Merge pull request #5 from cisagov/improvement/upstream

Pull upstream.  Modernize a bit.

.github/workflows/build.yml

@@ -0,0 +1,97 @@
+---
+name: build
+
+on: [push]
+
+env:
+  IMAGE_NAME: cisagov/postfix
+  PIP_CACHE_DIR: ~/.cache/pip
+  PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions/setup-python@v1
+        with:
+          python-version: 3.7
+      - name: Cache pip test requirements
+        uses: actions/cache@v1
+        with:
+          path: ${{ env.PIP_CACHE_DIR }}
+          key: "${{ runner.os }}-pip-test-\
+            ${{ hashFiles('**/requirements-test.txt') }}"
+          restore-keys: |
+            ${{ runner.os }}-pip-test-
+            ${{ runner.os }}-pip-
+      - name: Cache pre-commit hooks
+        uses: actions/cache@v1
+        with:
+          path: ${{ env.PRE_COMMIT_CACHE_DIR }}
+          key: "${{ runner.os }}-pre-commit-\
+            ${{ hashFiles('**/.pre-commit-config.yaml') }}"
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install --upgrade -r requirements-test.txt
+      - name: Run linters on all files
+        run: pre-commit run --all-files
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Determine image version
+        id: get_ver
+        run: |
+          echo "##[set-output name=version;]$(./bump_version.sh show)"
+      - name: Build docker image
+        run: |
+          version=$(./bump_version.sh show)
+          docker build \
+            --tag "$IMAGE_NAME" \
+            --build-arg GIT_COMMIT=$(git log -1 --format=%H) \
+            --build-arg GIT_REMOTE=$(git remote get-url origin) \
+            --build-arg VERSION=${{ steps.get_ver.outputs.version }} \
+            .
+      - name: Save docker image artifact
+        run: |
+          mkdir dist
+          version=$(./bump_version.sh show)
+          docker save $IMAGE_NAME:latest | gzip > dist/image.tar.gz
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v1
+        with:
+          name: dist
+          path: dist
+  test:
+    runs-on: ubuntu-latest
+    needs: [build]
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions/setup-python@v1
+        with:
+          python-version: 3.7
+      - name: Cache pip test requirements
+        uses: actions/cache@v1
+        with:
+          path: ${{ env.PIP_CACHE_DIR }}
+          key: "${{ runner.os }}-pip-test-\
+            ${{ hashFiles('**/requirements-test.txt') }}"
+          restore-keys: |
+            ${{ runner.os }}-pip-test-
+            ${{ runner.os }}-pip-
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install --upgrade -r requirements-test.txt
+      - name: Download docker image artifact
+        uses: actions/download-artifact@v1
+        with:
+          name: dist
+      - name: Load docker image
+        run: docker load < dist/image.tar.gz
+      - name: Run tests
+        env:
+          RELEASE_TAG: ${{ github.event.release.tag_name }}
+        run: pytest

.github/workflows/release.yml

@@ -0,0 +1,53 @@
+---
+name: release
+
+on:
+  release:
+    types: [prereleased, released]
+
+env:
+  IMAGE_NAME: cisagov/postfix
+  DOCKER_PW: ${{ secrets.DOCKER_PW }}
+  DOCKER_USER: ${{ secrets.DOCKER_USER }}
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions/setup-python@v1
+        with:
+          python-version: 3.7
+      - name: Determine image version
+        id: get_ver
+        run: |
+          echo "##[set-output name=version;]$(./bump_version.sh show)"
+      - name: Build Docker image
+        run: |
+          docker build \
+            --tag "$IMAGE_NAME" \
+            --build-arg GIT_COMMIT=$(git log -1 --format=%H) \
+            --build-arg GIT_REMOTE=$(git remote get-url origin) \
+            --build-arg VERSION=${{ steps.get_ver.outputs.version }} \
+            .
+      - name: Tag Docker image
+        run: |
+          IFS='.' read -r -a version_array \
+            <<< "${{ steps.get_ver.outputs.version }}"
+          docker login --username "$DOCKER_USER" --password "$DOCKER_PW"
+          docker tag "$IMAGE_NAME" "${IMAGE_NAME}:latest"
+          docker tag "$IMAGE_NAME" \
+            "${IMAGE_NAME}:${{ steps.get_ver.outputs.version }}"
+          docker tag "$IMAGE_NAME" \
+            "${IMAGE_NAME}:${version_array[0]}.${version_array[1]}"
+          docker tag "$IMAGE_NAME" "${IMAGE_NAME}:${version_array[0]}"
+      - name: Publish image to Docker Hub
+        run: |
+          IFS='.' read -r -a version_array \
+            <<< "${{ steps.get_ver.outputs.version }}"
+          docker push "${IMAGE_NAME}:latest"
+          docker push "${IMAGE_NAME}:${{ steps.get_ver.outputs.version }}"
+          docker push "${IMAGE_NAME}:${version_array[0]}.${version_array[1]}"
+          docker push "${IMAGE_NAME}:${version_array[0]}"
+      - name: Publish README.md to Docker Hub
+        run: ./push_readme.sh

.pre-commit-config.yaml

@@ -1,7 +1,7 @@
 ---
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v2.2.3
+    rev: v2.4.0
     hooks:
       - id: check-executables-have-shebangs
       - id: check-json
@@ -24,32 +24,32 @@ repos:
       - id: requirements-txt-fixer
       - id: trailing-whitespace
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.17.0
+    rev: v0.19.0
     hooks:
       - id: markdownlint
         args:
           - --config=.mdl_config.json
   - repo: https://github.com/adrienverge/yamllint
-    rev: v1.16.0
+    rev: v1.18.0
     hooks:
       - id: yamllint
   - repo: https://github.com/detailyang/pre-commit-shell
     rev: 1.0.5
     hooks:
       - id: shell-lint
   - repo: https://gitlab.com/pycqa/flake8
-    rev: 3.7.7
+    rev: 3.7.9
     hooks:
       - id: flake8
         additional_dependencies:
           - flake8-docstrings
   - repo: https://github.com/asottile/pyupgrade
-    rev: v1.19.0
+    rev: v1.25.1
     hooks:
       - id: pyupgrade
   # Run bandit on "tests" tree with a configuration
   - repo: https://github.com/PyCQA/bandit
-    rev: 1.6.1
+    rev: 1.6.2
     hooks:
       - id: bandit
         name: bandit (tests tree)
@@ -64,11 +64,11 @@ repos:
         name: bandit (everything else)
         exclude: tests
   - repo: https://github.com/python/black
-    rev: 19.3b0
+    rev: 19.10b0
     hooks:
       - id: black
   - repo: https://github.com/ansible/ansible-lint.git
-    rev: v4.1.0a0
+    rev: v4.1.1a3
     hooks:
       - id: ansible-lint
   - repo: https://github.com/antonbabenko/pre-commit-terraform.git

Dockerfile

@@ -1,5 +1,18 @@
+ARG GIT_COMMIT=unspecified
+ARG GIT_REMOTE=unspecified
+ARG VERSION=unspecified
+
 FROM debian:buster-slim
-MAINTAINER Mark Feldhousen <[email protected]>
+
+ARG GIT_COMMIT
+ARG GIT_REMOTE
+ARG VERSION
+
+LABEL git_commit=${GIT_COMMIT}
+LABEL git_remote=${GIT_REMOTE}
+LABEL maintainer="[email protected]"
+LABEL vendor="Cyber and Infrastructure Security Agency"
+LABEL version=${VERSION}
 
 RUN apt-get update && \
 DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
@@ -29,7 +42,7 @@ RUN mv /etc/default/opendkim /etc/default/opendkim.orig
 RUN mv /etc/default/opendmarc /etc/default/opendmarc.orig
 
 COPY ./src/templates ./templates/
-COPY ./src/docker-entrypoint.sh .
+COPY ./src/docker-entrypoint.sh ./src/version.txt ./
 
 VOLUME ["/var/log", "/var/spool/postfix"]
 EXPOSE 25/TCP 587/TCP 993/TCP

README.md

@@ -1,11 +1,13 @@
 # postfix-docker 📮🐳 #
 
-[![Build Status](https://travis-ci.com/cisagov/postfix-docker.svg?branch=develop)](https://travis-ci.com/cisagov/postfix-docker)
+[![GitHub Build Status](https://github.com/cisagov/postfix-docker/workflows/build/badge.svg)](https://github.com/cisagov/postfix-docker/actions)
+[![Total alerts](https://img.shields.io/lgtm/alerts/g/cisagov/postfix-docker.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/cisagov/postfix-docker/alerts/)
+[![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/cisagov/postfix-docker.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/cisagov/postfix-docker/context:python)
 
 ## Docker Image ##
 
-![MicroBadger Layers](https://img.shields.io/microbadger/layers/dhsncats/postfix.svg)
-![MicroBadger Size](https://img.shields.io/microbadger/image-size/dhsncats/postfix.svg)
+![MicroBadger Layers](https://img.shields.io/microbadger/layers/cisagov/postfix.svg)
+![MicroBadger Size](https://img.shields.io/microbadger/image-size/cisagov/postfix.svg)
 
 Creates a Docker container with an installation of the
 [postfix](http://postfix.org) MTA.  Additionally it has an IMAP
@@ -16,11 +18,11 @@ of sent email.  All email is BCC'd to the `mailarchive` account.
 
 ### Install ###
 
-Pull `dhsncats/postfix` from the Docker repository:
+Pull `cisagov/postfix` from the Docker repository:
 
-    docker pull dhsncats/postfix
+    docker pull cisagov/postfix
 
-Or build `dhsncats/postfix` from source:
+Or build `cisagov/postfix` from source:
 
     git clone https://github.com/cisagov/postfix-docker.git
     cd postfix-docker

docker-compose.yml

@@ -13,9 +13,11 @@ secrets:
 services:
   postfix:
     build:
+      # VERSION must be specified on the command line:
+      # e.g., --build-arg VERSION=0.0.1
       context: .
       dockerfile: Dockerfile
-    image: dhsncats/postfix
+    image: cisagov/postfix
     init: true
     restart: always
     environment:

src/version.txt

@@ -1 +1 @@
-__version__ = "0.0.2"
+__version__ = "0.0.3"