.drone.yml

@@ -0,0 +1,219 @@
+---
+kind: secret
+name: docker_username
+get:
+  path: odit-registry-builder
+  name: username
+
+---
+kind: secret
+name: docker_password
+get:
+  path: odit-registry-builder
+  name: password
+
+---
+kind: secret
+name: gitea_token
+get:
+  path: odit-git-bot
+  name: apikey
+
+---
+kind: secret
+name: git_ssh
+get:
+  path: odit-git-bot
+  name: sshkey
+
+---
+kind: secret
+name: cosign_key
+get:
+  path: cosign
+  name: cosign.key
+
+---
+kind: secret
+name: cosign_password
+get:
+  path: cosign
+  name: cosign.password
+
+---
+kind: pipeline
+type: kubernetes
+name: build:latest
+steps:
+  - name: bump_patch
+    depends_on: [clone]
+    image: registry.odit.services/hub/library/node:18.1.0-alpine3.15
+    commands:
+      - apk add git
+      - git config --global push.default current
+      - git branch --set-upstream-to=origin/main main
+      - yarn
+      - yarn release:patch
+      - git pull
+  - name: push to repo
+    image: appleboy/drone-git-push
+    depends_on: [bump_patch]
+    settings:
+      commit: false
+      author_email: bot@odit.services
+      followtags: true
+      branch: main
+      remote: git@git.odit.services:odit/nginx-brotli.git
+      skip_verify: true
+      ssh_key:
+        from_secret: git_ssh
+  - name: docker release
+    image: plugins/docker
+    depends_on: [clone]
+    user: 0
+    settings:
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+      repo: registry.odit.services/library/nginx-brotli
+      tags:
+        - latest
+      registry: registry.odit.services
+      mtu: 1000
+trigger:
+  branch:
+    - main
+---
+kind: pipeline
+type: kubernetes
+name: build:tags
+steps:
+  - name: build_tag
+    image: plugins/docker
+    user: 0
+    depends_on: [clone]
+    settings:
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+      repo: registry.odit.services/library/nginx-brotli
+      tags:
+        - "${DRONE_TAG}"
+      registry: registry.odit.services
+      mtu: 1000
+  - name: sign_image
+    image: registry.odit.services/hub/library/alpine:edge
+    depends_on: [build_tag]
+    commands:
+      - apk add cosign docker
+      - echo $COSIGN_KEY | sed 's/<br>/\n/g' > cosign.key
+      - echo $DOCKER_PASSWORD | docker login registry.odit.services -u $DOCKER_USERNAME --password-stdin
+      - "cosign sign --key cosign.key registry.odit.services/library/nginx-brotli:${DRONE_TAG}"
+    environment:
+      COSIGN_KEY:
+        from_secret: cosign_key
+      COSIGN_PASSWORD:
+        from_secret: cosign_password
+      DOCKER_PASSWORD:
+        from_secret: docker_password
+      DOCKER_USERNAME:
+        from_secret: docker_username
+trigger:
+  event:
+    - tag
+---
+kind: pipeline
+type: kubernetes
+name: build:nightly
+steps:
+  - name: docker release
+    image: plugins/docker
+    user: 0
+    depends_on: [clone]
+    settings:
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+      repo: registry.odit.services/library/nginx-brotli
+      tags:
+        - nightly
+      registry: registry.odit.services
+      mtu: 1000
+trigger:
+  branch:
+    - main
+  event:
+    - cron
+  cron:
+    include:
+      - nightly
+---
+kind: pipeline
+type: kubernetes
+name: build:weekly
+steps:
+  - name: bump_prepatch
+    depends_on: [clone]
+    image: registry.odit.services/hub/library/node:18.1.0-alpine3.15
+    commands:
+      - apk add git
+      - git config --global push.default current
+      - git branch --set-upstream-to=origin/main main
+      - yarn
+      - "yarn release:prepatch"
+      - git pull
+  - name: push to repo
+    image: appleboy/drone-git-push
+    depends_on: [bump_patch]
+    settings:
+      commit: false
+      author_email: bot@odit.services
+      followtags: true
+      branch: main
+      remote: git@git.odit.services:odit/nginx-brotli.git
+      skip_verify: true
+      ssh_key:
+        from_secret: git_ssh
+  - name: docker release
+    image: plugins/docker
+    user: 0
+    depends_on: [clone]
+    settings:
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+      repo: registry.odit.services/library/nginx-brotli
+      tags:
+        - weekly
+        - "${DRONE_STAGE_STARTED}"
+      registry: registry.odit.services
+      mtu: 1000
+trigger:
+  branch:
+    - main
+  event:
+    - cron
+  cron:
+    include:
+      - weekly
+---
+kind: pipeline
+type: kubernetes
+name: build:pr
+steps:
+  - name: docker release
+    image: plugins/docker
+    user: 0
+    depends_on: [clone]
+    settings:
+      dry_run: true
+      tags:
+        - "PR-${DRONE_STAGE_STARTED}"
+      mtu: 1000
+trigger:
+  event:
+    - pull_request

.woodpecker/build.yml

@@ -1,71 +0,0 @@
-steps:
-  - name: build latest
-    image: registry.odit.services/library/docker-buildx
-    settings:
-      repo: registry.odit.services/library/nginx-brotli
-      tags:
-        - latest
-      registry: registry.odit.services
-      platforms: linux/amd64,linux/arm64
-      cache_from:
-        - 'type=registry\\,ref=registry.odit.services/library/nginx-brotli:nightly'
-        - 'type=registry\\,ref=registry.odit.services/library/nginx-brotli:latest'
-        - 'type=registry\\,ref=registry.odit.services/library/nginx-brotli:cache'
-      cache_to:
-        - 'type=registry\\,ref=registry.odit.services/library/nginx-brotli:cache\\,mode=max\\,image-manifest=true\\,oci-mediatypes=true'
-      username:
-        from_secret: odit-registry-builder-username
-      password:
-        from_secret: odit-registry-builder-password
-    secrets:
-      - source: odit-npm-cache-url
-        target: NPM_REGISTRY_URL
-    when:
-      branch: main
-      event: push
-  - name: build nightly
-    image: registry.odit.services/library/docker-buildx
-    settings:
-      repo: registry.odit.services/library/nginx-brotli
-      tags:
-        - nightly
-      registry: registry.odit.services
-      platforms: linux/amd64,linux/arm64
-      cache_from:
-        - 'type=registry\\,ref=registry.odit.services/library/nginx-brotli:nightly'
-        - 'type=registry\\,ref=registry.odit.services/library/nginx-brotli:latest'
-        - 'type=registry\\,ref=registry.odit.services/library/nginx-brotli:cache'
-      cache_to:
-        - 'type=registry\\,ref=registry.odit.services/library/nginx-brotli:cache\\,mode=max\\,image-manifest=true\\,oci-mediatypes=true'
-      username:
-        from_secret: odit-registry-builder-username
-      password:
-        from_secret: odit-registry-builder-password
-    secrets:
-      - source: odit-npm-cache-url
-        target: NPM_REGISTRY_URL
-    when:
-      branch: main
-      event: cron
-      cron: nightly
-  - name: build tag
-    image: registry.odit.services/library/docker-buildx
-    settings:
-      repo: registry.odit.services/library/nginx-brotli
-      tags:
-        - "${CI_COMMIT_TAG}"
-      registry: registry.odit.services
-      platforms: linux/amd64,linux/arm64
-      cache_from:
-        - 'type=registry\\,ref=registry.odit.services/library/nginx-brotli:nightly'
-        - 'type=registry\\,ref=registry.odit.services/library/nginx-brotli:latest'
-        - 'type=registry\\,ref=registry.odit.services/library/nginx-brotli:cache'
-      username:
-        from_secret: odit-registry-builder-username
-      password:
-        from_secret: odit-registry-builder-password
-    secrets:
-      - source: odit-npm-cache-url
-        target: NPM_REGISTRY_URL
-    when:
-      event: tag

Dockerfile

@@ -1,5 +1,4 @@
-ARG ALPINE_VERSION=3.15
-ARG NGINX_VERSION=1.20.2
+ARG NGINX_VERSION=1.20.1
 ARG NGX_BROTLI_COMMIT=9aec15e2aa6feea2113119ba06460af70ab3ea62
 ARG CONFIG="\
 		--prefix=/etc/nginx \
@@ -65,7 +64,7 @@ RUN \
 		zlib-dev \
 		linux-headers \
 		curl \
-		# gnupg \
+		gnupg1 \
 		libxslt-dev \
 		gd-dev \
 		geoip-dev \
@@ -92,8 +91,8 @@ RUN \
 	&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc  -o nginx.tar.gz.asc \
         && sha512sum nginx.tar.gz nginx.tar.gz.asc \
 	&& export GNUPGHOME="$(mktemp -d)" \
-	# && gpg --import /tmp/nginx.pub \
-	# && gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \
+	&& gpg --import /tmp/nginx.pub \
+	&& gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \
 	&& mkdir -p /usr/src \
 	&& tar -zxC /usr/src -f nginx.tar.gz
 
@@ -146,6 +145,7 @@ COPY --from=0 /usr/bin/envsubst /usr/local/bin/envsubst
 RUN \
 	addgroup -S nginx \
 	&& adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \
+	&& apk add --no-cache --upgrade apk-tools \
 	&& apk add --no-cache --virtual .nginx-rundeps tzdata $(cat /tmp/runDeps.txt) \
 	&& rm /tmp/runDeps.txt \
 	&& ln -s /usr/lib/nginx/modules /etc/nginx/modules \
@@ -160,7 +160,6 @@ COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf
 
 EXPOSE 80 443
 
-STOPSIGNAL SIGQUIT
+STOPSIGNAL SIGTERM
 
-ENTRYPOINT ["nginx"]
-CMD ["-g", "daemon off;"]
+CMD ["nginx", "-g", "daemon off;"]

README.md

@@ -1,33 +0,0 @@
-<p align="center">
-  <a href="https://odit.services" target="blank"><img src="https://odit.services/img/profile-pic-no_bg.webp" width="200" alt="ODIT Logo" /></a>
-</p>
-
-
-  <p align="center">NGINX - Brotli</p>
-
-
-## Description
-
-A custom alpine based nginx image including Brotli for compression.
-
-## Build
-
-```bash
-docker build .
-```
-
-## Use
-* Docker Image: registry.odit.services/library/nginx-brotli
-* Webserver Folder Mount: /usr/share/nginx/html/
-* Nginx Config Mount: /etc/nginx/nginx.conf
-
-## Release a new version (triggers ci)
-```bash
-# pnpm
-pnpm i
-pnpm release
-
-# yarn
-yarn
-yarn release
-```

package.json

@@ -1,6 +1,6 @@
 {
   "name": "nginx-brotli",
-  "version": "3.15.427",
+  "version": "3.15.4",
   "description": "NGINX Base Image feat. brotli",
   "repository": {
     "type": "git",
@@ -11,7 +11,6 @@
     "release-it": "^15.0.0"
   },
   "scripts": {
-    "release": "release-it",
     "release:patch": "release-it --patch --ci",
     "release:prepatch": "release-it --prePatch --preRelease --ci"
   },