Skip to content

Commit 410e5b5

Browse files
k-matsuzawak-matsuzawa
committed
feat: update CI, etc
1 parent 571388f commit 410e5b5

6 files changed

Lines changed: 41 additions & 11 deletions

File tree

.github/dependabot.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,3 +10,7 @@ updates:
1010
- '.github/**/*'
1111
schedule:
1212
interval: weekly
13+
groups:
14+
dependencies:
15+
patterns:
16+
- "*"

.github/workflows/create-docker-image.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ env:
1313

1414
jobs:
1515
upload-image:
16-
runs-on: ubuntu-22.04
16+
runs-on: ubuntu-latest
1717
timeout-minutes: 30
1818
permissions:
1919
contents: read

Dockerfile

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
FROM --platform=$TARGETPLATFORM python:3.11.3-slim-bullseye
1+
FROM --platform=$TARGETPLATFORM python:3.11.14-slim-bookworm
22

33
# NOTE: nodedir has used by cmake-js.
44
RUN mkdir /var/.npm \
@@ -53,18 +53,24 @@ RUN ARCH=`uname -m` \
5353
&& gpg --verify SHA256SUMS.asc 2>&1 | grep "using ECDSA key" | tr -s ' ' | cut -d ' ' -f5 \
5454
&& echo "dump key" \
5555
&& gpg --verify SHA256SUMS.asc 2>&1 | grep "using " | tr -s ' ' | cut -d ' ' -f5 \
56+
&& echo "gpg keyserver 1" \
5657
&& gpg -v --keyserver ${GPG_KEY_SERVER} --recv-keys ${BITCOIN_PGP_KEY} \
58+
&& echo "gpg keyserver 2" \
5759
&& gpg -v --keyserver hkps://keys.openpgp.org --recv-keys 82921A4B88FD454B7EB8CE3C796C4109063D4EAF \
58-
&& gpg -v --keyserver hkps://keys.openpgp.org --recv-keys C388F6961FB972A95678E327F62711DBDCA8AE56 \
60+
&& echo "verify checksum" \
5961
&& sha256sum --ignore-missing --check SHA256SUMS \
6062
&& tar -xzvf ${BITCOIN_TARBALL} --directory=/opt/ \
6163
&& ln -sfn /opt/bitcoin-${BITCOIN_VERSION}/bin/* /usr/bin \
6264
&& rm -f ${BITCOIN_TARBALL} SHA256SUMS.asc
6365

64-
#20220427: ignore gpg verify (for C388F6961FB972A95678E327F62711DBDCA8AE56)
66+
# 20220427: ignore gpg verify (for C388F6961FB972A95678E327F62711DBDCA8AE56)
6567
# && gpg --verify -v SHA256SUMS.asc \
6668
# && sha256sum --ignore-missing --check SHA256SUMS \
6769

70+
# 20251126: ignore import key
71+
# && echo "gpg keyserver 3" \
72+
# && gpg -v --keyserver hkps://keys.openpgp.org --recv-keys C388F6961FB972A95678E327F62711DBDCA8AE56 \
73+
6874

6975
# setup elements
7076
ARG ELEMENTS_VERSION=22.1.1
@@ -81,7 +87,9 @@ RUN ARCH=`uname -m` \
8187
&& wget -qO ${ELEMENTS_TARBALL} ${ELEMENTS_URL_BASE}/${ELEMENTS_TARBALL} \
8288
&& gpg -v --keyserver ${GPG_KEY_SERVER} --recv-keys ${ELEMENTS_PGP_KEY} \
8389
&& wget -qO SHA256SUMS.asc ${ELEMENTS_URL_BASE}/SHA256SUMS.asc \
90+
&& echo "verify gpg" \
8491
&& gpg --verify SHA256SUMS.asc \
92+
&& echo "verify checksum" \
8593
&& sha256sum --ignore-missing --check SHA256SUMS.asc \
8694
&& tar -xzvf ${ELEMENTS_TARBALL} --directory=/opt/ \
8795
&& ln -sfn /opt/elements-${ELEMENTS_VERSION}/bin/* /usr/bin \
@@ -109,7 +117,9 @@ RUN ARCH=`uname -m` \
109117
&& gpg --keyserver ${GPG_KEY_SERVER} --recv-keys ${CMAKE_PGP_KEY} \
110118
&& wget -qO cmake-SHA-256.txt ${CMAKE_URL_BASE}/cmake-${CMAKE_VERSION}-SHA-256.txt \
111119
&& wget -qO cmake-SHA-256.txt.asc ${CMAKE_URL_BASE}/cmake-${CMAKE_VERSION}-SHA-256.txt.asc \
120+
&& echo "verify gpg" \
112121
&& gpg --verify cmake-SHA-256.txt.asc \
122+
&& echo "verify checksum" \
113123
&& sha256sum --ignore-missing --check cmake-SHA-256.txt \
114124
&& tar -xzvf ${CMAKE_TARBALL} --directory=/opt/ \
115125
&& mv /opt/${CMAKE_DIR_NAME} /opt/cmake-${CMAKE_VERSION}-linux \

Taskfile.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,11 @@ tasks:
66
- task: :hadolint
77
gha-lint:
88
vars:
9-
PINACT_VERSION: v2.2.1
10-
ACTIONLINT_VERSION: v1.7.7
11-
GHALINT_VERSION: v1.3.0
9+
PINACT_VERSION: v3.4.4
10+
ACTIONLINT_VERSION: v1.7.8
11+
GHALINT_VERSION: v1.5.3
1212
cmds:
13-
- go run github.com/suzuki-shunsuke/pinact/v2/cmd/pinact@{{.PINACT_VERSION}} run
13+
- go run github.com/suzuki-shunsuke/pinact/v3/cmd/pinact@{{.PINACT_VERSION}} run
1414
- go run github.com/rhysd/actionlint/cmd/actionlint@{{.ACTIONLINT_VERSION}}
1515
- go run github.com/suzuki-shunsuke/ghalint/cmd/ghalint@{{.GHALINT_VERSION}} run
1616
hadolint:
@@ -19,6 +19,6 @@ tasks:
1919
- docker run --rm -i -v {{.TASK_DIR}}/.hadolint.yml:/.config/hadolint.yaml ghcr.io/hadolint/hadolint < arm64.dockerfile
2020
format:
2121
vars:
22-
YAMLFMT_VERSION: v0.15.0
22+
YAMLFMT_VERSION: v0.20.0
2323
cmds:
2424
- go run github.com/google/yamlfmt/cmd/yamlfmt@{{.YAMLFMT_VERSION}}

amd64.dockerfile

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
FROM python:3.11.3-slim-bullseye
1+
FROM python:3.11.14-slim-bookworm
22

33
# NOTE: nodedir has used by cmake-js.
44
RUN mkdir /var/.npm \
@@ -48,9 +48,13 @@ RUN BITCOIN_TARBALL=bitcoin-${BITCOIN_VERSION}-x86_64-linux-gnu.tar.gz \
4848
&& gpg --verify SHA256SUMS.asc 2>&1 | grep "using ECDSA key" | tr -s ' ' | cut -d ' ' -f5 \
4949
&& echo "dump key" \
5050
&& gpg --verify SHA256SUMS.asc 2>&1 | grep "using " | tr -s ' ' | cut -d ' ' -f5 \
51+
&& echo "gpg keyserver 1" \
5152
&& gpg -v --keyserver ${GPG_KEY_SERVER} --recv-keys ${BITCOIN_PGP_KEY} \
53+
&& echo "gpg keyserver 2" \
5254
&& gpg -v --keyserver hkps://keys.openpgp.org --recv-keys 82921A4B88FD454B7EB8CE3C796C4109063D4EAF \
55+
&& echo "gpg keyserver 3" \
5356
&& gpg -v --keyserver hkps://keys.openpgp.org --recv-keys C388F6961FB972A95678E327F62711DBDCA8AE56 \
57+
&& echo "verify checksum" \
5458
&& sha256sum --ignore-missing --check SHA256SUMS \
5559
&& tar -xzvf ${BITCOIN_TARBALL} --directory=/opt/ \
5660
&& ln -sfn /opt/bitcoin-${BITCOIN_VERSION}/bin/* /usr/bin \
@@ -70,7 +74,9 @@ RUN ELEMENTS_TARBALL=elements-${ELEMENTS_VERSION}-x86_64-linux-gnu.tar.gz \
7074
&& wget -qO ${ELEMENTS_TARBALL} ${ELEMENTS_URL_BASE}/${ELEMENTS_TARBALL} \
7175
&& gpg -v --keyserver ${GPG_KEY_SERVER} --recv-keys ${ELEMENTS_PGP_KEY} \
7276
&& wget -qO SHA256SUMS.asc ${ELEMENTS_URL_BASE}/SHA256SUMS.asc \
77+
&& echo "verify gpg" \
7378
&& gpg --verify SHA256SUMS.asc \
79+
&& echo "verify checksum" \
7480
&& sha256sum --ignore-missing --check SHA256SUMS.asc \
7581
&& tar -xzvf ${ELEMENTS_TARBALL} --directory=/opt/ \
7682
&& ln -sfn /opt/elements-${ELEMENTS_VERSION}/bin/* /usr/bin \
@@ -90,7 +96,9 @@ RUN CMAKE_TARBALL=cmake-${CMAKE_VERSION}-linux-x86_64.tar.gz \
9096
&& gpg --keyserver ${GPG_KEY_SERVER} --recv-keys ${CMAKE_PGP_KEY} \
9197
&& wget -qO cmake-SHA-256.txt ${CMAKE_URL_BASE}/cmake-${CMAKE_VERSION}-SHA-256.txt \
9298
&& wget -qO cmake-SHA-256.txt.asc ${CMAKE_URL_BASE}/cmake-${CMAKE_VERSION}-SHA-256.txt.asc \
99+
&& echo "verify gpg" \
93100
&& gpg --verify cmake-SHA-256.txt.asc \
101+
&& echo "verify checksum" \
94102
&& sha256sum --ignore-missing --check cmake-SHA-256.txt \
95103
&& tar -xzvf ${CMAKE_TARBALL} --directory=/opt/ \
96104
&& ln -sfn /opt/cmake-${CMAKE_VERSION}-linux-x86_64/bin/* /usr/bin \

arm64.dockerfile

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
FROM python:3.11.3-slim-bullseye
1+
FROM python:3.11.14-slim-bookworm
22

33
# NOTE: nodedir has used by cmake-js.
44
RUN mkdir /var/.npm \
@@ -48,9 +48,13 @@ RUN BITCOIN_TARBALL=bitcoin-${BITCOIN_VERSION}-aarch64-linux-gnu.tar.gz \
4848
&& gpg --verify SHA256SUMS.asc 2>&1 | grep "using ECDSA key" | tr -s ' ' | cut -d ' ' -f5 \
4949
&& echo "dump key" \
5050
&& gpg --verify SHA256SUMS.asc 2>&1 | grep "using " | tr -s ' ' | cut -d ' ' -f5 \
51+
&& echo "gpg keyserver 1" \
5152
&& gpg -v --keyserver ${GPG_KEY_SERVER} --recv-keys ${BITCOIN_PGP_KEY} \
53+
&& echo "gpg keyserver 2" \
5254
&& gpg -v --keyserver hkps://keys.openpgp.org --recv-keys 82921A4B88FD454B7EB8CE3C796C4109063D4EAF \
55+
&& echo "gpg keyserver 3" \
5356
&& gpg -v --keyserver hkps://keys.openpgp.org --recv-keys C388F6961FB972A95678E327F62711DBDCA8AE56 \
57+
&& echo "verify checksum" \
5458
&& sha256sum --ignore-missing --check SHA256SUMS \
5559
&& tar -xzvf ${BITCOIN_TARBALL} --directory=/opt/ \
5660
&& ln -sfn /opt/bitcoin-${BITCOIN_VERSION}/bin/* /usr/bin \
@@ -70,7 +74,9 @@ RUN ELEMENTS_TARBALL=elements-${ELEMENTS_VERSION}-aarch64-linux-gnu.tar.gz \
7074
&& wget -qO ${ELEMENTS_TARBALL} ${ELEMENTS_URL_BASE}/${ELEMENTS_TARBALL} \
7175
&& gpg -v --keyserver ${GPG_KEY_SERVER} --recv-keys ${ELEMENTS_PGP_KEY} \
7276
&& wget -qO SHA256SUMS.asc ${ELEMENTS_URL_BASE}/SHA256SUMS.asc \
77+
&& echo "verify gpg" \
7378
&& gpg --verify SHA256SUMS.asc \
79+
&& echo "verify checksum" \
7480
&& sha256sum --ignore-missing --check SHA256SUMS.asc \
7581
&& tar -xzvf ${ELEMENTS_TARBALL} --directory=/opt/ \
7682
&& ln -sfn /opt/elements-${ELEMENTS_VERSION}/bin/* /usr/bin \
@@ -90,7 +96,9 @@ RUN CMAKE_TARBALL=cmake-${CMAKE_VERSION}-linux-aarch64.tar.gz \
9096
&& gpg --keyserver ${GPG_KEY_SERVER} --recv-keys ${CMAKE_PGP_KEY} \
9197
&& wget -qO cmake-SHA-256.txt ${CMAKE_URL_BASE}/cmake-${CMAKE_VERSION}-SHA-256.txt \
9298
&& wget -qO cmake-SHA-256.txt.asc ${CMAKE_URL_BASE}/cmake-${CMAKE_VERSION}-SHA-256.txt.asc \
99+
&& echo "verify gpg" \
93100
&& gpg --verify cmake-SHA-256.txt.asc \
101+
&& echo "verify checksum" \
94102
&& sha256sum --ignore-missing --check cmake-SHA-256.txt \
95103
&& tar -xzvf ${CMAKE_TARBALL} --directory=/opt/ \
96104
&& ln -sfn /opt/cmake-${CMAKE_VERSION}-linux-aarch64/bin/* /usr/bin \

0 commit comments

Comments
 (0)