From 6df81f4854c2949b1e6d9ee8f32d3bfe08ab2474 Mon Sep 17 00:00:00 2001
From: Tobias Hargesheimer <tobias@ison.ws>
Date: Tue, 26 Nov 2024 21:19:36 +0100
Subject: [PATCH] mqtt

---
 ..._images-prometheus-mosquitto-exporter.yaml | 39 ++++++++++--------
 ...cker_images-prometheus-mqtt-transport.yaml | 41 ++++++++++---------
 ...theus-mosquitto-exporter.debian.Dockerfile | 14 ++++---
 prometheus-mqtt-transport.debian.Dockerfile   | 14 +++----
 4 files changed, 58 insertions(+), 50 deletions(-)

diff --git a/.github/workflows/build_docker_images-prometheus-mosquitto-exporter.yaml b/.github/workflows/build_docker_images-prometheus-mosquitto-exporter.yaml
index ebb1a1d..2415994 100644
--- a/.github/workflows/build_docker_images-prometheus-mosquitto-exporter.yaml
+++ b/.github/workflows/build_docker_images-prometheus-mosquitto-exporter.yaml
@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Shell-Script
         id: script
@@ -35,52 +35,54 @@ jobs:
           DOCKER_REPO=${{ secrets.DOCKER_USERNAME }}/${GITHUB_REPO_SHORT}
           REDHAT_QUAY_REPO=${{ secrets.REDHAT_QUAY_USERNAME }}/${GITHUB_REPO_SHORT}
           
-          # Set output parameters to github action.
-          echo ::set-output name=build_date::${BUILD_DATE}
-          echo ::set-output name=build_date_numeric::${BUILD_DATE_NUMERIC}
-          echo ::set-output name=commit_hash::${COMMIT_HASH}
-          echo ::set-output name=github_repo::${GITHUB_REPO}
-          echo ::set-output name=docker_repo::${DOCKER_REPO}
-          echo ::set-output name=redhat_quay_repo::${REDHAT_QUAY_REPO}
+          # Set output parameters to action.
+          echo "build_date=${BUILD_DATE}" >> "$GITHUB_OUTPUT"
+          echo "build_date_numeric=${BUILD_DATE_NUMERIC}" >> "$GITHUB_OUTPUT"
+          echo "commit_hash=${COMMIT_HASH}" >> "$GITHUB_OUTPUT"
+          echo "github_repo=${GITHUB_REPO}" >> "$GITHUB_OUTPUT"
+          echo "docker_repo=${DOCKER_REPO}" >> "$GITHUB_OUTPUT"
+          echo "redhat_quay_repo=${REDHAT_QUAY_REPO}" >> "$GITHUB_OUTPUT"
 
           # prometheus-mosquitto-exporter
-          PROMETHEUS_MOSQUITTO_EXPORTER="1.1.4"
-          echo ::set-output name=prometheus_mosquitto_exporter::${PROMETHEUS_MOSQUITTO_EXPORTER}
+          #PROMETHEUS_MQTT_TRANSPORT_VERSION=$(git ls-remote --tags "https://git.ypbind.de/repository/prometheus-mosquitto-exporter.git" | awk -F/ '{print $NF}' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+$' | sort -V | tail -n1)
+          #PROMETHEUS_MQTT_TRANSPORT_VERSION=$(curl -s "https://git.ypbind.de/cgit/prometheus-mosquitto-exporter/refs/" | grep -oE '/tag/\?h=[0-9]+\.[0-9]+\.[0-9]+' | sed -E 's|.*/tag/\?h=([0-9]+\.[0-9]+\.[0-9]+)|\1|' | sort -V | tail -n1)
+          PROMETHEUS_MOSQUITTO_EXPORTER_VERSION="1.1.4"
+          echo "prometheus_mosquitto_exporter_version=${PROMETHEUS_MOSQUITTO_EXPORTER_VERSION}" >> "$GITHUB_OUTPUT"
 
       - name: Set up QEMU
         id: qemu
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
         with:
           image: tonistiigi/binfmt:latest
           platforms: all
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to DockerHub 
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: docker.io
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Login to RED HAT Quay.io Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: quay.io
           username: ${{ secrets.REDHAT_QUAY_USERNAME }}
           password: ${{ secrets.REDHAT_QUAY_PASSWORD }}
 
       - name: Build
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
         with:
           builder: ${{ steps.buildx.outputs.name }}
           context: .
@@ -90,14 +92,15 @@ jobs:
           build-args: |
             BUILD_DATE=${{steps.script.outputs.build_date}}
             VCS_REF=${{steps.script.outputs.commit_hash}}
-            VERSION=${{steps.script.outputs.prometheus_mosquitto_exporter}}
+            VERSION=${{steps.script.outputs.prometheus_mosquitto_exporter_version}}
           tags: |
             docker.io/${{steps.script.outputs.docker_repo}}:prometheus-mosquitto-exporter
+            docker.io/${{steps.script.outputs.docker_repo}}:prometheus-mosquitto-exporter-${{steps.script.outputs.prometheus_mosquitto_exporter_version}}
             quay.io/${{steps.script.outputs.redhat_quay_repo}}:prometheus-mosquitto-exporter
             ghcr.io/${{steps.script.outputs.github_repo}}:prometheus-mosquitto-exporter
 
       #- name: Docker Hub Description
-      #  uses: peter-evans/dockerhub-description@v3
+      #  uses: peter-evans/dockerhub-description@v4
       #  with:
       #    username: ${{ secrets.DOCKER_USERNAME }}
       #    password: ${{ secrets.DOCKER_PASSWORD }}
diff --git a/.github/workflows/build_docker_images-prometheus-mqtt-transport.yaml b/.github/workflows/build_docker_images-prometheus-mqtt-transport.yaml
index bc8231a..b2ccee7 100644
--- a/.github/workflows/build_docker_images-prometheus-mqtt-transport.yaml
+++ b/.github/workflows/build_docker_images-prometheus-mqtt-transport.yaml
@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Shell-Script
         id: script
@@ -34,53 +34,55 @@ jobs:
           GITHUB_REPO_SHORT=${GITHUB_REPO_SHORT#"docker-"}
           DOCKER_REPO=${{ secrets.DOCKER_USERNAME }}/${GITHUB_REPO_SHORT}
           REDHAT_QUAY_REPO=${{ secrets.REDHAT_QUAY_USERNAME }}/${GITHUB_REPO_SHORT}
-          
-          # Set output parameters to github action.
-          echo ::set-output name=build_date::${BUILD_DATE}
-          echo ::set-output name=build_date_numeric::${BUILD_DATE_NUMERIC}
-          echo ::set-output name=commit_hash::${COMMIT_HASH}
-          echo ::set-output name=github_repo::${GITHUB_REPO}
-          echo ::set-output name=docker_repo::${DOCKER_REPO}
-          echo ::set-output name=redhat_quay_repo::${REDHAT_QUAY_REPO}
+
+          # Set output parameters to action.
+          echo "build_date=${BUILD_DATE}" >> "$GITHUB_OUTPUT"
+          echo "build_date_numeric=${BUILD_DATE_NUMERIC}" >> "$GITHUB_OUTPUT"
+          echo "commit_hash=${COMMIT_HASH}" >> "$GITHUB_OUTPUT"
+          echo "github_repo=${GITHUB_REPO}" >> "$GITHUB_OUTPUT"
+          echo "docker_repo=${DOCKER_REPO}" >> "$GITHUB_OUTPUT"
+          echo "redhat_quay_repo=${REDHAT_QUAY_REPO}" >> "$GITHUB_OUTPUT"
 
           # prometheus-mqtt-transport
-          PROMETHEUS_MQTT_TRANSPORT="1.0.0"
-          echo ::set-output name=prometheus_mqtt_transport::${PROMETHEUS_MQTT_TRANSPORT}
+          #PROMETHEUS_MQTT_TRANSPORT_VERSION=$(git ls-remote --tags "https://git.ypbind.de/repository/prometheus-mqtt-transport.git" | awk -F/ '{print $NF}' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+$' | sort -V | tail -n1)
+          #PROMETHEUS_MQTT_TRANSPORT_VERSION=$(curl -s "https://git.ypbind.de/cgit/prometheus-mqtt-transport/refs/" | grep -oE '/tag/\?h=[0-9]+\.[0-9]+\.[0-9]+' | sed -E 's|.*/tag/\?h=([0-9]+\.[0-9]+\.[0-9]+)|\1|' | sort -V | tail -n1)
+          PROMETHEUS_MQTT_TRANSPORT_VERSION="1.0.0"
+          echo "prometheus_mqtt_transport_version=${PROMETHEUS_MQTT_TRANSPORT_VERSION}" >> "$GITHUB_OUTPUT"
 
       - name: Set up QEMU
         id: qemu
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
         with:
           image: tonistiigi/binfmt:latest
           platforms: all
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to DockerHub 
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: docker.io
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Login to RED HAT Quay.io Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: quay.io
           username: ${{ secrets.REDHAT_QUAY_USERNAME }}
           password: ${{ secrets.REDHAT_QUAY_PASSWORD }}
 
       - name: Build
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
         with:
           builder: ${{ steps.buildx.outputs.name }}
           context: .
@@ -90,14 +92,15 @@ jobs:
           build-args: |
             BUILD_DATE=${{steps.script.outputs.build_date}}
             VCS_REF=${{steps.script.outputs.commit_hash}}
-            VERSION=${{steps.script.outputs.prometheus_mqtt_transport}}
+            VERSION=${{steps.script.outputs.prometheus_mqtt_transport_version}}
           tags: |
             docker.io/${{steps.script.outputs.docker_repo}}:prometheus-mqtt-transport
+            docker.io/${{steps.script.outputs.docker_repo}}:prometheus-mqtt-transport-${{steps.script.outputs.prometheus_mqtt_transport_version}}
             quay.io/${{steps.script.outputs.redhat_quay_repo}}:prometheus-mqtt-transport
             ghcr.io/${{steps.script.outputs.github_repo}}:prometheus-mqtt-transport
 
       #- name: Docker Hub Description
-      #  uses: peter-evans/dockerhub-description@v3
+      #  uses: peter-evans/dockerhub-description@v4
       #  with:
       #    username: ${{ secrets.DOCKER_USERNAME }}
       #    password: ${{ secrets.DOCKER_PASSWORD }}
diff --git a/prometheus-mosquitto-exporter.debian.Dockerfile b/prometheus-mosquitto-exporter.debian.Dockerfile
index 9926eaa..69eb1d2 100644
--- a/prometheus-mosquitto-exporter.debian.Dockerfile
+++ b/prometheus-mosquitto-exporter.debian.Dockerfile
@@ -20,8 +20,12 @@ RUN \
     #cargo build --release ; \
     ls -lah /usr/src/prometheus-mosquitto-exporter/target/release
 
+RUN sed -i '/^\s*broker:/s/tls:/ssl:/' etc/prometheus-mosquitto-exporter.yaml
 
-FROM debian:bookworm-slim
+
+# https://github.com/GoogleContainerTools/distroless
+# hadolint ignore=DL3006
+FROM gcr.io/distroless/cc-debian12:latest AS production
 
 ARG VCS_REF
 ARG BUILD_DATE
@@ -33,15 +37,13 @@ LABEL org.opencontainers.image.title="prometheus-mosquitto-exporter" \
       org.opencontainers.image.revision="${VCS_REF}" \
       org.opencontainers.image.description="Export statistics of Mosquitto MQTT broker (topic: \$SYS) to Prometheus" \
       org.opencontainers.image.documentation="https://ypbind.de/maus/projects/prometheus-mosquitto-exporter/" \
-      org.opencontainers.image.base.name="docker.io/library/debian:bookworm-slim" \
+      org.opencontainers.image.base.name="gcr.io/distroless/cc-debian12:latest" \
       org.opencontainers.image.licenses="GPL-3.0" \
       org.opencontainers.image.url="https://github.com/Tob1as/docker-tools" \
       org.opencontainers.image.source="https://git.ypbind.de/cgit/prometheus-mosquitto-exporter/"
 
-SHELL ["/bin/bash", "-euxo", "pipefail", "-c"]
-
-RUN apt-get update && apt-get install -y ca-certificates libssl-dev && rm -rf /var/lib/apt/lists/* ; \
-    mkdir -p /etc/prometheus-mosquitto-exporter/
+# certs
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 
 # binary
 COPY --from=builder --chown=nobody:nogroup /usr/src/prometheus-mosquitto-exporter/target/release/prometheus-mosquitto-exporter /usr/local/bin/prometheus-mosquitto-exporter
diff --git a/prometheus-mqtt-transport.debian.Dockerfile b/prometheus-mqtt-transport.debian.Dockerfile
index d9c6e06..948dc56 100644
--- a/prometheus-mqtt-transport.debian.Dockerfile
+++ b/prometheus-mqtt-transport.debian.Dockerfile
@@ -21,7 +21,9 @@ RUN \
     ls -lah /usr/src/prometheus-mqtt-transport/target/release
 
 
-FROM debian:bookworm-slim AS base
+# https://github.com/GoogleContainerTools/distroless
+# hadolint ignore=DL3006
+FROM gcr.io/distroless/cc-debian12:latest AS production
 
 ARG VCS_REF
 ARG BUILD_DATE
@@ -33,15 +35,13 @@ LABEL org.opencontainers.image.title="prometheus-mqtt-transport" \
       org.opencontainers.image.revision="${VCS_REF}" \
       org.opencontainers.image.description="Scrape Prometheus exporter, transport data over MQTT and expose transported metric data to Prometheus" \
       org.opencontainers.image.documentation="https://ypbind.de/maus/projects/prometheus-mqtt-transport/index.html" \
-      org.opencontainers.image.base.name="docker.io/library/debian:bookworm-slim" \
+      org.opencontainers.image.base.name="gcr.io/distroless/cc-debian12:latest" \
       org.opencontainers.image.licenses="GPL-3.0" \
       org.opencontainers.image.url="https://github.com/Tob1as/docker-tools" \
       org.opencontainers.image.source="https://git.ypbind.de/cgit/prometheus-mqtt-transport/"
 
-SHELL ["/bin/bash", "-euxo", "pipefail", "-c"]
-
-RUN apt-get update && apt-get install -y ca-certificates libssl-dev && rm -rf /var/lib/apt/lists/* ; \
-    mkdir -p /etc/prometheus-mqtt-transport/
+# certs
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 
 # binaries
 COPY --from=builder --chown=nobody:nogroup /usr/src/prometheus-mqtt-transport/target/release/prom2mqtt-fetch /usr/local/bin/prom2mqtt-fetch
@@ -53,7 +53,7 @@ COPY --from=builder --chown=nobody:nogroup /usr/src/prometheus-mqtt-transport/ex
 
 USER nobody
 
-#EXPOSE 9999/tcp 9998/tcp 9991/tcp
+#EXPOSE 9999/tcp
 #ENTRYPOINT ["prom2mqtt-fetch"]
 #ENTRYPOINT ["prom2mqtt-export"]
 #CMD ["--help"]
\ No newline at end of file