feat: initial release

Author: m4s-b3n

.checkov.yml

@@ -0,0 +1,10 @@
+framework:
+  - dockerfile
+
+skip-check:
+  # Skip root user check - required for Docker-in-Docker GitHub Actions runner
+  - CKV_DOCKER_3
+
+# Custom rule exclusions
+check:
+  - DS002 # Also skip Trivy equivalent of the root user check

.devcontainer/devcontainer.json

@@ -0,0 +1,19 @@
+{
+  "name": "Ubuntu",
+  "image": "mcr.microsoft.com/devcontainers/base:noble",
+  "features": {
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {},
+    "ghcr.io/devcontainers/features/github-cli:1": {},
+    "ghcr.io/devcontainers/features/node:1": {},
+    "ghcr.io/guiyomh/features/vim:0": {}
+  },
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "Mattickx.copilotignore-vscode",
+        "GitHub.copilot-chat",
+        "GitHub.copilot"
+      ]
+    }
+  }
+}

.github/linters/.hadolint.yaml

@@ -0,0 +1,6 @@
+ignored:
+  - DL3006 # Use USER to switch to non-root when possible
+  - DL3008 # Pin versions in apt-get install
+  - DL3013 # Use WORKDIR to switch to a directory
+
+# You can add additional rules or custom configuration here

.github/linters/.shellcheckrc

@@ -0,0 +1,4 @@
+# Shellcheck configuration for docker-runner project
+
+# Ignore SC1091 for logger.sh sourcing - file exists at runtime but not during linting
+disable=SC1091

.github/workflows/build.yml

@@ -0,0 +1,58 @@
+name: Build Image
+
+on:
+  pull_request:
+    branches:
+      - main
+  release:
+    types: [released]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+permissions: {}
+
+jobs:
+  docker:
+    name: Docker
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        with:
+          images: |
+            ghcr.io/${{ github.repository }}
+          tags: |
+            type=schedule
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=ref,event=branch
+            type=ref,event=pr
+            type=sha
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - name: Login to Docker Hub
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: docker
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/release.yml

@@ -0,0 +1,62 @@
+name: Release Application
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+permissions: {}
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: read
+      statuses: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+      - name: Lint
+        uses: super-linter/super-linter@ffde3b2b33b745cb612d787f669ef9442b1339a6 # v8.1.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          FILTER_REGEX_EXCLUDE: CHANGELOG.md
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    needs:
+      - lint
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
+        id: token
+        with:
+          app-id: ${{ vars.APP_ID_SEMREL }}
+          private-key: ${{ secrets.APP_KEY_SEMREL }}
+      - name: Semantic release
+        id: semrel
+        uses: cycjimmy/semantic-release-action@9cc899c47e6841430bbaedb43de1560a568dfd16 # v5.0.0
+        with:
+          dry_run: ${{ github.event_name != 'push' }}
+          ci: true
+        env:
+          GITHUB_TOKEN: ${{ steps.token.outputs.token }}

.gitignore

@@ -0,0 +1,11 @@
+# dev
+.copilot
+.dev
+
+# superlinter
+# Super-linter outputs
+super-linter-output
+super-linter.log
+
+# GitHub Actions leftovers
+github_conf

.releaserc.json

@@ -0,0 +1,22 @@
+{
+  "branches": ["main"],
+  "tagFormat": "${version}",
+  "plugins": [
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
+    [
+      "@semantic-release/changelog",
+      {
+        "changelogFile": "CHANGELOG.md"
+      }
+    ],
+    [
+      "@semantic-release/git",
+      {
+        "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}",
+        "assets": ["CHANGELOG.md"]
+      }
+    ],
+    "@semantic-release/github"
+  ]
+}

.shellcheckrc

@@ -0,0 +1,4 @@
+# Shellcheck configuration for docker-runner project
+
+# Ignore SC1091 for logger.sh sourcing - file exists at runtime but not during linting
+disable=SC1091

.trivyignore

@@ -0,0 +1,2 @@
+# Skip root user check - required for Docker-in-Docker GitHub Actions runner
+AVD-DS-0002