move helper code into a central container

Author: actualben

.github/workflows/docker.yml

@@ -21,8 +21,8 @@ env:
   PSUM_LABEL: be.backplane.image.context_psum
   PLATFORMS: linux/amd64,linux/arm64,linux/arm/v7
   LICENSES: Various Open Source
-  PLATFORMS_OVERRIDE: .build_platforms.txt
-  LICENSES_OVERRIDE: LICENSES.txt
+  PLATFORMS_OVERRIDE_FILE: .build_platforms.txt
+  LICENSES_OVERRIDE_FILE: LICENSES.txt
 
 jobs:
   build-push:
@@ -45,11 +45,12 @@ jobs:
           - black
           - blampy
           - bpython
-          - cdk
+          - cdk-python
           - chardet
           - checkmake
           - chrome
           - compose_sort
+          - conex-helper
           - firefox
           - fzf
           - ghlatest
@@ -102,13 +103,13 @@ jobs:
           : "${REGISTRY:?}" # this is used in subsequent steps
           : "${ORG:?}"
           : "${PSUM_LABEL:?}"
-          : "${PLATFORMS_OVERRIDE:?}"
 
-          # generate some useful outputs
-          .helpers/cdata.py \
-            --forcebuild '${{ github.event.inputs.force_build }}' \
-            --repo "${ORG}/${{ matrix.container }}" \
-            '${{ matrix.container }}'
+          # generate some outputs about the container being built
+          docker pull -q backplane/conex-helper
+          docker run --rm -it --volume "$(pwd):/work" backplane/conex-helper \
+            metadata \
+              --forcedbuilds '${{ github.event.inputs.force_build }}' \
+              '${{ matrix.container }}'
 
       # https://github.com/docker/setup-qemu-action
       - name: Set up QEMU
@@ -144,6 +145,7 @@ jobs:
             org.opencontainers.image.title=${{ matrix.container }}
             org.opencontainers.image.source=https://github.com/backplane/conex/${{ matrix.container }}
             org.opencontainers.image.licenses=${{ steps.cdata.outputs.licenses }}
+            org.opencontainers.image.description=${{ steps.cdata.outputs.description }}
 
       # Build and push Docker image with Buildx (don't push on PR)
       # https://github.com/docker/build-push-action

.helpers/cdata.py

@@ -7,11 +7,11 @@ all: README.md .github/workflows/docker.yml
 
 README.md: */README.md docs/about.md
 	@printf '==> %s\n' "$@"
-	.helpers/readme_generator.py \
-	  --dhuser "backplane" \
-	  --header docs/about.md \
-	  */README.md \
-	  >"$@"
+	docker run --rm -it --volume "$$(pwd):/work" backplane/conex-helper \
+	  update-readme \
+	    -i docs/about.md \
+	    */README.md
 
 .github/workflows/docker.yml: $(DOCKERFILES) $(CONTEXTS)
-	.helpers/update_workflow.py "$@"
+	docker run --rm -it --volume "$$(pwd):/work" backplane/conex-helper \
+	  update-workflow

Makefile

@@ -30,6 +30,7 @@ Name | Description | Dockerfile Link | Image Link
 [checkmake](checkmake) | [`alpine:edge`](https://hub.docker.com/_/alpine/)-based dockerization of [checkmake](https://github.com/mrtazz/checkmake/), the `Makefile` linter | [Dockerfile](checkmake/Dockerfile) | [backplane/checkmake](https://hub.docker.com/r/backplane/checkmake)
 [chrome](chrome) | [`debian:unstable-slim`](https://hub.docker.com/_/debian/)-based dockerization of the Google Chrome web browser | [Dockerfile](chrome/Dockerfile) | [backplane/chrome](https://hub.docker.com/r/backplane/chrome)
 [compose_sort](compose_sort) | [`alpine:edge`](https://hub.docker.com/_/alpine/)-based dockerization of `compose_sort`, a CLI utility for sorting docker-compose files | [Dockerfile](compose_sort/Dockerfile) | [backplane/compose_sort](https://hub.docker.com/r/backplane/compose_sort)
+[conex-helper](conex-helper) | [`python:3-alpine`](https://hub.docker.com/_/python/)-based dockerization of a utility program which helps manage the `backplane/conex` github repo | [Dockerfile](conex-helper/Dockerfile) | [backplane/conex-helper](https://hub.docker.com/r/backplane/conex-helper)
 [firefox](firefox) | [`debian:unstable-slim`](https://hub.docker.com/_/debian/)-based dockerization of the Firefox web browser | [Dockerfile](firefox/Dockerfile) | [backplane/firefox](https://hub.docker.com/r/backplane/firefox)
 [fzf](fzf) | [`alpine:edge`](https://hub.docker.com/_/alpine/)-based dockerization of [fzf](https://github.com/junegunn/fzf) the command line fuzzy finder | [Dockerfile](fzf/Dockerfile) | [backplane/fzf](https://hub.docker.com/r/backplane/fzf)
 [ghlatest](ghlatest) | scratch-based dockerization of [ghlatest](https://github.com/backplane/ghlatest), a release downloader utility | [Dockerfile](ghlatest/Dockerfile) | [backplane/ghlatest](https://hub.docker.com/r/backplane/ghlatest)

README.md

@@ -0,0 +1,3 @@
+README.md
+venv
+**/__pycache__

conex-helper/.dockerignore

@@ -0,0 +1,30 @@
+FROM python:3-alpine
+LABEL maintainer="Backplane BV <[email protected]>"
+
+COPY requirements.txt /
+
+RUN set -eux; \
+  pip install -r /requirements.txt; \
+  pip cache purge;
+
+COPY app /app/
+
+WORKDIR /work
+
+ARG NONROOT_GID=20000
+ARG NONROOT_UID=20000
+RUN set -ex; \
+  addgroup \
+    -g ${NONROOT_GID} \
+    nonroot \
+  ; \
+  adduser \
+    -h /work \
+    -u ${NONROOT_UID} \
+    -G nonroot \
+    -D \
+    nonroot \
+  ;
+USER nonroot
+
+ENTRYPOINT ["/app/main.py"]

conex-helper/Dockerfile

@@ -0,0 +1,109 @@
+# conex-helper
+
+[`python:3-alpine`](https://hub.docker.com/_/python/)-based dockerization of a utility program which helps manage the `backplane/conex` github repo
+
+## Usage
+
+The program has three primary subcommands: `update-readme`, `update-workflow`, and `metadata`.
+
+### general help text
+
+```
+usage: main.py [-h] [--debug] [--dhuser DHUSER] command ...
+
+utility for maintaining the github.com/backplane/conex repo
+
+positional arguments:
+  command
+    update-readme  update the central readme from the readme files in the container subdirectories
+    update-workflow
+                   update the github actions workflow file 'docker.yml' with the current list of container subdirectories
+    metadata       called during the container build github action to write workflow outputs that get used in later build steps
+
+options:
+  -h, --help       show this help message and exit
+  --debug          enable debug output (default: False)
+  --dhuser DHUSER  the docker hub repo path to use when linking to images (default: backplane)
+```
+
+### `update-readme` subcommand
+
+This subcommand is used to update the central `README.md` from the `README.md` files in the container subdirectories.
+
+```
+usage: main.py update-readme [-h] [-i HEADER] readme subdir_readmes [subdir_readmes ...]
+
+positional arguments:
+  readme                the path to the markdown file to update
+  subdir_readmes        the source README.md files to build from
+
+options:
+  -h, --help            show this help message and exit
+  -i HEADER, --header HEADER
+                        header file(s) to include at the beginning of the output (default: [])
+
+```
+
+### `update-workflow` subcommand
+
+This subcommand is used to update the github actions workflow file `docker.yml` with the current list of container subdirectories.
+
+```
+usage: main.py update-workflow [-h] [--workflowfile WORKFLOWFILE] [--basedir BASEDIR] [-l]
+
+options:
+  -h, --help            show this help message and exit
+  --workflowfile WORKFLOWFILE
+                        the path to the workflow file to update (in-place) (default: .github/workflows/docker.yml)
+  --basedir BASEDIR     the path the repo base (default: .)
+  -l, --list            don't make any changes; instead print the container list from the current action file (default: False)
+
+```
+
+### `metadata` subcommand
+
+This subcommand is called during the docker build github action to write workflow outputs that get used in later build steps.
+
+This includes comparing the perishable checksum of the current build context to the perishable checksum label on the corresponding image already on docker hub. This allows builds to be skipped if nothing has changed in the build context.
+
+```
+usage: main.py metadata [-h] [--forcedbuilds FORCEDBUILDS] [--repo REPO] [--psumlabel PSUMLABEL] [--platforms PLATFORMS] [--platforms-override-file PLATFORMS_OVERRIDE_FILE] [--licenses LICENSES]
+                        [--licenses-override-file LICENSES_OVERRIDE_FILE]
+                        contextname
+
+positional arguments:
+  contextname           the name of the directory containing the Docker build context
+
+options:
+  -h, --help            show this help message and exit
+  --forcedbuilds FORCEDBUILDS
+                        comma-separated list of container contexts to build, without regard to the context's perishable checksum (default: )
+  --repo REPO           the image repo, as given to the 'docker pull' command (default: None)
+  --psumlabel PSUMLABEL
+                        the namespaced perishable sum label name to apply to the image (default: be.backplane.image.context_psum)
+  --platforms PLATFORMS
+                        the default list of platforms to build for (default: linux/amd64,linux/arm64,linux/arm/v7)
+  --platforms-override-file PLATFORMS_OVERRIDE_FILE
+                        the name of a file inside the context directory which lists platforms to build for (default: .build_platforms.txt)
+  --licenses LICENSES   the default SPDX License Expression for the primary image content (default: Various Open Source)
+  --licenses-override-file LICENSES_OVERRIDE_FILE
+                        the name of a file inside the context directory which lists SPDX License Expressions for the primary image content (default: LICENSES.txt)
+
+```
+
+### Interactive Use
+
+The following shell function can assist in running this image interactively:
+
+```sh
+
+conex_helper() {
+  docker run \
+    --rm \
+    --interactive \
+    --tty \
+    --volume "$(pwd):/work" \
+    "backplane/conex-helper" \
+    "$@"
+}
+```

conex-helper/README.md

@@ -0,0 +1,3 @@
+#!/usr/bin/env python3
+
+from .core import *