chore: Add docker labels + Fix docker security issues + Add full chan…

…gelog
Mirio · Nov 18, 2023 · f1bff8a · f1bff8a
1 parent b31e007
commit f1bff8a
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 25 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -101,37 +101,35 @@ jobs:
     permissions:
       contents: read
       packages: write
-      # This is used to complete the identity challenge
-      # with sigstore/fulcio when running outside of PRs.
       id-token: write
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      # Workaround: https://github.com/docker/build-push-action/issues/461
       - name: Setup Docker buildx
         uses: docker/setup-buildx-action@v3
 
-      # Login against a Docker registry except on PR
-      # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
         uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      # Extract metadata (tags, labels) for Docker
-      # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          labels: |
+            maintainer="Mirio"
+            org.opencontainers.image.title="VerbaCap"
+            org.opencontainers.image.description="With VerbaCap is a Podcast Manager you will be able to download and listen to all of your favorite podcasts in a centralized way."
+            org.opencontainers.image.source="https://github.com/Mirio/verbacap"
+            org.opencontainers.image.licenses="MIT"
+            org.opencontainers.image.base.name="docker.io/alpine:3.18"
 
-      # Build and push Docker image with Buildx (don't push on PR)
-      # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
         uses: docker/build-push-action@v5
@@ -140,9 +138,7 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          platforms: linux/amd64
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          platforms: linux/amd64,linux/arm64
 
   sonarcloud:
     name: SonarCloud
@@ -151,7 +147,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+          fetch-depth: 0
 
       - name: Download coverage-xml
         uses: actions/download-artifact@v3
@@ -161,5 +157,5 @@ jobs:
       - name: SonarCloud Scan
         uses: SonarSource/sonarcloud-github-action@master
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -20,12 +20,12 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Generate a changelog
+      - name: Generate a latest changelog
         uses: orhun/git-cliff-action@v2
         id: git-cliff
         with:
           config: cliff.toml
-          args: --verbose
+          args: --verbose --latest
         env:
           OUTPUT: CHANGELOG.md
 
@@ -34,3 +34,18 @@ jobs:
         if: startsWith(github.ref, 'refs/tags/')
         with:
           body: ${{ steps.git-cliff.outputs.content }}
+
+      - name: Generate a full changelog
+        uses: orhun/git-cliff-action@v2
+        id: git-cliff
+        with:
+          config: cliff.toml
+          args: --verbose --output CHANGELOG.md
+
+      - name: Push new changelog
+        run: |
+          git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}"
+          git config --global user.email "[email protected]"
+          git add CHANGELOG.md
+          git commit -m "${{ env.CI_COMMIT_MESSAGE }}"
+          git push
diff --git a/Dockerfile b/Dockerfile
@@ -1,16 +1,10 @@
 FROM alpine:3.18
 
-# Opencontainers Specs (https://github.com/opencontainers/image-spec/blob/main/annotations.md)
-LABEL org.opencontainers.image.title "VerbaCap"
-LABEL org.opencontainers.image.description "Podcast Manager"
-LABEL org.opencontainers.image.source "https://github.com/Mirio/verbacap"
-LABEL org.opencontainers.image.licenses "MIT"
-
 ARG USERNAME="app"
 ARG GITCLIFF_VERSION="1.4.0"
 COPY nginx.conf /etc/nginx/nginx.conf
 
-RUN apk add --no-cache bash ffmpeg python3 py3-pip nginx sudo wget && adduser -D -s "/bin/bash" "${USERNAME}" \
+RUN apk upgrade --no-cache && apk add --no-cache bash ffmpeg python3 py3-pip nginx sudo wget && adduser -D -s "/bin/bash" "${USERNAME}" \
     && echo "app ALL = NOPASSWD: /bin/chown,/usr/sbin/nginx" > /etc/sudoers.d/app && chmod 400 /etc/sudoers.d/app \
     && chown -R app:app /var/lib/nginx && chown app:app /var/log/nginx && cd /tmp \
     && wget -q -O "gitcliff.tar.gz" "https://github.com/orhun/git-cliff/releases/download/v${GITCLIFF_VERSION}/git-cliff-${GITCLIFF_VERSION}-x86_64-unknown-linux-musl.tar.gz" \
@@ -21,7 +15,7 @@ COPY . "/home/${USERNAME}"
 COPY "entrypoint.bash" "/entrypoint.bash"
 WORKDIR "/home/${USERNAME}"
 
-RUN python3 -m venv "/home/${USERNAME}/venv" && . "/home/${USERNAME}/venv/bin/activate" \
+RUN python3 -m venv "/home/${USERNAME}/venv" && . "/home/${USERNAME}/venv/bin/activate" && pip install -U pip && pip install -U setuptools \
     && pip install --no-cache-dir -r requirements.txt && mkdir logfiles tmp
 
 EXPOSE 8080

diff --git a/README.md b/README.md
@@ -11,7 +11,7 @@
 
 ![GitHub](https://img.shields.io/github/license/mirio/verbacap)
 [![Built with Cookiecutter Django](https://img.shields.io/badge/built%20with-Cookiecutter%20Django-ff69b4.svg?logo=cookiecutter)](https://github.com/cookiecutter/cookiecutter-django/)
-
+[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/verbacap)](https://artifacthub.io/packages/search?repo=verbacap)
 
 
 

diff --git a/cliff.toml b/cliff.toml
@@ -25,6 +25,7 @@ body = """
         - {% if commit.breaking %}[**breaking**] {% endif %}{{ commit.message | upper_first }}\
     {% endfor %}
 {% endfor %}\n
+Docker package: [https://github.com/Mirio/verbacap/pkgs/container/verbacap](https://github.com/Mirio/verbacap/pkgs/container/verbacap)\n\n
 """
 # remove the leading and trailing whitespace from the template
 trim = true
Original file line number	Diff line number	Diff line change
Expand Up		@@ -11,7 +11,7 @@

		![GitHub](https://img.shields.io/github/license/mirio/verbacap)
		[![Built with Cookiecutter Django](https://img.shields.io/badge/built%20with-Cookiecutter%20Django-ff69b4.svg?logo=cookiecutter)](https://github.com/cookiecutter/cookiecutter-django/)

		[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/verbacap)](https://artifacthub.io/packages/search?repo=verbacap)



Expand Down