init new approach branch

.github/CONTRIBUTING.md

@@ -0,0 +1,29 @@
+<!--
+Copyright (C) 2022 Jim Fuller, <[email protected]>, et al.
+
+SPDX-License-Identifier: curl-container
+-->
+
+How to contribute to curl
+=========================
+
+Join the community
+------------------
+
+ 1. Click 'watch' on the GitHub repo
+
+ 2. Subscribe to the suitable [mailing lists](https://curl.se/mail/)
+
+Read [CONTRIBUTE](../docs/CONTRIBUTE.md)
+---------------------------------------
+
+Send your suggestions using one of these methods:
+-------------------------------------------------
+
+ 1. in a mail to the mailing list
+
+ 2. as a [pull request](https://github.com/curl/curl-container/pulls)
+
+ 3. as an [issue](https://github.com/curl/curl-container/issues)
+
+/ The curl-container team!

.github/FUNDING.yml

@@ -0,0 +1,6 @@
+# Copyright (C) 2022 Jim Fuller, <[email protected]>, et al.
+#
+# SPDX-License-Identifier: curl-container
+
+github: curl
+open_collective: curl

.github/stale.yml

@@ -0,0 +1,21 @@
+# Copyright (C) 2022 Jim Fuller, <[email protected]>, et al.
+#
+# SPDX-License-Identifier: curl-container
+
+# Number of days of inactivity before an issue becomes stale
+daysUntilStale: 180
+# Number of days of inactivity before a stale issue is closed
+daysUntilClose: 14
+# Issues with these labels will never be considered stale
+exemptLabels:
+  - pinned
+  - security
+# Label to use when marking an issue as stale
+staleLabel: stale
+# Comment to post when marking an issue as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. Thank you
+  for your contributions.
+# Comment to post when closing a stale issue. Set to `false` to disable
+closeComment: false

.github/workflows/build_master.yml

@@ -0,0 +1,74 @@
+name: build_master_images
+on:
+  schedule:
+    # Runs every hour
+    - cron: '0 * * * * '
+  push:
+    branches:
+      - "new_world"
+env:
+  REGISTRY_USER: ${{ github.actor }}
+  REGISTRY_PASSWORD: ${{ github.token }}
+  IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+
+jobs:
+  build_master:
+    name: ${{ matrix.build.name }}
+    runs-on: 'ubuntu-latest'
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        install_latest: [ true ]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          ref: "new_world"
+      - name: Log in to ghcr.io
+        uses: redhat-actions/podman-login@v1
+        with:
+          username: ${{ env.REGISTRY_USER }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+          registry: ${{ env.IMAGE_REGISTRY }}
+      - run: |
+          sudo apt-get update
+          sudo apt-get -y install buildah less git make podman qemu
+        name: 'install dev deps'
+      - run: make branch_or_ref=master release_tag=master build_ref_images
+        name: 'build master images'
+#      - run: buildah unshare make release_tag=master test
+#        name: 'test image'
+      - run: make release_tag=master scan
+        name: 'security scan image'
+      - run: |
+          buildah tag localhost/curl-dev:master ghcr.io/curl/curl-container/curl-dev:master
+          buildah push ghcr.io/curl/curl-container/curl-dev:master
+          buildah tag localhost/curl-base:master ghcr.io/curl/curl-container/curl-base:master
+          buildah push ghcr.io/curl/curl-container/curl-base:master
+          buildah tag localhost/curl:master ghcr.io/curl/curl-container/curl:master
+          buildah push ghcr.io/curl/curl-container/curl:master
+        name: 'push images to github registry'
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@main
+      - name: Write signing key to disk (only needed for `cosign sign --key`)
+        run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key
+      - name: Sign image with a key
+        run: |
+          cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-dev:master
+          cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-base:master
+          cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl:master
+        env:
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+      - name: Write public key to disk
+        run: echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub
+      - name: Verify image with public key
+        run: |
+          cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-dev:master
+          cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-base:master
+          cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl:master
+        env:
+          COSIGN_PUBLIC_KEY: ${{secrets.COSIGN_PUBLIC_KEY}}
+

.github/workflows/build_master_multi.yml

@@ -0,0 +1,65 @@
+name: build_master_multi_images
+on:
+  schedule:
+    # Runs at 9:00 UTC every day
+    - cron: '0 9 * * *'
+  push:
+    branches:
+      - "new_world"
+env:
+  REGISTRY_USER: ${{ github.actor }}
+  REGISTRY_PASSWORD: ${{ github.token }}
+  IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+
+jobs:
+  build_multi_master:
+    name: ${{ matrix.build.name }}
+    runs-on: 'ubuntu-latest'
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        install_latest: [ true ]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          ref: "new_world"
+      - name: Log in to ghcr.io
+        uses: redhat-actions/podman-login@v1
+        with:
+          username: ${{ env.REGISTRY_USER }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+          registry: ${{ env.IMAGE_REGISTRY }}
+      - run: |
+          sudo apt-get update
+          sudo apt-get -y install buildah less git make podman qemu
+        name: 'install dev deps'
+      - run: buildah unshare make branch_or_ref=master release_tag=master multibuild
+        name: 'build multi image'
+#      - run: buildah unshare make release_tag=$REL test
+#        name: 'test image'
+#      - run: make release_tag=$REL scan
+#        name: 'security scan image'
+      - run: |
+          buildah tag localhost/curl-multi:master ghcr.io/curl/curl-container/curl-multi:master
+          buildah push ghcr.io/curl/curl-container/curl-multi:master
+        name: 'push images to github registry'
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@main
+      - name: Write signing key to disk (only needed for `cosign sign --key`)
+        run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key
+      - name: Sign image with a key
+        run: |
+          cosign sign --key cosign.key ghcr.io/curl/curl-container/curl-multi:master
+        env:
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+      - name: Write public key to disk
+        run: echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub
+      - name: Verify image with public key
+        run: |
+          cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-multi:master
+        env:
+          COSIGN_PUBLIC_KEY: ${{secrets.COSIGN_PUBLIC_KEY}}

.gitignore

@@ -0,0 +1,2 @@
+.idea
+venv

Containerfile

@@ -0,0 +1,9 @@
+from quay.io/buildah/stable:latest
+
+RUN dnf --nodocs --setopt install_weak_deps=false -y install less git make podman qemu
+
+COPY "requirements.txt" "requirements.txt"
+RUN python3 -m ensurepip
+# RUN pip3 install --no-input -r requirements.txt
+
+WORKDIR /opt/app-root/src/

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 James Fuller
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,79 @@
+.DEFAULT_GOAL := all
+
+container_ids=`buildah ls --format "{{.ContainerID}}"`
+
+base=docker.io/alpine:latest
+arch=""
+compiler="gcc"
+build_opts=" --enable-static --disable-ldap --enable-ipv6 --enable-unix-sockets --with-ssl --with-libssh2 --with-nghttp2=/usr"
+dev_deps="libssh2 libssh2-dev libssh2-static autoconf automake build-base groff openssl curl-dev python3 python3-dev libtool curl stunnel perl nghttp2 brotli brotli-dev"
+base_deps="brotli brotli-dev libssh2 nghttp2-dev libidn2"
+arches="linux/arm/v7,linux/amd64,linux/arm64,linux/ppc64le,linux/s390x,linux/386"
+
+##############################################
+# build_alpine dev, base and appliance image
+##############################################
+#
+#  > make branch_or_ref=master release_tag=master build_alpine
+#
+build_alpine:
+	./create_dev_image.sh ${arch} ${base} ${compiler} ${dev_deps} ${build_opts} ${branch_or_ref} curl-dev:${release_tag}
+	./create_base_image.sh ${arch} ${base} localhost/curl-dev:${release_tag} ${base_deps} curl-base:${release_tag}
+	./create_appliance_image.sh ${arch} localhost/curl-base:${release_tag} curl:${release_tag}
+
+build_ref_images: build_alpine
+
+#############################
+# test
+#############################
+#
+#  > make branch_or_ref=master test
+#
+test:
+	tests/test_image.sh ${release_tag}
+
+#############################
+# scan
+#############################
+#
+#  > make release_tag=master scan
+#
+scan:
+	systemctl --user enable --now podman.socket
+	curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo bash -s -- -b /usr/local/bin v0.32.0
+	trivy image localhost/curl:${release_tag}
+#	wget -qO - https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo bash -s -- -b /usr/local/bin
+#	grype curl:${release_tag}
+
+#############################
+# multibuild
+#############################
+#
+#
+#  > make branch_or_ref=master release_tag=master multibuild
+#
+
+multibuild:
+	./create_multi.sh ${base} ${compiler} ${dev_deps} ${base_deps} ${build_opts} ${branch_or_ref} ${release_tag}
+
+
+#############################
+# utilities
+#############################
+#
+#
+buildah_clean:
+	buildah rm $(container_ids)
+run_curl_dev_master:
+	# assumes git checkout of curl at ../curl
+	podman run --privileged -it -v /opt/app-root/curl:/src/curl:z localhost/curl-dev:master
+run_curl_base_master:
+	# assumes git checkout of curl at ../curl
+	podman run -it -v ../curl:/src/curl:z localhost/curl-base:master
+run_curl_master:
+	# assumes git checkout of curl at ../curl
+	podman run -it -v ../curl:/src/curl:z localhost/curl:master
+
+dev:
+	podman-compose -f dev-compose.yml up
+