diff --git a/.github/settings.yml b/.github/settings.yml new file mode 100644 index 0000000..f7eac4d --- /dev/null +++ b/.github/settings.yml @@ -0,0 +1,70 @@ +--- +# These settings are synced to GitHub by https://probot.github.io/apps/settings/ + +repository: + # See https://docs.github.com/en/rest/reference/repos#update-a-repository for all available settings. + + # The name of the repository. Changing this will rename the repository + # name: repo-name + + # A short description of the repository that will show up on GitHub + # description: description of repo + + # A URL with more information about the repository + # homepage: https://example.github.io/ + + # A comma-separated list of topics to set on the repository + # topics: github, probot + + # Either `true` to make the repository private, or `false` to make it public. + private: false + + # Either `true` to enable issues for this repository, `false` to disable them. + has_issues: false + + # Either `true` to enable projects for this repository, or `false` to disable them. + # If projects are disabled for the organization, passing `true` will cause an API error. + has_projects: false + + # Either `true` to enable the wiki for this repository, `false` to disable it. + has_wiki: false + + # Either `true` to enable downloads for this repository, `false` to disable them. + has_downloads: true + + # Updates the default branch for this repository. + default_branch: main + + # Either `true` to allow squash-merging pull requests, or `false` to prevent + # squash-merging. + allow_squash_merge: true + + # Either `true` to allow merging pull requests with a merge commit, or `false` + # to prevent merging pull requests with merge commits. + allow_merge_commit: false + + # Either `true` to allow rebase-merging pull requests, or `false` to prevent + # rebase-merging. + allow_rebase_merge: true + + # Either `true` to enable automatic deletion of branches on merge, or `false` to disable + delete_branch_on_merge: true + + # Either `true` to enable automated security fixes, or `false` to disable + # automated security fixes. + enable_automated_security_fixes: true + + # Either `true` to enable vulnerability alerts, or `false` to disable + # vulnerability alerts. + enable_vulnerability_alerts: true + +branches: +- name: main + protection: + required_pull_request_reviews: + required_status_checks: + strict: true + contexts: [Build and Optionally Release] + enforce_admins: + required_linear_history: true + restrictions: diff --git a/.github/template-sync.yml b/.github/template-sync.yml deleted file mode 100644 index f9f5a98..0000000 --- a/.github/template-sync.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -additional: -- docker-fpm -- lacework-manifest - - -files: -- '!README.md' -- '!.secrets.baseline' -- '!**/template-sync.yml' -- '!.github/workflows/sync.yml' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6a687a9..9341f56 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,6 +7,10 @@ on: # yamllint disable-line rule:truthy branches: - main +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + jobs: release: name: Create Release diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml deleted file mode 100644 index dce3661..0000000 --- a/.github/workflows/sync.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -name: Sync the template repository - -on: # yamllint disable-line rule:truthy - push: - branches: - - main - -jobs: - metadata: - runs-on: ubuntu-latest - - outputs: - repository: ${{ steps.metadata.outputs.repository }} - dockerfile: ${{ steps.dockerfile.outputs.exists }} - - steps: - - uses: actions/checkout@v3 - - - id: metadata - uses: ahmadnassri/action-metadata@v2 - - sync: - - needs: - - metadata - - # only runs on main branch and only for the template - if: ${{ github.ref == 'refs/heads/main' && fromJSON(needs.metadata.outputs.repository).is_template }} - - runs-on: ubuntu-latest - - steps: - - name: Queue - uses: ahmadnassri/action-workflow-queue@v1.1 - - name: Checkout - uses: actions/checkout@v3 - - name: Sync - uses: ahmadnassri/action-template-repository-sync@v2.2.0 - with: - github-token: ${{ secrets.GH_TOKEN }} diff --git a/docker-bake.hcl b/docker-bake.hcl index 5a4a6ec..e97a088 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -8,8 +8,8 @@ target "apk" { dockerfile = "Dockerfile.apk" platforms = ["linux/amd64", "linux/arm64"] tags = [ - "kong/kong-build-tools:apk", - notequal("",TAG) ? "kong/kong-build-tools:apk-${TAG}": "" + "ghcr.io/hutchic-org/kong-build-tools-base-images:apk", + notequal("",TAG) ? "ghcr.io/hutchic-org/kong-build-tools-base-images:apk-${TAG}": "" ] } @@ -17,31 +17,15 @@ target "rpm" { dockerfile = "Dockerfile.rpm" platforms = ["linux/amd64", "linux/arm64"] tags = [ - "kong/kong-build-tools:rpm", - notequal("",TAG) ? "kong/kong-build-tools:rpm-${TAG}": "" + "ghcr.io/hutchic-org/kong-build-tools-base-images:rpm", + notequal("",TAG) ? "ghcr.io/hutchic-org/kong-build-tools-base-images:rpm-${TAG}": "" ] } target "deb" { dockerfile = "Dockerfile.deb" platforms = ["linux/amd64", "linux/arm64"] - tags = [ "kong/kong-build-tools:deb", - notequal("",TAG) ? "kong/kong-build-tools:deb-${TAG}": "" - ] -} - -target "deb-focal" { - dockerfile = "Dockerfile.deb-focal" - platforms = ["linux/amd64", "linux/arm64"] - tags = [ "kong/kong-build-tools:deb-focal", - notequal("",TAG) ? "kong/kong-build-tools:deb-focal-${TAG}": "" - ] -} - -target "rpm-8" { - dockerfile = "Dockerfile.rpm-8" - platforms = ["linux/amd64", "linux/arm64"] - tags = [ "kong/kong-build-tools:rpm-8", - notequal("",TAG) ? "kong/kong-build-tools:rpm-8-${TAG}": "" + tags = [ "ghcr.io/hutchic-org/kong-build-tools-base-images:deb", + notequal("",TAG) ? "ghcr.io/hutchic-org/kong-build-tools-base-images:deb-${TAG}": "" ] }