From ca0bbcf95aea7f609e1d0803c5a394ecae1657b6 Mon Sep 17 00:00:00 2001
From: Lucas <hairmare@rabe.ch>
Date: Mon, 4 Mar 2024 19:39:58 +0100
Subject: [PATCH] feat: init PostgreSQL container image

---
 .dockerignore                           |  5 +++
 .github/dependabot.yml                  | 18 ++++++++++
 .github/workflows/release.yaml          | 42 ++++++++++++++++++++++
 .github/workflows/schedule.yaml         | 12 +++++++
 .github/workflows/semantic-release.yaml | 13 +++++++
 .pre-commit-config.yaml                 | 15 ++++++++
 Dockerfile                              | 36 +++++++++++++++++++
 README.md                               | 39 ++++++++++++++++++++
 docs/css/style.css                      | 10 ++++++
 docs/gen_ref_pages.py                   | 12 +++++++
 mkdocs.yml                              | 48 +++++++++++++++++++++++++
 11 files changed, 250 insertions(+)
 create mode 100644 .dockerignore
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/release.yaml
 create mode 100644 .github/workflows/schedule.yaml
 create mode 100644 .github/workflows/semantic-release.yaml
 create mode 100644 .pre-commit-config.yaml
 create mode 100644 Dockerfile
 create mode 100644 README.md
 create mode 100644 docs/css/style.css
 create mode 100644 docs/gen_ref_pages.py
 create mode 100644 mkdocs.yml

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..6b9cf85
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,5 @@
+.pre-commit-config.yaml
+.github/
+trivy.*
+docs/
+mkdocs.yml
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..b3c7efd
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,18 @@
+version: 2
+updates:
+  - package-ecosystem: docker
+    directory: /
+    schedule:
+      interval: daily
+    commit-message:
+      prefix: "chore: "
+    groups:
+      baseimages:
+        patterns:
+          - "*"
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+    commit-message:
+      prefix: "chore(ci): "
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 0000000..008d391
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,42 @@
+name: Release
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+    tags:
+      - '*'
+
+jobs:
+  release-container:
+    uses: radiorabe/actions/.github/workflows/release-container.yaml@v0.20.7
+    with:
+      image: ghcr.io/radiorabe/postgresql
+      name: postgresql
+      display-name: RaBe PostgreSQL on UBI9
+      tags: minimal rhel9 ubi9 rabe postgresql
+      cosign-base-image-only: true
+  mkdocs:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: none
+      checks: none
+      contents: write # for pushing gh-pages branch
+      deployments: none
+      issues: none
+      packages: none
+      pull-requests: none
+      repository-projects: none
+      security-events: none
+      statuses: none
+      id-token: none
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - run: pip install mkdocs mkdocs-material mkdocs-gen-files mkdocs-literate-nav mkdocs-section-index
+      - run: mkdocs build
+      - run: mkdocs gh-deploy
+        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
diff --git a/.github/workflows/schedule.yaml b/.github/workflows/schedule.yaml
new file mode 100644
index 0000000..74648ba
--- /dev/null
+++ b/.github/workflows/schedule.yaml
@@ -0,0 +1,12 @@
+name: Scheduled tasks
+
+on:
+  schedule:
+    - cron:  '13 12 * * *'
+  workflow_dispatch:
+
+jobs:
+  schedule-trivy:
+    uses: radiorabe/actions/.github/workflows/schedule-trivy.yaml@v0.20.7
+    with:
+      image-ref: 'ghcr.io/radiorabe/postgresql:latest'
diff --git a/.github/workflows/semantic-release.yaml b/.github/workflows/semantic-release.yaml
new file mode 100644
index 0000000..72d2b41
--- /dev/null
+++ b/.github/workflows/semantic-release.yaml
@@ -0,0 +1,13 @@
+name: Semantic Release
+
+on:
+  push:
+    branches:
+      - main
+      - release/*
+
+jobs:
+  semantic-release:
+    uses: radiorabe/actions/.github/workflows/semantic-release.yaml@v0.20.7
+    secrets:
+      RABE_ITREAKTION_GITHUB_TOKEN: ${{ secrets.RABE_ITREAKTION_GITHUB_TOKEN }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..dd325a8
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,15 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: trailing-whitespace
+        exclude: ^src/api/client.js$
+      - id: end-of-file-fixer
+        exclude: ^src/api/client.js$
+      - id: check-symlinks
+      - id: check-merge-conflict
+      - id: check-case-conflict
+      - id: detect-aws-credentials
+        args:
+          - --allow-missing-credentials
+      - id: detect-private-key
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..64943d7
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,36 @@
+FROM quay.io/sclorg/postgresql-16-c9s:20240228 as source
+FROM ghcr.io/radiorabe/ubi9-minimal:0.6.5 AS app
+
+ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/postgresql \
+    HOME=/var/lib/pgsql \
+    POSTGRESQL_VERSION=16 \
+    POSTGRESQL_PREV_VERSION=15 \
+    PGUSER=postgres \
+    APP_DATA=/opt/app-root
+
+
+COPY --from=source /usr/share/container-scripts /usr/share/container-scripts
+COPY --from=source /usr/libexec/check-container /usr/libexec/check-container
+COPY --from=source /usr/bin/cgroup-limits /usr/bin/cgroup-limits
+COPY --from=source /usr/bin/container-entrypoint /usr/bin/container-entrypoint
+COPY --from=source /usr/bin/run-postgresql /usr/bin/run-postgresql
+
+RUN    microdnf install -y \
+         rsync \
+         tar \
+         gettext \
+         glibc-langpack-en \
+         glibc-locale-source \
+         bind-utils \
+         nss_wrapper \
+         postgresql-server \
+         postgresql-contrib \
+         pgaudit \
+    && localedef -f UTF-8 -i en_US en_US.UTF-8 \
+    && mkdir -p /var/lib/pgsql/data \
+    && microdnf clean all \
+    && [[ "$(id postgres)" == "uid=26(postgres) gid=26(postgres) groups=26(postgres)" ]]
+
+USER 26
+ENTRYPOINT ["container-entrypoint"]
+CMD ["run-postgresql"]
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..6f15017
--- /dev/null
+++ b/README.md
@@ -0,0 +1,39 @@
+# RaBe PostgreSQL Image
+
+[PostgreSQL](https://www.postgresql.org/) container image based on [RaBe UBI9 Minimal](https://github.com/radiorabe/container-image-ubi9-minimal).
+
+## Usage
+
+Run it like you would any PostgreSQL image.
+
+## Release Management
+
+The CI/CD setup uses semantic commit messages following the [conventional commits standard](https://www.conventionalcommits.org/en/v1.0.0/).
+The workflow is based on the [RaBe shared actions](https://radiorabe.github.io/actions/)
+and uses [go-semantic-commit](https://go-semantic-release.xyz/)
+to create new releases.
+
+The commit message should be structured as follows:
+
+```
+<type>[optional scope]: <description>
+
+[optional body]
+
+[optional footer(s)]
+```
+
+The commit contains the following structural elements, to communicate intent to the consumers of your library:
+
+1. **fix:** a commit of the type `fix` patches gets released with a PATCH version bump
+1. **feat:** a commit of the type `feat` gets released as a MINOR version bump
+1. **BREAKING CHANGE:** a commit that has a footer `BREAKING CHANGE:` gets released as a MAJOR version bump
+1. types other than `fix:` and `feat:` are allowed and don't trigger a release
+
+If a commit does not contain a conventional commit style message you can fix
+it during the squash and merge operation on the PR.
+
+## Build Process
+
+The CI/CD setup uses [Docker build-push Action](https://github.com/docker/build-push-action)
+to publish container images. The workflow is based on the [RaBe shared actions](https://radiorabe.github.io/actions/).
diff --git a/docs/css/style.css b/docs/css/style.css
new file mode 100644
index 0000000..18a4c32
--- /dev/null
+++ b/docs/css/style.css
@@ -0,0 +1,10 @@
+/* set primary color */
+:root {
+  --md-primary-fg-color:        #00C9BF;
+  --md-accent-fg-color:         #00C9BF;
+}
+
+/* make code selectable on main */
+.highlight .o {
+    user-select: none;
+}
diff --git a/docs/gen_ref_pages.py b/docs/gen_ref_pages.py
new file mode 100644
index 0000000..d2e0a19
--- /dev/null
+++ b/docs/gen_ref_pages.py
@@ -0,0 +1,12 @@
+"""Generate the code reference pages and navigation.
+
+From https://mkdocstrings.github.io/recipes/
+"""
+
+from pathlib import Path
+
+import mkdocs_gen_files
+
+readme = Path("README.md").open("r")
+with mkdocs_gen_files.open("index.md", "w", encoding="utf-8") as index_file:
+    index_file.writelines(readme.read())
diff --git a/mkdocs.yml b/mkdocs.yml
new file mode 100644
index 0000000..c2d12a8
--- /dev/null
+++ b/mkdocs.yml
@@ -0,0 +1,48 @@
+site_name: PostgreSQL on UBI9 Minimal
+repo_url: https://github.com/radiorabe/container-image-postgresql
+repo_name: radiorabe/container-image-postgresql
+
+theme:
+  name: "material"
+  palette:
+    # Palette toggle for dark mode
+    - scheme: slate
+      primary: '#00c9bf'
+      toggle:
+        icon: material/brightness-4
+        name: Switch to light mode
+    # Palette toggle for light mode
+    - scheme: default
+      primary: '#00c9bf'
+      toggle:
+        icon: material/brightness-7
+        name: Switch to dark mode
+  icon:
+    repo: fontawesome/brands/git-alt
+  features:
+    - content.code.copy
+    - toc.integrate
+
+markdown_extensions:
+- pymdownx.highlight:
+    anchor_linenums: true
+- pymdownx.inlinehilite
+- pymdownx.snippets
+- pymdownx.superfences
+
+extra_css:
+- css/style.css
+
+plugins:
+- search
+- gen-files:
+    scripts:
+    - docs/gen_ref_pages.py
+- literate-nav
+- section-index
+
+nav:
+  - README: index.md
+
+watch:
+  - README.md