUILDCI_GITHUB_USER_SSH_PRIVATE_KEY }}" | tr -d '\r' > ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 + ssh-add ~/.ssh/id_ed25519 + ssh-keyscan -t rsa,ecdsa,ed25519 -H github.com >> ~/.ssh/known_hosts + ssh-keyscan -p 443 -t rsa,ecdsa,ed25519 -H ssh.github.com >> ~/.ssh/known_hosts + chmod 644 ~/.ssh/known_hosts + earthly --ci -P --secret-file earthbuildci_id_ed25519=~/.ssh/id_ed25519 +test diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a83ba7d..2c1d7ac 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -3,13 +3,3 @@ ## Code of Conduct Please refer to the [CNCF Community Code of Conduct v1.0](https://github.com/cncf/foundation/blob/main/code-of-conduct.md) - -## CLA - -### Individual - -All contributions must indicate agreement to the [Earthly Contributor License Agreement](https://gist.github.com/vladaionescu/ed990fa149a38a53ac74b64155bc6766) by logging into GitHub via the CLA assistant and signing the provided CLA. The CLA assistant will automatically notify the PRs that require CLA signing. - -### Entity - -If you are an entity, please use the [Earthly Contributor License Agreement form](https://earthly.dev/cla-form) in addition to requiring your individual contributors to sign all contributions. diff --git a/utils/dind/tests/Earthfile b/utils/dind/tests/Earthfile index a207ce7..45f2a92 100644 --- a/utils/dind/tests/Earthfile +++ b/utils/dind/tests/Earthfile @@ -1,9 +1,12 @@ -VERSION 0.7 +VERSION 0.8 all: + # renovate: datasource=docker packageName=alpine + LET alpine_version=3.22.2 + BUILD +test-install-dind-for-image \ --base_image=docker:dind \ - --base_image=alpine:latest \ + --base_image=alpine:${alpine_version} \ --base_image=debian:stable \ --base_image=debian:stable-slim \ --base_image=debian:oldstable \ diff --git a/utils/git/Earthfile b/utils/git/Earthfile index 88c022e..71bca29 100644 --- a/utils/git/Earthfile +++ b/utils/git/Earthfile @@ -22,7 +22,7 @@ DEEP_CLONE: IF [ -z $SECRET_PATH ] RUN --ssh git fetch --unshallow ELSE - RUN --mount=type=secret,id=$SECRET_PATH,mode=0400,target=/root/.ssh/id_rsa \ + RUN --mount=type=secret,id=$SECRET_PATH,mode=0400,target=/root/.ssh/id_ed25519 \ git fetch --unshallow END diff --git a/utils/git/tests/Earthfile b/utils/git/tests/Earthfile index 0280ce7..6a2c1b6 100644 --- a/utils/git/tests/Earthfile +++ b/utils/git/tests/Earthfile @@ -1,9 +1,7 @@ VERSION --arg-scope-and-set --pass-args 0.7 -PROJECT earthly-technologies/core - all: - BUILD --platform=linux/amd64 --platform=linux/arm64 +test-deep-clone-image \ + BUILD +test-deep-clone-image \ --base_image=alpine/git:latest \ --base_image=alpine:latest \ --base_image=debian:stable \ @@ -11,11 +9,11 @@ all: --base_image=ubuntu:latest \ --base_image=amazonlinux:1 \ --base_image=amazonlinux:2 \ - --GIT_URL=https://github.com/earthly/hello-world.git \ - --GIT_URL=git@github.com:earthly/hello-world.git \ - --GIT_URL=git@github.com:earthly/hello-world \ + --GIT_URL=https://github.com/EarthBuild/hello-world.git \ + --GIT_URL=git@github.com:EarthBuild/hello-world.git \ + --GIT_URL=git@github.com:EarthBuild/hello-world \ --SECRET_PATH="" \ - --SECRET_PATH="littleredcorvette-id_rsa" \ + --SECRET_PATH="earthbuildci_id_ed25519" \ --DEST_DIR="" \ --DEST_DIR="some-other-dir" diff --git a/utils/ssh/Earthfile b/utils/ssh/Earthfile index 0485e57..d50a38e 100644 --- a/utils/ssh/Earthfile +++ b/utils/ssh/Earthfile @@ -6,8 +6,9 @@ ADD_KNOWN_HOSTS: ARG target_file=~/.ssh/known_hosts LET expanded_target_file="$(eval echo $target_file)" COPY +known-hosts/known_hosts /tmp/. - RUN mkdir -p $(dirname $expanded_target_file) && cat /tmp/known_hosts >> $expanded_target_file - RUN rm /tmp/known_hosts + RUN mkdir -p $(dirname $expanded_target_file) \ + && cat /tmp/known_hosts >> $expanded_target_file \ + && rm /tmp/known_hosts # known-hosts is used to copy the known_hosts file into the build context (internal use) known-hosts: diff --git a/utils/ssh/tests/Earthfile b/utils/ssh/tests/Earthfile index 58d6241..6fd717e 100644 --- a/utils/ssh/tests/Earthfile +++ b/utils/ssh/tests/Earthfile @@ -1,7 +1,7 @@ VERSION --pass-args --arg-scope-and-set 0.7 all: - BUILD --platform=linux/amd64 --platform=linux/arm64 +test-add-known-hosts-image \ + BUILD +test-add-known-hosts-image \ --base_image=alpine:latest \ --base_image=debian:stable \ --base_image=debian:stable-slim \