Add cinc build

.github/workflows/cinc.yml

@@ -0,0 +1,70 @@
+name: hadolint
+
+on:
+  push:
+    branches: [ main ]
+    paths:
+      - 'cinc/cinc/**'
+  pull_request:
+    branches: [ main ]
+    paths:
+      - 'cinc/cinc/**'
+  workflow_dispatch:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: cinc/cinc
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Check the Containerfile with hadolint
+        run: |
+          $(git rev-parse --show-toplevel)/bin/lint.sh
+
+      - name: Install QEMU static binaries
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build locally for testing
+        uses: docker/bake-action@v4
+        with:
+          workdir: ${{ matrix.image }}
+          targets: local
+          load: true
+
+      - name: Run tests on the image with cinc-auditor
+        run: |
+          $(git rev-parse --show-toplevel)/bin/test.sh "docker.io/boxcutter/cinc:current" "/bin/sh"
+
+      - name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.CONTAINER_REGISTRY_USERNAME }}
+          password: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }}
+
+      - name: Build and push
+        uses: docker/bake-action@v4
+        with:
+          workdir: hadolint
+          push: ${{ github.event_name != 'pull_request' }}
+
+      - name: Get the image description
+        if: github.event_name != 'pull_request'
+        id: image_description
+        run: |
+          echo "image_description=$(docker buildx bake --print 2> /dev/null | jq -r '.target.release.labels."org.opencontainers.image.description"')" >> $GITHUB_ENV
+        
+      - name: Update Docker Hub Description
+        if: github.event_name != 'pull_request'
+        uses: peter-evans/dockerhub-description@v3
+        with:
+          username: ${{ secrets.CONTAINER_REGISTRY_USERNAME }}
+          password: ${{ secrets.CONTAINER_DESCRIPTION_PASSWORD }}
+          repository: boxcutter/cinc
+          short-description: ${{ env.image_description }}
+          readme-filepath: cinc/cinc/README.md

cinc/cinc/.dockerignore

@@ -1,4 +1,3 @@
 README.md
-Polly.toml
 test/
 rpm.metadata.json

cinc/cinc/Containerfile

@@ -1,15 +1,11 @@
 # syntax=docker/dockerfile:1
 ARG CONTAINER_REGISTRY=docker.io
-FROM $CONTAINER_REGISTRY/busybox:1.36.0
+FROM $CONTAINER_REGISTRY/busybox:1.36.1
 
-LABEL \
-    org.opencontainers.image.source="https://github.com/boxcutter/oci" \
-    org.opencontainers.image.licenses="Apache-2.0" \
-    org.opencontainers.image.description="Cinc Client is an automation platform built from Chef Infra"
-
-ARG VERSION=18.2.7
-ARG SHA256_AMD64=0b6424931f8ace5fc1010f4c22d63e464f155f5227c6c30d8994b5e0341f6ac3
-ARG SHA256_AARCH64=4701f352f0571c4386d2978f81b2cda68de124e8dbc553b364c80e710ca94592
+ARG CINC_URL_AMD64="http://ftp-osl.osuosl.org/pub/cinc/files/stable/cinc/${VERSION}/el/7/cinc-18.2.7-1.el7.x86_64.rpm"
+ARG CINC_SHA256_AMD64="0b6424931f8ace5fc1010f4c22d63e464f155f5227c6c30d8994b5e0341f6ac3"
+ARG CINC_URL_ARM64="http://ftp-osl.osuosl.org/pub/cinc/files/stable/cinc/${VERSION}/el/7/cinc-18.2.7-1.el7.aarch64.rpm"
+ARG CINC_SHA256_ARM64="4701f352f0571c4386d2978f81b2cda68de124e8dbc553b364c80e710ca94592"
 # This argument is automatically populated by BuildKit
 ARG TARGETARCH
 
@@ -18,12 +14,12 @@ ARG TARGETARCH
 RUN <<EOF
   case "$TARGETARCH" in \
     amd64) \
-      CINC_URL=http://ftp-osl.osuosl.org/pub/cinc/files/stable/cinc/${VERSION}/el/7/cinc-${VERSION}-1.el7.x86_64.rpm \
-      CINC_SHA256=${SHA256_AMD64} \
+      CINC_URL=${CINC_URL_AMD64} \
+      CINC_SHA256=${CINC_SHA256_AMD64} \
       ;; \
     arm64) \
-      CINC_URL=http://ftp-osl.osuosl.org/pub/cinc/files/stable/cinc/${VERSION}/el/7/cinc-${VERSION}-1.el7.aarch64.rpm \
-      CINC_SHA256=${SHA256_AARCH64} \
+      CINC_URL=${CINC_URL_ARM64} \
+      CINC_SHA256=${CINC_SHA256_ARM64} \
       ;; \
      *) echo "unsupported architecture"; exit 1 ;; \
   esac
@@ -34,4 +30,3 @@ RUN <<EOF
 EOF
 
 VOLUME [ "/opt/cinc" ]
-

cinc/cinc/README.md

@@ -14,7 +14,7 @@ driver:
   privileged: true  # allows systemd services to start
   docker_registry: docker.io
   chef_image: boxcutter/cinc
-  chef_version: 18.1.0
+  chef_version: 18.2.7
 
 provisioner:
   name: dokken

cinc/cinc/docker-bake.hcl

@@ -0,0 +1,47 @@
+variable "IMAGE_NAME" {
+  default =  "cinc"
+}
+
+variable "VERSION" {
+  default = "18.2.7"
+}
+
+variable "CONTAINER_REGISTRY" {
+  default = "docker.io/boxcutter"
+}
+
+# There's no darwin-based Docker, so if we're running on macOS, change the platform to linux
+variable "LOCAL_PLATFORM" {
+  default = regex_replace("${BAKE_LOCAL_PLATFORM}", "^(darwin)", "linux")
+}
+
+target "_common" {
+  args = {
+    CINC_URL_AMD64 = "http://ftp-osl.osuosl.org/pub/cinc/files/stable/cinc/${VERSION}/el/7/cinc-18.2.7-1.el7.x86_64.rpm"
+    CINC_SHA256_AMD64 = "0b6424931f8ace5fc1010f4c22d63e464f155f5227c6c30d8994b5e0341f6ac3"
+    CINC_URL_ARM64 = "http://ftp-osl.osuosl.org/pub/cinc/files/stable/cinc/${VERSION}/el/7/cinc-18.2.7-1.el7.aarch64.rpm"
+    CINC_SHA256_ARM64 = "4701f352f0571c4386d2978f81b2cda68de124e8dbc553b364c80e710ca94592"
+  }
+  dockerfile = "Containerfile"
+  tags = [
+    "${CONTAINER_REGISTRY}/${IMAGE_NAME}:${VERSION}",
+    "${CONTAINER_REGISTRY}/${IMAGE_NAME}:latest",
+    "${CONTAINER_REGISTRY}/${IMAGE_NAME}:current"
+  ]
+  labels = {
+    "org.opencontainers.image.source" = "https://github.com/boxcutter/oci"
+    "org.opencontainers.image.licenses" = "Apache-2.0"
+    "org.opencontainers.image.description" = "Cinc Client is an automation platform built from Chef Infra"
+    "org.opencontainers.image.title" = "${IMAGE_NAME}"
+  }
+}
+
+target "local" {
+  inherits = ["_common"]
+  platforms = ["${LOCAL_PLATFORM}"]
+}
+
+target "default" {
+  inherits = ["_common"]
+  platforms = ["linux/amd64", "linux/arm64/v8"]
+}