diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..bc9c177 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,17 @@ +root = true + +[*] +charset = utf-8 + +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespace = false + +indent_style = tab +indent_size = 4 +tab_width = 4 + +[{*.yml,*.yaml}] +indent_style = space +indent_size = 2 +trim_trailing_whitespace = true diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..1199678 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + - package-ecosystem: github-actions + directories: + - '.github/**/*' + schedule: + interval: weekly diff --git a/.github/workflows/create-docker-image.yml b/.github/workflows/create-docker-image.yml index efe62c2..8d114dc 100644 --- a/.github/workflows/create-docker-image.yml +++ b/.github/workflows/create-docker-image.yml @@ -1,10 +1,10 @@ name: Push Docker Image -on: +on: push: tags: - - 'v*' - - 'bitcoin-*' + - 'v*' + - 'bitcoin-*' pull_request: types: [opened, reopened, synchronize] @@ -14,36 +14,42 @@ env: jobs: upload-image: runs-on: ubuntu-22.04 + timeout-minutes: 30 + permissions: + contents: read + pull-requests: write steps: - - uses: actions/checkout@v3 - - name: Docker meta - id: meta - uses: docker/metadata-action@v4 - with: - # list of Docker images to use as base name for tags - images: name=${{env.IMAGE_BASE_NAME}} - # generate Docker tags based on the following events/attributes - tags: | - type=ref,event=tag - type=semver,pattern={{raw}} - type=sha - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Login to GHCR - if: github.event_name != 'pull_request' - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ secrets.CR_USER_NAME }} - password: ${{ secrets.CR_PAT }} - - name: Build and push - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64,linux/arm64 - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: "false" + - name: Docker meta + id: meta + uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0 + with: + # list of Docker images to use as base name for tags + images: name=${{env.IMAGE_BASE_NAME}} + # generate Docker tags based on the following events/attributes + tags: | + type=ref,event=tag + type=semver,pattern={{raw}} + type=sha + - name: Set up QEMU + uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0 + - name: Login to GHCR + if: github.event_name != 'pull_request' + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 + with: + registry: ghcr.io + username: ${{ secrets.CR_USER_NAME }} + password: ${{ secrets.CR_PAT }} + - name: Build and push + uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3.3.1 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.hadolint.yml b/.hadolint.yml new file mode 100644 index 0000000..f223f70 --- /dev/null +++ b/.hadolint.yml @@ -0,0 +1,5 @@ +# Hadolint configuration file + +# configure ignore rules +# see https://github.com/hadolint/hadolint#rules for a list of available rules. +ignored: [DL3003, DL3008, DL3016, DL3018] diff --git a/.yamlfmt b/.yamlfmt new file mode 100644 index 0000000..dc6949d --- /dev/null +++ b/.yamlfmt @@ -0,0 +1,18 @@ +# https://github.com/google/yamlfmt/blob/v0.9.0/docs/config-file.md#configuration +line_ending: 'lf' +doublestar: true +include: + - '.github/**/*.{yaml,yml}' + - './.yamlfmt' + - './*.{yaml,yml}' + +formatter: + # 使用するフォーマッター + type: basic + # フォーマッターの設定 ( https://github.com/google/yamlfmt/blob/v0.9.0/docs/config-file.md#basic-formatter ) + indent: 2 + retain_line_breaks: true + max_line_length: 0 + scan_folded_as_literal: true + drop_merge_tag: true + pad_line_comments: 1 diff --git a/Taskfile.yml b/Taskfile.yml new file mode 100644 index 0000000..edd4a76 --- /dev/null +++ b/Taskfile.yml @@ -0,0 +1,24 @@ +version: "3" +tasks: + lint: + deps: + - task: :gha-lint + - task: :hadolint + gha-lint: + vars: + PINACT_VERSION: v2.2.1 + ACTIONLINT_VERSION: v1.7.7 + GHALINT_VERSION: v1.3.0 + cmds: + - go run github.com/suzuki-shunsuke/pinact/v2/cmd/pinact@{{.PINACT_VERSION}} run + - go run github.com/rhysd/actionlint/cmd/actionlint@{{.ACTIONLINT_VERSION}} + - go run github.com/suzuki-shunsuke/ghalint/cmd/ghalint@{{.GHALINT_VERSION}} run + hadolint: + cmds: + - docker run --rm -i -v {{.TASK_DIR}}/.hadolint.yml:/.config/hadolint.yaml ghcr.io/hadolint/hadolint < amd64.dockerfile + - docker run --rm -i -v {{.TASK_DIR}}/.hadolint.yml:/.config/hadolint.yaml ghcr.io/hadolint/hadolint < arm64.dockerfile + format: + vars: + YAMLFMT_VERSION: v0.15.0 + cmds: + - go run github.com/google/yamlfmt/cmd/yamlfmt@{{.YAMLFMT_VERSION}} diff --git a/amd64.dockerfile b/amd64.dockerfile index adbe002..658b36a 100644 --- a/amd64.dockerfile +++ b/amd64.dockerfile @@ -36,6 +36,7 @@ ENV GPG_KEY_SERVER hkps://keyserver.ubuntu.com ARG BITCOIN_VERSION=24.1 ENV BITCOIN_URL_BASE https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION} ENV BITCOIN_PGP_KEY 152812300785C96444D3334D17565732E08E5E41 0AD83877C1F0CD1EE9BD660AD7CC770B81FD22A8 590B7292695AFFA5B672CBB2E13FC145CD3F4304 28F5900B1BB5D1A4B6B6D1A9ED357015286A333D 637DB1E23370F84AFF88CCE03152347D07DA627C CFB16E21C950F67FA95E558F2EEB9F5CC09526C1 F4FC70F07310028424EFC20A8E4256593F177720 D1DBF2C4B96F2DEBF4C16654410108112E7EA81F 287AE4CA1187C68C08B49CB2D11BD4F33F1DB499 F9A8737BF4FF5C89C903DF31DD78544CF91B1514 9DEAE0DC7063249FB05474681E4AED62986CD25D E463A93F5F3117EEDE6C7316BD02942421F4889F 9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C 4DAF18FE948E7A965B30F9457E296D555E7F63A7 28E72909F1717FE9607754F8A7BEB2621678D37D 74E2DEF5D77260B98BC19438099BAD163C70FBFA +SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN BITCOIN_TARBALL=bitcoin-${BITCOIN_VERSION}-x86_64-linux-gnu.tar.gz \ && echo "BITCOIN_TARBALL=$BITCOIN_TARBALL" \ && wget -qO ${BITCOIN_TARBALL} ${BITCOIN_URL_BASE}/${BITCOIN_TARBALL} \ @@ -55,7 +56,7 @@ RUN BITCOIN_TARBALL=bitcoin-${BITCOIN_VERSION}-x86_64-linux-gnu.tar.gz \ && ln -sfn /opt/bitcoin-${BITCOIN_VERSION}/bin/* /usr/bin \ && rm -f ${BITCOIN_TARBALL} SHA256SUMS.asc -#20220427: ignore gpg verify (for C388F6961FB972A95678E327F62711DBDCA8AE56) +# 20220427: ignore gpg verify (for C388F6961FB972A95678E327F62711DBDCA8AE56) # && gpg --verify -v SHA256SUMS.asc \ # && sha256sum --ignore-missing --check SHA256SUMS \ @@ -121,8 +122,6 @@ RUN echo 'prefix = /var/.npm' > ~/.npmrc \ RUN cmake --version -CMD bitcoin-cli --version && elements-cli --version \ - && python -V && echo "node version" && node -v && echo "npm version" && npm -v \ - && cmake --version && env +CMD ["/bin/bash", "-c", "bitcoin-cli --version && elements-cli --version && python -V && echo 'node version' && node -v && echo 'npm version' && npm -v && cmake --version && env"] # TODO: set ENTRYPOINT diff --git a/arm64.dockerfile b/arm64.dockerfile index 16919b2..f0eeffc 100644 --- a/arm64.dockerfile +++ b/arm64.dockerfile @@ -36,6 +36,7 @@ ENV GPG_KEY_SERVER hkps://keyserver.ubuntu.com ARG BITCOIN_VERSION=24.1 ENV BITCOIN_URL_BASE https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION} ENV BITCOIN_PGP_KEY 152812300785C96444D3334D17565732E08E5E41 0AD83877C1F0CD1EE9BD660AD7CC770B81FD22A8 590B7292695AFFA5B672CBB2E13FC145CD3F4304 28F5900B1BB5D1A4B6B6D1A9ED357015286A333D 637DB1E23370F84AFF88CCE03152347D07DA627C CFB16E21C950F67FA95E558F2EEB9F5CC09526C1 F4FC70F07310028424EFC20A8E4256593F177720 D1DBF2C4B96F2DEBF4C16654410108112E7EA81F 287AE4CA1187C68C08B49CB2D11BD4F33F1DB499 F9A8737BF4FF5C89C903DF31DD78544CF91B1514 9DEAE0DC7063249FB05474681E4AED62986CD25D E463A93F5F3117EEDE6C7316BD02942421F4889F 9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C 4DAF18FE948E7A965B30F9457E296D555E7F63A7 28E72909F1717FE9607754F8A7BEB2621678D37D 74E2DEF5D77260B98BC19438099BAD163C70FBFA +SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN BITCOIN_TARBALL=bitcoin-${BITCOIN_VERSION}-aarch64-linux-gnu.tar.gz \ && echo "BITCOIN_TARBALL=$BITCOIN_TARBALL" \ && wget -qO ${BITCOIN_TARBALL} ${BITCOIN_URL_BASE}/${BITCOIN_TARBALL} \ @@ -55,7 +56,7 @@ RUN BITCOIN_TARBALL=bitcoin-${BITCOIN_VERSION}-aarch64-linux-gnu.tar.gz \ && ln -sfn /opt/bitcoin-${BITCOIN_VERSION}/bin/* /usr/bin \ && rm -f ${BITCOIN_TARBALL} SHA256SUMS.asc -#20220427: ignore gpg verify (for C388F6961FB972A95678E327F62711DBDCA8AE56) +# 20220427: ignore gpg verify (for C388F6961FB972A95678E327F62711DBDCA8AE56) # && gpg --verify -v SHA256SUMS.asc \ # && sha256sum --ignore-missing --check SHA256SUMS \ @@ -83,7 +84,7 @@ RUN ELEMENTS_TARBALL=elements-${ELEMENTS_VERSION}-aarch64-linux-gnu.tar.gz \ ENV CMAKE_VERSION 3.26.4 ENV CMAKE_URL_BASE https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION} ENV CMAKE_PGP_KEY 2D2CEF1034921684 -RUN CMAKE_DIR_NAME=cmake-${CMAKE_VERSION}-linux-aarch64 \ +RUN CMAKE_TARBALL=cmake-${CMAKE_VERSION}-linux-aarch64.tar.gz \ && echo "CMAKE_TARBALL=$CMAKE_TARBALL" \ && wget -qO ${CMAKE_TARBALL} ${CMAKE_URL_BASE}/${CMAKE_TARBALL} \ && gpg --keyserver ${GPG_KEY_SERVER} --recv-keys ${CMAKE_PGP_KEY} \ @@ -121,8 +122,6 @@ RUN echo 'prefix = /var/.npm' > ~/.npmrc \ RUN cmake --version -CMD bitcoin-cli --version && elements-cli --version \ - && python -V && echo "node version" && node -v && echo "npm version" && npm -v \ - && cmake --version && env +CMD ["/bin/bash", "-c", "bitcoin-cli --version && elements-cli --version && python -V && echo 'node version' && node -v && echo 'npm version' && npm -v && cmake --version && env"] # TODO: set ENTRYPOINT