General Fixes

.github/FUNDING.yml

@@ -1,12 +1,3 @@
-# These are supported funding model platforms
-
-github: [willfarrell]# Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
+github: [SimplicityGuy]
+ko_fi: robertwlodarczyk
+custom: [paypal.me/RWlodarczyk]

.github/dependabot.yml

@@ -0,0 +1,45 @@
+---
+version: 2
+updates:
+  # GitHub Actions dependencies
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "America/Los_Angeles"
+    commit-message:
+      prefix: "ci"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "ci"
+    assignees:
+      - "SimplicityGuy"
+    groups:
+      actions:
+        patterns:
+          - "*"
+
+  # Docker base images
+  # Monitors Dockerfile for base image updates (docker:dind-alpine)
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "America/Los_Angeles"
+    commit-message:
+      prefix: "docker"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "docker"
+    assignees:
+      - "SimplicityGuy"
+    groups:
+      docker-images:
+        patterns:
+          - "*"

.github/workflows/build.yml

@@ -1,49 +1,78 @@
-name: build
+---
+name: Build
 
 on:
+  workflow_dispatch:
   push:
     branches:
       - main
-    tags:
-      - '*'
+  pull_request:
+    branches:
+      - main
   schedule:
-    - cron: '0 0 * * *'
+    - cron: '0 1 * * 6'
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.actor }}/crontab
 
 jobs:
-  multi:
+  build-crontab:
     runs-on: ubuntu-latest
+    timeout-minutes: 90
+
+    permissions:
+      contents: read
+      packages: write
+
     steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-      -
-        name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v1
+      - name: Checkout repository.
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+
+      - name: Log in to the GitHub Container Registry.
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
         with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GHCR_TOKEN }}
 
-      - if: github.ref == 'refs/heads/main'
-        name: Conditional(Set tag as `latest`)
-        run: echo "tag=willfarrell/crontab:latest" >> $GITHUB_ENV
+      - name: Extract metadata (tags, labels) for Docker.
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=branch
+            type=ref,event=pr
+            type=schedule,pattern={{date 'YYYYMMDD'}}
 
-      - if: startsWith(github.ref, 'refs/tags/')
-        name: Conditional(Set tag as `{version}`)
-        run: echo "tag=willfarrell/crontab:${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+      - name: Set up QEMU.
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx.
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6
 
-      -
-        name: Build and push
-        uses: docker/build-push-action@v2
+      - name: Build and push Docker image to GitHub Container Registry.
+        uses: docker/build-push-action@v6
         with:
           context: .
-          file: ./Dockerfile
-          push: true
-          tags: |
-            ${{ env.tag }}
+          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          provenance: true
+          sbom: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Send notification to Discord.
+        uses: sarisia/actions-status-discord@b8381b25576cb341b2af39926ab42c5056cc44ed # v1.15.5
+        if: always()
+        with:
+          webhook: ${{ secrets.DISCORD_WEBHOOK }}

.github/workflows/cleanup-cache.yaml

@@ -0,0 +1,36 @@
+---
+name: Cleanup Cache
+
+on:
+  pull_request:
+    types:
+      - closed
+
+concurrency:
+  group: cleanup-cache-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      actions: write
+    steps:
+      - name: 🧹 Cleanup Cache
+        run: |
+          echo "Fetching list of cache keys"
+          cacheKeysForPR=$(gh cache list --ref "$BRANCH" --limit 100 --json id --jq ".[].id")
+
+          ## Setting this to not fail the workflow while deleting cache keys.
+          set +e
+          echo "Deleting caches..."
+          for cacheKey in $cacheKeysForPR
+          do
+              gh cache delete "$cacheKey"
+          done
+          echo "Done"
+        env:
+          GH_TOKEN: ${{ github.token }}
+          GH_REPO: ${{ github.repository }}
+          BRANCH: refs/pull/${{ github.event.pull_request.number }}/merge

.github/workflows/cleanup-images.yml

@@ -0,0 +1,29 @@
+---
+name: Cleanup Docker Images
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 0 15 * *"  # Monthly on the 15th at midnight UTC
+
+concurrency:
+  group: cleanup-images
+  cancel-in-progress: false
+
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      packages: write  # Required to delete packages
+      contents: read
+    steps:
+      - name: 🧹 Cleanup Docker Images
+        uses: dataaxiom/ghcr-cleanup-action@cd0cdb900b5dbf3a6f2cc869f0dbb0b8211f50c4  # v1.0.16
+        with:
+          package: crontab
+          delete-partial-images: true
+          delete-untagged: true
+          keep-n-tagged: 2
+          older-than: 30 days
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/update-dependencies.yml

@@ -0,0 +1,93 @@
+---
+name: Update Dependencies
+
+on:
+  schedule:
+    - cron: '0 9 * * 1' # Weekly on Mondays at 9am UTC
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-base-image:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository.
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx.
+        uses: docker/setup-buildx-action@v3
+
+      - name: Check for base image updates.
+        id: check-updates
+        run: |
+          # Get current base images from Dockerfile
+          BUILDER_IMAGE=$(grep "^FROM alpine:latest AS builder" Dockerfile | awk '{print $2}')
+          RELEASE_IMAGE=$(grep "^FROM docker:.* AS release" Dockerfile | awk '{print $2}')
+
+          echo "Current builder image: $BUILDER_IMAGE"
+          echo "Current release image: $RELEASE_IMAGE"
+
+          # Pull latest versions
+          docker pull "$BUILDER_IMAGE" --quiet
+          docker pull "$RELEASE_IMAGE" --quiet
+
+          # Get digests
+          BUILDER_DIGEST=$(docker inspect --format='{{.RepoDigests}}' "$BUILDER_IMAGE" | grep -oP 'sha256:[a-f0-9]{64}' | head -1)
+          RELEASE_DIGEST=$(docker inspect --format='{{.RepoDigests}}' "$RELEASE_IMAGE" | grep -oP 'sha256:[a-f0-9]{64}' | head -1)
+
+          echo "builder_digest=$BUILDER_DIGEST" >> $GITHUB_OUTPUT
+          echo "release_digest=$RELEASE_DIGEST" >> $GITHUB_OUTPUT
+
+          # Check if we need to rebuild
+          if [ -z "$BUILDER_DIGEST" ] || [ -z "$RELEASE_DIGEST" ]; then
+            echo "updates_available=true" >> $GITHUB_OUTPUT
+          else
+            echo "updates_available=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Build test image.
+        if: steps.check-updates.outputs.updates_available == 'true'
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: false
+          tags: test-image:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Create Pull Request.
+        if: steps.check-updates.outputs.updates_available == 'true'
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: 'chore(deps): update base image dependencies'
+          title: 'chore(deps): update base image dependencies'
+          body: |
+            ## Automated Base Image Update
+
+            This PR updates the base Docker images to their latest versions.
+
+            ### Changes
+            - Builder image digest: `${{ steps.check-updates.outputs.builder_digest }}`
+            - Release image digest: `${{ steps.check-updates.outputs.release_digest }}`
+
+            ### Testing
+            - Build test completed successfully
+            - Please review and test the updated images before merging
+
+            ---
+            *This PR was automatically generated by the update-dependencies workflow.*
+          branch: chore/update-base-images
+          delete-branch: true
+          assignees: SimplicityGuy
+          labels: dependencies,automated,docker
+
+      - name: Send notification to Discord.
+        uses: sarisia/actions-status-discord@b8381b25576cb341b2af39926ab42c5056cc44ed # v1.15.5
+        if: always()
+        with:
+          webhook: ${{ secrets.DISCORD_WEBHOOK }}

.gitignore

@@ -1,6 +1,10 @@
 .idea
 *.iml
-
-config.json
 .vscode
 .DS_Store
+
+config.json
+config.working.json
+
+jobs/
+projects/

.pre-commit-config.yaml

@@ -0,0 +1,32 @@
+---
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: 3e8a8703264a2f4a69428a0aa4dcb512790b2c8c  # frozen: v6.0.0
+    hooks:
+      - id: check-added-large-files
+      - id: check-executables-have-shebangs
+      - id: check-merge-conflict
+      - id: check-shebang-scripts-are-executable
+      - id: check-yaml
+      - id: detect-aws-credentials
+      - id: detect-private-key
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
+      - id: trailing-whitespace
+
+  - repo: https://github.com/python-jsonschema/check-jsonschema
+    rev: b035497fb64e3f9faa91e833331688cc185891e6  # frozen: 0.36.0
+    hooks:
+      - id: check-github-workflows
+
+  - repo: https://github.com/executablebooks/mdformat
+    rev: 2d496dbc18e31b83a1596685347ffe0b6041daf0  # frozen: 1.0.0
+    hooks:
+      - id: mdformat
+        additional_dependencies:
+          - mdformat-gfm
+
+  - repo: https://github.com/hadolint/hadolint
+    rev: 4e697ba704fd23b2409b947a319c19c3ee54d24f  # frozen: v2.14.0
+    hooks:
+      - id: hadolint