Merge pull request #9 from mhitza/repo-ansible-1730131178

chore: repo-ansible run

.devcontainer/Dockerfile

@@ -26,10 +26,8 @@ RUN groupadd --gid $USER_GID $USERNAME \
     && chmod 0440 /etc/sudoers.d/$USERNAME \
     && sudo chsh -s /bin/bash vscode
 
-COPY --chown=vscode:vscode ../. /app
-RUN chown vscode:vscode -R /app /var/log/apache2
+RUN chown vscode:vscode -R /var/log/apache2
 
 RUN echo "xdebug.mode=off" | tee '/usr/local/etc/php/conf.d/xdebug.ini'
 
 WORKDIR /app
-USER root

.devcontainer/devcontainer.json

@@ -15,42 +15,36 @@
       "ghcr.io/devcontainers/features/docker-in-docker:1": {}
   },
 
-  // Configure tool-specific properties.
   "customizations": {
-      // Configure properties specific to VS Code.
-      "vscode": {
-          // Set *default* container specific settings.json values on container create.
-          "settings": {
-              "php.validate.executablePath": "/usr/local/bin/php",
-              "yaml.schemas": {
-                "https://raw.githubusercontent.com/linkorb/repo-ansible/main/repo.schema.yaml": ["repo.yaml"]
-              },
-              // YAML extension by RedHat that prompts on each new devcontainer to enable telemetry
-              "redhat.telemetry.enabled": false
-          },
-          // Add the IDs of extensions you want installed when the container is created.
-          "extensions": [
-              "xdebug.php-debug",
-              "bmewburn.vscode-intelephense-client",
-              "mrmlnc.vscode-apache",
-              "74th.json-yaml-schema-selector"
-          ]
-      }
+      // auto-generated based on repo-ansible defaults + repo.yaml (devcontainer.customizations_vscode) definition
+      "vscode":
+{
+  "extensions": [
+    "xdebug.php-debug",
+    "bmewburn.vscode-intelephense-client",
+    "mrmlnc.vscode-apache",
+    "74th.json-yaml-schema-selector"
+  ],
+  "settings": {
+    "php.validate.executablePath": "/usr/local/bin/php",
+    "yaml.schemas": {
+      "https://raw.githubusercontent.com/linkorb/repo-ansible/main/repo.schema.yaml": [
+        "repo.yaml"
+      ]
+    },
+    "redhat.telemetry.enabled": false
+  }
+}
   },
-  "forwardPorts": [80, 3306],
+  "forwardPorts": [ 80, 8000 ],
   "remoteUser": "vscode",
 
   "secrets": {
-    "CR_PAT": {
-      "description": "GitHub Personal Access Token (classic) with package read access, required for docker base image",
-      "documentationUrl": "https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-with-a-personal-access-token-classic"
-    }
-    ,"PACKAGIST_TOKEN": {
+    "PACKAGIST_TOKEN": {
       "description": "Packagist access token, required for installation of composer packages from private packagist",
       "documentationUrl": "https://packagist.com/orgs/linkorb"
     }
   },
-
-  "initializeCommand": "echo $CR_PAT | docker login ghcr.io -u $GITHUB_USER --password-stdin",
-  "postCreateCommand": ".devcontainer/postCreate.sh"
+  "postCreateCommand": ".devcontainer/postCreate.sh",
+  "postStartCommand": ".devcontainer/postStart.sh"
 }

.devcontainer/docker-compose.yml

@@ -11,7 +11,7 @@ services:
         NODE_VERSION: "lts/*"
 
     volumes:
-      - ..:/workspace:cached
+      - ..:/app:cached
 
     # Runs app on the same network as the database container, allows "forwardPorts" in devcontainer.json function.
     network_mode: service:db
@@ -28,13 +28,24 @@ services:
     volumes:
       - mariadb-data:/var/lib/mysql
     environment:
-      MYSQL_ROOT_PASSWORD: mariadb
-      MYSQL_DATABASE: mariadb
-      MYSQL_USER: mariadb
-      MYSQL_PASSWORD: mariadb
+      MARIADB_DATABASE: app
+      MARIADB_USER: mariadb
+      MARIADB_PASSWORD: mariadb
+      MARIADB_ROOT_PASSWORD: mariadb
 
     # Add "forwardPorts": ["3306"] to **devcontainer.json** to forward MariaDB locally.
     # (Adding the "ports" property to this file will not forward from a Codespace.)
 
+
+  phpmyadmin:
+    image: phpmyadmin
+    restart: always
+    environment:
+      PMA_HOST: db
+      PMA_USER: mariadb
+      PMA_PASSWORD: mariadb
+      APACHE_PORT: 8000
+    network_mode: service:db
+
 volumes:
   mariadb-data:

.devcontainer/git/hooks/pre-push

@@ -1,8 +1,10 @@
 #!/usr/bin/bash
 
 temporary_file=$(mktemp)
-composer-unused --no-progress --output-format=github > $temporary_file
+# Temporary workaround on issue reported in #8432
+# shellcheck disable=2024
+sudo composer-unused --no-progress --output-format=github > "$temporary_file"
 exit_code=$?
 
-cat $temporary_file | grep -v 'ignored'
+grep -v 'ignored' "$temporary_file"
 exit $exit_code

.devcontainer/postCreate.sh

@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 # Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten.
 
+# Workaround for recent Python versions which prevent global pip package installation without an explicit flag
+# or removal of a certain file.
+sudo rm /usr/lib/python3.*/EXTERNALLY-MANAGED || true
+
 git config commit.template .devcontainer/git/linkorb_commit.template
 
-cp .devcontainer/git/hooks/pre-push .git/hooks/pre-push
-chmod +x .git/hooks/pre-push
 
 composer config --global --auth http-basic.repo.packagist.com "$GITHUB_USER" "$PACKAGIST_TOKEN"
 
 composer install
 
+

.devcontainer/postStart.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten.
+
+# pre-push composer-unused hook disabled. See Card #8980
+if [ -f .git/hooks/pre-push ]; then
+  diff .devcontainer/git/hooks/pre-push .git/hooks/pre-push
+  if [ $? -eq 0 ]; then
+    rm .git/hooks/pre-push
+  fi
+fi

.github/settings.yml

@@ -10,10 +10,11 @@ repository:
   # A short description of the repository that will show up on GitHub
   description: "Shipyard symfony CLI"
 
-    # A URL with more information about the repository
+
+  # A URL with more information about the repository
   homepage: https://engineering.linkorb.com
-  
-  
+
+
   # Either `true` to make the repository private, or `false` to make it public.
   private: false
 
@@ -71,4 +72,3 @@ labels:
 
 
 # Milestones: define milestones for Issues and Pull Requests
-

.github/workflows/10-review.yaml

@@ -0,0 +1,53 @@
+# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten.
+name: Review
+
+on:
+  pull_request_target:
+    types: [opened, edited, reopened, synchronize]
+  workflow_call:
+
+jobs:
+  commit-conventions:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # interesting alternative: https://github.com/cocogitto/cocogitto
+      - name: Conventional commit checker
+        uses: webiny/[email protected]
+        # XXX: normal action versioning syntax (`@v1`) doesn't work with this action,
+        # possibly because not published on the GitHub marketplace
+
+      - name: Check Card# reference
+        uses: gsactions/commit-message-checker@v2
+        with:
+          # Matches lines that end in a card number:                  #1234
+          # Matches lines that end in a card number and PR reference: #1234 (#20)
+          pattern: '#\d{4}(\s+\(#\d+\))?'
+          flags: 'gm'
+          error: 'Your commit message has to end with a card number like "#1234".'
+          excludeDescription: 'true' # optional: this excludes the description body of a pull request
+          excludeTitle: 'true' # optional: this excludes the title of a pull request
+          checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request
+          accessToken: ${{ secrets.GITHUB_TOKEN }} # github access token is only required if checkAllCommitMessages is true
+
+      - name: Check Line Length
+        uses: gsactions/commit-message-checker@v2
+        with:
+          pattern: '^.{0,50}$'
+          error: 'The maximum line length of 50 characters is exceeded.'
+          excludeDescription: 'true' # optional: this excludes the description body of a pull request
+          excludeTitle: 'true' # optional: this excludes the title of a pull request
+          checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request
+          accessToken: ${{ secrets.GITHUB_TOKEN }} # github access token is only required if checkAllCommitMessages is true
+
+      - name: Check Body Length
+        uses: gsactions/commit-message-checker@v2
+        with:
+          pattern: '^.{0,72}$'
+          error: 'The maximum line length of 72 characters is exceeded in the body.'
+          excludeDescription: 'false' # optional: this excludes the description body of a pull request
+          excludeTitle: 'true' # optional: this excludes the title of a pull request
+          checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request
+          accessToken: ${{ secrets.GITHUB_TOKEN }} # github access token is only required if checkAllCommitMessages is true

.github/workflows/dependabot-auto-merge.yaml

@@ -1,18 +1,18 @@
-name: Dependabot auto-merge
+name: Auto-merge Dependabot PRs
 on: pull_request_target
 
 permissions:
   pull-requests: write # required for the action to read metadata
   contents: write # required for the gh client to read/merge commits
 
 jobs:
-  dependabot:
+  run:
     runs-on: ubuntu-latest
     if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
     steps:
       - name: Dependabot metadata
         id: metadata
-        uses: dependabot/fetch-metadata@v1
+        uses: dependabot/fetch-metadata@v2
 
       - name: Enable auto-merge for Dependabot PRs
         if: steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch'

.github/workflows/repo-ansible.yaml

@@ -1,4 +1,4 @@
-name: repo-ansible
+name: Auto-run repo-ansible
 
 on:
   workflow_dispatch:
@@ -27,35 +27,16 @@ jobs:
     steps:
       - if: ${{ env.IS_PULL_REQUEST == '0' }}
         uses: actions/checkout@v4
-        with:
-          path: current
 
       - if: ${{ env.IS_PULL_REQUEST == '1' }}
         uses: actions/checkout@v4
         with:
-          path: current
           ref: refs/pull/${{ github.event.pull_request.number }}/merge
 
-      - uses: actions/checkout@v4
-        with:
-          repository: linkorb/repo-ansible
-          path: repo-ansible
-
-
-      # XXX ansible installed within GitHub Runner via pipx, which doesn't support direct installation from a file
-      # like pip does. See https://github.com/pypa/pipx/issues/934
-      - name: install repo-ansible dependencies
-        working-directory: repo-ansible
-        run: cat requirements.txt | xargs pipx inject ansible-core
-
-
-      - name: run ansible playbook
-        working-directory: current
-        env:
-          ANSIBLE_DISPLAY_OK_HOSTS: 0
-          ANSIBLE_DISPLAY_SKIPPED_HOSTS: 0
+      - name: repo-ansible
         run: |
-          ansible-playbook ../repo-ansible/playbook-cwd.yaml | tee /tmp/repo_ansible_output
+          docker pull ghcr.io/linkorb/repo-ansible:latest >/dev/null
+          docker run --rm -v "$PWD":/app ghcr.io/linkorb/repo-ansible:latest | tee /tmp/repo_ansible_output
           export OUTPUT=$(cat /tmp/repo_ansible_output)
           {
             echo 'REPO_ANSIBLE_OUTPUT<<EOF'
@@ -70,10 +51,9 @@ jobs:
 
       - if: ${{ env.IS_PULL_REQUEST == '0' }}
         name: commit changes
-        working-directory: current
         run: |
-          git config user.name github-actions
-          git config user.email github-actions@github.com
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
           git add .
           if git commit -m "chore: repo-ansible run"; then
             git push

.husky/_/husky.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env sh
+if [ -z "$husky_skip_init" ]; then
+  debug () {
+    if [ "$HUSKY_DEBUG" = "1" ]; then
+      echo "husky (debug) - $1"
+    fi
+  }
+
+  readonly hook_name="$(basename -- "$0")"
+  debug "starting $hook_name..."
+
+  if [ "$HUSKY" = "0" ]; then
+    debug "HUSKY env variable is set to 0, skipping hook"
+    exit 0
+  fi
+
+  if [ -f ~/.huskyrc ]; then
+    debug "sourcing ~/.huskyrc"
+    . ~/.huskyrc
+  fi
+
+  readonly husky_skip_init=1
+  export husky_skip_init
+  sh -e "$0" "$@"
+  exitCode="$?"
+
+  if [ $exitCode != 0 ]; then
+    echo "husky - $hook_name hook exited with code $exitCode (error)"
+  fi
+
+  if [ $exitCode = 127 ]; then
+    echo "husky - command not found in PATH=$PATH"
+  fi
+
+  exit $exitCode
+fi

.husky/commit-msg

@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+. "$(dirname -- "$0")/_/husky.sh"
+
+npx --no -- commitlint --edit ${1}

CODEOWNERS

@@ -2,4 +2,4 @@
 
 # The following individuals are designated as code owner(s) for specific files/directories in the repository:
 
-* @joostfaassen  
+* @joostfaassen

README.md

@@ -18,7 +18,6 @@ It is heavily inspired by [Helm](https://helm.sh/) and [helmfile](https://github
 
 As you can see, the concepts are very similar to Helm and helmfile. The main difference is that Shipyard is not kubernetes-specific and does not require a kubernetes cluster to run. Instead, it uses Docker Swarm to deploy the stacks.
 
-Build status: [![Release](https://github.com/linkorb/shipyard-cli/actions/workflows/30-release-and-build.yaml/badge.svg)](https://github.com/linkorb/shipyard-cli/actions/workflows/30-release-and-build.yaml)