Skip to content

Commit db32c56

Browse files
authored
Merge pull request #344 from puzzle/security-updates
Security updates
2 parents 4461080 + 4141d67 commit db32c56

File tree

15 files changed

+1297
-62
lines changed

15 files changed

+1297
-62
lines changed

.github/renovate.json5

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
{
2+
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
3+
"extends": [
4+
"config:recommended"
5+
],
6+
"packageRules": [
7+
{
8+
"matchPackageNames": ["/floryn90/hugo/", "/nginxinc/nginx-unprivileged/"],
9+
"matchDatasources": ["docker"],
10+
"matchUpdateTypes": ["minor", "patch"],
11+
"automerge": true
12+
},
13+
{
14+
"description": "Automerge GitHub Action updates",
15+
"matchDepTypes": ["action"],
16+
"matchDatasources": ["github-tags"],
17+
"matchUpdateTypes": ["minor", "patch"],
18+
"automerge": true
19+
},
20+
{
21+
"description": "Automerge dev-dependencies",
22+
"matchDepTypes": ["devDependencies"],
23+
"matchUpdateTypes": ["minor", "patch"],
24+
"automerge": true
25+
}
26+
],
27+
"ignoreDeps": ["mongo", "rocketchat/rocket.chat", "jenkins/jenkins"]
28+
}

.github/workflows/build.yaml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ jobs:
99
steps:
1010
-
1111
name: Checkout
12-
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
12+
uses: actions/checkout@v4
1313
with:
1414
submodules: recursive
1515
-
@@ -107,6 +107,5 @@ jobs:
107107
with:
108108
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
109109
message: |
110-
111110
PR Environments:
112111
* puzzle <https://jenkins-techlab-pr-${{ github.event.pull_request.number }}.ocp.cloudscale.puzzle.ch>

.github/workflows/pr-cleanup.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,12 +4,12 @@ on:
44
types: [closed]
55

66
jobs:
7-
deployment:
7+
pr-cleanup:
88
runs-on: 'ubuntu-latest'
99
steps:
1010
-
1111
name: Checkout
12-
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
12+
uses: actions/checkout@v4
1313
with:
1414
submodules: recursive
1515
-

.github/workflows/push-main.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ jobs:
1111
steps:
1212
-
1313
name: Checkout
14-
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
14+
uses: actions/checkout@v4
1515
with:
1616
submodules: recursive
1717
-

.gitignore

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
Thumbs.db
22
.DS_Store
33
.dist
4-
.hugo_build.lock
54
.tmp
65
.sass-cache
76
npm-debug.log
@@ -11,6 +10,7 @@ public
1110
.env
1211
resources
1312
.idea/
13+
.hugo_build.lock
1414
id_rsa
1515
id_rsa.pub
1616
*.bak

Dockerfile

Lines changed: 18 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
FROM klakegg/hugo:0.111.3-ext-ubuntu AS builder
1+
FROM docker.io/floryn90/hugo:0.146.6-ext-ubuntu AS builder
22

33
ARG TRAINING_HUGO_ENV=default
44

@@ -8,7 +8,7 @@ RUN hugo --environment ${TRAINING_HUGO_ENV} --minify
88

99
RUN /src/reveal-slides/build-slides.sh
1010

11-
FROM ubuntu:noble AS wkhtmltopdf
11+
FROM docker.io/ubuntu:noble AS wkhtmltopdf
1212
RUN apt-get update \
1313
&& apt-get install -y curl \
1414
&& curl -L https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6.1-2/wkhtmltox_0.12.6.1-2.jammy_amd64.deb --output wkhtmltox_0.12.6.1-2.jammy_amd64.deb \
@@ -19,16 +19,22 @@ RUN apt-get update \
1919

2020
COPY --from=builder /src/public /
2121

22-
RUN wkhtmltopdf --outline-depth 4 --enable-internal-links --enable-local-file-access ./pdf/index.html /pdf.pdf
23-
24-
FROM nginxinc/nginx-unprivileged:1.27-alpine
25-
26-
LABEL maintainer puzzle.ch
27-
LABEL org.opencontainers.image.title "puzzle.ch's Jenkins Techlab"
28-
LABEL org.opencontainers.image.description "Container with puzzle.ch's Jenkins Techlab content"
29-
LABEL org.opencontainers.image.authors puzzle.ch
30-
LABEL org.opencontainers.image.source https://github.com/puzzle/jenkins-techlab/
31-
LABEL org.opencontainers.image.licenses CC-BY-SA-4.0
22+
RUN wkhtmltopdf --outline-depth 4 \
23+
--margin-top 35mm --margin-bottom 22mm --margin-left 15mm --margin-right 10mm \
24+
--enable-internal-links --enable-local-file-access \
25+
/pdf/index.html /pdf.pdf
26+
27+
FROM docker.io/nginxinc/nginx-unprivileged:1.27-alpine
28+
USER root
29+
COPY nginx.conf /etc/nginx/nginx.conf
30+
USER 101
31+
32+
LABEL maintainer=puzzle.ch
33+
LABEL org.opencontainers.image.title="puzzle.ch's Jenkins Techlab"
34+
LABEL org.opencontainers.image.description="Container with puzzle.ch's Jenkins Techlab content"
35+
LABEL org.opencontainers.image.authors="puzzle.ch"
36+
LABEL org.opencontainers.image.source="https://github.com/puzzle/jenkins-techlab/"
37+
LABEL org.opencontainers.image.licenses="CC-BY-SA-4.0"
3238

3339
EXPOSE 8080
3440

README.md

Lines changed: 33 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -27,14 +27,15 @@ The slides will be generated in the `public/slides/intro` directory
2727

2828
This site is built using the static page generator [Hugo](https://gohugo.io/).
2929

30-
The page uses the [docsy theme](https://github.com/google/docsy) which is included as a Git Submodule.
31-
Docsy is being enhanced using [docsy-plus](https://github.com/acend/docsy-plus/) as well as [docsy-puzzle](https://github.com/puzzle/docsy-puzzle/)
30+
The page uses the [docsy theme](https://github.com/google/docsy) which is included as a Hugo Module.
31+
Docsy is being enhanced using [docsy-plus](https://github.com/acend/docsy-plus/) as well as
32+
[docsy-acend](https://github.com/acend/docsy-acend/) and [docsy-puzzle](https://github.com/puzzle/docsy-puzzle/)
3233
for brand specific settings.
3334

34-
After cloning the main repo, you need to initialize the submodule like this:
35+
After cloning the main repo, you need to initialize the Hugo Module like this:
3536

3637
```bash
37-
git submodule update --init --recursive
38+
hugo mod get
3839
```
3940

4041
The default configuration uses the puzzle setup from [config/_default](config/_default/config.toml).
@@ -52,11 +53,14 @@ Further, specialized environments can be added in the `config` directory.
5253
Run the following command to update all submodules with their newest upstream version:
5354

5455
```bash
55-
git submodule update --remote
56+
hugo mod get -u
5657
```
5758

5859

59-
## Build using Docker
60+
## Build production image locally
61+
62+
63+
### Docker
6064

6165
Build the image:
6266

@@ -67,49 +71,51 @@ docker build -t puzzle/jenkins-techlab:latest .
6771
Run it locally:
6872

6973
```bash
70-
docker run -i -p 8080:8080 puzzle/jenkins-techlab
74+
docker run --rm -p 8080:8080 puzzle/jenkins-techlab
7175
```
7276

7377

74-
### Using Buildah and Podman
78+
### Buildah and Podman
7579

7680
Build the image:
7781

7882
```bash
7983
buildah build-using-dockerfile -t puzzle/jenkins-techlab:latest .
8084
```
8185

82-
Run it locally with the following command. Beware that `--rmi` automatically removes the built image when the container stops, so you either have to rebuild it or remove the parameter from the command.
86+
Run it locally:
8387

8488
```bash
85-
podman run --rm --rmi --interactive --publish 8080:8080 localhost/puzzle/jenkins-techlab
89+
podman run --rm --rmi --publish 8080:8080 localhost/puzzle/jenkins-techlab
8690
```
8791

92+
**Note:** Beware that `--rmi` automatically removes the built image when the container stops, so you either have to rebuild it or remove the parameter from the command.
93+
8894

8995
## How to develop locally
9096

9197
To develop locally we don't want to rebuild the entire container image every time something changed, and it is also important to use the same hugo versions like in production.
9298
We simply mount the working directory into a running container, where hugo is started in the server mode.
9399

94100
```bash
95-
export HUGO_VERSION=$(grep "FROM klakegg/hugo" Dockerfile | sed 's/FROM klakegg\/hugo://g' | sed 's/ AS builder//g')
96-
docker run \
97-
--rm --interactive \
98-
--publish 8081:8081 \
99-
-v $(pwd):/src \
100-
klakegg/hugo:${HUGO_VERSION} \
101-
server -p 8081 --bind 0.0.0.0
101+
export HUGO_VERSION=$(grep "FROM docker.io/floryn90/hugo" Dockerfile | sed 's/FROM docker.io\/floryn90\/hugo://g' | sed 's/ AS builder//g')
102+
docker run --rm --publish 8080:8080 -v $(pwd):/src docker.io/floryn90/hugo:${HUGO_VERSION} server -p 8080
102103
```
103104

104-
Access the local documentation: <localhost:8081>
105+
Use the following command to set the hugo environment
106+
107+
```bash
108+
export HUGO_VERSION=$(grep "FROM docker.io/floryn90/hugo" Dockerfile | sed 's/FROM docker.io\/floryn90\/hugo://g' | sed 's/ AS builder//g')
109+
docker run --rm --publish 8080:8080 -v $(pwd):/src docker.io/floryn90/hugo:${HUGO_VERSION} server --environment=<environment> -p 8080
110+
```
105111

106112

107113
## Linting of Markdown content
108114

109115
Markdown files are linted with <https://github.com/DavidAnson/markdownlint>.
110116
Custom rules are in `.markdownlint.json`.
111117
There's a GitHub Action `.github/workflows/markdownlint.yaml` for CI.
112-
For local checks, you can either use Visual Studio Code with the corresponding extension (markdownlint), or the command line like this:
118+
For local checks, you can either use Visual Studio Code with the corresponding extension, or the command line like this:
113119

114120
```shell script
115121
npm install
@@ -119,8 +125,14 @@ npm run mdlint
119125
Npm not installed? no problem
120126

121127
```bash
122-
export HUGO_VERSION=$(grep "FROM klakegg/hugo" Dockerfile | sed 's/FROM klakegg\/hugo://g' | sed 's/ AS builder//g')
123-
docker run --rm --interactive -v $(pwd):/src klakegg/hugo:${HUGO_VERSION}-ci /bin/bash -c "set -euo pipefail;npm install; npm run mdlint;"
128+
export HUGO_VERSION=$(grep "FROM docker.io/floryn90/hugo" Dockerfile | sed 's/FROM docker.io\/floryn90\/hugo://g' | sed 's/ AS builder//g')
129+
docker run --rm -v $(pwd):/src docker.io/floryn90/hugo:${HUGO_VERSION}-ci /bin/bash -c "npm install && npm run mdlint"
130+
```
131+
132+
Automatically fix errors if possible:
133+
134+
```bash
135+
npm run mdlint-fix
124136
```
125137

126138

config/_default/config.toml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -84,8 +84,8 @@ breadcrumb_disable = false
8484
sidebar_search_disable = false
8585
# Set to false if you don't want to display a logo (/assets/icons/logo.svg) in the top nav bar
8686
navbar_logo = true
87-
# Set to true to disable the About link in the site footer
88-
footer_about_disable = true
87+
# Set to false to disable the About link in the site footer
88+
footer_about_enable = false
8989

9090
############################## social links ##############################
9191
[params.links]
@@ -106,6 +106,9 @@ url = "https://linkedin.com/company/puzzle-itc"
106106

107107
# puzzle design
108108
[module]
109+
# uncomment line below for temporary local development of module
110+
# replacements = "github.com/google/docsy -> ../../docsy"
111+
# replacements = "github.com/acend/docsy-plus -> ../../docsy-plus"
109112
[module.hugoVersion]
110113
extended = true
111114
min = "0.100.0"

go.mod

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,11 @@ module github.com/puzzle/jenkins-techlab
33
go 1.19
44

55
require (
6+
github.com/FortAwesome/Font-Awesome v0.0.0-20240716171331-37eff7fa00de // indirect
67
github.com/acend/docsy-acend v1.0.0 // indirect
7-
github.com/acend/docsy-plus v1.0.0 // indirect
8-
github.com/google/docsy v0.4.0 // indirect
9-
github.com/google/docsy/dependencies v0.4.0 // indirect
8+
github.com/acend/docsy-plus v1.2.0 // indirect
9+
github.com/google/docsy v0.11.0 // indirect
10+
github.com/google/docsy/dependencies v0.7.2 // indirect
1011
github.com/puzzle/docsy-puzzle v0.0.0-20230123144731-757054047a02 // indirect
12+
github.com/twbs/bootstrap v5.3.5+incompatible // indirect
1113
)

go.sum

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,31 @@
11
github.com/FortAwesome/Font-Awesome v0.0.0-20210804190922-7d3d774145ac/go.mod h1:IUgezN/MFpCDIlFezw3L8j83oeiIuYoj28Miwr/KUYo=
2+
github.com/FortAwesome/Font-Awesome v0.0.0-20230327165841-0698449d50f2/go.mod h1:IUgezN/MFpCDIlFezw3L8j83oeiIuYoj28Miwr/KUYo=
3+
github.com/FortAwesome/Font-Awesome v0.0.0-20240716171331-37eff7fa00de h1:JvHOfdSqvArF+7cffH9oWU8oLhn6YFYI60Pms8M/6tI=
4+
github.com/FortAwesome/Font-Awesome v0.0.0-20240716171331-37eff7fa00de/go.mod h1:IUgezN/MFpCDIlFezw3L8j83oeiIuYoj28Miwr/KUYo=
25
github.com/acend/docsy-acend v0.0.0-20220406070448-8027986336dc h1:kNDPVcZCXsbJxqDstPoesa9YqWx84BVowj9cgxG6dnE=
36
github.com/acend/docsy-acend v0.0.0-20220406070448-8027986336dc/go.mod h1:92hTJB3aPssEooTK+gv0i84vwTjah30HKaLGdupJaPA=
7+
github.com/acend/docsy-acend v1.0.0 h1:TwmHoH3z6lh5zcNj6zUpMP4lYOhQ+OOgcbBwr7AqVoo=
48
github.com/acend/docsy-acend v1.0.0/go.mod h1:h8XZkPe1VufdOQfFXcLVQ7FvOJyIMKr8rJcSvWStG2g=
59
github.com/acend/docsy-plus v0.0.0-20220428195954-da462686a1f4 h1:NH8RTlmPMcTPxfZYlqYWWcqoQ5STebCQikKByJVRnAA=
610
github.com/acend/docsy-plus v0.0.0-20220428195954-da462686a1f4/go.mod h1:FUTTPmi3S92rVMbCYqXdGNxixdyqACBrFTK7dOuMttQ=
11+
github.com/acend/docsy-plus v1.0.0 h1:Ag2xQv15gwqPnsvWSBP8GKAnRrctVkADwaG3Qymt5ww=
712
github.com/acend/docsy-plus v1.0.0/go.mod h1:YDHqf+DCZcx5HvKGzaBluPmLfgHQ2GKkYjggvF98jR4=
13+
github.com/acend/docsy-plus v1.2.0 h1:MJaMdkqXU6ws7A+6Lzhx4qGvncifund3NF44Tzs7iVM=
14+
github.com/acend/docsy-plus v1.2.0/go.mod h1:LPbI0Ljrhzt0YHUg8qozWVUXjrMVI1cFVPn3TyQxbcY=
815
github.com/google/docsy v0.4.0 h1:Eyt2aiDC1fnw/Qq/9xnIqUU5n5Yyk4c8gX3nBDdTv/4=
916
github.com/google/docsy v0.4.0/go.mod h1:vJjGkHNaw9bO42gpFTWwAUzHZWZEVlK46Kx7ikY5c7Y=
17+
github.com/google/docsy v0.11.0 h1:QnV40cc28QwS++kP9qINtrIv4hlASruhC/K3FqkHAmM=
18+
github.com/google/docsy v0.11.0/go.mod h1:hGGW0OjNuG5ZbH5JRtALY3yvN8ybbEP/v2iaK4bwOUI=
1019
github.com/google/docsy/dependencies v0.4.0 h1:FXwyjtuFfPIPBauU2t7uIAgS6VYfJf+OD5pzxGvkQsQ=
1120
github.com/google/docsy/dependencies v0.4.0/go.mod h1:2zZxHF+2qvkyXhLZtsbnqMotxMukJXLaf8fAZER48oo=
21+
github.com/google/docsy/dependencies v0.7.2 h1:+t5ufoADQAj4XneFphz4A+UU0ICAxmNaRHVWtMYXPSI=
22+
github.com/google/docsy/dependencies v0.7.2/go.mod h1:gihhs5gmgeO+wuoay4FwOzob+jYJVyQbNaQOh788lD4=
1223
github.com/puzzle/docsy-puzzle v0.0.0-20220406081603-2cd9f7c8d79a h1:ivuXhwliGTmfp4Zn9dqHiIHPUbniLhsbSYKrsQIoFKM=
1324
github.com/puzzle/docsy-puzzle v0.0.0-20220406081603-2cd9f7c8d79a/go.mod h1:FHtQEgHYfsiO5d1XXaF/mD5C51PQw1kea8JwTGBs93o=
25+
github.com/puzzle/docsy-puzzle v0.0.0-20230123144731-757054047a02 h1:80gTlzoKpnRjr4F70KAXmNs6UsTAkPgYEyyVguDwheg=
1426
github.com/puzzle/docsy-puzzle v0.0.0-20230123144731-757054047a02/go.mod h1:q4bPnnpLaz5IDdFmQFxCHr85uwAsK9ayut5NNmC4w3I=
1527
github.com/twbs/bootstrap v4.6.1+incompatible/go.mod h1:fZTSrkpSf0/HkL0IIJzvVspTt1r9zuf7XlZau8kpcY0=
28+
github.com/twbs/bootstrap v5.2.3+incompatible/go.mod h1:fZTSrkpSf0/HkL0IIJzvVspTt1r9zuf7XlZau8kpcY0=
29+
github.com/twbs/bootstrap v5.3.3+incompatible/go.mod h1:fZTSrkpSf0/HkL0IIJzvVspTt1r9zuf7XlZau8kpcY0=
30+
github.com/twbs/bootstrap v5.3.5+incompatible h1:6XrrFNMsiTTFcVTBf2886FO2XUNtwSE+QPv1os0uAA4=
31+
github.com/twbs/bootstrap v5.3.5+incompatible/go.mod h1:fZTSrkpSf0/HkL0IIJzvVspTt1r9zuf7XlZau8kpcY0=

0 commit comments

Comments
 (0)