[pull] master from bitnami:master

.github/actions/build/action.yml

@@ -1,20 +1,13 @@
 inputs:
   dist:
     description: 'Dist to build'
-    default: 'buster'
+    default: 'bookworm'
   platform:
     description: 'Platform to build'
     default: 'amd64'
   is_latest:
     description: The created dist is also latest
     default: false
-  build_snapshot:
-    description: Build snapshot build
-    default: false
-outputs:
-  snapshot-id:
-    description: "Created snapshot id if requested to build it"
-    value: ${{ steps.snapshot-id.outputs.snapshot-id }}
 runs:
   using: "composite"
   steps:
@@ -26,66 +19,21 @@ runs:
       shell: bash
     - run: sudo make .installed-requirements
       shell: bash
-    - name: Install gcloud
-      run: |
-        if ! command -v gcloud &> /dev/null
-          then
-            echo "Installing gcloud"
-            echo "deb https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
-            curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
-
-            apt-get update
-            apt-get install -y google-cloud-sdk
-        else
-            echo "gcloud is installed"
-        fi
-      shell: bash
     - name: "Install QEMU"
       run: |
         set -x
         if [[ "${{ inputs.platform }}" == "arm64" ]]; then
           echo "Installing QEMU"
-          # qemu-user-static fails with segfaults building bullseye
-          # We will revisit this when 20.10 is allowed as build slave on GitHub Actions
-          # https://bugs.launchpad.net/qemu/+bug/1749393
-          # https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1928075
-          if [[ "${{ inputs.dist }}" == "bullseye" ]]; then
-            sudo tee /etc/apt/preferences.d/qemu <<EOF
-        Package: *
-        Pin: release n=focal
-        Pin-Priority: 900
-        Package: *
-        Pin: release n=hirsute
-        Pin-Priority: 400
-        EOF
-            sudo tee /etc/apt/sources.list.d/hirsute.list <<EOF
-        deb http://archive.ubuntu.com/ubuntu hirsute universe
-        deb http://archive.ubuntu.com/ubuntu hirsute-updates universe
-        deb http://security.ubuntu.com/ubuntu hirsute-security universe
-        EOF
-            sudo apt-get update -qq && sudo apt-get install -y -t hirsute qemu-user-static
-          else
-            sudo apt-get update -qq && sudo apt-get install -y qemu-user-static
-          fi
+          sudo apt-get update -qq && sudo apt-get install -y qemu-user-static
         else
-            echo "QEMU is not required for platform ${{ inputs.platform }}"
-        fi
-      shell: bash
-    - name: Build snapshot id
-      id: snapshot-id
-      run: |
-        if ${{ inputs.build_snapshot }} ; then
-           echo "::set-output name=snapshot-id::$(./snapshot_id)"
+          echo "QEMU is not required for platform ${{ inputs.platform }}"
         fi
       shell: bash
     - name: "Build image"
       run: |
         set -x
         echo Building  ${{ inputs.dist }} - ${{ inputs.platform }}
         sudo -E bash -x buildone "${{ inputs.dist }}" "${{ inputs.platform }}"
-        if ${{ inputs.build_snapshot }} ; then
-             sudo -E bash -x buildone_snapshot "${{ inputs.dist }}" "${{ steps.snapshot-id.outputs.snapshot-id }}" "${{ inputs.platform }}"
-        fi
         if ${{ inputs.is_latest }} ; then
           BASENAME=${BASENAME:?Undefined or empty BASENAME}
           echo "Tagging latest"

.github/dependabot.yml

@@ -0,0 +1,10 @@
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+
+version: 2
+# Check for updates to GitHub Actions every week
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/cd.yml

@@ -0,0 +1,118 @@
+name: CD
+
+# Controls when the action will run.
+on:
+  # Triggers the workflow on push on the master branch
+  push:
+    branches:
+      - master
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+  schedule:
+    - cron:  '0 0 * * *'
+# Remove all permissions by default
+permissions: {}
+env:
+  BASENAME: bitnami/minideb
+  LATEST: bookworm
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  shellcheck:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-22.04
+    if: github.event_name != 'schedule' || github.repository == 'bitnami/minideb'
+    name: Shellcheck
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+      - name: Install Dependencies
+        run: |
+          sudo apt-get -qq update
+          sudo apt-get install -y shellcheck
+      - name: Verify scripts with shellcheck
+        run: |
+          bash shellcheck
+  build_multiarch:
+    runs-on: ubuntu-22.04
+    needs: [ shellcheck ]
+    strategy:
+      matrix:
+        dist: [bullseye, bookworm]
+        arch: [amd64, arm64]
+    name: Build ${{ matrix.dist }} on ${{ matrix.arch }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+      - name: Use local build action
+        id: build
+        uses: ./.github/actions/build
+        with:
+          dist: "${{ matrix.dist }}"
+          platform: "${{ matrix.arch }}"
+          is_latest: ${{ matrix.dist == env.LATEST }}
+      - name: Push to DockerHUB
+        if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master'
+        env:
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+          DOCKER_REGISTRY: docker.io
+          DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }}
+          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
+        run: |
+          bash pushone "${{ matrix.dist }}" "${{ matrix.arch }}"
+          if ${{ matrix.dist == env.LATEST }} ; then
+             bash pushone "latest" "${{ matrix.arch }}"
+          fi
+      - name: Push to AWS
+        if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master'
+        env:
+          DOCKER_USERNAME: AWS
+          DOCKER_REGISTRY: public.ecr.aws
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PUBLIC_GALLERY_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PUBLIC_GALLERY_SECRET_KEY }}
+        run: |
+          # AWS login
+          export DOCKER_PASSWORD="$(aws ecr-public get-login-password --region us-east-1)"
+          bash pushone "${{ matrix.dist }}" "${{ matrix.arch }}"
+          if ${{ matrix.dist == env.LATEST }} ; then
+             bash pushone "latest" "${{ matrix.arch }}"
+          fi
+  deploy_manifests:
+    runs-on: ubuntu-22.04
+    needs: [ build_multiarch ]
+    if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master'
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+      - name: Push Manifests to DockerHUB
+        env:
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+          DOCKER_REGISTRY: docker.io
+        run: |
+          DISTS="bullseye bookworm latest" bash pushmanifest
+      - name: Push Manifests to AWS
+        env:
+          DOCKER_USERNAME: AWS
+          DOCKER_REGISTRY: public.ecr.aws
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PUBLIC_GALLERY_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PUBLIC_GALLERY_SECRET_KEY }}
+        run: |
+          # AWS login
+          export DOCKER_PASSWORD="$(aws ecr-public get-login-password --region us-east-1)"
+          DISTS="bullseye bookworm latest" bash pushmanifest
+  # If the CI Pipeline does not succeed we should notify the interested agents
+  notify:
+    name: Send notification
+    needs:
+      - build_multiarch
+      - deploy_manifests
+    if: ${{ always() && github.repository == 'bitnami/minideb' && (needs.build_multiarch.result == 'failure' || needs.deploy_manifests.result == 'failure') }}
+    uses: bitnami/support/.github/workflows/gchat-notification.yml@main
+    with:
+      workflow: ${{ github.workflow }}
+      job-url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+    secrets:
+      webhook-url: ${{ secrets.GCHAT_CONTENT_ALERTS_WEBHOOK_URL }}

.github/workflows/ci.yml

@@ -0,0 +1,47 @@
+name: CI
+
+# Controls when the action will run.
+on:
+  # Triggers the workflow on pull request events
+  pull_request:
+# Remove all permissions by default
+permissions: {}
+env:
+  BASENAME: bitnami/minideb
+  LATEST: bookworm
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  shellcheck:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-22.04
+    name: Shellcheck
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+      - name: Install Dependencies
+        run: |
+          sudo apt-get -qq update
+          sudo apt-get install -y shellcheck
+      - name: Verify scripts with shellcheck
+        run: |
+          bash shellcheck
+  build_multiarch:
+    runs-on: ubuntu-22.04
+    needs: [ shellcheck ]
+    strategy:
+      matrix:
+        dist: [bullseye, bookworm]
+        arch: [amd64, arm64]
+    name: Build ${{ matrix.dist }} on ${{ matrix.arch }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+      - name: Use local build action
+        id: build
+        uses: ./.github/actions/build
+        with:
+          dist: "${{ matrix.dist }}"
+          platform: "${{ matrix.arch }}"
+          is_latest: ${{ matrix.dist == env.LATEST }}

.github/workflows/clossing-issues.yml

@@ -0,0 +1,23 @@
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+
+# NOTE: This workflow is maintained in the https://github.com/bitnami/support repository
+name: '[Support] Close Solved issues'
+on:
+  schedule:
+    # Hourly
+    - cron: '0 * * * *'
+# Remove all permissions by default. Actions are performed by Bitnami Bot
+permissions: {}
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    if: ${{ github.repository_owner == 'bitnami' }}
+    steps:
+      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639
+        with:
+          any-of-labels: 'solved'
+          stale-issue-label: 'solved'
+          days-before-stale: 0
+          days-before-close: 0
+          repo-token: ${{ secrets.BITNAMI_SUPPORT_BOARD_TOKEN }}

.github/workflows/comments.yml

@@ -0,0 +1,21 @@
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+
+# NOTE: This workflow is maintained in the https://github.com/bitnami/support repository
+name: '[Support] Comments based card movements'
+on:
+  issue_comment:
+    types:
+      - created
+permissions:
+  contents: read
+  pull-requests: write
+  issues: write
+# Avoid concurrency over the same issue
+concurrency:
+  group: card-movement-${{ github.event.issue.number }}
+jobs:
+  call-comments-workflow:
+    if: ${{ github.repository_owner == 'bitnami' }}
+    uses: bitnami/support/.github/workflows/comment-created.yml@main
+    secrets: inherit