Merge pull request #1 from gounthar/main

First Attempt at Refining the Original GSoC Project

.env

@@ -0,0 +1,3 @@
+GHCR_USERNAME=gounthar
+IMAGE_PREFIX=ghcr.io
+BRANCH_SUFFIX=clean-up

.gitattributes

@@ -0,0 +1 @@
+*.sh text eol=lf

.github/dependabot.yml

@@ -0,0 +1,45 @@
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+# Enable version updates for GitHub Actions workflows
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: weekly
+    ignore:
+      # Ignore updates for dependencies with names containing "github-script"
+      - dependency-name: "*github-script*"
+
+  # Enable version updates for Docker
+  - package-ecosystem: docker
+    directory: "./dockerfiles"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 10
+  - package-ecosystem: docker
+    directory: "./dockerfiles/maven"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 10
+  - package-ecosystem: docker
+    directory: "./dockerfiles/multi"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 10
+  - package-ecosystem: docker
+    directory: "./dockerfiles/node"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 10
+  - package-ecosystem: docker
+    directory: "./dockerfiles/python"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 10
+  - package-ecosystem: docker
+    directory: "./dockerfiles/sidekick"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 10

.github/labeler.yml

@@ -0,0 +1,43 @@
+# Add 'repo' label to any root file changes
+repo:
+- '*'
+
+# Add 'old_proposal' label to any change within the 00_old_proposal folder
+old_proposal:
+  - 00_old_one_from_proposal/**
+
+# Add 'simple_controller_plus_agent' label to any change within the 01_simple_controller_plus_agent folder
+simple_controller_plus_agent:
+  - 01_simple_controller_plus_agent/**
+
+# Add 'docker_file_connecting_agent_and_controller' label to any change within the 02_custom_docker_file_connecting_agent_and_controller folder
+docker_file_connecting_agent_and_controller:
+  - 02_custom_docker_file_connecting_agent_and_controller/**
+
+# Add 'maven_tutorial' label to any change within the 03_maven_tutorial folder
+maven_tutorial:
+  - 03_maven_tutorial/**
+
+# Add 'python_tutorial' label to any change within the 04_python_tutorial folder
+python_tutorial:
+  - 04_python_tutorial/**
+
+# Add 'nodejs' label to any change within the 05_nodejs folder
+nodejs:
+  - 05_nodejs/**
+
+# Add 'test' label to any change to test* files within the github dir
+test:
+- .github/workflows/test-**.yml
+
+# Add 'docker' label to any change to Dockerfile* files within the root dir
+docker:
+- any: ['/**/Dockerfile']
+
+# Add 'docker_compose' label to any change to docker-compose* files within the root dir
+docker_compose:
+- any: ['/**/docker-compose*.yml']
+
+# Add 'github_actions' label to any change to .github/workflows/* files within the root dir
+github_actions:
+- any: ['/.github/workflows/*']

.github/release-drafter.yml

@@ -0,0 +1,31 @@
+name-template: 'v$RESOLVED_VERSION 🌈'
+tag-template: 'v$RESOLVED_VERSION'
+categories:
+  - title: '🚀 Features'
+    labels:
+      - 'feature'
+      - 'enhancement'
+  - title: '🐛 Bug Fixes'
+    labels:
+      - 'fix'
+      - 'bugfix'
+      - 'bug'
+  - title: '🧰 Maintenance'
+    label: 'chore'
+change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
+change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks.
+version-resolver:
+  major:
+    labels:
+      - 'major'
+  minor:
+    labels:
+      - 'minor'
+  patch:
+    labels:
+      - 'patch'
+  default: patch
+template: |
+  ## Changes
+
+  $CHANGES

.github/workflows/anchore.yml

@@ -0,0 +1,52 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow checks out code, builds an image, performs a container image
+# vulnerability scan with Anchore's Grype tool, and integrates the results with GitHub Advanced Security
+# code scanning feature.  For more information on the Anchore scan action usage
+# and parameters, see https://github.com/anchore/scan-action. For more
+# information on Anchore's container image scanning tool Grype, see
+# https://github.com/anchore/grype
+name: Anchore Grype vulnerability scan
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '42 9 * * 6'
+
+permissions:
+  contents: read
+
+jobs:
+  Anchore-Build-Scan:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the code
+        uses: actions/checkout@v4
+
+      - name: Build the Docker image
+        run: cd ./dockerfiles/ && docker build . --file Dockerfile --tag localbuild/testimage:latest
+
+      - name: Run the Anchore Grype scan action
+        uses: anchore/scan-action@62370b53ab026f5d09b9fb43a7b5ec4b73c1a8e0
+        id: scan
+        with:
+          path: "."
+          fail-build: false
+          only-fixed: true
+          severity-cutoff: critical
+
+      - name: Upload vulnerability report
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ steps.scan.outputs.sarif }}

.github/workflows/codacy.yml

@@ -0,0 +1,60 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow checks out code, performs a Codacy security scan
+# and integrates the results with the
+# GitHub Advanced Security code scanning feature.  For more information on
+# the Codacy security scan action usage and parameters, see
+# https://github.com/codacy/codacy-analysis-cli-action.
+# For more information on Codacy Analysis CLI in general, see
+# https://github.com/codacy/codacy-analysis-cli.
+
+name: Codacy Security Scan
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '31 6 * * 4'
+
+permissions:
+  contents: read
+
+jobs:
+  codacy-security-scan:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+    name: Codacy Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout the repository to the GitHub Actions runner
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
+      - name: Run Codacy Analysis CLI
+        uses: codacy/codacy-analysis-cli-action@5cc54a75f9ad88159bb54046196d920e40e367a5
+        with:
+          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
+          # You can also omit the token and run the tools that support default configurations
+          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
+          verbose: true
+          output: results.sarif
+          format: sarif
+          # Adjust severity of non-security issues
+          gh-code-scanning-compat: true
+          # Force 0 exit code to allow SARIF file generation
+          # This will handover control about PR rejection to the GitHub side
+          max-allowed-issues: 2147483647
+
+      # Upload the SARIF file generated in the previous step
+      - name: Upload SARIF results file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: results.sarif

.github/workflows/github-docker-registry-push.yml

@@ -0,0 +1,128 @@
+name: docker image building and pushing to GitHub Packages
+
+on:
+  push:
+    branches:
+      - '*'
+  pull_request:
+    branches: [ '*' ]
+  schedule:
+    - cron:  '30 4,16 * * *'
+
+env:
+  GHCR_USERNAME: ${{ github.repository_owner }}
+  GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Retrieve modified files
+        id: changes
+        run: echo "files=$(git diff --name-only ${{ github.event.before }} ${{ github.sha }} | tr '\n' ' ')" >> $GITHUB_ENV
+
+      - name: Check for Dockerfile and context changes
+        run: |
+          for file in ${{ env.files }}; do
+            if [[ $file =~ (^|/)Dockerfile($|/)|(^|/)dockerfiles/ ]]; then
+              echo "Dockerfile or dockerfiles directory has changed."
+              echo "Changed file: $file"
+              break
+            fi
+          done
+          
+          if (( $? == 0 )); then
+            echo "No Dockerfile or context directory changes. Skipping Docker image build and push steps."
+            echo "Changed files: ${{ env.files }}"
+          fi
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      -
+        name: Login to GitHub Container Registry
+        if: contains(env.files, 'Dockerfile')
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ env.GHCR_USERNAME }}
+          password: ${{ env.GHCR_TOKEN }}
+
+      - name: Extract branch name
+        shell: bash
+        run: |
+          BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | sed -e 's#/#-#g')
+          if [[ "$BRANCH_NAME" == "main" ]]; then BRANCH_NAME=""; fi
+          echo "BRANCH=$BRANCH_NAME" >> $GITHUB_ENV
+        id: extract_branch
+
+      - name: Extract branch name and set BRANCH environment variable
+        shell: bash
+        run: |
+          BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | sed -e 's#/#-#g')
+          if [[ "$BRANCH_NAME" == "main" ]]; then BRANCH_NAME=""; fi
+          echo "BRANCH=$BRANCH_NAME" >> $GITHUB_ENV
+
+      - name: Set repository name to lowercase
+        run: echo "REPO_NAME=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
+
+      - name: Build and push a simple jenkins controller
+        if: contains(env.files, 'dockerfiles/Dockerfile') || contains(env.files, 'dockerfiles/')
+        uses: docker/build-push-action@v5
+        with:
+          context: ./dockerfiles
+          platforms: linux/amd64, linux/aarch64
+          push: true
+          tags: ghcr.io/${{ env.REPO_NAME }}/jenkinsci-tutorials:simple_controller_${{ env.BRANCH }}
+      - name: Build and push the jenkins agent for maven tutorial
+        if: contains(env.files, 'dockerfiles/maven/Dockerfile')
+        uses: docker/build-push-action@v5
+        with:
+          context: ./dockerfiles/maven
+          platforms: linux/amd64, linux/aarch64
+          push: true
+          tags: ghcr.io/${{ env.REPO_NAME }}/jenkinsci-tutorials:maven_agent_${{ env.BRANCH }}
+
+      - name: Build and push the jenkins agent for python tutorial
+        if: contains(env.files, 'dockerfiles/python/Dockerfile')
+        uses: docker/build-push-action@v5
+        with:
+          context: ./dockerfiles/python
+          platforms: linux/amd64, linux/aarch64
+          push: true
+          tags: ghcr.io/${{ env.REPO_NAME }}/jenkinsci-tutorials:python_agent_${{ env.BRANCH }}
+      - name: Build and push the jenkins agent for node tutorial
+        if: contains(env.files, 'dockerfiles/node/Dockerfile')
+        uses: docker/build-push-action@v5
+        with:
+          context: ./dockerfiles/node
+          platforms: linux/amd64, linux/aarch64
+          push: true
+          tags: ghcr.io/${{ env.REPO_NAME }}/jenkinsci-tutorials:node_agent_${{ env.BRANCH }}
+
+      - name: Build and push the jenkins agent for sidekick tutorial
+        if: contains(env.files, 'dockerfiles/sidekick/Dockerfile')
+        uses: docker/build-push-action@v5
+        with:
+          context: ./dockerfiles/sidekick
+          platforms: linux/amd64, linux/aarch64
+          push: true
+          tags: ghcr.io/${{ env.REPO_NAME }}/jenkinsci-tutorials:sidekick_${{ env.BRANCH }}
+
+      - name: Build and push the jenkins agent for multi-branch controller
+        if: contains(env.files, 'dockerfiles/multi/Dockerfile')
+        uses: docker/build-push-action@v5
+        with:
+          context: ./dockerfiles/multi
+          platforms: linux/amd64, linux/aarch64
+          push: true
+          tags: ghcr.io/${{ env.REPO_NAME }}/jenkinsci-tutorials:multi_controller_${{ env.BRANCH }}