* Update README.md
* We don't want to use the netbox-community pull-request template
* Update container building workflow
* Only build amd64 images
* Add our 'oxcert' branch as equivalent to upstream's 'release' branch
* Tag the version of the container as OxCERT's modification
This is just for the netbox container: the underlying netbox version
will come from upstream
* Build own own images and push to ghcr.io
* Only build amd64 images
* Only push images to GitHub Container Registry for the OxCERT organization
* Refer to our private copy in the GitHub Container Registry ghcr.io
* Use ghcr.io/oxcert/netbox for all netbox images
Build and push to this repo. Read from it with docker-compose
* Make releases relative to the 'oxcert' branch
rather than upstream's 'release' branch. This is a different workflow
than used in any of our other repos, where PRs, changes, etc. are
first merged into a 'develop' branch, and the release process is to
merge accumulated changes into the main 'oxcert' branch.
Tag names for releases should follow whatever upstream is using with
"-oxcert" appended.
* Re-add the pull-request template
But in a very cut-down form. We don't have an issue tracker on this
repo, and we assume the intentions and motivations for any PR will
have been discussed within the team already. We do, however, want all
PRs to be against the 'develop' branch, in parallel to upstream's
workflow.
* On second thoughts, set container version to 1.0.0
This is OxCERT's version 1.0.0 of the containerized Netbox image which
is basically the same as the 2.7.0 netbox-community equivalent.
* Fix typo from upstream
Function should have been called `git_rebase()` rather than
duplicating the name of `git_merge()`
With Debian the Quay.io security checker found several issues in the
image. With Ubuntu we have never versions of all packages and therefore
less (or no) issues.
We now serve Netbox with an nginx-unit instance instead of Gunicorn.
This allows us to get rid of the extra Nginx container because Unit is
also serving the static files. The static files are now collected at container
buildtime instead of every startup.
This checks if the source materials (python image, Netbox commit,
netbox-docker commit) have changed since the last build. This check is done
by comparing the digest and commit ids from the previous image with the
given tag to the current values taken from the Git and Docker repositories.
The checks are only performed for builds by the automated builds on Github.
When we don't set the --label argument on the commandline for all
build variants we lose them in the image.
This also prints out the labes on image push.
It also updates the README and the bug_report template to reflect
the changes. Additionally, in the README some relevant shields from
shields.io are added.
The labels follow [label-schema.org][lsorg] and the [OpenContainer
image spec, section annotations][ocis], specifications.
[lsorg]: http://label-schema.org/rc1/
[ocis]: https://github.com/opencontainers/image-spec/blob/master/annotations.md
This changes the build process even further. Instead
f using `wget` to fetch the current code, `git` is used.
This allows for faster switching between branches,
because only the differences between them have to be
fetched from the server.
But the main advantage is that the build cache can
finally be used as designed by Docker. Repetitive
builds are very fast now. This is also true between
branches and tags, as long as the `requirements.txt`
file doesn't change.
