chore: initial commit

Author: cesarcoatl

.github/dependabot.yml

@@ -0,0 +1,11 @@
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels: ["dependencies"]
+    commit-message:
+      prefix: "ci"
+      include: "scope"

.github/workflows/autoupdate.yml

@@ -0,0 +1,62 @@
+name: autoupdate
+
+on:
+  schedule:
+    - cron: '0 18 1,16 * *'
+  workflow_dispatch:
+
+jobs:
+  autoupdate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.COATL_BOT_GH_TOKEN }}
+
+      - name: Upgrade build/2.7/requirements.txt
+        uses: coatl-dev/actions/pip-compile-upgrade@v4
+        with:
+          path: requirements.txt
+          python-version: '2.7'
+          working-directory: build/2.7
+
+      - name: Upgrade build/3.12/requirements.txt
+        uses: coatl-dev/actions/uv-pip-compile-upgrade@v4
+        with:
+          path: requirements.txt
+          python-version: '3.12'
+          working-directory: build/3.12
+
+      - name: Upgrade pip-tools/2.7/requirements.txt
+        uses: coatl-dev/actions/pip-compile-upgrade@v4
+        with:
+          path: requirements/tools.txt
+          python-version: '2.7'
+          working-directory: build/2.7
+
+      - name: Detect changes
+        id: git-diff
+        uses: coatl-dev/actions/simple-git-diff@v4
+
+      - name: Import GPG key
+        if: ${{ steps.git-diff.outputs.diff == 'true' }}
+        id: gpg-import
+        uses: coatl-dev/actions/gpg-import@v4
+        with:
+          passphrase: ${{ secrets.COATL_BOT_GPG_PASSPHRASE }}
+          private-key: ${{ secrets.COATL_BOT_GPG_PRIVATE_KEY }}
+
+      - name: Commit and push changes
+        if: ${{ steps.git-diff.outputs.diff == 'true' }}
+        run: |
+          git checkout -B autoupdate
+          git add -u
+          git commit -m "build(deps): update build dependencies"
+          git push --force --set-upstream origin autoupdate
+
+      - name: Create pull request
+        if: ${{ steps.git-diff.outputs.diff == 'true' }}
+        uses: coatl-dev/actions/pr-create@v4
+        with:
+          gh-token: ${{ secrets.COATL_BOT_GH_TOKEN }}

.github/workflows/docker-build-push-multi-registry.yml

@@ -0,0 +1,216 @@
+on:
+  workflow_call:
+    inputs:
+      dockerhub-repo:
+        description: >-
+          Docker Hub repository to push the image to.
+        required: true
+        type: string
+      dockerhub-username:
+        description: >-
+          Username for authenticating to Docker Hub.
+        required: true
+        type: string
+      ghcr-repo:
+        description: >-
+          GitHub Container Registry repository to push the image to.
+        required: true
+        type: string
+      ghcr-username:
+        description: >-
+          Username for authenticating to GitHub Container Registry.
+        required: true
+        type: string
+      quay-repo:
+        description: >-
+          Quay repository to push the image to.
+        required: true
+        type: string
+      quay-username:
+        description: >-
+          Username for authenticating to Quay.
+        required: true
+        type: string
+      build-context:
+        description: >-
+          Build's context is the set of files located in the specified PATH or URL.
+        type: string
+        required: false
+      build-file:
+        description: >-
+          Path to the Dockerfile.
+        type: string
+        required: false
+      build-digest-key:
+        description: >-
+          Name of the build digest.
+        required: false
+        type: string
+        default: coatl
+      metadata-tags:
+        description: >-
+          List of tags as key-value pair attributes.
+        required: false
+        type: string
+      latest-tag-flavor:
+        description: >-
+          Set the latest tag flavor.
+        required: false
+        type: string
+        default: auto
+    secrets:
+      dockerhub-password:
+        description: >-
+          Password or personal access token for authenticating against Docker Hub.
+        required: true
+      ghcr-password:
+        description: >-
+          Password or personal access token for authenticating against GitHub Container Registry.
+      quay-password:
+        description: >-
+          Password or personal access token for authenticating against Quay.
+        required: true
+
+jobs:
+  build:
+    runs-on: ${{ matrix.builder.runner-image }}
+    strategy:
+      fail-fast: false
+      matrix:
+        builder:
+          - runner-image: blacksmith-4vcpu-ubuntu-2404
+            platform: linux/amd64
+          - runner-image: blacksmith-4vcpu-ubuntu-2404-arm
+            platform: linux/arm64
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Prepare
+        id: prepare
+        run: |
+          platform=${{ matrix.builder.platform }}
+          echo "platform-pair=${platform//\//-}" >> $GITHUB_OUTPUT
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ inputs.dockerhub-repo }}
+            ${{ inputs.ghcr-repo }}
+            ${{ inputs.quay-repo }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ inputs.dockerhub-username }}
+          password: ${{ secrets.dockerhub-password }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ inputs.ghcr-username }}
+          password: ${{ secrets.ghcr-password }}
+
+      - name: Login to Quay
+        uses: docker/login-action@v3
+        with:
+          registry: quay.io
+          username: ${{ inputs.quay-username }}
+          password: ${{ secrets.quay-password }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: latest
+
+      - name: Build and push by digest
+        id: build
+        uses: useblacksmith/build-push-action@v1
+        with:
+          context: ${{ inputs.build-context }}
+          file: ${{ inputs.build-file }}
+          labels: ${{ steps.meta.outputs.labels }}
+          outputs: type=image,"name=${{ inputs.dockerhub-repo }},${{ inputs.ghcr-repo }},${{ inputs.quay-repo }}",push-by-digest=true,name-canonical=true,push=true
+          platforms: ${{ matrix.builder.platform }}
+          provenance: false
+
+      - name: Export digest
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ inputs.build-digest-key }}-${{ steps.prepare.outputs.platform-pair }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    runs-on: blacksmith-2vcpu-ubuntu-2404
+    needs:
+      - build
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-${{ inputs.build-digest-key }}-*
+          merge-multiple: true
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ inputs.dockerhub-username }}
+          password: ${{ secrets.dockerhub-password }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ inputs.ghcr-username }}
+          password: ${{ secrets.ghcr-password }}
+
+      - name: Login to Quay
+        uses: docker/login-action@v3
+        with:
+            registry: quay.io
+            username: ${{ inputs.quay-username }}
+            password: ${{ secrets.quay-password }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ inputs.dockerhub-repo }}
+            ${{ inputs.ghcr-repo }}
+            ${{ inputs.quay-repo }}
+          tags: |
+            ${{ inputs.metadata-tags }}
+          flavor: |
+            latest=${{ inputs.latest-tag-flavor }}
+
+      - name: Create manifest list and push
+        working-directory: ${{ runner.temp }}/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ inputs.dockerhub-repo }}@sha256:%s ' *)
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ inputs.ghcr-repo }}@sha256:%s ' *)
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ inputs.quay-repo }}@sha256:%s ' *)
+
+      - name: Inspect image
+        run: |
+          docker buildx imagetools inspect ${{ inputs.dockerhub-repo }}:${{ steps.meta.outputs.version }}
+          docker buildx imagetools inspect ${{ inputs.ghcr-repo }}:${{ steps.meta.outputs.version }}
+          docker buildx imagetools inspect ${{ inputs.quay-repo }}:${{ steps.meta.outputs.version }}

.github/workflows/publish.yml

@@ -0,0 +1,50 @@
+name: publish
+
+on:
+  push:
+    branches:
+      - coatl
+    paths:
+      - .github/workflows/docker-build-push-multi-registry.yml
+      - .github/workflows/publish.yml
+      - build/**
+      - pip-tools/**
+  workflow_dispatch:
+
+env:
+  IMAGE_NAME: 'python-tools'
+
+jobs:
+  publish:
+    uses: ./.github/workflows/docker-build-push-multi-registry.yml
+    strategy:
+      matrix:
+        include:
+          - context: build/2.7
+            file: build/2.7/Dockerfile
+            tag: python-tools:2.7-build
+            digest-key: python-tools-2.7-build
+          - context: build/3.12
+            file: build/3.12/Dockerfile
+            tag: python-tools:3.12-build
+            digest-key: python-tools-3.12-build
+          - context: pip-tools/2.7
+            file: pip-tools/2.7/Dockerfile
+            tag: python-tools:2.7-pip-tools
+            digest-key: python-tools-2.7-pip-tools
+    with:
+      dockerhub-repo: coatldev/python-tools
+      dockerhub-username: ${{ vars.DOCKERHUB_USERNAME }}
+      ghcr-repo: ghcr.io/coatl-dev/python-tools
+      ghcr-username: ${{ github.repository_owner }}
+      quay-repo: quay.io/coatldev/python-tools
+      quay-username: ${{ vars.QUAY_USERNAME }}
+      build-context: ${{ matrix.context }}
+      build-file: ${{ matrix.file }}
+      build-digest-key: ${{ matrix.digest-key }}
+      metadata-tags: |
+        type=raw,value=${{ matrix.tag }}
+    secrets:
+      dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }}
+      ghcr-password: ${{ secrets.GHCR_TOKEN }}
+      quay-password: ${{ secrets.QUAY_ROBOT_TOKEN }}

.pre-commit-config.yaml

@@ -0,0 +1,17 @@
+ci:
+  autoupdate_commit_msg: 'build(deps): pre-commit autoupdate'
+
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: check-yaml
+      - id: trailing-whitespace
+  - repo: https://github.com/python-jsonschema/check-jsonschema
+    rev: 0.33.1
+    hooks:
+    - id: check-github-workflows
+  - repo: https://github.com/coatl-dev/hadolint-coatl
+    rev: 2.12.1b0
+    hooks:
+      - id: hadolint

README.md

@@ -0,0 +1,3 @@
+# docker-python-tools
+
+ This repository is a collection of Docker images containing tools Python 2.7 and 3.12.

build/2.7/Dockerfile

@@ -0,0 +1,14 @@
+FROM coatldev/python:2.7.18-slim
+
+COPY requirements.txt /tmp/requirements.txt
+
+RUN set -eux; \
+    \
+    python -m pip install \
+        --no-cache-dir \
+        --requirement \
+        /tmp/requirements.txt; \
+    \
+    rm -rf /tmp/*
+
+CMD [ "/bin/bash" ]

build/2.7/requirements.in

@@ -0,0 +1,2 @@
+build
+twine