From 7eae08cc131293ea32439cac896b027c7e0bb241 Mon Sep 17 00:00:00 2001 From: The0Mikkel Date: Sun, 16 Nov 2025 00:07:41 +0100 Subject: [PATCH 01/11] fix(docs): update workflow file references to include .yml extension --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e4575a4..4caa7f7 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ jobs: permissions: name: - uses: ctfpilot/ci/.github/workflows/@ + uses: ctfpilot/ci/.github/workflows/.yml@ with: ``` @@ -65,7 +65,7 @@ jobs: pull-requests: write statuses: write name: "CLA Assistant" - uses: ctfpilot/ci/.github/workflows/cla-assistant@ + uses: ctfpilot/ci/.github/workflows/cla-assistant.yml@ with: repository: ``` @@ -108,7 +108,7 @@ jobs: packages: write id-token: write name: "Release" - uses: ctfpilot/ci/.github/workflows/release@ + uses: ctfpilot/ci/.github/workflows/release.yml@ with: repository: ``` From 681b847c601cd83970275a8a7759bb842f084a56 Mon Sep 17 00:00:00 2001 From: The0Mikkel Date: Sun, 16 Nov 2025 00:12:00 +0100 Subject: [PATCH 02/11] fix(release): update input docs for `repository` for clarity --- .github/workflows/release.yml | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index af36240..cd35ab4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,7 +8,7 @@ on: workflow_call: inputs: repository: - description: "The repository to release" + description: "Allowed repository for workflow to run in. Example `ctfpilot/hello-world`." required: true type: string ENVIRONMENT: diff --git a/README.md b/README.md index 4caa7f7..6e60e52 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,7 @@ The wofklow requires the `repository` input to be specified. #### Inputs -- `repository`: The repository that the CLA is generated for +- `repository`: Allowed repository for workflow to run in. Example `ctfpilot/hello-world`. - `ENVIRONMENT`: The environment to deploy to. #### Secrets From eeb23ab17401074ca778a26e8811701c4fd2f336 Mon Sep 17 00:00:00 2001 From: The0Mikkel Date: Sun, 16 Nov 2025 00:12:18 +0100 Subject: [PATCH 03/11] fix(cla-assistant): update input docs for `repository` for clarity --- .github/workflows/cla-assistant.yml | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cla-assistant.yml b/.github/workflows/cla-assistant.yml index 63f9397..8193bc2 100644 --- a/.github/workflows/cla-assistant.yml +++ b/.github/workflows/cla-assistant.yml @@ -3,7 +3,7 @@ on: workflow_call: inputs: repository: - description: "The repository that the CLA is generated for" + description: "The repository that the CLA is generated for. Example `hello-world`." required: true type: string version: diff --git a/README.md b/README.md index 6e60e52..a270268 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ It is setup to contain sensible defaults, but requires the `repository` input to #### Inputs -- `repository`: The repository that the CLA is generated for +- `repository`: The repository that the CLA is generated for. Example `hello-world`. - `version`: CLA version. Keep default to use organization default. - `CLASHA`: The SHA for the commit, the CLA version is. Keep default to use organization default. From 8afd3876c47330ff41d2f89653488308a1c04aa7 Mon Sep 17 00:00:00 2001 From: The0Mikkel Date: Sun, 16 Nov 2025 00:13:21 +0100 Subject: [PATCH 04/11] fix(cla-assistant): clarify that workflow can only run within the ctfpilot organization --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index a270268..0621bee 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,8 @@ This workflow contains the CLA Assistant bot used througout CTF Pilot. It is setup to contain sensible defaults, but requires the `repository` input to be specified. +The workflow can only be run within the `ctfpilot` organization. + #### Inputs - `repository`: The repository that the CLA is generated for. Example `hello-world`. From 19322595e8949fe8205eb81767a0a76972b0e3e8 Mon Sep 17 00:00:00 2001 From: The0Mikkel Date: Sun, 16 Nov 2025 00:24:48 +0100 Subject: [PATCH 05/11] feat(docker): add Docker build and push workflow --- .github/workflows/docker.yml | 107 +++++++++++++++++++++++++++++++++++ README.md | 49 ++++++++++++++++ 2 files changed, 156 insertions(+) create mode 100644 .github/workflows/docker.yml diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000..d37813a --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,107 @@ +name: Docker build and push +on: + workflow_call: + inputs: + repository: + description: "Allowed repository for workflow to run in. Example `ctfpilot/hello-world`." + required: true + type: string + dockerfile: + description: "Dockerfile path." + required: false + default: "./Dockerfile" + type: string + context: + description: "Build context." + required: false + default: "." + type: string + arguments: + description: "Build arguments. List of key-value pairs." + required: false + default: "" + type: string + semver: + description: "Semantic version. Leave empty to not use semantic versioning." + required: false + default: "" + type: string + tags: + description: "List of tags to apply to the image. Required if you do not use semantic versioning." + required: false + default: | + type=raw,value=${{ github.sha }} + type: string + registry: + description: "Registry for docker image to use. Defaults to GitHub container registry." + required: false + default: ghcr.io + type: string + image_name: + description: "Docker image name to use. Defaults to repository name." + required: false + default: ${{ github.repository }} + type: string + registry_username: + description: "Username to use for registry login. Defaults to Github actor." + required: false + type: string + registry_token: + description: "Token to use for registry login. Defaults to GITHUB_TOKEN." + required: false + type: string + fetch_submodules: + description: "Fetch submodules. Defaults to true." + required: false + default: true + type: boolean + platforms: + description: "Platforms to build for (comma separated, e.g., linux/amd64,linux/arm64)." + required: false + default: linux/amd64 + type: string + runner: + description: "Runner to use for the job. Defaults to ubuntu-latest." + required: false + default: ubuntu-latest + type: string + cacheFrom: + description: "Cache type from" + required: false + type: string + default: type=gha + cacheTo: + description: "Cache type to" + required: false + type: string + default: type=gha,mode=max + commit: + description: "Commit SHA to use for git operations and tagging. Defaults to github.sha." + required: false + default: ${{ github.sha }} + type: string + +jobs: + docker: + uses: the0mikkel/ci/.github/workflows/docker.yml@v1.4.1 + if: github.repository == inputs.repository + permissions: + contents: read + packages: write + id-token: write + with: + dockerfile: ${{ inputs.dockerfile }} + context: ${{ inputs.context }} + arguments: ${{ inputs.arguments }} + semver: ${{ inputs.semver }} + tags: ${{ inputs.tags }} + registry: ${{ inputs.registry }} + image_name: ${{ inputs.image_name }} + registry_username: ${{ inputs.registry_username }} + registry_token: ${{ inputs.registry_token }} + fetch_submodules: ${{ inputs.fetch_submodules }} + platforms: ${{ inputs.platforms }} + runner: ${{ inputs.runner }} + cacheFrom: ${{ inputs.cacheFrom }} + cacheTo: ${{ inputs.cacheTo }} + commit: ${{ inputs.commit }} diff --git a/README.md b/README.md index 0621bee..cb7266d 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,7 @@ jobs: - [`cla-assistant`](#cla-assistant): CLA Assistant bot - [`release`](#release): Release system +- [`docker`](#docker): Docker build and push system ### CLA Assistant @@ -115,6 +116,54 @@ jobs: repository: ``` +### Docker + +This workflow contains the Docker build and push system used througout CTF Pilot. + +The wofklow requires the `repository` input to be specified. + +#### Inputs + +- `repository`: Allowed repository for workflow to run in. Example `ctfpilot/hello-world`. +- `dockerfile`: Dockerfile path. +- `context`: Build context. +- `arguments`: Build arguments. List of key-value pairs. +- `semver`: Semantic version. Leave empty to not use semantic versioning. +- `tags`: List of tags to apply to the image. Required if you do not use semantic versioning. +- `registry`: Registry for docker image to use. Defaults to GitHub container registry. +- `image_name`: Docker image name to use. Defaults to repository name. +- `registry_username`: Username to use for registry login. Defaults to Github actor. +- `registry_token`: Token to use for registry login. Defaults to GITHUB_TOKEN. +- `fetch_submodules`: Fetch submodules. Defaults to true. +- `platforms`: Platforms to build for (comma separated, e.g., linux/amd64,linux/arm64). +- `runner`: Runner to use for the job. Defaults to ubuntu-latest +- `cacheFrom`: Cache type from +- `cacheTo`: Cache type to +- `commit`: Commit SHA to use for git operations and tagging. Defaults to github.sha. + +#### How to use + +```yml +name: "Docker build and push" + +on: + push: + branches: + - main + - develop + +jobs: + CLAAssistant: + permissions: + contents: read + packages: write + id-token: write + name: "Docker build and push" + uses: ctfpilot/ci/.github/workflows/docker.yml@ + with: + repository: +``` + ## Contributing We welcome contributions of all kinds, from **code** and **documentation** to **bug reports** and **feedback**! From b06940c226d030ef5fc372f0a3a63fd1a906e76f Mon Sep 17 00:00:00 2001 From: The0Mikkel Date: Sun, 16 Nov 2025 00:26:55 +0100 Subject: [PATCH 06/11] fix(release): correct ENVIRONMENT input reference in release workflow --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cd35ab4..7850162 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -37,4 +37,4 @@ jobs: uses: the0mikkel/ci/.github/workflows/semver-release-standalone.yml@v1.4.1 secrets: inherit with: - ENVIRONMENT: ENVIRONMENT + ENVIRONMENT: ${{ inputs.ENVIRONMENT }} From 9608878d490a1d933f467bdde51dd76d0f6f6def Mon Sep 17 00:00:00 2001 From: The0Mikkel Date: Sun, 16 Nov 2025 00:30:15 +0100 Subject: [PATCH 07/11] Correct spelling and capitalization in README and workflow descriptions --- .github/workflows/docker.yml | 2 +- README.md | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index d37813a..3492f8f 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -43,7 +43,7 @@ on: default: ${{ github.repository }} type: string registry_username: - description: "Username to use for registry login. Defaults to Github actor." + description: "Username to use for registry login. Defaults to GitHub actor." required: false type: string registry_token: diff --git a/README.md b/README.md index cb7266d..5a47caf 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ > [!IMPORTANT] > This CI repository is meant for internal usage within the CTFPilot organization. -This repository contains Continuous intergration automation, in the forms of Github Action workflows. +This repository contains Continuous intergration automation, in the forms of GitHub Action workflows. ## How to use @@ -33,7 +33,7 @@ jobs: ### CLA Assistant -This workflow contains the CLA Assistant bot used througout CTF Pilot. +This workflow contains the CLA Assistant bot used throughout CTF Pilot. It is setup to contain sensible defaults, but requires the `repository` input to be specified. @@ -75,9 +75,9 @@ jobs: ### Release -This workflow contains the release system used througout CTF Pilot. +This workflow contains the release system used throughout CTF Pilot. -The wofklow requires the `repository` input to be specified. +The workflow requires the `repository` input to be specified. #### Inputs @@ -118,7 +118,7 @@ jobs: ### Docker -This workflow contains the Docker build and push system used througout CTF Pilot. +This workflow contains the Docker build and push system used throughout CTF Pilot. The wofklow requires the `repository` input to be specified. @@ -132,7 +132,7 @@ The wofklow requires the `repository` input to be specified. - `tags`: List of tags to apply to the image. Required if you do not use semantic versioning. - `registry`: Registry for docker image to use. Defaults to GitHub container registry. - `image_name`: Docker image name to use. Defaults to repository name. -- `registry_username`: Username to use for registry login. Defaults to Github actor. +- `registry_username`: Username to use for registry login. Defaults to GitHub actor. - `registry_token`: Token to use for registry login. Defaults to GITHUB_TOKEN. - `fetch_submodules`: Fetch submodules. Defaults to true. - `platforms`: Platforms to build for (comma separated, e.g., linux/amd64,linux/arm64). From 66cd4c3eb71d3376c95a5bd366d0cdb104093731 Mon Sep 17 00:00:00 2001 From: The0Mikkel Date: Sun, 16 Nov 2025 00:33:47 +0100 Subject: [PATCH 08/11] feat(ci): add internal CLA Assistant workflow --- .github/workflows/cla-internal.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/cla-internal.yml diff --git a/.github/workflows/cla-internal.yml b/.github/workflows/cla-internal.yml new file mode 100644 index 0000000..fcc9692 --- /dev/null +++ b/.github/workflows/cla-internal.yml @@ -0,0 +1,24 @@ +# ----------- +# NOTICE: This workflow is for internal use within the CI repository +# ----------- + +name: "CLA Assistant" + +on: + issue_comment: + types: [created] + pull_request_target: + types: [opened, closed, synchronize] + +jobs: + CLAAssistant: + permissions: + actions: write + contents: read + pull-requests: write + statuses: write + name: "CLA Assistant" + uses: ctfpilot/ci/.github/workflows/cla-assistant.yml@v1.0.0 + secrets: inherit + with: + repository: ci \ No newline at end of file From 4b702ef0ea3de8c8730aeccaa32a1d4464936ee9 Mon Sep 17 00:00:00 2001 From: The0Mikkel Date: Sun, 16 Nov 2025 00:34:09 +0100 Subject: [PATCH 09/11] fix(cla-assistant): add inherit secrets in CLA Assistant workflow documentation --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 5a47caf..d24d389 100644 --- a/README.md +++ b/README.md @@ -69,6 +69,7 @@ jobs: statuses: write name: "CLA Assistant" uses: ctfpilot/ci/.github/workflows/cla-assistant.yml@ + secrets: inherit with: repository: ``` From df49d9fb7b234c1e3a8fe1c742028a12ead5d6ad Mon Sep 17 00:00:00 2001 From: The0Mikkel Date: Sun, 16 Nov 2025 00:35:31 +0100 Subject: [PATCH 10/11] Correct spelling --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d24d389..9f8cac2 100644 --- a/README.md +++ b/README.md @@ -121,7 +121,7 @@ jobs: This workflow contains the Docker build and push system used throughout CTF Pilot. -The wofklow requires the `repository` input to be specified. +The workflow requires the `repository` input to be specified. #### Inputs From 533e71eb338bba202709077127e871e5eb1415ec Mon Sep 17 00:00:00 2001 From: The0Mikkel Date: Sun, 16 Nov 2025 00:36:57 +0100 Subject: [PATCH 11/11] fix(cla-assistant): update allowlist to include semantic-release-bot --- .github/workflows/cla-assistant.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cla-assistant.yml b/.github/workflows/cla-assistant.yml index 8193bc2..29b32fe 100644 --- a/.github/workflows/cla-assistant.yml +++ b/.github/workflows/cla-assistant.yml @@ -43,7 +43,7 @@ jobs: # branch should not be protected branch: "main" - allowlist: "" + allowlist: "semantic-release-bot" lock-pullrequest-aftermerge: false use-dco-flag: false