diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..db557b1 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,3 @@ +# CODEOWNERS + +* @quiknode-labs/DevOps diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 924046e..832b176 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,44 +5,17 @@ updates: directory: "/" schedule: interval: "daily" - assignees: - - "haxorof" - # Maintain dependencies for Docker - - package-ecosystem: "docker" - directory: "/" - schedule: - interval: "daily" - ignore: - - dependency-name: "centos*" - assignees: - - "haxorof" - # Maintain dependencies for Python PiP (v2.11) - - package-ecosystem: "pip" - directory: "/requirements/v2.11" - schedule: - interval: "daily" - assignees: - - "haxorof" - ignore: - - dependency-name: "*" - update-types: ["version-update:semver-minor", "version-update:semver-major"] - # Maintain dependencies for Python PiP (v2.12) - package-ecosystem: pip - directory: "/requirements/v2.12" + directory: "/requirements/v2.16" schedule: interval: daily - assignees: - - "haxorof" ignore: - dependency-name: "*" update-types: ["version-update:semver-minor", "version-update:semver-major"] - # Maintain dependencies for Python PiP (v2.13) - package-ecosystem: pip - directory: "/requirements/v2.13" + directory: "/requirements/v2.17" schedule: interval: daily - assignees: - - "haxorof" ignore: - dependency-name: "*" update-types: ["version-update:semver-minor", "version-update:semver-major"] diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index 6f448e3..0000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,155 +0,0 @@ -name: CI -on: - push: - branches: - - main - pull_request: - branches: - - main - schedule: - - cron: '0 1 * * 0' - -env: - IMAGE_NAME: sjoshi10/ansible-core - LATEST_OS: alpine - LATEST_VERSION: v2.13 - DOCKER_CLI_VERSION: "20.10.14" - GOSU_VERSION: "1.14" - -jobs: - build_push_before_python38: - runs-on: ubuntu-latest - strategy: - matrix: - os: [almalinux8, alpine, ubuntu] - version: [v2.11] - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Prepare - id: prep - run: | - cp requirements/${MATRIX_VERSION}/requirements.txt requirements/requirements.txt - TAGS="${IMAGE_NAME}:${MATRIX_VERSION}-${MATRIX_OS}" - if [[ "$MATRIX_OS" == "$LATEST_OS" ]]; then - TAGS="${TAGS},${IMAGE_NAME}:$MATRIX_VERSION" - elif [[ "$MATRIX_OS" == "almalinux8" && "$MATRIX_VERSION" == "v2.11" ]]; then - TAGS="${TAGS},${IMAGE_NAME}:latest-${MATRIX_OS}" - fi - echo "::set-output name=tags::${TAGS}" - echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') - env: - MATRIX_OS: ${{ matrix.os }} - MATRIX_VERSION: ${{ matrix.version }} - - # Since sudo is used this will complain and suggest gosu but that - # needs to be tested if gosu can replace sudo for Ansible use-cases. - # - name: Lint Dockerfile - # uses: docker://replicated/dockerfilelint:latest - # with: - # args: Dockerfile.${{ matrix.os }} - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2.0.0 - - - name: Login to DockerHub - uses: docker/login-action@v2.0.0 - if: ${{ endsWith(github.ref, '/main') }} - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and Push - uses: docker/build-push-action@v3.0.0 - with: - labels: | - org.opencontainers.image.created=${{ steps.prep.outputs.created }} - org.opencontainers.image.source=${{ github.repositoryUrl }} - org.opencontainers.image.version=${{ matrix.version }} - org.opencontainers.image.revision=${{ github.sha }} - org.opencontainers.image.licenses=${{ github.event.repository.license.name }} - build-args: | - docker_version=${{ env.DOCKER_CLI_VERSION }} - gosu_version=${{ env.GOSU_VERSION }} - tags: ${{ steps.prep.outputs.tags }} - context: . - file: ./Dockerfile.${{ matrix.os }} - push: ${{ endsWith(github.ref, '/main') }} - - build_push_python38_and_later: - needs: build_push_before_python38 - runs-on: ubuntu-latest - strategy: - matrix: - os: [alpine, ubuntu] - version: [v2.12, v2.13,v2.15] - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Prepare - id: prep - run: | - cp requirements/${MATRIX_VERSION}/requirements.txt requirements/requirements.txt - TAGS="${IMAGE_NAME}:${MATRIX_VERSION}-${MATRIX_OS}" - if [[ "$MATRIX_OS" == "$LATEST_OS" ]]; then - TAGS="${TAGS},${IMAGE_NAME}:$MATRIX_VERSION" - if [[ "$MATRIX_VERSION" == "$LATEST_VERSION" ]]; then - TAGS="${TAGS},${IMAGE_NAME}:latest-${MATRIX_OS},${IMAGE_NAME}:latest" - fi - elif [[ "$MATRIX_VERSION" == "$LATEST_VERSION" ]]; then - TAGS="${TAGS},${IMAGE_NAME}:latest-${MATRIX_OS}" - fi - echo "::set-output name=tags::${TAGS}" - echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') - env: - MATRIX_OS: ${{ matrix.os }} - MATRIX_VERSION: ${{ matrix.version }} - - # Since sudo is used this will complain and suggest gosu but that - # needs to be tested if gosu can replace sudo for Ansible use-cases. - # - name: Lint Dockerfile - # uses: docker://replicated/dockerfilelint:latest - # with: - # args: Dockerfile.${{ matrix.os }} - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2.0.0 - - - name: Login to DockerHub - uses: docker/login-action@v2.0.0 - if: ${{ endsWith(github.ref, '/main') }} - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and Push - uses: docker/build-push-action@v3.0.0 - with: - labels: | - org.opencontainers.image.created=${{ steps.prep.outputs.created }} - org.opencontainers.image.source=${{ github.repositoryUrl }} - org.opencontainers.image.version=${{ matrix.version }} - org.opencontainers.image.revision=${{ github.sha }} - org.opencontainers.image.licenses=${{ github.event.repository.license.name }} - build-args: | - docker_version=${{ env.DOCKER_CLI_VERSION }} - gosu_version=${{ env.GOSU_VERSION }} - tags: ${{ steps.prep.outputs.tags }} - context: . - file: ./Dockerfile.${{ matrix.os }} - push: ${{ endsWith(github.ref, '/main') }} - - update_docker_hub_description: - needs: build_push_python38_and_later - runs-on: ubuntu-latest - if: ${{ endsWith(github.ref, '/main') }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Docker Hub Description - uses: peter-evans/dockerhub-description@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} - repository: ${{ env.IMAGE_NAME }} diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml new file mode 100644 index 0000000..34ae8a9 --- /dev/null +++ b/.github/workflows/docker-image.yml @@ -0,0 +1,90 @@ +name: docker-image +on: + pull_request: + branches: + - main + # this will work for manual release + release: + types: + - published + # this will work for auto release + # triggered by release-please action + workflow_run: + workflows: ["release-please"] + types: + - completed +env: + IMAGE_NAME: ghcr.io/quiknode-labs/docker-ansible-core + LATEST_OS: ubuntu + LATEST_VERSION: v2.17 +jobs: + build_and_push_on_release: + runs-on: ubuntu-latest + permissions: + contents: write + packages: write + strategy: + matrix: + os: [ubuntu] + version: [v2.16, v2.17] + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Prepare + id: prep + run: | + # Copy the appropriate requirements file + cp requirements/${MATRIX_VERSION}/requirements.txt requirements/requirements.txt + + # Extract the full ansible-core version (e.g. "2.16.14") + ANSIBLE_CORE_VERSION=$(grep ansible-core requirements/${MATRIX_VERSION}/requirements.txt | cut -d "=" -f 3) + + # Create both the patch version tag and the legacy matrix version tag + TAGS="${IMAGE_NAME}:${ANSIBLE_CORE_VERSION}-${MATRIX_OS},${IMAGE_NAME}:${MATRIX_VERSION}-${MATRIX_OS}" + # If running on the latest OS, add additional tags. + if [[ "$MATRIX_OS" == "$LATEST_OS" ]]; then + TAGS="${TAGS},${IMAGE_NAME}:${ANSIBLE_CORE_VERSION}" + # Also handle 'latest' if this is the latest version you expect + if [[ "$MATRIX_VERSION" == "$LATEST_VERSION" ]]; then + TAGS="${TAGS},${IMAGE_NAME}:latest-${MATRIX_OS},${IMAGE_NAME}:latest" + fi + elif [[ "$MATRIX_VERSION" == "$LATEST_VERSION" ]]; then + TAGS="${TAGS},${IMAGE_NAME}:latest-${MATRIX_OS}" + fi + + echo "tags=${TAGS}" >> $GITHUB_OUTPUT + echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT + env: + MATRIX_OS: ${{ matrix.os }} + MATRIX_VERSION: ${{ matrix.version }} + + - name: Set up QEMU to support cross-architecture builds + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3.11.1 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + if: ${{ github.event_name == 'release' || github.event_name == 'workflow_run' }} + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build Image and push to ghcr only on Release + uses: docker/build-push-action@v6 + with: + platforms: linux/amd64,linux/arm64 + labels: | + org.opencontainers.image.created=${{ steps.prep.outputs.created }} + org.opencontainers.image.source=${{ github.repositoryUrl }} + org.opencontainers.image.version=${{ matrix.version }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.licenses=${{ github.event.repository.license.name }} + context: . + file: ./Dockerfile.${{ matrix.os }} + tags: ${{ steps.prep.outputs.tags }} + # Push only on release events; for PRs, just build. + push: ${{ github.event_name == 'release' || github.event_name == 'workflow_run' }} diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml new file mode 100644 index 0000000..95d57d0 --- /dev/null +++ b/.github/workflows/release-please.yml @@ -0,0 +1,13 @@ +on: + push: + branches: + - master + - main +name: release-please +jobs: + release-please: + runs-on: ubuntu-latest + steps: + - uses: googleapis/release-please-action@v4 + with: + release-type: simple diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..21943c9 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +requirements/requirements.txt diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..8ed328f --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,72 @@ +# Changelog + +## [1.4.8](https://github.com/quiknode-labs/docker-ansible-core/compare/v1.4.7...v1.4.8) (2025-07-02) + + +### Bug Fixes + +* TEC-2210 - install more popular deps and upgrade ansible ([0d8d77f](https://github.com/quiknode-labs/docker-ansible-core/commit/0d8d77fa6a0c9507c4d78d24e4ed16d986349902)) +* TEC-2210 - install more popular deps and upgrade ansible ([3d02e99](https://github.com/quiknode-labs/docker-ansible-core/commit/3d02e9943ba9bb9ab42fd0c919b08d479defb9f8)) + +## [1.4.7](https://github.com/quiknode-labs/docker-ansible-core/compare/v1.4.6...v1.4.7) (2025-04-14) + + +### Bug Fixes + +* TEC-1754/docker-command-not-found-error ([9a7b4f9](https://github.com/quiknode-labs/docker-ansible-core/commit/9a7b4f912750d6a2a5c960a98890b66ac42c4dee)) +* TEC-1754/docker-command-not-found-error ([65be402](https://github.com/quiknode-labs/docker-ansible-core/commit/65be402ba0ae4a714677a61f7ed1bf49448d5de4)) + +## [1.4.6](https://github.com/quiknode-labs/docker-ansible-core/compare/v1.4.5...v1.4.6) (2025-04-08) + + +### Bug Fixes + +* final changes to support ANSIBLE_STRATEGY_PLUGINS ([8abb08f](https://github.com/quiknode-labs/docker-ansible-core/commit/8abb08f5ab420aa078f32cd13d98c189d2984aec)) +* TEC-1680/more-fixes2 ([f228202](https://github.com/quiknode-labs/docker-ansible-core/commit/f228202992c39143011487b76c469ac2c948a826)) +* TEC-1680/more-fixes2 ([450dcca](https://github.com/quiknode-labs/docker-ansible-core/commit/450dccad03c20aab30086a65b3362f366d7bfcd2)) + +## [1.4.4](https://github.com/quiknode-labs/docker-ansible-core/compare/v1.4.3...v1.4.4) (2025-04-07) + + +### Bug Fixes + +* TEC-1680/more-fixes ([73ebcc1](https://github.com/quiknode-labs/docker-ansible-core/commit/73ebcc146aee55f10d47aaa683c56684421e16e7)) +* TEC-1680/more-fixes ([c64180b](https://github.com/quiknode-labs/docker-ansible-core/commit/c64180b589d3b682a659e1efc55905badf7b922b)) + +## [1.4.2](https://github.com/quiknode-labs/docker-ansible-core/compare/v1.4.1...v1.4.2) (2025-04-07) + + +### Bug Fixes + +* TEC-1680/fix permissions issues ([9fa1b68](https://github.com/quiknode-labs/docker-ansible-core/commit/9fa1b68dd1a5a21bc522c1033c972b292112d0e7)) +* TEC-1680/polishing-after-merge ([062a934](https://github.com/quiknode-labs/docker-ansible-core/commit/062a9347a0efa19dd9ba9d75eb714ad27b3628d8)) + +## [1.4.0](https://github.com/quiknode-labs/docker-ansible-core/compare/v1.3.1...v1.4.0) (2025-04-07) + + +### Features + +* TEC-1680/add-native-mitogen-integration ([52fb7c8](https://github.com/quiknode-labs/docker-ansible-core/commit/52fb7c8318fccc355076448538f24fc3249ae421)) +* TEC-1680/add-native-mitogen-integration ([afb6e0c](https://github.com/quiknode-labs/docker-ansible-core/commit/afb6e0c7b0768b81267229ee57263b15cf110411)) + + +### Bug Fixes + +* address Chase's comments ([135c0a7](https://github.com/quiknode-labs/docker-ansible-core/commit/135c0a7e7d2764ab41690a7af2bf195812ee1781)) +* remove gosu ([8f862ca](https://github.com/quiknode-labs/docker-ansible-core/commit/8f862cac61a58a00d4be00f011c903d634ee05fe)) + +## [1.3.0](https://github.com/quiknode-labs/docker-ansible-core/compare/v1.2.0...v1.3.0) (2025-03-14) + + +### Features + +* TEC-1556/remove 2.18 for now ([4623ad5](https://github.com/quiknode-labs/docker-ansible-core/commit/4623ad5f6e6b0ddfaa5b7063ff47257c0f708843)) +* TEC-1556/remove alpine, 2.15 ([7e4b9ef](https://github.com/quiknode-labs/docker-ansible-core/commit/7e4b9efbe3e93edcbaf400167c51699ad6193285)) +* TEC-1556/remove alpine, 2.15 ([3daf031](https://github.com/quiknode-labs/docker-ansible-core/commit/3daf031a61daa64a8f87df684c9a3b4572716a18)) +* TEC-1556/remove-things ([380a59a](https://github.com/quiknode-labs/docker-ansible-core/commit/380a59a3b4a10bce97163480846c4ecc2d20bb15)) + + +### Bug Fixes + +* TEC-1556/fix-typo ([ec2ebe8](https://github.com/quiknode-labs/docker-ansible-core/commit/ec2ebe8b5de37a97f75b704340230ce837cd2036)) +* TEC-1556/fix-typo ([4ffb7e9](https://github.com/quiknode-labs/docker-ansible-core/commit/4ffb7e9645347b3ee1052d0c1083c99667f3188a)) diff --git a/Dockerfile.almalinux8 b/Dockerfile.almalinux8 deleted file mode 100644 index 559f565..0000000 --- a/Dockerfile.almalinux8 +++ /dev/null @@ -1,56 +0,0 @@ -FROM almalinux:9.3-20231124 - -LABEL org.opencontainers.image.title="haxorof/ansible-core" \ - org.opencontainers.image.description="Ansible Core + additions" \ - org.opencontainers.image.licenses="MIT" - -ARG docker_version -ARG gosu_version - -ENV LANG en_US.UTF-8 -ENV LC_ALL en_US.UTF-8 - -ONBUILD USER root - -COPY requirements/requirements.txt ./requirements.txt - -RUN dnf install -y epel-release \ - && dnf clean all \ - && dnf makecache \ - && dnf upgrade -y \ - && dnf install -y \ - openssh \ - sshpass \ - git \ - sudo \ - python3-pip \ - tar \ - wget \ - curl-minimal \ - glibc-langpack-en \ - tzdata \ - # install gosu for a better su+exec command (remove sudo if this works) - && curl -o /usr/bin/gosu "https://github.com/tianon/gosu/releases/download/$gosu_version/gosu-amd64" \ - && chmod +x /usr/bin/gosu \ - && gosu nobody true \ - && python3 -m pip install --no-cache-dir --upgrade pip \ - && python3 -m pip install --no-cache-dir -r requirements.txt \ - && curl https://download.docker.com/linux/static/stable/x86_64/docker-${docker_version}.tgz | tar -xz -C /usr/lib \ - && ln -s /usr/lib/docker/docker /usr/bin/docker \ - && mkdir -p /etc/ansible/roles \ - && echo 'localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3' > /etc/ansible/hosts \ - && dnf clean all \ - && rm -rf /var/cache/yum \ - && useradd -u 1000 ansible-1000 \ - && useradd -u 1001 ansible-1001 \ - && useradd -u 10000 ansible-10000 \ - && echo 'ansible-1000 ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/ansible \ - && echo 'ansible-1001 ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/ansible \ - && echo 'ansible-10000 ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/ansible - - -WORKDIR /mnt - -USER ansible-10000 - -CMD [ "ansible-playbook", "playbook.yml" ] diff --git a/Dockerfile.alpine b/Dockerfile.alpine deleted file mode 100644 index 66feb58..0000000 --- a/Dockerfile.alpine +++ /dev/null @@ -1,57 +0,0 @@ -FROM python:3.10.5-alpine - -LABEL org.opencontainers.image.title="haxorof/ansible-core" \ - org.opencontainers.image.description="Ansible Core + additions" \ - org.opencontainers.image.licenses="MIT" - -ARG docker_version -ARG gosu_version - -ENV LANG en_US.UTF-8 -ENV LC_ALL en_US.UTF-8 - -ONBUILD USER root - -COPY requirements/requirements.txt ./requirements.txt - -RUN \ - # Instructions for installing 1password cli: https://developer.1password.com/docs/cli/get-started/ - echo https://downloads.1password.com/linux/alpinelinux/stable/ >> /etc/apk/repositories \ - && wget "https://downloads.1password.com/linux/keys/alpinelinux/support@1password.com-61ddfc31.rsa.pub" -P /etc/apk/keys \ - && apk update \ - && apk add --no-cache linux-headers \ - build-base \ - libffi-dev \ - openssl-dev \ - openssh \ - sshpass \ - git \ - sudo \ - tzdata \ - cargo \ - rsync \ - 1password-cli \ - # install gosu for a better su+exec command (remove sudo if this works) - && wget -O /usr/bin/gosu "https://github.com/tianon/gosu/releases/download/$gosu_version/gosu-amd64" \ - && chmod +x /usr/bin/gosu \ - && gosu nobody true \ - && python3 -m pip install --no-cache-dir --upgrade pip \ - && python3 -m pip install --no-cache-dir -r requirements.txt \ - && wget -O - https://download.docker.com/linux/static/stable/x86_64/docker-${docker_version}.tgz | tar -xz -C /usr/lib \ - && ln -s /usr/lib/docker/docker /usr/bin/docker \ - && mkdir -p /etc/ansible/roles \ - && echo 'localhost ansible_connection=local ansible_python_interpreter=/usr/local/bin/python3' > /etc/ansible/hosts \ - && rm -rf /var/cache/apk/* \ - && rm -rf /root/.cache \ - && adduser -u 1000 -D ansible-1000 \ - && adduser -u 1001 -D ansible-1001 \ - && adduser -u 10000 -D ansible-10000 \ - && echo 'ansible-1000 ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/ansible \ - && echo 'ansible-1001 ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/ansible \ - && echo 'ansible-10000 ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/ansible - -WORKDIR /mnt - -USER ansible-10000 - -CMD [ "ansible-playbook", "playbook.yml" ] diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu index 5a8922f..dbd6e43 100644 --- a/Dockerfile.ubuntu +++ b/Dockerfile.ubuntu @@ -1,67 +1,99 @@ FROM ubuntu:22.04 -LABEL org.opencontainers.image.title="haxorof/ansible-core" \ - org.opencontainers.image.description="Ansible Core + additions" \ - org.opencontainers.image.licenses="MIT" +LABEL org.opencontainers.image.title="quiknode-labs/docker-ansible-core" \ + org.opencontainers.image.description="Ansible Core + additions" -ARG docker_version -ARG gosu_version - -ENV DEBIAN_FRONTEND=noninteractive -ENV DEFAULT_LOCAL_TMP=/var/tmp/.ansible/tmp +# ANSIBLE_STRATEGY_PLUGINS is Hardcoded, because it's impossible to set dinamically +ENV DEBIAN_FRONTEND=noninteractive \ + DEFAULT_LOCAL_TMP=/var/tmp/.ansible/tmp \ + ANSIBLE_STRATEGY_PLUGINS=/usr/local/lib/python3.10/dist-packages/ansible_mitogen ONBUILD USER root COPY requirements/requirements.txt ./requirements.txt -RUN \ - apt update \ - && apt -y install \ - curl \ - gnupg \ - # Instructions for installing 1password cli: https://support.1password.com/install-linux/#get-1password-for-linux - && curl -sS https://downloads.1password.com/linux/keys/1password.asc | gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg \ - && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/$(dpkg --print-architecture) stable main" | tee /etc/apt/sources.list.d/1password.list \ - && mkdir -p /etc/debsig/policies/AC2D62742012EA22/ \ - && curl -sS https://downloads.1password.com/linux/debian/debsig/1password.pol | tee /etc/debsig/policies/AC2D62742012EA22/1password.policies \ - && apt-get -y clean \ - && apt-get -y update \ - && apt-get -y install apt-utils \ - && apt-get -y upgrade \ - && apt-get -y install \ - && apt-get -y install ruby-full \ - sshpass \ - git \ - sudo \ - python3-pip \ - wget \ - curl \ - tzdata \ - cargo \ - rsync \ - 1password-cli \ - # install gosu for a better su+exec command (remove sudo if this works) - && wget -O /usr/bin/gosu "https://github.com/tianon/gosu/releases/download/$gosu_version/gosu-amd64" \ - && chmod +x /usr/bin/gosu \ - && gosu nobody true \ - && python3 -m pip install --no-cache-dir --upgrade pip \ - && python3 -m pip install --no-cache-dir -r requirements.txt \ - && wget -O - https://download.docker.com/linux/static/stable/x86_64/docker-${docker_version}.tgz | tar -xz -C /usr/lib \ - && ln -s /usr/lib/docker/docker /usr/bin/docker \ - && mkdir -p /etc/ansible/roles \ - && echo 'localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3' > /etc/ansible/hosts \ - && apt-get clean \ - && useradd -m -u 1000 ansible-1000 \ - && useradd -m -u 1001 ansible-1001 \ - && useradd -m -u 10000 ansible-10000 \ - && echo 'ansible-1000 ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/ansible \ - && echo 'ansible-1001 ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/ansible \ - && echo 'ansible-10000 ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/ansible +# Upgrade system packages in one dedicated layer (run less frequently) +RUN apt-get update && \ + apt-get -y upgrade && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +# Note: +# - openssh-client: for key management (like ssh-copy-id) +# - less: for ansible commands (like ansible-doc) +# - make, patch, cargo, clang, etc.: for compiling requirements during role_chain_build +# - ca-certificates: required for 1password-cli and docker cli +RUN apt-get update && \ + apt-get -y --no-install-recommends install \ + curl \ + gnupg \ + apt-utils \ + ruby-full \ + sshpass \ + git \ + sudo \ + python3-pip \ + wget \ + tzdata \ + rsync \ + openssh-client \ + less \ + make \ + patch \ + cargo \ + clang \ + libclang-dev \ + llvm-dev \ + ca-certificates \ + python3-netaddr \ + jq \ + && \ + curl -sS https://downloads.1password.com/linux/keys/1password.asc | gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg && \ + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/$(dpkg --print-architecture) stable main" | tee /etc/apt/sources.list.d/1password.list && \ + mkdir -p /etc/debsig/policies/AC2D62742012EA22/ && \ + curl -sS https://downloads.1password.com/linux/debsig/1password.pol | tee /etc/debsig/policies/AC2D62742012EA22/1password.policies && \ + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker.gpg && \ + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo \"${UBUNTU_CODENAME:-$VERSION_CODENAME}\") stable" | tee /etc/apt/sources.list.d/docker.list && \ + apt-get update && \ + apt-get -y --no-install-recommends install 1password-cli && \ + apt-get -y --no-install-recommends install docker-ce-cli && \ + apt-get autoremove -y && \ + apt-get autoclean -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* && \ + rm -rf /tmp/* && \ + rm -rf /var/tmp/* && \ + rm -rf /root/.ansible && \ + rm -rf /root/.cache && \ + apt-get update +# The latest apt-get update command is needed to ensure that the apt cache is up to date for the backward compatibility +# Some DroneCI pupelines run apt-get install without apt-get update before + +# Install defferent dependencies +RUN gem install bundler && \ + python3 -m pip install --no-cache-dir --upgrade pip && \ + python3 -m pip install --no-cache-dir -r requirements.txt + +# Set up Ansible environment and create users with sudo privileges +RUN mkdir -p /etc/ansible/roles && \ + echo 'localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3' > /etc/ansible/hosts && \ + useradd -m -u 1000 ansible-1000 && \ + useradd -m -u 1001 ansible-1001 && \ + useradd -m -u 10000 ansible-10000 && \ + echo 'ansible-1000 ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/ansible && \ + echo 'ansible-1001 ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/ansible && \ + echo 'ansible-10000 ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/ansible && \ + EXPECTED_PATH=$(python3 -c 'import site; print(site.getsitepackages()[0])') && \ + if [ "$ANSIBLE_STRATEGY_PLUGINS" != "${EXPECTED_PATH}/ansible_mitogen" ]; then \ + echo "Error: ANSIBLE_STRATEGY_PLUGINS is set to '$ANSIBLE_STRATEGY_PLUGINS' but expected '${EXPECTED_PATH}/ansible_mitogen'. Please, update Dockerfile.ubuntu."; \ + exit 1; \ + else \ + echo "ANSIBLE_STRATEGY_PLUGINS is correctly set to '$ANSIBLE_STRATEGY_PLUGINS'"; \ + fi -RUN gem install bundler -RUN pip3 install jmespath WORKDIR /mnt USER ansible-10000 -CMD [ "ansible-playbook", "playbook.yml" ] +# Use the entrypoint script and default command +CMD [ "ansible", "--version" ] diff --git a/README.md b/README.md index e9479be..29190b2 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,5 @@ # Ansible Core + additions -[![Docker Pulls](https://img.shields.io/docker/pulls/haxorof/ansible-core)](https://hub.docker.com/r/haxorof/ansible-core/) -[![License](https://img.shields.io/github/license/haxorof/docker-ansible-core)](https://hub.docker.com/r/haxorof/ansible-core/) -[![CI](https://github.com/haxorof/docker-ansible-core/workflows/CI/badge.svg)](https://github.com/haxorof/docker-ansible-core/actions?query=workflow%3ACI) - Ansible Core with additions. **Note!** This image is called `ansible-core` but installs `ansible-base` for v2.10 (EOL). For later versions, v2.11 and onwards the `ansible-core` package is installed. @@ -12,26 +8,11 @@ If you find bugs or got improvements of the container, feel free to submit it [h ## Simple Tags -- `v2.13-alpine` -- `v2.13-ubuntu` -- `v2.12-alpine` -- `v2.12-ubuntu` -- `v2.11-almalinux8` -- `v2.11-alpine` -- `v2.11-ubuntu` +- `v2.17-ubuntu` ## Shared Tags -- `v2.13`, `latest-alpine`, `latest` - - `v2.13-alpine` -- `v2.12` - - `v2.12-alpine` -- `v2.11` - - `v2.11-alpine` -- `latest-almalinux8` - - `v2.11-almalinux8` -- `latest-ubuntu` - - `v2.13-ubuntu` +- `v2.17`, `latest-ubuntu`, `latest` ## Additions @@ -53,7 +34,6 @@ Container will run as user `ansible-10000` by default. However, when you build y ### Packages/Tools -- docker-cli - git - openssh - sudo @@ -61,30 +41,15 @@ Container will run as user `ansible-10000` by default. However, when you build y ## How to use this container -Below assume a `playbook.yml` file is located in current directory: +Authenticate -```console -# docker run --rm -v ${PWD}:/mnt haxorof/ansible-core +```sh +USERNAME=Myname +echo $GITHUB_TOKEN | docker login ghcr.io -u $USERNAME --password-stdin ``` To override the default command set you can just add your own arguments after the images name: -```console -# docker run --rm -v ${PWD}:/mnt haxorof/ansible-core ansible -m setup -c local localhost -``` - -## How to use Docker CLI with Ansible to target Python container - -Start a Python container in a terminal: - -```console -# docker run -it --rm --name=target python sh -``` - -In a second terminal run the following which will do an Ansible ping to that Python container: - - -```console -# docker run --rm -v /var/run/docker.sock:/var/run/docker.sock haxorof/ansible-core sh -c "echo 'target ansible_connection=docker' > hosts && ansible -m ping -i hosts all" -``` - +```sh +docker run --rm -v ${PWD}:/mnt ghcr.io/quiknode-labs/docker-ansible-core:v2.16-ubuntu ansible -m setup -c local localhost +``` \ No newline at end of file diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..5db72dd --- /dev/null +++ b/renovate.json @@ -0,0 +1,6 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended" + ] +} diff --git a/requirements/v2.11/requirements.txt b/requirements/v2.11/requirements.txt deleted file mode 100644 index 81516f8..0000000 --- a/requirements/v2.11/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -ansible-core==2.11.12 diff --git a/requirements/v2.12/requirements.txt b/requirements/v2.12/requirements.txt deleted file mode 100644 index 90411ad..0000000 --- a/requirements/v2.12/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -ansible-core==2.12.7 diff --git a/requirements/v2.13/requirements.txt b/requirements/v2.13/requirements.txt deleted file mode 100644 index a110a2f..0000000 --- a/requirements/v2.13/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -ansible-core==2.13.13 -mitogen==0.3.4 diff --git a/requirements/v2.15/requirements.txt b/requirements/v2.15/requirements.txt deleted file mode 100644 index 79a8a03..0000000 --- a/requirements/v2.15/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -ansible-core==2.15.3 -mitogen==0.3.4 diff --git a/requirements/v2.16/requirements.txt b/requirements/v2.16/requirements.txt new file mode 100644 index 0000000..090173b --- /dev/null +++ b/requirements/v2.16/requirements.txt @@ -0,0 +1,4 @@ +ansible-core==2.16.14 +mitogen==0.3.24 +jmespath==1.0.1 +netaddr==1.3.0 diff --git a/requirements/v2.17/requirements.txt b/requirements/v2.17/requirements.txt new file mode 100644 index 0000000..62ea86e --- /dev/null +++ b/requirements/v2.17/requirements.txt @@ -0,0 +1,4 @@ +ansible-core==2.17.12 +mitogen==0.3.24 +jmespath==1.0.1 +netaddr==1.3.0