willfarrell · SimplicityGuy · Jul 16, 2022 · Jul 16, 2022 · Jul 16, 2022 · Jul 16, 2022
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
@@ -1,12 +1,3 @@
-# These are supported funding model platforms
-
-github: [willfarrell]# Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
+github: [SimplicityGuy]
+ko_fi: robertwlodarczyk
+custom: [paypal.me/RWlodarczyk]
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,49 +1,75 @@
-name: build
+---
+name: crontab
 
 on:
+  workflow_dispatch:
   push:
     branches:
       - main
-    tags:
-      - '*'
+  pull_request:
+    branches:
+      - main
   schedule:
-    - cron: '0 0 * * *'
+    - cron: '0 1 * * 6'
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.actor }}/crontab
 
 jobs:
-  multi:
+  build-crontab:
     runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
     steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-      -
-        name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v1
+      - name: Checkout repository.
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+
+      - name: Log in to the GitHub Container Registry.
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
         with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GHCR_TOKEN }}
 
-      - if: github.ref == 'refs/heads/main'
-        name: Conditional(Set tag as `latest`)
-        run: echo "tag=willfarrell/crontab:latest" >> $GITHUB_ENV
+      - name: Extract metadata (tags, labels) for Docker.
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=branch
+            type=ref,event=pr
+            type=schedule,pattern={{date 'YYYYMMDD'}}
 
-      - if: startsWith(github.ref, 'refs/tags/')
-        name: Conditional(Set tag as `{version}`)
-        run: echo "tag=willfarrell/crontab:${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+      - name: Set up QEMU.
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx.
+        uses: docker/setup-buildx-action@v2
+        with:
+          platforms: linux/amd64
 
-      -
-        name: Build and push
-        uses: docker/build-push-action@v2
+      - name: Build and push Docker image to GitHub Container Registry.
+        uses: docker/build-push-action@v4
         with:
           context: .
-          file: ./Dockerfile
-          push: true
-          tags: |
-            ${{ env.tag }}
+          platforms: linux/amd64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          provenance: true
+          sbom: true
+
+      - name: Send notification to Discord.
+        uses: sarisia/[email protected]
+        if: always()
+        with:
+          webhook: ${{ secrets.DISCORD_WEBHOOK }}
diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml
@@ -0,0 +1,39 @@
+---
+name: cleanup
+
+on:
+  schedule:
+    - cron: '0 0 15 * *'
+
+env:
+  IMAGE_NAME: ${{ github.actor }}/docker-crontab
+
+jobs:
+  cleanup-docker-crontab:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Delete Docker images older than a month.
+        id: cleanup-images
+        uses: snok/container-retention-policy@v2
+        with:
+          account-type: personal
+          cut-off: One month ago UTC
+          keep-at-least: 4
+          skip-tags: latest
+          image-names: ${{ env.IMAGE_NAME }}
+          token: ${{ secrets.GHCR_TOKEN }}
+
+      - name: Send notification to Discord.
+        uses: sarisia/[email protected]
+        if: always()
+        with:
+          title: ${{ env.IMAGE_NAME }}
+          description: |
+            succeded cleanup : ${{ steps.cleanup-images.outputs.deleted }}
+            failed cleanup   : ${{ steps.cleanup-images.outputs.failed }}
+          webhook: ${{ secrets.DISCORD_WEBHOOK }}
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,10 @@
 .idea
 *.iml
-
-config.json
 .vscode
 .DS_Store
+
+config.json
+config.working.json
+
+jobs/
+projects/
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,32 @@
+---
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: cef0300fd0fc4d2a87a85fa2093c6b283ea36f4b  # frozen: v5.0.0
+    hooks:
+      - id: check-added-large-files
+      - id: check-executables-have-shebangs
+      - id: check-merge-conflict
+      - id: check-shebang-scripts-are-executable
+      - id: check-yaml
+      - id: detect-aws-credentials
+      - id: detect-private-key
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
+      - id: trailing-whitespace
+
+  - repo: https://github.com/python-jsonschema/check-jsonschema
+    rev: 62833a79b57fcd1bc372b136911a0edca60c3dcb  # frozen: 0.31.0
+    hooks:
+      - id: check-github-workflows
+
+  - repo: https://github.com/executablebooks/mdformat
+    rev: e20b1ac5acb8aba0b49d3a9109c6e6b58684ee83  # frozen: 0.7.21
+    hooks:
+      - id: mdformat
+        additional_dependencies:
+          - mdformat-gfm
+
+  - repo: https://github.com/hadolint/hadolint
+    rev: c3dc18df7a501f02a560a2cc7ba3c69a85ca01d3  # frozen: v2.13.1-beta
+    hooks:
+      - id: hadolint
diff --git a/Dockerfile b/Dockerfile
@@ -1,26 +1,67 @@
-FROM alpine:3.12 as rq-build
+#hadolint ignore=DL3007
+FROM alpine:latest AS builder
+
+LABEL org.opencontainers.image.title="crontab builder" \
+      org.opencontainers.image.description="crontab builder" \
+      org.opencontainers.image.authors="[email protected]" \
+      org.opencontainers.image.source="https://github.com/SimplicityGuy/alertmanager-discord/blob/main/Dockerfile" \
+      org.opencontainers.image.licenses="MIT" \
+      org.opencontainers.image.created="$(date +'%Y-%m-%d')" \
+      org.opencontainers.image.base.name="docker.io/library/alpine"
 
 ENV RQ_VERSION=1.0.2
-WORKDIR /root/
+WORKDIR /usr/bin/rq/
 
-RUN apk --update add upx \
-    && wget https://github.com/dflemstr/rq/releases/download/v${RQ_VERSION}/rq-v${RQ_VERSION}-x86_64-unknown-linux-musl.tar.gz \
-    && tar -xvf rq-v1.0.2-x86_64-unknown-linux-musl.tar.gz \
-    && upx --brute rq
+#hadolint ignore=DL3018
+RUN apk update --quiet && \
+    apk upgrade --quiet && \
+    apk add --quiet --no-cache \
+        upx && \
+    rm /var/cache/apk/* && \
+    wget --quiet https://github.com/dflemstr/rq/releases/download/v${RQ_VERSION}/rq-v${RQ_VERSION}-x86_64-unknown-linux-musl.tar.gz && \
+    tar -xvf rq-v${RQ_VERSION}-x86_64-unknown-linux-musl.tar.gz && \
+    upx --brute rq
 
-FROM library/docker:stable
+#hadolint ignore=DL3007
+FROM docker:latest AS release
 
-COPY --from=rq-build /root/rq /usr/local/bin
+LABEL org.opencontainers.image.title="crontab" \
+      org.opencontainers.image.description="A docker job scheduler (aka crontab for docker)." \
+      org.opencontainers.image.authors="[email protected]" \
+      org.opencontainers.image.source="https://github.com/SimplicityGuy/docker-crontab/blob/main/Dockerfile" \
+      org.opencontainers.image.licenses="MIT" \
+      org.opencontainers.image.created="$(date +'%Y-%m-%d')" \
+      org.opencontainers.image.base.name="docker.io/library/docker"
 
 ENV HOME_DIR=/opt/crontab
-RUN apk add --no-cache --virtual .run-deps gettext jq bash tini \
-    && mkdir -p ${HOME_DIR}/jobs ${HOME_DIR}/projects \
-    && adduser -S docker -D
 
-COPY docker-entrypoint /
-ENTRYPOINT ["/sbin/tini", "--", "/docker-entrypoint"]
+#hadolint ignore=DL3018
+RUN apk update --quiet && \
+    apk upgrade --quiet && \
+    apk add --quiet --no-cache \
+        bash \
+        coreutils \
+        curl \
+        gettext \
+        jq \
+        tini \
+        wget && \
+    apk add --quiet --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing \
+        gosu && \
+    rm /var/cache/apk/* && \
+    rm -rf /etc/periodic /etc/crontabs/root && \
+    adduser -S docker -D && \
+    mkdir -p ${HOME_DIR}/jobs && \
+    chown -R docker:root ${HOME_DIR}
+
+USER docker
+
+COPY --from=builder /usr/bin/rq/rq /usr/local/bin
+COPY entrypoint.sh /opt
+
+ENTRYPOINT ["/usr/bin/gosu", "docker", "/sbin/tini", "--", "/opt/entrypoint.sh"]
 
 HEALTHCHECK --interval=5s --timeout=3s \
     CMD ps aux | grep '[c]rond' || exit 1
 
-CMD ["crond", "-f", "-d", "6", "-c", "/etc/crontabs"]
+CMD ["crond", "-f", "-d", "7", "-c", "/etc/crontabs"]