From b5bfa99d905ac491eeddf2ad783c272f84e34cf6 Mon Sep 17 00:00:00 2001
From: Jonathan Seth Mainguy <jon@soh.re>
Date: Wed, 16 Oct 2024 21:44:42 -0400
Subject: [PATCH] feat: update for modern ci

---
 .github/workflows/ci.yaml      | 18 ++++++++++++++++++
 .github/workflows/release.yaml | 22 ++++++++++++++++++++++
 .release-please-manifest.json  |  3 +++
 Dockerfile                     | 30 ++++++++++++++++--------------
 Gemfile                        |  2 ++
 Gemfile.lock                   | 31 +++++++++++++++++++++----------
 build.sh                       |  2 --
 release-please-config.json     | 17 +++++++++++++++++
 run.sh                         |  4 ----
 9 files changed, 99 insertions(+), 30 deletions(-)
 create mode 100644 .github/workflows/ci.yaml
 create mode 100644 .github/workflows/release.yaml
 create mode 100644 .release-please-manifest.json
 delete mode 100755 build.sh
 create mode 100644 release-please-config.json
 delete mode 100755 run.sh

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
new file mode 100644
index 0000000..e5bca01
--- /dev/null
+++ b/.github/workflows/ci.yaml
@@ -0,0 +1,18 @@
+name: Build and Scan Docker Image
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  docker-ci:
+    uses: Jmainguy/docker-workflows/.github/workflows/docker-ci.yml@v2
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 0000000..3c59441
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,22 @@
+name: Release Docker Image
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  release-please:
+    uses: Jmainguy/docker-workflows/.github/workflows/docker-release.yml@v2
+    secrets:
+      docker_username: ${{ secrets.DOCKER_USERNAME }}
+      docker_password: ${{ secrets.DOCKER_PASSWORD }}
+    with:
+      docker_url: zot.soh.re
+      image_name: ${{ github.event.repository.name }}
+      authors: "Jonathan Seth Mainguy <jon@soh.re>"
+      vendor: "Jmainguy"
diff --git a/.release-please-manifest.json b/.release-please-manifest.json
new file mode 100644
index 0000000..e18ee07
--- /dev/null
+++ b/.release-please-manifest.json
@@ -0,0 +1,3 @@
+{
+  ".": "0.0.0"
+}
diff --git a/Dockerfile b/Dockerfile
index aac3b24..7904105 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,15 +1,17 @@
-FROM centos:latest
-MAINTAINER Jonathan Mainguy <jon@soh.re>
-RUN yum install -y git ruby rubygem-bundler && \
-    yum clean all
-RUN chmod 777 /opt
-RUN mkdir -p /opt/statuscode
-ADD . /opt/statuscode
-WORKDIR /opt/statuscode
-ENV HOME=/opt/statuscode
-RUN gem install bundler
-RUN bundle update --bundler
-RUN bundler
+FROM cgr.dev/chainguard/ruby:latest-dev as builder
+
+ENV GEM_HOME=/work/vendor
+ENV GEM_PATH=${GEM_PATH}:/work/vendor
+COPY Gemfile /work/
+RUN gem install bundler && bundle install
+
+FROM cgr.dev/chainguard/ruby:latest
+
+ENV GEM_HOME=/work/vendor
+ENV GEM_PATH=${GEM_PATH}:/work/vendor
+
+COPY --from=builder /work/ /work/
+COPY app.rb /work/
 EXPOSE 4567
-USER 1337:1337
-CMD ["ruby", "/opt/statuscode/app.rb"]
+
+ENTRYPOINT [ "ruby", "app.rb" ]
diff --git a/Gemfile b/Gemfile
index 1eec94f..2e67525 100644
--- a/Gemfile
+++ b/Gemfile
@@ -3,3 +3,5 @@ source 'https://rubygems.org'
 gem "rack", ">= 2.1.4"
 gem "rack-protection", ">= 1.5.5"
 gem 'sinatra'
+
+gem "rackup", "~> 2.1"
diff --git a/Gemfile.lock b/Gemfile.lock
index 19f637d..a0597bf 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,26 +1,37 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    mustermann (1.1.2)
+    base64 (0.2.0)
+    mustermann (3.0.3)
       ruby2_keywords (~> 0.0.1)
-    rack (2.2.9)
-    rack-protection (2.2.1)
-      rack
+    rack (3.1.8)
+    rack-protection (4.0.0)
+      base64 (>= 0.1.0)
+      rack (>= 3.0.0, < 4)
+    rack-session (2.0.0)
+      rack (>= 3.0.0)
+    rackup (2.1.0)
+      rack (>= 3)
+      webrick (~> 1.8)
     ruby2_keywords (0.0.5)
-    sinatra (2.2.1)
-      mustermann (~> 1.0)
-      rack (~> 2.2)
-      rack-protection (= 2.2.1)
+    sinatra (4.0.0)
+      mustermann (~> 3.0)
+      rack (>= 3.0.0, < 4)
+      rack-protection (= 4.0.0)
+      rack-session (>= 2.0.0, < 3)
       tilt (~> 2.0)
-    tilt (2.0.11)
+    tilt (2.4.0)
+    webrick (1.8.2)
 
 PLATFORMS
   ruby
+  x86_64-linux
 
 DEPENDENCIES
   rack (>= 2.1.4)
   rack-protection (>= 1.5.5)
+  rackup (~> 2.1)
   sinatra
 
 BUNDLED WITH
-   2.1.4
+   2.5.22
diff --git a/build.sh b/build.sh
deleted file mode 100755
index 6a6e10c..0000000
--- a/build.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/bash
-docker build -t="hub.soh.re/soh.re/status-code" .
diff --git a/release-please-config.json b/release-please-config.json
new file mode 100644
index 0000000..dcbbd67
--- /dev/null
+++ b/release-please-config.json
@@ -0,0 +1,17 @@
+{
+  "include-v-in-tag": true,
+  "separate-pull-requests": true,
+  "packages": {
+    ".": {
+      "release-type": "go",
+      "extra-files": [
+        {
+          "path": "README.md",
+          "type": "generic"
+        }
+      ],
+      "changelog-path": "CHANGELOG.md"
+    }
+  },
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json"
+}
diff --git a/run.sh b/run.sh
deleted file mode 100755
index e3765fd..0000000
--- a/run.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/bash
-docker kill status-code
-docker rm status-code
-docker run -p 4567:4567 -d --name status-code --restart always hub.soh.re/soh.re/status-code