Merge pull request #1 from curl/new_world

init new approach branch

.github/CONTRIBUTING.md

@@ -0,0 +1,29 @@
+<!--
+ Copyright (C) 2023 James Fuller, <jim@webcomposite.com>, et al.
+
+SPDX-License-Identifier: curl-container
+-->
+
+How to contribute to curl
+=========================
+
+Join the community
+------------------
+
+ 1. Click 'watch' on the GitHub repo
+
+ 2. Subscribe to the suitable [mailing lists](https://curl.se/mail/)
+
+Read [CONTRIBUTE](../docs/CONTRIBUTE.md)
+---------------------------------------
+
+Send your suggestions using one of these methods:
+-------------------------------------------------
+
+ 1. in a mail to the mailing list
+
+ 2. as a [pull request](https://github.com/curl/curl-container/pulls)
+
+ 3. as an [issue](https://github.com/curl/curl-container/issues)
+
+/ The curl-container team!

.github/FUNDING.yml

@@ -0,0 +1,6 @@
+# Copyright (C) 2023 James Fuller, <jim@webcomposite.com>, et al.
+#
+# SPDX-License-Identifier: curl-container
+
+github: curl
+open_collective: curl

.github/stale.yml

@@ -0,0 +1,21 @@
+# Copyright (C) 2023 James Fuller, <jim@webcomposite.com>, et al.
+#
+# SPDX-License-Identifier: curl-container
+
+# Number of days of inactivity before an issue becomes stale
+daysUntilStale: 180
+# Number of days of inactivity before a stale issue is closed
+daysUntilClose: 14
+# Issues with these labels will never be considered stale
+exemptLabels:
+  - pinned
+  - security
+# Label to use when marking an issue as stale
+staleLabel: stale
+# Comment to post when marking an issue as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. Thank you
+  for your contributions.
+# Comment to post when closing a stale issue. Set to `false` to disable
+closeComment: false

.github/workflows/build_latest_release_multi.yml

@@ -0,0 +1,118 @@
+name: build_latest_release_multi_images
+on:
+  push:
+    branches:
+    - main
+env:
+  REGISTRY_USER: ${{ github.actor }}
+  REGISTRY_PASSWORD: ${{ github.token }}
+  IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+
+jobs:
+  build_multi_latest_release_tag:
+    name: ${{ matrix.build.name }}
+    runs-on: 'ubuntu-latest'
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        install_latest: [ true ]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          ref: "new_world"
+      - name: Log in to ghcr.io
+        uses: redhat-actions/podman-login@v1
+        with:
+          username: ${{ env.REGISTRY_USER }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+          registry: ${{ env.IMAGE_REGISTRY }}
+      - run: |
+          sudo apt-get update
+          sudo apt-get -y install buildah less git make podman qemu
+        name: 'install dev deps'
+      - name: Sets env vars
+        run: |
+          release_tag_redirect=$(curl -s https://github.com/curl/curl/releases/latest -w'%{redirect_url}\n' -o /dev/null)
+          latest_release_ref=$(basename ${release_tag_redirect})
+          echo "TAG_REF=$latest_release_ref" >> $GITHUB_ENV
+          rel=${latest_release_ref:5}
+          release_image_tag="${rel//_/.}"
+          echo "REL=$release_image_tag" >> $GITHUB_ENV
+      - run: buildah unshare make branch_or_ref=$TAG_REF release_tag=$REL multibuild
+        name: 'build multi image'
+#      - run: buildah unshare make dist_name=curl-multi release_tag=master test
+#        name: 'test image'
+#      - run: make dist_name=curl-multi release_tag=$REL scan
+#        name: 'security scan image'
+      - run: |
+          buildah manifest push --all curl-multi:$REL "docker://ghcr.io/curl/curl-container/curl-multi:${REL}"
+          buildah manifest push --all curl-base-multi:$REL "docker://ghcr.io/curl/curl-container/curl-base-multi:${REL}"
+        name: 'push images to github registry'
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@main
+      - name: Write signing key to disk (only needed for `cosign sign --key`)
+        run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key
+      - name: Sign images with sigstore key
+        run: |
+          cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-multi:$REL
+          cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-base-multi:$REL
+        env:
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+      - name: Write public key to disk
+        run: echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub
+      - name: Verify image with public key
+        run: |
+          cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-multi:$REL
+          cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-base-multi:$REL
+      - name: "login docker hub"
+        run: |
+          podman login -u ${{secrets.DOCKER_HUB_USER}} -p ${{secrets.DOCKER_HUB_TOKEN}} docker.io
+          docker login -u ${{secrets.DOCKER_HUB_USER}} -p ${{secrets.DOCKER_HUB_TOKEN}}
+      - name: 'push release to docker hub'
+        run: |
+          buildah manifest push --all localhost/curl-multi:$REL "docker://docker.io/curlimages/curl:${REL}"
+          buildah manifest push --all localhost/curl-multi:$REL "docker://docker.io/curlimages/curl:latest"
+          buildah manifest push --all localhost/curl-base-multi:$REL "docker://docker.io/curlimages/curl-base:${REL}"
+          buildah manifest push --all localhost/curl-base-multi:$REL "docker://docker.io/curlimages/curl-base:latest"
+      - name: Sign images with a sigstore key
+        run: |
+          cosign sign -y --key cosign.key docker.io/curlimages/curl:$REL
+          cosign sign -y --key cosign.key docker.io/curlimages/curl:latest
+          cosign sign -y --key cosign.key docker.io/curlimages/curl-base:$REL
+          cosign sign -y --key cosign.key docker.io/curlimages/curl-base:latest
+        env:
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+      - name: Verify image
+        run: |
+          cosign verify --key cosign.pub docker.io/curlimages/curl:$REL
+          cosign verify --key cosign.pub docker.io/curlimages/curl:latest
+          cosign verify --key cosign.pub docker.io/curlimages/curl-base:$REL
+          cosign verify --key cosign.pub docker.io/curlimages/curl-base:latest
+      - name: "login quay.io"
+        run: |
+          podman login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io
+          docker login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io
+      - name: 'push release to quay.io'
+        run: |
+          buildah manifest push --all localhost/curl-multi:$REL "docker://quay.io/curl/curl:${REL}"
+          buildah manifest push --all localhost/curl-multi:$REL "docker://quay.io/curl/curl:latest"
+          buildah manifest push --all localhost/curl-base-multi:$REL "docker://quay.io/curl/curl-base:${REL}"
+          buildah manifest push --all localhost/curl-base-multi:$REL "docker://quay.io/curl/curl-base:latest"
+      - name: Sign images with a sigstore key
+        run: |
+          cosign sign -y --key cosign.key quay.io/curl/curl:$REL
+          cosign sign -y --key cosign.key quay.io/curl/curl:latest
+          cosign sign -y --key cosign.key quay.io/curl/curl-base:$REL
+          cosign sign -y --key cosign.key quay.io/curl/curl-base:latest
+        env:
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+      - name: Verify image
+        run: |
+          cosign verify --key cosign.pub quay.io/curl/curl:$REL
+          cosign verify --key cosign.pub quay.io/curl/curl:latest
+          cosign verify --key cosign.pub quay.io/curl/curl-base:$REL
+          cosign verify --key cosign.pub quay.io/curl/curl-base:latest

.github/workflows/build_master.yml

@@ -0,0 +1,74 @@
+name: build_master_images
+on:
+  schedule:
+    # Runs every hour
+    - cron: '0 * * * * '
+  push:
+    branches:
+    - main
+    - '*/ci'
+  pull_request:
+    branches:
+    - main
+
+env:
+  REGISTRY_USER: ${{ github.actor }}
+  REGISTRY_PASSWORD: ${{ github.token }}
+  IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+
+jobs:
+  build_master:
+    name: ${{ matrix.build.name }}
+    runs-on: 'ubuntu-latest'
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        install_latest: [ true ]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          ref: "new_world"
+      - name: Log in to ghcr.io
+        uses: redhat-actions/podman-login@v1
+        with:
+          username: ${{ env.REGISTRY_USER }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+          registry: ${{ env.IMAGE_REGISTRY }}
+      - run: |
+          sudo apt-get update
+          sudo apt-get -y install buildah less git make podman qemu
+        name: 'install dev deps'
+      - run: buildah unshare make branch_or_ref=master release_tag=master build_ref_images
+        name: 'build master images'
+#      - run: buildah unshare make dist_name=curl release_tag=master test
+#        name: 'test image'
+      - run: make dist_name=localhost/curl release_tag=master scan
+        name: 'security scan image'
+      - run: |
+          buildah push curl-dev:master "docker://ghcr.io/curl/curl-container/curl-dev:master"
+          buildah push curl-base:master "docker://ghcr.io/curl/curl-container/curl-base:master"
+          buildah push curl:master "docker://ghcr.io/curl/curl-container/curl:master"
+        name: 'push images to github registry'
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@main
+      - name: Write signing key to disk (only needed for `cosign sign --key`)
+        run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key
+      - name: Sign image with a key
+        run: |
+          cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-dev:master
+          cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-base:master
+          cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl:master
+        env:
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+      - name: Write public key to disk
+        run: echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub
+      - name: Verify image with public key
+        run: |
+          cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-dev:master
+          cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-base:master
+          cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl:master
+

.github/workflows/build_master_multi.yml

@@ -0,0 +1,70 @@
+name: build_master_multi_images
+on:
+  schedule:
+    # Runs every hour
+    - cron: '0 * * * * '
+  push:
+    branches:
+    - main
+    - '*/ci'
+  pull_request:
+    branches:
+    - main
+
+env:
+  REGISTRY_USER: ${{ github.actor }}
+  REGISTRY_PASSWORD: ${{ github.token }}
+  IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+
+jobs:
+  build_multi_master:
+    name: ${{ matrix.build.name }}
+    runs-on: 'ubuntu-latest'
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        install_latest: [ true ]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          ref: "new_world"
+      - name: Log in to ghcr.io
+        uses: redhat-actions/podman-login@v1
+        with:
+          username: ${{ env.REGISTRY_USER }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+          registry: ${{ env.IMAGE_REGISTRY }}
+      - run: |
+          sudo apt-get update
+          sudo apt-get -y install buildah less git make podman qemu
+        name: 'install dev deps'
+      - run: buildah unshare make branch_or_ref=master release_tag=master multibuild
+        name: 'build multi image'
+#      - run: buildah unshare make dist_name=curl-multi release_tag=master test
+#        name: 'test image'
+#      - run: make dist_name=curl-multi release_tag=$REL scan
+#        name: 'security scan image'
+      - run: |
+          buildah manifest push --all localhost/curl-base-multi:master "docker://ghcr.io/curl/curl-container/curl-base-multi:master"
+          buildah manifest push --all localhost/curl-multi:master "docker://ghcr.io/curl/curl-container/curl-multi:master"
+        name: 'push multi images to github registry'
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@main
+      - name: Write signing key to disk (only needed for `cosign sign --key`)
+        run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key
+      - name: Sign image with a key
+        run: |
+          cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-multi:master
+          cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-base-multi:master
+        env:
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+      - name: Write public key to disk
+        run: echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub
+      - name: Verify image with public key
+        run: |
+          cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-multi:master
+          cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-base-multi:master

.gitignore

@@ -0,0 +1,2 @@
+.idea
+venv

CHANGELOG.md

@@ -0,0 +1,13 @@
+Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## Unreleased
+
+## [8.1.2] - 2023-06-06
+### Added
+- created [curl-container repo](https://github.com/curl/curl-container/pull/1)
+### Changed
+- generate [curl:8.1.2 release](https://github.com/curl/curl/releases/tag/curl-8_1_2) images on [alpine 3.18.0](https://alpinelinux.org/posts/Alpine-3.18.0-released.html) 

Containerfile

@@ -0,0 +1,9 @@
+from quay.io/buildah/stable:latest
+
+RUN dnf --nodocs --setopt install_weak_deps=false -y install less git make podman qemu
+
+COPY "requirements.txt" "requirements.txt"
+RUN python3 -m ensurepip
+# RUN pip3 install --no-input -r requirements.txt
+
+WORKDIR /opt/app-root/src/

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 James Fuller
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.