From deef0125ece75e9b3b51793ca62142e05ed4476c Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Sun, 19 Jun 2022 23:43:08 +0800 Subject: [PATCH 01/42] add docker-compose.yaml --- Dockerfile | 3 +++ docker-compose.yaml | 15 +++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 docker-compose.yaml diff --git a/Dockerfile b/Dockerfile index 2c3e349..88775e3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -51,8 +51,11 @@ RUN cp /usr/share/gitweb/static/gitweb.css /usr/share/gitweb/static/gitweb.css.o RUN mkdir /usr/share/gitweb/ihm VOLUME /var/lib/git + WORKDIR /var/lib/git + EXPOSE 80 ENTRYPOINT ["/entrypoint.sh"] + CMD ["app"] diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..cef39c8 --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,15 @@ +version: "3" + +volumes: + gitweb: + +services: + gitweb: + image: fraoustin/gitweb + build: + context: https://github.com/fraoustin/gitweb.git + dockerfile: Dockerfile + ports: + - 80:80 + volumes: + - gitweb:/var/lib/git \ No newline at end of file From bed5ad951389e8b38eb249cca37e627a492f58d9 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Mon, 20 Jun 2022 01:34:18 +0800 Subject: [PATCH 02/42] add china - docker.cn --- Dockerfile.CN | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 Dockerfile.CN diff --git a/Dockerfile.CN b/Dockerfile.CN new file mode 100644 index 0000000..bd0f8f9 --- /dev/null +++ b/Dockerfile.CN @@ -0,0 +1,68 @@ +FROM nginx:1.21 +LABEL maintainer "fraoustin@gmail.com" + +COPY ./src/default.conf /etc/nginx/conf.d/default.conf + +COPY ./src/entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh + +ENV SET_CONTAINER_TIMEZONE false + +# SET CONTAINER TIMEZONE TO CHINA +ENV TZ "Asia/Shanghai" +ENV CONTAINER_TIMEZONE "Asia/Shanghai" + +# USE CHINA USTC MIRROR +RUN sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list +RUN sed -i 's|security.debian.org/debian-security|mirrors.ustc.edu.cn/debian-security|g' /etc/apt/sources.list + +RUN apt-get update && apt-get install -y \ + apache2-utils \ + fcgiwrap \ + git \ + git-core \ + gitweb \ + highlight \ + libcgi-pm-perl \ + mime-support \ + spawn-fcgi \ + && rm -rf /var/lib/apt/lists/* + +# manage user load fcgiwrap +RUN sed -i "s/www-data/nginx/g" /etc/init.d/fcgiwrap + +# manage start container +RUN mkdir /usr/share/gitweb/docker-entrypoint.pre +RUN mkdir /usr/share/gitweb/docker-entrypoint.post +COPY ./src/00_init.sh /usr/share/gitweb/docker-entrypoint.pre/00_init.sh +RUN chmod +x -R /usr/share/gitweb/docker-entrypoint.pre + +# add cmd gitweb +COPY ./src/cmd/addrepos.sh /usr/bin/addrepos +COPY ./src/cmd/addauth.sh /usr/bin/addauth +COPY ./src/cmd/rmrepos.sh /usr/bin/rmrepos +COPY ./src/cmd/rmauth.sh /usr/bin/rmauth +RUN chmod +x /usr/bin/addrepos +RUN chmod +x /usr/bin/addauth +RUN chmod +x /usr/bin/rmrepos +RUN chmod +x /usr/bin/rmauth + +# manage default value +ENV GITUSER gituser +ENV GITPASSWORD gitpassword + +# add ihm mdl +ENV IHM no-mdl +COPY ./src/ihm /mdl-ihm +RUN cp /usr/share/gitweb/static/gitweb.css /usr/share/gitweb/static/gitweb.css.original +RUN mkdir /usr/share/gitweb/ihm + +VOLUME /var/lib/git + +WORKDIR /var/lib/git + +EXPOSE 80 + +ENTRYPOINT ["/entrypoint.sh"] + +CMD ["app"] From 63b369515ecc648723f0ba1ac15c34b8ac2adf5b Mon Sep 17 00:00:00 2001 From: zctmdc Date: Mon, 20 Jun 2022 01:58:48 +0800 Subject: [PATCH 03/42] add docker-compose-CN.yaml for china --- docker-compose-CN.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 docker-compose-CN.yaml diff --git a/docker-compose-CN.yaml b/docker-compose-CN.yaml new file mode 100644 index 0000000..a842d87 --- /dev/null +++ b/docker-compose-CN.yaml @@ -0,0 +1,15 @@ +version: "3" + +volumes: + gitweb: + +services: + gitweb: + image: fraoustin/gitweb + build: + context: https://hub.fastgit.xyz/fraoustin/gitweb.git + dockerfile: Dockerfile.CN + ports: + - 80:80 + volumes: + - gitweb:/var/lib/git \ No newline at end of file From 571a58349c3bde34b79f95d82262da4a41ba6396 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Mon, 20 Jun 2022 02:15:18 +0800 Subject: [PATCH 04/42] build don't use remote --- docker-compose-CN.yaml | 2 +- docker-compose.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose-CN.yaml b/docker-compose-CN.yaml index a842d87..d47b822 100644 --- a/docker-compose-CN.yaml +++ b/docker-compose-CN.yaml @@ -7,7 +7,7 @@ services: gitweb: image: fraoustin/gitweb build: - context: https://hub.fastgit.xyz/fraoustin/gitweb.git + context: . dockerfile: Dockerfile.CN ports: - 80:80 diff --git a/docker-compose.yaml b/docker-compose.yaml index cef39c8..ed1143d 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -7,7 +7,7 @@ services: gitweb: image: fraoustin/gitweb build: - context: https://github.com/fraoustin/gitweb.git + context: . dockerfile: Dockerfile ports: - 80:80 From 84a9f592a08fba7a377248beed4973aea8d58ae4 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Mon, 20 Jun 2022 03:45:41 +0800 Subject: [PATCH 05/42] mor deamo --- Dockerfile.CN | 3 +-- docker-compose-CN.yaml | 8 +++++++- docker-compose.yaml | 6 ++++++ 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/Dockerfile.CN b/Dockerfile.CN index bd0f8f9..dfa1939 100644 --- a/Dockerfile.CN +++ b/Dockerfile.CN @@ -8,8 +8,7 @@ RUN chmod +x /entrypoint.sh ENV SET_CONTAINER_TIMEZONE false -# SET CONTAINER TIMEZONE TO CHINA -ENV TZ "Asia/Shanghai" +# USE TIMEZONE TO CHINA ENV CONTAINER_TIMEZONE "Asia/Shanghai" # USE CHINA USTC MIRROR diff --git a/docker-compose-CN.yaml b/docker-compose-CN.yaml index d47b822..9ba480e 100644 --- a/docker-compose-CN.yaml +++ b/docker-compose-CN.yaml @@ -9,7 +9,13 @@ services: build: context: . dockerfile: Dockerfile.CN + environment: + - CONTAINER_TIMEZONE=Asia/Shanghai + - GITUSER=gituser + - GITPASSWORD=gitpassword + - SET_CONTAINER_TIMEZONE=false ports: - 80:80 + restart: always volumes: - - gitweb:/var/lib/git \ No newline at end of file + - gitweb:/var/lib/git diff --git a/docker-compose.yaml b/docker-compose.yaml index ed1143d..b98b403 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -9,7 +9,13 @@ services: build: context: . dockerfile: Dockerfile + environment: + - CONTAINER_TIMEZONE=Europe/Paris + - GITUSER=gituser + - GITPASSWORD=gitpassword + - SET_CONTAINER_TIMEZONE=false ports: - 80:80 + restart: always volumes: - gitweb:/var/lib/git \ No newline at end of file From f26f7907f48ff3a542f22a6096baa733395217c7 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 12:18:20 +0800 Subject: [PATCH 06/42] add: push to upstream --- Dockerfile | 6 ++++ Dockerfile.CN | 68 ------------------------------------------ docker-compose.yaml | 14 +++++++-- src/cmd/addrepos.sh | 4 ++- src/hooks/post-receive | 42 ++++++++++++++++++++++++++ 5 files changed, 62 insertions(+), 72 deletions(-) delete mode 100644 Dockerfile.CN create mode 100644 src/hooks/post-receive diff --git a/Dockerfile b/Dockerfile index 83fd38a..60d204e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -50,6 +50,12 @@ COPY ./src/ihm /mdl-ihm RUN cp /usr/share/gitweb/static/gitweb.css /usr/share/gitweb/static/gitweb.css.original RUN mkdir /usr/share/gitweb/ihm +# force push to upstream +WORKDIR /opt/gitweb/ +COPY ./src/hooks/post-receive /opt/gitweb/post-receive +RUN chmod +x /opt/gitweb/post-receive +ENV FORCEPUSH "" + VOLUME /var/lib/git WORKDIR /var/lib/git diff --git a/Dockerfile.CN b/Dockerfile.CN deleted file mode 100644 index bd0f8f9..0000000 --- a/Dockerfile.CN +++ /dev/null @@ -1,68 +0,0 @@ -FROM nginx:1.21 -LABEL maintainer "fraoustin@gmail.com" - -COPY ./src/default.conf /etc/nginx/conf.d/default.conf - -COPY ./src/entrypoint.sh /entrypoint.sh -RUN chmod +x /entrypoint.sh - -ENV SET_CONTAINER_TIMEZONE false - -# SET CONTAINER TIMEZONE TO CHINA -ENV TZ "Asia/Shanghai" -ENV CONTAINER_TIMEZONE "Asia/Shanghai" - -# USE CHINA USTC MIRROR -RUN sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list -RUN sed -i 's|security.debian.org/debian-security|mirrors.ustc.edu.cn/debian-security|g' /etc/apt/sources.list - -RUN apt-get update && apt-get install -y \ - apache2-utils \ - fcgiwrap \ - git \ - git-core \ - gitweb \ - highlight \ - libcgi-pm-perl \ - mime-support \ - spawn-fcgi \ - && rm -rf /var/lib/apt/lists/* - -# manage user load fcgiwrap -RUN sed -i "s/www-data/nginx/g" /etc/init.d/fcgiwrap - -# manage start container -RUN mkdir /usr/share/gitweb/docker-entrypoint.pre -RUN mkdir /usr/share/gitweb/docker-entrypoint.post -COPY ./src/00_init.sh /usr/share/gitweb/docker-entrypoint.pre/00_init.sh -RUN chmod +x -R /usr/share/gitweb/docker-entrypoint.pre - -# add cmd gitweb -COPY ./src/cmd/addrepos.sh /usr/bin/addrepos -COPY ./src/cmd/addauth.sh /usr/bin/addauth -COPY ./src/cmd/rmrepos.sh /usr/bin/rmrepos -COPY ./src/cmd/rmauth.sh /usr/bin/rmauth -RUN chmod +x /usr/bin/addrepos -RUN chmod +x /usr/bin/addauth -RUN chmod +x /usr/bin/rmrepos -RUN chmod +x /usr/bin/rmauth - -# manage default value -ENV GITUSER gituser -ENV GITPASSWORD gitpassword - -# add ihm mdl -ENV IHM no-mdl -COPY ./src/ihm /mdl-ihm -RUN cp /usr/share/gitweb/static/gitweb.css /usr/share/gitweb/static/gitweb.css.original -RUN mkdir /usr/share/gitweb/ihm - -VOLUME /var/lib/git - -WORKDIR /var/lib/git - -EXPOSE 80 - -ENTRYPOINT ["/entrypoint.sh"] - -CMD ["app"] diff --git a/docker-compose.yaml b/docker-compose.yaml index cef39c8..b13d6d4 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -6,9 +6,17 @@ volumes: services: gitweb: image: fraoustin/gitweb - build: - context: https://github.com/fraoustin/gitweb.git - dockerfile: Dockerfile + container_name: gitweb + hostname: gitweb-test + # build: + # context: https://github.com/fraoustin/gitweb.git + # dockerfile: Dockerfile + environment: + - FORCEPUSH:"" + - CONTAINER_TIMEZONE=Europe/Paris + - GITUSER=gituser + - GITPASSWORD=gitpassword + - GITPROJECT=test ports: - 80:80 volumes: diff --git a/src/cmd/addrepos.sh b/src/cmd/addrepos.sh index 976bec8..dfa5a05 100644 --- a/src/cmd/addrepos.sh +++ b/src/cmd/addrepos.sh @@ -18,7 +18,9 @@ load(){ cd $REPOS git init --bare echo "$1" > description - chmod -R 777 $REPOS + cp /opt/gitweb/post-receive $REPOS/hooks/post-receive + chgrp -R nginx $REPOS + chmod 0755 $REPOS/hooks/post-receive fi } diff --git a/src/hooks/post-receive b/src/hooks/post-receive new file mode 100644 index 0000000..60bd9d7 --- /dev/null +++ b/src/hooks/post-receive @@ -0,0 +1,42 @@ +#!/bin/bash +# 客户端 git push 触发 +# +log_info(){ + echo -e "\033[32m$(date +%Y-%m-%d_%H:%M:%S) - $@\033[0m" +} +log_warn(){ + echo -e "\033[33m$(date +%Y-%m-%d_%H:%M:%S) - $@\033[0m" +} +log_error(){ + echo >&2 -e "\033[31m$(date +%Y-%m-%d_%H:%M:%S) - $@\033[0m" +} +log_run(){ + echo -e "\033[43;34m$@\033[0m" + eval $@ +} + +#判断是不是远端仓库 +IS_BARE=$(git rev-parse --is-bare-repository) +if [ -z "$IS_BARE" ]; then + log_error "fatal: post-receive: IS_NOT_BARE" + exit 1 +fi +log_warn "========================= deploy start =========================" +HOSTNAME="$(hostname)" +log_warn "========================= hostname: ${HOSTNAME}" + +git_push(){ + log_warn "========================= push start" + for remote in $(git remote) + do + log_info "${HOSTNAME} push to ${remote}" + log_run git push "${FORCEPUSH:+ -f}" --all ${remote} + done + log_warn "========================= push end" +} + + +log_info "try run : git_push" +git_push + +log_warn "========================= deploy end =========================" From cfb9125ab1c0c9f092e30ad484019e3d8cdcd459 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 13:45:16 +0800 Subject: [PATCH 07/42] add: add remote and push to upstream when downstream push --- Dockerfile | 6 ++- README.md | 95 ++++++++++++++++++++++++++++++++++++--------- docker-compose.yaml | 5 ++- src/cmd/addrepos.sh | 21 +++++++++- test/remotes.txt | 3 ++ 5 files changed, 105 insertions(+), 25 deletions(-) create mode 100644 test/remotes.txt diff --git a/Dockerfile b/Dockerfile index 60d204e..da19d7b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -56,9 +56,11 @@ COPY ./src/hooks/post-receive /opt/gitweb/post-receive RUN chmod +x /opt/gitweb/post-receive ENV FORCEPUSH "" -VOLUME /var/lib/git +VOLUME /opt/gitweb/remote/ -WORKDIR /var/lib/git +VOLUME /var/lib/git/ + +WORKDIR /var/lib/git/ EXPOSE 80 diff --git a/README.md b/README.md index 4bf9dbc..eacb510 100644 --- a/README.md +++ b/README.md @@ -15,10 +15,12 @@ load when start image load file in - GITUSER (default gituser) - GITPASSWORD (default gitpassword) - IHM (default "") +- FORCEPUSH ("" or every not blank string) manage force push to upstream when Downstream branch push ## Volume -- /var/lib/git +- git project: */var/lib/git/* +- git remove add: */opt/gitweb/remote/* ## Port @@ -34,30 +36,84 @@ load when start image load file in ## Usage direct run image fraoustin/gitweb +```bash + docker run -d -e "CONTAINER_TIMEZONE=Europe/Paris" -e "GITPROJECT=test" \ + -v :/var/lib/git --name test -p 80:80 fraoustin/gitweb +``` +> use ^ for *CMD* OR ` for *Powershell* - docker run -d -e "CONTAINER_TIMEZONE=Europe/Paris" -e "GITPROJECT=test" -v :/var/lib/git --name test -p 80:80 fraoustin/gitweb - -user default is gituser and password default is gitpassword +user default is gituser and password default is gitpassword +- You can change user and password by variable environment you use http://localhost/ for access gitweb +you can add remote +```bash + git remote add origin http://gituser:gitpassword@localhost/test.git +``` +you can push project + +when fist push +```bash + git push --set-upstream origin master +``` +every next time push +```bash + git push +``` +or manual push +```bash + git push origin # remote name +``` you can clone project - +```bash git clone http://gituser:gitpassword@localhost/test.git - -You can change user and password by variable environment - +``` +you can pull project when upstream update +```bash + git pull +``` +more use see: +- https://git-scm.com/doc +- https://www.runoob.com/git/git-tutorial.html + + + +## Add upstream and push + +creat *remotes.txt* +eg: +```text +gitweb-test1 https://gituser:gitpassword@gitweb-test1 +gitweb-test2 https://gituser:gitpassword@gitweb-test2 +gitweb-test3 https://gituser:gitpassword@gitweb-test3 +``` +run image fraoustin/gitweb +```bash + docker run -d -e "CONTAINER_TIMEZONE=Europe/Paris" -e "GITPROJECT=test" \ + -e FORCEPUSH='not_blank_string' \ + -v :/var/lib/git/ \ + -v :/opt/gitweb/remote/ \ + --name test -p 80:80 fraoustin/gitweb +``` +if don't want force push, **DO NOT** set environment: FORCEPUSH + +- when run `addrepos ${project}` , + - will add hook: `hooks/post-receive` + - will add remote each: `add remote gitweb-test1 https://gituser:gitpassword@gitweb-test1/${project}.git` ... +- when downstream push + - gitweb will push to upstreams each: `git push [-f] --all gitweb-test1` ... ## Usage by Dockerfile Sample of Dockerfile - +```Dockerfile FROM fraoustin/gitweb COPY ./00_init.sh /usr/share/gitweb/docker-entrypoint.pre/00_init.sh RUN chmod +x -R /usr/share/gitweb/docker-entrypoint.pre - +``` File 00_init.sh - +```bash #!/bin/bash REPOS='/var/lib/git/test.git' if [ ! -d $REPOS ]; then @@ -67,15 +123,16 @@ File 00_init.sh chgrp -R nginx . fi addauth $GITUSER $GITPASSWORD - +``` build image mygit - +```bash docker build -t mygit . - +``` run image mygit - - docker run -d -e "CONTAINER_TIMEZONE=Europe/Paris" -e "GITUSER=gituser" -e "GITPASSWORD=gitpassword" -v :/var/lib/git --name test -p 80:80 mygit - +```bash + docker run -d -e "CONTAINER_TIMEZONE=Europe/Paris" -e "GITUSER=gituser" -e "GITPASSWORD=gitpassword" \ + -v :/var/lib/git --name test -p 80:80 mygit +``` @@ -84,6 +141,6 @@ run image mygit If you want use a new design for ihm, you can use IHM variable - IHM = mdl - +```bash docker run -d -e "CONTAINER_TIMEZONE=Europe/Paris" -e "IHM=mdl" -e "GITPROJECT=test" -v :/var/lib/git --name test -p 80:80 fraoustin/gitweb - +``` diff --git a/docker-compose.yaml b/docker-compose.yaml index b13d6d4..002a188 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -12,12 +12,13 @@ services: # context: https://github.com/fraoustin/gitweb.git # dockerfile: Dockerfile environment: - - FORCEPUSH:"" - CONTAINER_TIMEZONE=Europe/Paris - GITUSER=gituser - GITPASSWORD=gitpassword - GITPROJECT=test + - FORCEPUSH="" ports: - 80:80 volumes: - - gitweb:/var/lib/git \ No newline at end of file + - gitweb:/var/lib/git/ + - /path/to/remote/:/opt/gitweb/remote/ \ No newline at end of file diff --git a/src/cmd/addrepos.sh b/src/cmd/addrepos.sh index dfa5a05..523d2c3 100644 --- a/src/cmd/addrepos.sh +++ b/src/cmd/addrepos.sh @@ -1,6 +1,11 @@ #!/bin/bash DIR="/var/lib/git/" - + +log_run(){ + echo -e "$@" + eval $@ +} + error(){ echo "ERROR : parameters invalid !" >&2 exit 1 @@ -18,9 +23,21 @@ load(){ cd $REPOS git init --bare echo "$1" > description - cp /opt/gitweb/post-receive $REPOS/hooks/post-receive chgrp -R nginx $REPOS + if [ ! -f /opt/gitweb/remote/remotes.txt ]; then + exit 0 + fi + cp /opt/gitweb/post-receive $REPOS/hooks/post-receive + chgrp nginx $REPOS/hooks/post-receive chmod 0755 $REPOS/hooks/post-receive + while read line + do + if [ -z "${line}" ];then + continue + fi + # eg: git remote add gitweb-test1 https://gituser:gitpassword@gitweb-test1/test.git + log_run git remote add ${line}/$(basename $(pwd)) + done < /opt/gitweb/remote/remotes.txt fi } diff --git a/test/remotes.txt b/test/remotes.txt new file mode 100644 index 0000000..06b4e39 --- /dev/null +++ b/test/remotes.txt @@ -0,0 +1,3 @@ +gitweb-test1 https://gituser:gitpassword@gitweb-test1 +gitweb-test2 https://gituser:gitpassword@gitweb-test2 +gitweb-test3 https://gituser:gitpassword@gitweb-test3 \ No newline at end of file From b535d076a8a2aacee59c2afa78beec7445c4e9a0 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 14:23:16 +0800 Subject: [PATCH 08/42] Create docker-publish.yml use github actions to Build, test and push Docker image to docker hub --- .github/workflows/docker-publish.yml | 92 ++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 .github/workflows/docker-publish.yml diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..9f7d392 --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,92 @@ +name: Docker + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + push: + branches: [ "master" ] + # Publish semver tags as releases. + tags: [ 'v*.*.*' ] + pull_request: + branches: [ "master" ] + +env: + # Use docker.io for Docker Hub if empty + # REGISTRY: ghcr.io + REGISTRY: docker.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25 + with: + cosign-release: 'v1.9.0' + + + # Workaround: https://github.com/docker/build-push-action/issues/461 + - name: Setup Docker buildx + uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.REGISTRY_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + if: ${{ github.event_name != 'pull_request' }} + env: + COSIGN_EXPERIMENTAL: "true" + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} From 884f7581f16cce21de3d3fe115e610ce4112fb9b Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 14:27:53 +0800 Subject: [PATCH 09/42] set latest tag for master branch --- .github/workflows/docker-publish.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 9f7d392..bdf9f4a 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -66,7 +66,9 @@ jobs: uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - + tags: | + # set latest tag for master branch + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action - name: Build and push Docker image From 13602dac894f9406d7d7a31df6c9f395ded55244 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 14:30:19 +0800 Subject: [PATCH 10/42] lf to crlf --- .github/workflows/docker-publish.yml | 188 +++++++++++++-------------- 1 file changed, 94 insertions(+), 94 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index bdf9f4a..207ecc8 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -1,94 +1,94 @@ -name: Docker - -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -on: - push: - branches: [ "master" ] - # Publish semver tags as releases. - tags: [ 'v*.*.*' ] - pull_request: - branches: [ "master" ] - -env: - # Use docker.io for Docker Hub if empty - # REGISTRY: ghcr.io - REGISTRY: docker.io - # github.repository as / - IMAGE_NAME: ${{ github.repository }} - - -jobs: - build: - - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # Install the cosign tool except on PR - # https://github.com/sigstore/cosign-installer - - name: Install cosign - if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25 - with: - cosign-release: 'v1.9.0' - - - # Workaround: https://github.com/docker/build-push-action/issues/461 - - name: Setup Docker buildx - uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.REGISTRY_TOKEN }} - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - # set latest tag for master branch - type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - - name: Sign the published Docker image - if: ${{ github.event_name != 'pull_request' }} - env: - COSIGN_EXPERIMENTAL: "true" - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} +name: Docker + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + push: + branches: [ "master" ] + # Publish semver tags as releases. + tags: [ 'v*.*.*' ] + pull_request: + branches: [ "master" ] + +env: + # Use docker.io for Docker Hub if empty + # REGISTRY: ghcr.io + REGISTRY: docker.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25 + with: + cosign-release: 'v1.9.0' + + + # Workaround: https://github.com/docker/build-push-action/issues/461 + - name: Setup Docker buildx + uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.REGISTRY_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + # set latest tag for master branch + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + if: ${{ github.event_name != 'pull_request' }} + env: + COSIGN_EXPERIMENTAL: "true" + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} From 35955c11adcf89c6696ed8aba3052519bef906ae Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 14:31:49 +0800 Subject: [PATCH 11/42] Update docker-publish.yml --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 207ecc8..8656b23 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -66,8 +66,8 @@ jobs: uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # set latest tag for master branch tags: | - # set latest tag for master branch type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action From b0ed668ebc829f518849b6d925739f65f3fe0034 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 14:59:16 +0800 Subject: [PATCH 12/42] why 0755 not working ? --- src/cmd/addrepos.sh | 2 +- src/hooks/post-receive | 8 +++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/src/cmd/addrepos.sh b/src/cmd/addrepos.sh index 523d2c3..199c640 100644 --- a/src/cmd/addrepos.sh +++ b/src/cmd/addrepos.sh @@ -29,7 +29,7 @@ load(){ fi cp /opt/gitweb/post-receive $REPOS/hooks/post-receive chgrp nginx $REPOS/hooks/post-receive - chmod 0755 $REPOS/hooks/post-receive + chmod a+x $REPOS/hooks/post-receive while read line do if [ -z "${line}" ];then diff --git a/src/hooks/post-receive b/src/hooks/post-receive index 60bd9d7..ec98646 100644 --- a/src/hooks/post-receive +++ b/src/hooks/post-receive @@ -1,6 +1,5 @@ #!/bin/bash -# 客户端 git push 触发 -# + log_info(){ echo -e "\033[32m$(date +%Y-%m-%d_%H:%M:%S) - $@\033[0m" } @@ -15,7 +14,6 @@ log_run(){ eval $@ } -#判断是不是远端仓库 IS_BARE=$(git rev-parse --is-bare-repository) if [ -z "$IS_BARE" ]; then log_error "fatal: post-receive: IS_NOT_BARE" @@ -29,8 +27,8 @@ git_push(){ log_warn "========================= push start" for remote in $(git remote) do - log_info "${HOSTNAME} push to ${remote}" - log_run git push "${FORCEPUSH:+ -f}" --all ${remote} + log_info ${HOSTNAME} push to ${remote} + log_run git push ${FORCEPUSH:+ -f} --all ${remote} done log_warn "========================= push end" } From ffd2b9916dd29965a04b70ab0e2eb24485ad4670 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 15:01:12 +0800 Subject: [PATCH 13/42] show more log --- src/cmd/addrepos.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/cmd/addrepos.sh b/src/cmd/addrepos.sh index 199c640..eaebe06 100644 --- a/src/cmd/addrepos.sh +++ b/src/cmd/addrepos.sh @@ -27,9 +27,10 @@ load(){ if [ ! -f /opt/gitweb/remote/remotes.txt ]; then exit 0 fi - cp /opt/gitweb/post-receive $REPOS/hooks/post-receive - chgrp nginx $REPOS/hooks/post-receive - chmod a+x $REPOS/hooks/post-receive + log_run cp /opt/gitweb/post-receive $REPOS/hooks/post-receive + log_run chgrp nginx $REPOS/hooks/post-receive + log_run chmod 0755 $REPOS/hooks/post-receive + log_run chmod g+ws $REPOS/hooks/post-receive while read line do if [ -z "${line}" ];then From 1ef8464eb993f93c981ff4ff8a984d85dc4b409b Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 16:12:54 +0800 Subject: [PATCH 14/42] chmod -R g+ws . chgrp -R nginx . --- src/cmd/addrepos.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/cmd/addrepos.sh b/src/cmd/addrepos.sh index eaebe06..61b9065 100644 --- a/src/cmd/addrepos.sh +++ b/src/cmd/addrepos.sh @@ -23,7 +23,8 @@ load(){ cd $REPOS git init --bare echo "$1" > description - chgrp -R nginx $REPOS + chmod -R g+ws . + chgrp -R nginx . if [ ! -f /opt/gitweb/remote/remotes.txt ]; then exit 0 fi From ecc1791bbcb6f093d05d6ab167b47789c31e82a5 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 16:39:46 +0800 Subject: [PATCH 15/42] chmod and chgrp when addrepos --- src/00_init.sh | 2 -- src/cmd/addrepos.sh | 61 +++++++++++++++++++++++---------------------- 2 files changed, 31 insertions(+), 32 deletions(-) diff --git a/src/00_init.sh b/src/00_init.sh index d06a38a..4cc41e0 100755 --- a/src/00_init.sh +++ b/src/00_init.sh @@ -4,8 +4,6 @@ if [ ! -z "$GITPROJECT" ]; then if [ ! -d $REPOS ]; then addrepos $GITPROJECT cd $REPOS - chmod -R g+ws . - chgrp -R nginx . fi fi if [ ! -z "$GITUSER" ]; then diff --git a/src/cmd/addrepos.sh b/src/cmd/addrepos.sh index 61b9065..ea4e9da 100644 --- a/src/cmd/addrepos.sh +++ b/src/cmd/addrepos.sh @@ -1,4 +1,5 @@ #!/bin/bash + DIR="/var/lib/git/" log_run(){ @@ -7,40 +8,40 @@ log_run(){ } error(){ - echo "ERROR : parameters invalid !" >&2 - exit 1 + echo "ERROR : parameters invalid !" >&2 + exit 1 } usage(){ - echo "Usage: addrepos NameOfRepository" - echo "--help or -h : view help" + echo "Usage: addrepos NameOfRepository" + echo "--help or -h : view help" } load(){ - REPOS=$DIR$1.git - if [ ! -d $REPOS ]; then - mkdir $REPOS - cd $REPOS - git init --bare - echo "$1" > description - chmod -R g+ws . + REPOS=$DIR$1.git + if [ ! -d $REPOS ]; then + mkdir $REPOS + cd $REPOS + git init --bare + echo "$1" > description + chmod -R g+ws . chgrp -R nginx . - if [ ! -f /opt/gitweb/remote/remotes.txt ]; then - exit 0 - fi - log_run cp /opt/gitweb/post-receive $REPOS/hooks/post-receive - log_run chgrp nginx $REPOS/hooks/post-receive - log_run chmod 0755 $REPOS/hooks/post-receive - log_run chmod g+ws $REPOS/hooks/post-receive - while read line - do - if [ -z "${line}" ];then - continue - fi - # eg: git remote add gitweb-test1 https://gituser:gitpassword@gitweb-test1/test.git - log_run git remote add ${line}/$(basename $(pwd)) - done < /opt/gitweb/remote/remotes.txt - fi + if [ ! -f /opt/gitweb/remote/remotes.txt ]; then + exit 0 + fi + log_run cp /opt/gitweb/post-receive $REPOS/hooks/post-receive + log_run chgrp nginx $REPOS/hooks/post-receive + log_run chmod 0755 $REPOS/hooks/post-receive + log_run chmod g+ws $REPOS/hooks/post-receive + while read line + do + if [ -z "${line}" ];then + continue + fi + # eg: git remote add gitweb-test1 https://gituser:gitpassword@gitweb-test1/test.git + log_run git remote add ${line}/$(basename $(pwd)) + done < /opt/gitweb/remote/remotes.txt + fi } # no parameters @@ -50,12 +51,12 @@ case "$1" in --help) usage ;; - + -h) usage ;; - + *) load $1 - + esac From 7890af689fc6ba4989436388c003704366f57cf8 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 16:41:54 +0800 Subject: [PATCH 16/42] use cache --- .github/workflows/docker-publish.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 8656b23..932f9a2 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -79,7 +79,8 @@ jobs: push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - + cache-from: type=registry,ref=${{ github.repository }}:buildcache + cache-to: type=registry,ref=${{ github.repository }}:buildcache,mode=max # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker # repository is public to avoid leaking data. If you would like to publish From 68ca015a72a9cd21c21cbf819dcb30d3aafb6a83 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 16:43:49 +0800 Subject: [PATCH 17/42] change cache name ref --- .github/workflows/docker-publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 932f9a2..90210fe 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -79,8 +79,8 @@ jobs: push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - cache-from: type=registry,ref=${{ github.repository }}:buildcache - cache-to: type=registry,ref=${{ github.repository }}:buildcache,mode=max + cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache + cache-to: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache,mode=max # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker # repository is public to avoid leaking data. If you would like to publish From 228866975e91d9624e71616914f7476f9924e846 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 17:09:23 +0800 Subject: [PATCH 18/42] CRLF to LF --- src/hooks/post-receive | 80 +++++++++++++++++++++--------------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/src/hooks/post-receive b/src/hooks/post-receive index ec98646..44f25eb 100644 --- a/src/hooks/post-receive +++ b/src/hooks/post-receive @@ -1,40 +1,40 @@ -#!/bin/bash - -log_info(){ - echo -e "\033[32m$(date +%Y-%m-%d_%H:%M:%S) - $@\033[0m" -} -log_warn(){ - echo -e "\033[33m$(date +%Y-%m-%d_%H:%M:%S) - $@\033[0m" -} -log_error(){ - echo >&2 -e "\033[31m$(date +%Y-%m-%d_%H:%M:%S) - $@\033[0m" -} -log_run(){ - echo -e "\033[43;34m$@\033[0m" - eval $@ -} - -IS_BARE=$(git rev-parse --is-bare-repository) -if [ -z "$IS_BARE" ]; then - log_error "fatal: post-receive: IS_NOT_BARE" - exit 1 -fi -log_warn "========================= deploy start =========================" -HOSTNAME="$(hostname)" -log_warn "========================= hostname: ${HOSTNAME}" - -git_push(){ - log_warn "========================= push start" - for remote in $(git remote) - do - log_info ${HOSTNAME} push to ${remote} - log_run git push ${FORCEPUSH:+ -f} --all ${remote} - done - log_warn "========================= push end" -} - - -log_info "try run : git_push" -git_push - -log_warn "========================= deploy end =========================" +#!/bin/bash + +log_info(){ + echo -e "\033[32m$(date +%Y-%m-%d_%H:%M:%S) - $@\033[0m" +} +log_warn(){ + echo -e "\033[33m$(date +%Y-%m-%d_%H:%M:%S) - $@\033[0m" +} +log_error(){ + echo >&2 -e "\033[31m$(date +%Y-%m-%d_%H:%M:%S) - $@\033[0m" +} +log_run(){ + echo -e "\033[43;34m$@\033[0m" + eval $@ +} + +IS_BARE=$(git rev-parse --is-bare-repository) +if [ -z "$IS_BARE" ]; then + log_error "fatal: post-receive: IS_NOT_BARE" + exit 1 +fi +log_warn "========================= deploy start =========================" +HOSTNAME="$(hostname)" +log_warn "========================= hostname: ${HOSTNAME}" + +git_push(){ + log_warn "========================= push start" + for remote in $(git remote) + do + log_info ${HOSTNAME} push to ${remote} + log_run git push ${FORCEPUSH:+ -f} --all ${remote} + done + log_warn "========================= push end" +} + + +log_info "try run : git_push" +git_push + +log_warn "========================= deploy end =========================" From a3092c4982305f6a28c7502a0310de4d26fcbfb3 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 17:26:12 +0800 Subject: [PATCH 19/42] Merge branch 'master' into develop --- .github/workflows/docker-publish.yml | 95 ++++++++++++++++++++++++++++ Dockerfile | 14 +++- Dockerfile.CN | 67 -------------------- README.md | 95 ++++++++++++++++++++++------ docker-compose.yaml | 16 +++-- src/00_init.sh | 2 - src/cmd/addrepos.sh | 54 +++++++++++----- src/hooks/post-receive | 40 ++++++++++++ test/remotes.txt | 3 + 9 files changed, 273 insertions(+), 113 deletions(-) create mode 100644 .github/workflows/docker-publish.yml delete mode 100644 Dockerfile.CN create mode 100644 src/hooks/post-receive create mode 100644 test/remotes.txt diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..90210fe --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,95 @@ +name: Docker + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + push: + branches: [ "master" ] + # Publish semver tags as releases. + tags: [ 'v*.*.*' ] + pull_request: + branches: [ "master" ] + +env: + # Use docker.io for Docker Hub if empty + # REGISTRY: ghcr.io + REGISTRY: docker.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25 + with: + cosign-release: 'v1.9.0' + + + # Workaround: https://github.com/docker/build-push-action/issues/461 + - name: Setup Docker buildx + uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.REGISTRY_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # set latest tag for master branch + tags: | + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache + cache-to: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache,mode=max + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + if: ${{ github.event_name != 'pull_request' }} + env: + COSIGN_EXPERIMENTAL: "true" + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} diff --git a/Dockerfile b/Dockerfile index 88775e3..da19d7b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM nginx:1.21 +FROM nginx:1.23 LABEL maintainer "fraoustin@gmail.com" COPY ./src/default.conf /etc/nginx/conf.d/default.conf @@ -50,9 +50,17 @@ COPY ./src/ihm /mdl-ihm RUN cp /usr/share/gitweb/static/gitweb.css /usr/share/gitweb/static/gitweb.css.original RUN mkdir /usr/share/gitweb/ihm -VOLUME /var/lib/git +# force push to upstream +WORKDIR /opt/gitweb/ +COPY ./src/hooks/post-receive /opt/gitweb/post-receive +RUN chmod +x /opt/gitweb/post-receive +ENV FORCEPUSH "" -WORKDIR /var/lib/git +VOLUME /opt/gitweb/remote/ + +VOLUME /var/lib/git/ + +WORKDIR /var/lib/git/ EXPOSE 80 diff --git a/Dockerfile.CN b/Dockerfile.CN deleted file mode 100644 index dfa1939..0000000 --- a/Dockerfile.CN +++ /dev/null @@ -1,67 +0,0 @@ -FROM nginx:1.21 -LABEL maintainer "fraoustin@gmail.com" - -COPY ./src/default.conf /etc/nginx/conf.d/default.conf - -COPY ./src/entrypoint.sh /entrypoint.sh -RUN chmod +x /entrypoint.sh - -ENV SET_CONTAINER_TIMEZONE false - -# USE TIMEZONE TO CHINA -ENV CONTAINER_TIMEZONE "Asia/Shanghai" - -# USE CHINA USTC MIRROR -RUN sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list -RUN sed -i 's|security.debian.org/debian-security|mirrors.ustc.edu.cn/debian-security|g' /etc/apt/sources.list - -RUN apt-get update && apt-get install -y \ - apache2-utils \ - fcgiwrap \ - git \ - git-core \ - gitweb \ - highlight \ - libcgi-pm-perl \ - mime-support \ - spawn-fcgi \ - && rm -rf /var/lib/apt/lists/* - -# manage user load fcgiwrap -RUN sed -i "s/www-data/nginx/g" /etc/init.d/fcgiwrap - -# manage start container -RUN mkdir /usr/share/gitweb/docker-entrypoint.pre -RUN mkdir /usr/share/gitweb/docker-entrypoint.post -COPY ./src/00_init.sh /usr/share/gitweb/docker-entrypoint.pre/00_init.sh -RUN chmod +x -R /usr/share/gitweb/docker-entrypoint.pre - -# add cmd gitweb -COPY ./src/cmd/addrepos.sh /usr/bin/addrepos -COPY ./src/cmd/addauth.sh /usr/bin/addauth -COPY ./src/cmd/rmrepos.sh /usr/bin/rmrepos -COPY ./src/cmd/rmauth.sh /usr/bin/rmauth -RUN chmod +x /usr/bin/addrepos -RUN chmod +x /usr/bin/addauth -RUN chmod +x /usr/bin/rmrepos -RUN chmod +x /usr/bin/rmauth - -# manage default value -ENV GITUSER gituser -ENV GITPASSWORD gitpassword - -# add ihm mdl -ENV IHM no-mdl -COPY ./src/ihm /mdl-ihm -RUN cp /usr/share/gitweb/static/gitweb.css /usr/share/gitweb/static/gitweb.css.original -RUN mkdir /usr/share/gitweb/ihm - -VOLUME /var/lib/git - -WORKDIR /var/lib/git - -EXPOSE 80 - -ENTRYPOINT ["/entrypoint.sh"] - -CMD ["app"] diff --git a/README.md b/README.md index 4bf9dbc..eacb510 100644 --- a/README.md +++ b/README.md @@ -15,10 +15,12 @@ load when start image load file in - GITUSER (default gituser) - GITPASSWORD (default gitpassword) - IHM (default "") +- FORCEPUSH ("" or every not blank string) manage force push to upstream when Downstream branch push ## Volume -- /var/lib/git +- git project: */var/lib/git/* +- git remove add: */opt/gitweb/remote/* ## Port @@ -34,30 +36,84 @@ load when start image load file in ## Usage direct run image fraoustin/gitweb +```bash + docker run -d -e "CONTAINER_TIMEZONE=Europe/Paris" -e "GITPROJECT=test" \ + -v :/var/lib/git --name test -p 80:80 fraoustin/gitweb +``` +> use ^ for *CMD* OR ` for *Powershell* - docker run -d -e "CONTAINER_TIMEZONE=Europe/Paris" -e "GITPROJECT=test" -v :/var/lib/git --name test -p 80:80 fraoustin/gitweb - -user default is gituser and password default is gitpassword +user default is gituser and password default is gitpassword +- You can change user and password by variable environment you use http://localhost/ for access gitweb +you can add remote +```bash + git remote add origin http://gituser:gitpassword@localhost/test.git +``` +you can push project + +when fist push +```bash + git push --set-upstream origin master +``` +every next time push +```bash + git push +``` +or manual push +```bash + git push origin # remote name +``` you can clone project - +```bash git clone http://gituser:gitpassword@localhost/test.git - -You can change user and password by variable environment - +``` +you can pull project when upstream update +```bash + git pull +``` +more use see: +- https://git-scm.com/doc +- https://www.runoob.com/git/git-tutorial.html + + + +## Add upstream and push + +creat *remotes.txt* +eg: +```text +gitweb-test1 https://gituser:gitpassword@gitweb-test1 +gitweb-test2 https://gituser:gitpassword@gitweb-test2 +gitweb-test3 https://gituser:gitpassword@gitweb-test3 +``` +run image fraoustin/gitweb +```bash + docker run -d -e "CONTAINER_TIMEZONE=Europe/Paris" -e "GITPROJECT=test" \ + -e FORCEPUSH='not_blank_string' \ + -v :/var/lib/git/ \ + -v :/opt/gitweb/remote/ \ + --name test -p 80:80 fraoustin/gitweb +``` +if don't want force push, **DO NOT** set environment: FORCEPUSH + +- when run `addrepos ${project}` , + - will add hook: `hooks/post-receive` + - will add remote each: `add remote gitweb-test1 https://gituser:gitpassword@gitweb-test1/${project}.git` ... +- when downstream push + - gitweb will push to upstreams each: `git push [-f] --all gitweb-test1` ... ## Usage by Dockerfile Sample of Dockerfile - +```Dockerfile FROM fraoustin/gitweb COPY ./00_init.sh /usr/share/gitweb/docker-entrypoint.pre/00_init.sh RUN chmod +x -R /usr/share/gitweb/docker-entrypoint.pre - +``` File 00_init.sh - +```bash #!/bin/bash REPOS='/var/lib/git/test.git' if [ ! -d $REPOS ]; then @@ -67,15 +123,16 @@ File 00_init.sh chgrp -R nginx . fi addauth $GITUSER $GITPASSWORD - +``` build image mygit - +```bash docker build -t mygit . - +``` run image mygit - - docker run -d -e "CONTAINER_TIMEZONE=Europe/Paris" -e "GITUSER=gituser" -e "GITPASSWORD=gitpassword" -v :/var/lib/git --name test -p 80:80 mygit - +```bash + docker run -d -e "CONTAINER_TIMEZONE=Europe/Paris" -e "GITUSER=gituser" -e "GITPASSWORD=gitpassword" \ + -v :/var/lib/git --name test -p 80:80 mygit +``` @@ -84,6 +141,6 @@ run image mygit If you want use a new design for ihm, you can use IHM variable - IHM = mdl - +```bash docker run -d -e "CONTAINER_TIMEZONE=Europe/Paris" -e "IHM=mdl" -e "GITPROJECT=test" -v :/var/lib/git --name test -p 80:80 fraoustin/gitweb - +``` diff --git a/docker-compose.yaml b/docker-compose.yaml index b98b403..13d8a93 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -6,16 +6,20 @@ volumes: services: gitweb: image: fraoustin/gitweb - build: - context: . - dockerfile: Dockerfile + container_name: gitweb + hostname: gitweb-test + # build: + # context: https://github.com/fraoustin/gitweb.git + # dockerfile: Dockerfile environment: - CONTAINER_TIMEZONE=Europe/Paris - - GITUSER=gituser + - GITUSER=gituser - GITPASSWORD=gitpassword - - SET_CONTAINER_TIMEZONE=false + - GITPROJECT=test + - FORCEPUSH="" ports: - 80:80 restart: always volumes: - - gitweb:/var/lib/git \ No newline at end of file + - gitweb:/var/lib/git/ + - /path/to/remote/:/opt/gitweb/remote/ \ No newline at end of file diff --git a/src/00_init.sh b/src/00_init.sh index d06a38a..4cc41e0 100755 --- a/src/00_init.sh +++ b/src/00_init.sh @@ -4,8 +4,6 @@ if [ ! -z "$GITPROJECT" ]; then if [ ! -d $REPOS ]; then addrepos $GITPROJECT cd $REPOS - chmod -R g+ws . - chgrp -R nginx . fi fi if [ ! -z "$GITUSER" ]; then diff --git a/src/cmd/addrepos.sh b/src/cmd/addrepos.sh index 976bec8..ea4e9da 100644 --- a/src/cmd/addrepos.sh +++ b/src/cmd/addrepos.sh @@ -1,25 +1,47 @@ #!/bin/bash + DIR="/var/lib/git/" - + +log_run(){ + echo -e "$@" + eval $@ +} + error(){ - echo "ERROR : parameters invalid !" >&2 - exit 1 + echo "ERROR : parameters invalid !" >&2 + exit 1 } usage(){ - echo "Usage: addrepos NameOfRepository" - echo "--help or -h : view help" + echo "Usage: addrepos NameOfRepository" + echo "--help or -h : view help" } load(){ - REPOS=$DIR$1.git - if [ ! -d $REPOS ]; then - mkdir $REPOS - cd $REPOS - git init --bare - echo "$1" > description - chmod -R 777 $REPOS - fi + REPOS=$DIR$1.git + if [ ! -d $REPOS ]; then + mkdir $REPOS + cd $REPOS + git init --bare + echo "$1" > description + chmod -R g+ws . + chgrp -R nginx . + if [ ! -f /opt/gitweb/remote/remotes.txt ]; then + exit 0 + fi + log_run cp /opt/gitweb/post-receive $REPOS/hooks/post-receive + log_run chgrp nginx $REPOS/hooks/post-receive + log_run chmod 0755 $REPOS/hooks/post-receive + log_run chmod g+ws $REPOS/hooks/post-receive + while read line + do + if [ -z "${line}" ];then + continue + fi + # eg: git remote add gitweb-test1 https://gituser:gitpassword@gitweb-test1/test.git + log_run git remote add ${line}/$(basename $(pwd)) + done < /opt/gitweb/remote/remotes.txt + fi } # no parameters @@ -29,12 +51,12 @@ case "$1" in --help) usage ;; - + -h) usage ;; - + *) load $1 - + esac diff --git a/src/hooks/post-receive b/src/hooks/post-receive new file mode 100644 index 0000000..44f25eb --- /dev/null +++ b/src/hooks/post-receive @@ -0,0 +1,40 @@ +#!/bin/bash + +log_info(){ + echo -e "\033[32m$(date +%Y-%m-%d_%H:%M:%S) - $@\033[0m" +} +log_warn(){ + echo -e "\033[33m$(date +%Y-%m-%d_%H:%M:%S) - $@\033[0m" +} +log_error(){ + echo >&2 -e "\033[31m$(date +%Y-%m-%d_%H:%M:%S) - $@\033[0m" +} +log_run(){ + echo -e "\033[43;34m$@\033[0m" + eval $@ +} + +IS_BARE=$(git rev-parse --is-bare-repository) +if [ -z "$IS_BARE" ]; then + log_error "fatal: post-receive: IS_NOT_BARE" + exit 1 +fi +log_warn "========================= deploy start =========================" +HOSTNAME="$(hostname)" +log_warn "========================= hostname: ${HOSTNAME}" + +git_push(){ + log_warn "========================= push start" + for remote in $(git remote) + do + log_info ${HOSTNAME} push to ${remote} + log_run git push ${FORCEPUSH:+ -f} --all ${remote} + done + log_warn "========================= push end" +} + + +log_info "try run : git_push" +git_push + +log_warn "========================= deploy end =========================" diff --git a/test/remotes.txt b/test/remotes.txt new file mode 100644 index 0000000..06b4e39 --- /dev/null +++ b/test/remotes.txt @@ -0,0 +1,3 @@ +gitweb-test1 https://gituser:gitpassword@gitweb-test1 +gitweb-test2 https://gituser:gitpassword@gitweb-test2 +gitweb-test3 https://gituser:gitpassword@gitweb-test3 \ No newline at end of file From e973cd6b76bfd013fe98ecb093e99d48a27ee5ab Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 17:26:32 +0800 Subject: [PATCH 20/42] rm docker-compose-CN --- docker-compose-CN.yaml | 21 --------------------- 1 file changed, 21 deletions(-) delete mode 100644 docker-compose-CN.yaml diff --git a/docker-compose-CN.yaml b/docker-compose-CN.yaml deleted file mode 100644 index 9ba480e..0000000 --- a/docker-compose-CN.yaml +++ /dev/null @@ -1,21 +0,0 @@ -version: "3" - -volumes: - gitweb: - -services: - gitweb: - image: fraoustin/gitweb - build: - context: . - dockerfile: Dockerfile.CN - environment: - - CONTAINER_TIMEZONE=Asia/Shanghai - - GITUSER=gituser - - GITPASSWORD=gitpassword - - SET_CONTAINER_TIMEZONE=false - ports: - - 80:80 - restart: always - volumes: - - gitweb:/var/lib/git From 2f45f3470bfadd51273b589feff684c5b81e44a4 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 17:31:32 +0800 Subject: [PATCH 21/42] add action "develop" --- .github/workflows/docker-publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 90210fe..353d385 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -7,11 +7,11 @@ name: Docker on: push: - branches: [ "master" ] + branches: [ "master" , "develop" ] # Publish semver tags as releases. tags: [ 'v*.*.*' ] pull_request: - branches: [ "master" ] + branches: [ "master", "develop" ] env: # Use docker.io for Docker Hub if empty From d675222f6d53414e7a73589e0c989e28f1baae19 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 18:05:46 +0800 Subject: [PATCH 22/42] Setting base url via Docker close: #3 --- Dockerfile | 3 +++ README.md | 4 ++++ src/entrypoint.sh | 7 ++++++- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index da19d7b..a6d92bd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -56,6 +56,9 @@ COPY ./src/hooks/post-receive /opt/gitweb/post-receive RUN chmod +x /opt/gitweb/post-receive ENV FORCEPUSH "" +# Setting base url via Docker +ENV URLPATH / + VOLUME /opt/gitweb/remote/ VOLUME /var/lib/git/ diff --git a/README.md b/README.md index eacb510..77c705f 100644 --- a/README.md +++ b/README.md @@ -104,6 +104,10 @@ if don't want force push, **DO NOT** set environment: FORCEPUSH - when downstream push - gitweb will push to upstreams each: `git push [-f] --all gitweb-test1` ... +## Setting base url via Docker environment + +use environment *URLPATH* to set base url + ## Usage by Dockerfile Sample of Dockerfile diff --git a/src/entrypoint.sh b/src/entrypoint.sh index 07a910a..1a4568f 100644 --- a/src/entrypoint.sh +++ b/src/entrypoint.sh @@ -29,7 +29,12 @@ if [ "$1" = 'app' ]; then echo '$site_footer="ihm/footer.html";' >> /etc/gitweb.conf cat /usr/share/gitweb/ihm/headstring.conf >> /etc/gitweb.conf cp /usr/share/gitweb/ihm/gitweb.css /usr/share/gitweb/static/gitweb.css - fi + fi + if [ -n "${URLPATH}" ]; then + sed -n '10p' /etc/nginx/conf.d/default.conf + sed -i "10s|.*| location ${URLPATH} {|" /etc/nginx/conf.d/default.conf + sed -n '10p' /etc/nginx/conf.d/default.conf + fi service fcgiwrap start nginx -g "daemon off;" /bin/run-parts --verbose --regex '\.(sh)$' "/usr/share/gitweb/docker-entrypoint.post" From 101e89cf361c7c5befafc0ffaf575493daf707bc Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 18:14:46 +0800 Subject: [PATCH 23/42] hand tag for other branch --- .github/workflows/docker-publish.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 353d385..7599077 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -66,8 +66,12 @@ jobs: uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - # set latest tag for master branch tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + # set latest tag for master branch type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action From b882df5f9ad127d5265b3e5841d6662a51069c47 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 18:20:48 +0800 Subject: [PATCH 24/42] why https://github.com/Mars-Sea/phddns-docker is working --- .github/workflows/docker-publish.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 7599077..7da7c25 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -71,7 +71,6 @@ jobs: type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} - # set latest tag for master branch type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action From 0f9cc08b2db578223c8d7451b46bf7846ef4b167 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 18:25:21 +0800 Subject: [PATCH 25/42] CRLF to LF --- .github/workflows/docker-publish.yml | 197 ++++++++++++++------------- 1 file changed, 99 insertions(+), 98 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 7da7c25..9a17fae 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -1,98 +1,99 @@ -name: Docker - -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -on: - push: - branches: [ "master" , "develop" ] - # Publish semver tags as releases. - tags: [ 'v*.*.*' ] - pull_request: - branches: [ "master", "develop" ] - -env: - # Use docker.io for Docker Hub if empty - # REGISTRY: ghcr.io - REGISTRY: docker.io - # github.repository as / - IMAGE_NAME: ${{ github.repository }} - - -jobs: - build: - - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # Install the cosign tool except on PR - # https://github.com/sigstore/cosign-installer - - name: Install cosign - if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25 - with: - cosign-release: 'v1.9.0' - - - # Workaround: https://github.com/docker/build-push-action/issues/461 - - name: Setup Docker buildx - uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.REGISTRY_TOKEN }} - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache - cache-to: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache,mode=max - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - - name: Sign the published Docker image - if: ${{ github.event_name != 'pull_request' }} - env: - COSIGN_EXPERIMENTAL: "true" - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} +name: Docker + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + push: + branches: [ "master" , "develop" ] + # Publish semver tags as releases. + tags: [ 'v*.*.*' ] + pull_request: + branches: [ "master", "develop" ] + +env: + # Use docker.io for Docker Hub if empty + # REGISTRY: ghcr.io + REGISTRY: docker.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25 + with: + cosign-release: 'v1.9.0' + + + # Workaround: https://github.com/docker/build-push-action/issues/461 + - name: Setup Docker buildx + uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.REGISTRY_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + # set latest tag for master branch + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache + cache-to: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache,mode=max + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + if: ${{ github.event_name != 'pull_request' }} + env: + COSIGN_EXPERIMENTAL: "true" + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} From 351ce2718cb7da87a2801c21592a0e1e53839eda Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 18:26:19 +0800 Subject: [PATCH 26/42] re creat it --- .github/workflows/docker-publish.yml | 99 ---------------------------- 1 file changed, 99 deletions(-) delete mode 100644 .github/workflows/docker-publish.yml diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml deleted file mode 100644 index 9a17fae..0000000 --- a/.github/workflows/docker-publish.yml +++ /dev/null @@ -1,99 +0,0 @@ -name: Docker - -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -on: - push: - branches: [ "master" , "develop" ] - # Publish semver tags as releases. - tags: [ 'v*.*.*' ] - pull_request: - branches: [ "master", "develop" ] - -env: - # Use docker.io for Docker Hub if empty - # REGISTRY: ghcr.io - REGISTRY: docker.io - # github.repository as / - IMAGE_NAME: ${{ github.repository }} - - -jobs: - build: - - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # Install the cosign tool except on PR - # https://github.com/sigstore/cosign-installer - - name: Install cosign - if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25 - with: - cosign-release: 'v1.9.0' - - - # Workaround: https://github.com/docker/build-push-action/issues/461 - - name: Setup Docker buildx - uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.REGISTRY_TOKEN }} - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - # set latest tag for master branch - type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache - cache-to: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache,mode=max - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - - name: Sign the published Docker image - if: ${{ github.event_name != 'pull_request' }} - env: - COSIGN_EXPERIMENTAL: "true" - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} From 7e18184abfe0bc903534b819a80f2d7812a1a85c Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 18:29:51 +0800 Subject: [PATCH 27/42] update --- .github/workflows/docker-publish.yml | 194 ++++++++++++++------------- 1 file changed, 99 insertions(+), 95 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 90210fe..9a17fae 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -1,95 +1,99 @@ -name: Docker - -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -on: - push: - branches: [ "master" ] - # Publish semver tags as releases. - tags: [ 'v*.*.*' ] - pull_request: - branches: [ "master" ] - -env: - # Use docker.io for Docker Hub if empty - # REGISTRY: ghcr.io - REGISTRY: docker.io - # github.repository as / - IMAGE_NAME: ${{ github.repository }} - - -jobs: - build: - - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # Install the cosign tool except on PR - # https://github.com/sigstore/cosign-installer - - name: Install cosign - if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25 - with: - cosign-release: 'v1.9.0' - - - # Workaround: https://github.com/docker/build-push-action/issues/461 - - name: Setup Docker buildx - uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.REGISTRY_TOKEN }} - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - # set latest tag for master branch - tags: | - type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache - cache-to: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache,mode=max - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - - name: Sign the published Docker image - if: ${{ github.event_name != 'pull_request' }} - env: - COSIGN_EXPERIMENTAL: "true" - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} +name: Docker + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + push: + branches: [ "master" , "develop" ] + # Publish semver tags as releases. + tags: [ 'v*.*.*' ] + pull_request: + branches: [ "master", "develop" ] + +env: + # Use docker.io for Docker Hub if empty + # REGISTRY: ghcr.io + REGISTRY: docker.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25 + with: + cosign-release: 'v1.9.0' + + + # Workaround: https://github.com/docker/build-push-action/issues/461 + - name: Setup Docker buildx + uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.REGISTRY_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + # set latest tag for master branch + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache + cache-to: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache,mode=max + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + if: ${{ github.event_name != 'pull_request' }} + env: + COSIGN_EXPERIMENTAL: "true" + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} From 18fef60f80b15458ac0f99952f5603f44d94428a Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 18:30:42 +0800 Subject: [PATCH 28/42] delete CN --- docker-compose-CN.yaml | 21 --------------------- 1 file changed, 21 deletions(-) delete mode 100644 docker-compose-CN.yaml diff --git a/docker-compose-CN.yaml b/docker-compose-CN.yaml deleted file mode 100644 index 9ba480e..0000000 --- a/docker-compose-CN.yaml +++ /dev/null @@ -1,21 +0,0 @@ -version: "3" - -volumes: - gitweb: - -services: - gitweb: - image: fraoustin/gitweb - build: - context: . - dockerfile: Dockerfile.CN - environment: - - CONTAINER_TIMEZONE=Asia/Shanghai - - GITUSER=gituser - - GITPASSWORD=gitpassword - - SET_CONTAINER_TIMEZONE=false - ports: - - 80:80 - restart: always - volumes: - - gitweb:/var/lib/git From e6eed0cc43a2fea7677a59f62b9678c009efa841 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 18:31:16 +0800 Subject: [PATCH 29/42] Delete docker-publish.yml --- .github/workflows/docker-publish.yml | 99 ---------------------------- 1 file changed, 99 deletions(-) delete mode 100644 .github/workflows/docker-publish.yml diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml deleted file mode 100644 index 9a17fae..0000000 --- a/.github/workflows/docker-publish.yml +++ /dev/null @@ -1,99 +0,0 @@ -name: Docker - -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -on: - push: - branches: [ "master" , "develop" ] - # Publish semver tags as releases. - tags: [ 'v*.*.*' ] - pull_request: - branches: [ "master", "develop" ] - -env: - # Use docker.io for Docker Hub if empty - # REGISTRY: ghcr.io - REGISTRY: docker.io - # github.repository as / - IMAGE_NAME: ${{ github.repository }} - - -jobs: - build: - - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # Install the cosign tool except on PR - # https://github.com/sigstore/cosign-installer - - name: Install cosign - if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25 - with: - cosign-release: 'v1.9.0' - - - # Workaround: https://github.com/docker/build-push-action/issues/461 - - name: Setup Docker buildx - uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.REGISTRY_TOKEN }} - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - # set latest tag for master branch - type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache - cache-to: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache,mode=max - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - - name: Sign the published Docker image - if: ${{ github.event_name != 'pull_request' }} - env: - COSIGN_EXPERIMENTAL: "true" - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} From c8e18b76b9ab2abb16815c159d8336b2251a4bf0 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 18:31:50 +0800 Subject: [PATCH 30/42] Create docker-publish.yml --- .github/workflows/docker-publish.yml | 99 ++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 .github/workflows/docker-publish.yml diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..9a17fae --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,99 @@ +name: Docker + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + push: + branches: [ "master" , "develop" ] + # Publish semver tags as releases. + tags: [ 'v*.*.*' ] + pull_request: + branches: [ "master", "develop" ] + +env: + # Use docker.io for Docker Hub if empty + # REGISTRY: ghcr.io + REGISTRY: docker.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25 + with: + cosign-release: 'v1.9.0' + + + # Workaround: https://github.com/docker/build-push-action/issues/461 + - name: Setup Docker buildx + uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.REGISTRY_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + # set latest tag for master branch + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache + cache-to: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache,mode=max + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + if: ${{ github.event_name != 'pull_request' }} + env: + COSIGN_EXPERIMENTAL: "true" + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} From ae6f0458d5c3b9e07c4d9a123f330db6aa3ef96f Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 18:33:25 +0800 Subject: [PATCH 31/42] update --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 9a17fae..a326578 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -71,8 +71,8 @@ jobs: type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} - # set latest tag for master branch type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} + # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action - name: Build and push Docker image From 5f47fa02f060fe73ca22bc956d05ebc1bfa35cf5 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Fri, 12 Aug 2022 18:53:41 +0800 Subject: [PATCH 32/42] hand other branch hand other branch --- .github/workflows/docker-publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index a326578..da682c9 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -7,11 +7,11 @@ name: Docker on: push: - branches: [ "master" , "develop" ] + branches: [ "master" , "develop" , "patch-*" ] # Publish semver tags as releases. tags: [ 'v*.*.*' ] pull_request: - branches: [ "master", "develop" ] + branches: [ "master", "develop" , "patch-*" ] env: # Use docker.io for Docker Hub if empty From e6cf569223b501f16466154babc3f5e0230bdfaa Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Sat, 13 Aug 2022 14:13:30 +0800 Subject: [PATCH 33/42] other branch git branch --set-upstream-to=/ --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 77c705f..9f0eaaf 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,13 @@ when fist push ```bash git push --set-upstream origin master ``` +other branch +```bash + git branch --set-upstream-to=/ + +eg: + git branch --set-upstream-to=gitweb/main main +``` every next time push ```bash git push From 97e38895c33c812b918fb5a24fd7b72a45af7cbf Mon Sep 17 00:00:00 2001 From: romain Date: Sat, 27 Aug 2022 12:46:20 +0200 Subject: [PATCH 34/42] added syntax highlighting feature --- Dockerfile | 1 + src/entrypoint.sh | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/Dockerfile b/Dockerfile index 197c110..0997a53 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,6 +43,7 @@ RUN chmod +x /usr/bin/rmauth # manage default value ENV GITUSER gituser ENV GITPASSWORD gitpassword +ENV GITHIGHLIGHT 0 # add ihm mdl ENV IHM no-mdl diff --git a/src/entrypoint.sh b/src/entrypoint.sh index 07a910a..8ca0efd 100644 --- a/src/entrypoint.sh +++ b/src/entrypoint.sh @@ -30,6 +30,11 @@ if [ "$1" = 'app' ]; then cat /usr/share/gitweb/ihm/headstring.conf >> /etc/gitweb.conf cp /usr/share/gitweb/ihm/gitweb.css /usr/share/gitweb/static/gitweb.css fi + if [ "$GITHIGHLIGHT" = "1" ]; then + echo '' >> /etc/gitweb.conf + echo '# enable syntax highlighting' >> /etc/gitweb.conf + echo "\$feature{'highlight'}{'default'} = [1];" >> /etc/gitweb.conf + fi service fcgiwrap start nginx -g "daemon off;" /bin/run-parts --verbose --regex '\.(sh)$' "/usr/share/gitweb/docker-entrypoint.post" From 2db1cfefbcbfbacc0155eadf92461b618b6788e8 Mon Sep 17 00:00:00 2001 From: romain Date: Sat, 27 Aug 2022 20:10:23 +0200 Subject: [PATCH 35/42] document new GITHIGHLIGHT option --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4bf9dbc..c5e8089 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ load when start image load file in - GITPROJECT - GITUSER (default gituser) - GITPASSWORD (default gitpassword) +- GITHIGHLIGHT (default `0`) - IHM (default "") ## Volume From 7cf808ac8b0aa260d381cf4e51da93ff1831df68 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Sun, 4 Sep 2022 14:44:08 +0800 Subject: [PATCH 36/42] try build arm Install QEMU static binaries --- .github/workflows/docker-publish.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index da682c9..0aa8d44 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -43,8 +43,12 @@ jobs: uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25 with: cosign-release: 'v1.9.0' - - + + # You may pin to the exact commit or the version. + # uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + # Workaround: https://github.com/docker/build-push-action/issues/461 - name: Setup Docker buildx uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf From a653ea1b3dc767758d912834556a89806477d1cd Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Sun, 4 Sep 2022 14:48:42 +0800 Subject: [PATCH 37/42] add platforms linux/amd64,linux/arm64,linux/riscv64,linux/ppc64le,linux/s390x,linux/386,linux/mips64le,linux/mips64,linux/arm/v7,linux/arm/v6 --- .github/workflows/docker-publish.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index a326578..98a8060 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -81,6 +81,7 @@ jobs: with: context: . push: ${{ github.event_name != 'pull_request' }} + platforms: linux/amd64,linux/arm64,linux/riscv64,linux/ppc64le,linux/s390x,linux/386,linux/mips64le,linux/mips64,linux/arm/v7,linux/arm/v6 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache From 748a35872e927845bb3acdbab428487e918aba8b Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Sun, 4 Sep 2022 14:50:24 +0800 Subject: [PATCH 38/42] change platforms linux/amd64,linux/arm64,linux/386,linux/arm/v7 --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 98a8060..2680b6d 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -81,7 +81,7 @@ jobs: with: context: . push: ${{ github.event_name != 'pull_request' }} - platforms: linux/amd64,linux/arm64,linux/riscv64,linux/ppc64le,linux/s390x,linux/386,linux/mips64le,linux/mips64,linux/arm/v7,linux/arm/v6 + platforms: linux/amd64,linux/arm64,linux/386,linux/arm/v7 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache From 6a8998c2167581a3c88d8137052b8fd5c3e8625d Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Sun, 4 Sep 2022 14:57:26 +0800 Subject: [PATCH 39/42] use nginx:latest --- Dockerfile | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index a6d92bd..b930afa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,5 @@ -FROM nginx:1.23 +FROM nginx:latest + LABEL maintainer "fraoustin@gmail.com" COPY ./src/default.conf /etc/nginx/conf.d/default.conf @@ -9,7 +10,8 @@ RUN chmod +x /entrypoint.sh ENV SET_CONTAINER_TIMEZONE false ENV CONTAINER_TIMEZONE "" -RUN apt-get update && apt-get install -y \ +RUN apt-get update \ + && apt-get install -y \ apache2-utils \ fcgiwrap \ git \ @@ -19,7 +21,8 @@ RUN apt-get update && apt-get install -y \ libcgi-pm-perl \ mime-support \ spawn-fcgi \ - && rm -rf /var/lib/apt/lists/* + && apt-get autoclean \ + && rm -rf /var/lib/apt/lists/* # manage user load fcgiwrap RUN sed -i "s/www-data/nginx/g" /etc/init.d/fcgiwrap From 9e7d4794557a95b1d83c87ace509353134650ba7 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Sun, 4 Sep 2022 15:02:05 +0800 Subject: [PATCH 40/42] sync nginx platforms --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index b877d6b..772f455 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -85,7 +85,7 @@ jobs: with: context: . push: ${{ github.event_name != 'pull_request' }} - platforms: linux/amd64,linux/arm64,linux/386,linux/arm/v7 + platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x,linux/386,linux/mips64le,linux/arm/v7,linux/arm/v5 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache From 8d3cf0b8af2ad999aff9bd9c295c938b35a5c767 Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Sun, 4 Sep 2022 15:27:57 +0800 Subject: [PATCH 41/42] >Format Document >inline_html-allowed_elements: kbd --- README.md | 56 ++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 41 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index acd8a32..7ad56f4 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Docker Image for gitweb -generate a nginx server with git server and gitweb for ihm on http://127.0.0.1/ +generate a nginx server with git server and gitweb for ihm on load when start image load file in @@ -37,94 +37,117 @@ load when start image load file in ## Usage direct run image fraoustin/gitweb + ```bash docker run -d -e "CONTAINER_TIMEZONE=Europe/Paris" -e "GITPROJECT=test" \ -v :/var/lib/git --name test -p 80:80 fraoustin/gitweb ``` -> use ^ for *CMD* OR ` for *Powershell* -user default is gituser and password default is gitpassword +> use ^ for *CMD* OR ` for *Powershell* + +user default is gituser and password default is gitpassword + - You can change user and password by variable environment -you use http://localhost/ for access gitweb +you use for access gitweb you can add remote + ```bash git remote add origin http://gituser:gitpassword@localhost/test.git ``` + you can push project when fist push + ```bash git push --set-upstream origin master ``` + other branch + ```bash git branch --set-upstream-to=/ eg: git branch --set-upstream-to=gitweb/main main ``` + every next time push + ```bash git push ``` + or manual push + ```bash git push origin # remote name ``` + you can clone project + ```bash git clone http://gituser:gitpassword@localhost/test.git ``` + you can pull project when upstream update + ```bash git pull ``` -more use see: -- https://git-scm.com/doc -- https://www.runoob.com/git/git-tutorial.html +more use see: +- +- ## Add upstream and push creat *remotes.txt* eg: + ```text gitweb-test1 https://gituser:gitpassword@gitweb-test1 gitweb-test2 https://gituser:gitpassword@gitweb-test2 gitweb-test3 https://gituser:gitpassword@gitweb-test3 ``` + run image fraoustin/gitweb + ```bash docker run -d -e "CONTAINER_TIMEZONE=Europe/Paris" -e "GITPROJECT=test" \ - -e FORCEPUSH='not_blank_string' \ + -e FORCEPUSH='not_blank_string' \ -v :/var/lib/git/ \ -v :/opt/gitweb/remote/ \ --name test -p 80:80 fraoustin/gitweb ``` -if don't want force push, **DO NOT** set environment: FORCEPUSH + +if don't want force push, **DO NOT** set environment: FORCEPUSH - when run `addrepos ${project}` , - - will add hook: `hooks/post-receive` - - will add remote each: `add remote gitweb-test1 https://gituser:gitpassword@gitweb-test1/${project}.git` ... + - will add hook: `hooks/post-receive` + - will add remote each: `add remote gitweb-test1 https://gituser:gitpassword@gitweb-test1/${project}.git` ... - when downstream push - - gitweb will push to upstreams each: `git push [-f] --all gitweb-test1` ... + - gitweb will push to upstreams each: `git push [-f] --all gitweb-test1` ... ## Setting base url via Docker environment -use environment *URLPATH* to set base url +use environment *URLPATH* to set base url ## Usage by Dockerfile Sample of Dockerfile + ```Dockerfile FROM fraoustin/gitweb COPY ./00_init.sh /usr/share/gitweb/docker-entrypoint.pre/00_init.sh RUN chmod +x -R /usr/share/gitweb/docker-entrypoint.pre ``` + File 00_init.sh + ```bash #!/bin/bash REPOS='/var/lib/git/test.git' @@ -136,23 +159,26 @@ File 00_init.sh fi addauth $GITUSER $GITPASSWORD ``` + build image mygit + ```bash docker build -t mygit . ``` + run image mygit + ```bash docker run -d -e "CONTAINER_TIMEZONE=Europe/Paris" -e "GITUSER=gituser" -e "GITPASSWORD=gitpassword" \ -v :/var/lib/git --name test -p 80:80 mygit ``` - - ## IHM material design If you want use a new design for ihm, you can use IHM variable - IHM = mdl + ```bash docker run -d -e "CONTAINER_TIMEZONE=Europe/Paris" -e "IHM=mdl" -e "GITPROJECT=test" -v :/var/lib/git --name test -p 80:80 fraoustin/gitweb ``` From 3e4ddaa336ab58149efd0e322642c604fad0eb9c Mon Sep 17 00:00:00 2001 From: ZCTMDC Date: Sun, 4 Sep 2022 15:30:18 +0800 Subject: [PATCH 42/42] >inline_html-allowed_elements: kbd demo: add GITHIGHLIGHT,URLPATH --- .vscode/settings.json | 8 ++++++++ docker-compose.yaml | 7 +++++-- 2 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..7fcb16a --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,8 @@ +{ + "markdownlint.config": { + "default": true, + "MD033": { + "allowed_elements": ["kbd"] + } + } +} diff --git a/docker-compose.yaml b/docker-compose.yaml index 13d8a93..c3a3845 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -3,6 +3,7 @@ version: "3" volumes: gitweb: + services: gitweb: image: fraoustin/gitweb @@ -13,13 +14,15 @@ services: # dockerfile: Dockerfile environment: - CONTAINER_TIMEZONE=Europe/Paris - - GITUSER=gituser + - GITUSER=gituser - GITPASSWORD=gitpassword - GITPROJECT=test - FORCEPUSH="" + - URLPATH=/ + - GITHIGHLIGHT=1 ports: - 80:80 restart: always volumes: - gitweb:/var/lib/git/ - - /path/to/remote/:/opt/gitweb/remote/ \ No newline at end of file + - /path/to/remote/:/opt/gitweb/remote/