Geodesic v4

.coderabbit.yaml

@@ -0,0 +1,111 @@
+language: en-US
+tone_instructions: ''
+early_access: true
+enable_free_tier: true
+reviews:
+  profile: chill
+  request_changes_workflow: false
+  high_level_summary: true
+  high_level_summary_placeholder: '@coderabbitai summary'
+  high_level_summary_in_walkthrough: false
+  auto_title_placeholder: '@coderabbitai'
+  auto_title_instructions: ''
+  review_status: true
+  commit_status: true
+  fail_commit_status: false
+  collapse_walkthrough: true
+  changed_files_summary: true
+  sequence_diagrams: false
+  assess_linked_issues: true
+  related_issues: true
+  related_prs: true
+  suggested_labels: false
+  auto_apply_labels: false
+  suggested_reviewers: false
+  poem: false
+  labeling_instructions: []
+  path_filters: []
+  path_instructions: []
+  abort_on_close: true
+  auto_review:
+    enabled: true
+    auto_incremental_review: true
+    ignore_title_keywords: []
+    labels: []
+    drafts: false
+    base_branches: []
+  finishing_touches:
+    docstrings:
+      enabled: true
+  tools:
+    shellcheck:
+      enabled: true
+    ruff: # for Python
+      enabled: false
+    markdownlint:
+      enabled: true
+    github-checks:
+      enabled: true
+      timeout_ms: 90000
+    languagetool:
+      enabled: true
+      enabled_only: false
+      level: default
+    biome: # For JavaScript/TypeScript
+      enabled: false
+    hadolint:
+      enabled: true
+    swiftlint: # For Swift
+      enabled: false
+    phpstan: # For PHP
+      enabled: false
+      level: default
+    golangci-lint: # For Go
+      enabled: false
+    yamllint:
+      enabled: true
+    gitleaks:
+      enabled: true
+    checkov:
+      enabled: true
+    detekt: # For Kotlin
+      enabled: false
+    eslint: # For JavaScript/TypeScript
+      enabled: false
+    rubocop: # For Ruby
+      enabled: false
+    buf: # For Protobuf
+      enabled: false
+    regal: # For Rego
+      enabled: false
+    actionlint:
+      enabled: true
+    pmd: # For Java
+      enabled: false
+    cppcheck: # For C/C++
+      enabled: false
+    semgrep: # Static analysis. CodeRabbit recommends disabling this tool unless you configure specific rules for it.
+      enabled: false
+    circleci: # For CircleCI
+      enabled: false
+chat:
+  auto_reply: true
+  integrations:
+    jira:
+      usage: disabled
+    linear:
+      usage: disabled
+knowledge_base:
+  opt_out: false
+  learnings:
+    scope: auto
+  issues:
+    scope: auto
+  jira:
+    usage: disabled
+    project_keys: []
+  linear:
+    usage: disabled
+    team_keys: []
+  pull_requests:
+    scope: auto

.editorconfig

@@ -1,5 +1,12 @@
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
 [*]
+end_of_line = lf
 insert_final_newline = true
+trim_trailing_whitespace = true
+charset = utf-8
 
 # Override for Makefile
 [{Makefile, makefile, GNUmakefile}]
@@ -13,7 +20,6 @@ indent_size = 4
 [*.yaml]
 indent_style = space
 indent_size = 2
-trim_trailing_whitespace = true
 
 [*.sh]
 indent_style = tab

.github/workflows/docker.yml

@@ -83,8 +83,10 @@ jobs:
           TAGS="$TAGS,${{ env.ECR_REGISTRY }}${{ github.repository }}:latest-${BASE_OS}"
           LATEST_TAGS="$TAGS,${{ github.repository }}:latest"
           LATEST_TAGS="$LATEST_TAGS,${{ env.ECR_REGISTRY }}${{ github.repository }}:latest"
+          echo is_production=yes >> $GITHUB_OUTPUT
         else
           LATEST_TAGS="$TAGS"
+          echo is_production=no >> $GITHUB_OUTPUT
         fi
         printf "Tagging %s with " "${BASE_OS}"
         if [[ "${BASE_OS}" == "$LATEST_TAG_OS" ]]; then
@@ -124,8 +126,8 @@ jobs:
           type=semver,pattern={{version}}
           type=ref,event=pr,prefix=pr-,suffix=-${{matrix.os}}
           type=sha,prefix=sha-,suffix=-${{matrix.os}}
-          type=raw,value=latest,enable=${{ github.event_name == 'release' && github.event.action == 'published' }}
-          type=raw,value=latest,suffix=,enable=${{ github.event_name == 'release' && github.event.action == 'published' && matrix.os == env.LATEST_TAG_OS }}
+          type=raw,value=latest,enable=${{ github.event_name == 'release' && github.event.action == 'published' && github.event.release.prerelease == false && steps.prepare.outputs.is_production == 'yes' }}
+          type=raw,value=latest,suffix=,enable=${{ github.event_name == 'release' && github.event.action == 'published' && github.event.release.prerelease == false  && steps.prepare.outputs.is_production == 'yes' && matrix.os == env.LATEST_TAG_OS }}
 
     - name: Show metadata
       run: |

Dockerfile.custom

@@ -17,7 +17,7 @@
 # We always recommend pinning versions where changes are likely to break things.
 # We put the versions up top here so they are easy to find and update.
 # Find the latest version at https://github.com/cloudposse/geodesic/releases
-ARG VERSION=2.11.0
+ARG VERSION=4.0.0
 # Changing base OS for Geodesic is possible by changing this arg, but
 # unfortunately, the package managers are different, so it is not that simple.
 ARG OS=debian
@@ -45,30 +45,18 @@ ENV AWS_REGION_ABBREVIATION_TYPE=fixed
 ENV AWS_DEFAULT_REGION=us-west-2
 ENV AWS_DEFAULT_SHORT_REGION=uw2
 
-# Install specific versions of Terraform.
-# We patch specific patch versions because Terraform will not operate
-# on Terraform "states" that have been touched by later versions.
-ARG TF_014_VERSION=0.14.10
-ARG TF_015_VERSION=0.15.4
-ARG TF_1_VERSION=1.0.4
-RUN apt-get update && apt-get install -y -u \
-  terraform-0.14="${TF_014_VERSION}-*" terraform-0.15="${TF_015_VERSION}-*" \
-  terraform-1="${TF_1_VERSION}-*"
-# Set Terraform 0.14.x as the default `terraform`. You can still use
-# version 0.15.x by calling `terraform-0.15` or version 1.x as terraform-1
-RUN update-alternatives --set terraform /usr/share/terraform/0.14/bin/terraform
 
 # Pin kubectl minor version (must be within 1 minor version of cluster version)
 # Note, however, that due to Docker layer caching and the structure of this
 # particular Dockerfile, the patch version will not automatically update
 # until you change the minor version or change the base Geodesic version.
 # If you want, you can pin the patch level so you can update it when desired.
-ARG KUBECTL_VERSION=1.20
+ARG KUBECTL_VERSION=1.30
 RUN apt-get update && apt-get install kubectl-${KUBECTL_VERSION}
 
 # Install Atmos CLI (https://github.com/cloudposse/atmos)
 RUN apt-get install atmos
 
 COPY rootfs/ /
 
-WORKDIR /
+WORKDIR /workspace

Dockerfile.options

@@ -31,7 +31,7 @@ ENV MAKE_INCLUDES="Makefile Makefile.*"
 # This is separate so that updating it does not invalidate the Docker cache layer with all the packages installed above
 # https://cloud.google.com/sdk/docs/release-notes
 ARG GOOGLE_CLOUD_CLI_VERSION
-ENV CLOUDSDK_CONFIG=/localhost/.config/gcloud/
+ENV CLOUDSDK_CONFIG=/etc/xdg_config_home/.config/gcloud/
 
 RUN apt-get update && apt-get install -y google-cloud-cli=${GOOGLE_CLOUD_CLI_VERSION}-\*
 
@@ -43,95 +43,3 @@ RUN { gcloud config set core/disable_usage_reporting true --installation && \
 
 
 
-####################################################################################
-# kops support
-# If you are using Cloud Posse's kops reference architecture, you con configure it
-# in your Dockerfile like this (edit as desired)
-
-ENV KOPS_CLUSTER_NAME=example.foo.bar
-
-ENV KOPS_MANIFEST=/conf/kops/manifest.yaml
-ENV KOPS_TEMPLATE=/templates/kops/default.yaml
-ENV KOPS_STATE_STORE s3://undefined
-ENV KOPS_STATE_STORE_REGION us-east-1
-ENV KOPS_FEATURE_FLAGS=+DrainAndValidateRollingUpdate
-
-ENV KOPS_BASTION_PUBLIC_NAME="bastion"
-
-ENV KUBECONFIG=/dev/shm/kubecfg
-ENV KUBECONFIG_TEMPLATE=/templates/kops/kubecfg.yaml
-
-RUN /usr/bin/kops completion bash > /etc/bash_completion.d/kops.sh
-
-# Instance sizes for kops bastion, master nodes, and worker nodes
-ENV BASTION_MACHINE_TYPE "t3.small"
-ENV MASTER_MACHINE_TYPE "t3.medium"
-ENV NODE_MACHINE_TYPE "t3.medium"
-
-# Min/Max number of nodes (aka workers) per region
-ENV NODE_MAX_SIZE 2
-ENV NODE_MIN_SIZE 2
-
-# end of kops support section
-####################################################################################
-
-#### ALPINE ONLY ####
-# Alpine does not include the very common `glibc` GNU C Standard Library, which
-# causes compatibility problems. Among other things, AWS CLI v2 does not work
-# out of the box with Alpine. The following recipe installs `glibc` , and has to be run
-# before installing other packages, particularly `libc6-compat`, and then,
-# because it conflicts, you have to tweak a bit and then install `libc6-compat`.
-# So put this in Dockerfile.alpine after setting up the package repositories
-# but before installing any packages https://github.com/cloudposse/geodesic/blob/91336bf56fb7ff0d9812e01ceacc40ca59a17cce/os/alpine/Dockerfile.alpine#L81
-# (Not verified)
-
-# Install glibc and glibc-bin and the C.UTF-8 locale
-ENV LANG=C.UTF-8
-ARG ALPINE_GLIBC_PACKAGE_VERSION=2.33-r0
-RUN apk update && apk add -u curl && \
-  ALPINE_GLIBC_PACKAGE_VERSION="${ALPINE_GLIBC_PACKAGE_VERSION}" && \
-  curl -sSLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${ALPINE_GLIBC_PACKAGE_VERSION}/glibc-${ALPINE_GLIBC_PACKAGE_VERSION}.apk &&
-  apk add --allow-untrusted glibc-${ALPINE_GLIBC_PACKAGE_VERSION}.apk && rm glibc-${ALPINE_GLIBC_PACKAGE_VERSION}.apk && \
-  curl -sSLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${ALPINE_GLIBC_PACKAGE_VERSION}/glibc-bin-${ALPINE_GLIBC_PACKAGE_VERSION}.apk &&
-  apk add --allow-untrusted glibc-bin-${ALPINE_GLIBC_PACKAGE_VERSION}.apk && rm glibc-bin-${ALPINE_GLIBC_PACKAGE_VERSION}.apk && \
-  curl -sSLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${ALPINE_GLIBC_PACKAGE_VERSION}/glibc-i18n-${ALPINE_GLIBC_PACKAGE_VERSION}.apk &&
-  apk add --allow-untrusted glibc-i18n-${ALPINE_GLIBC_PACKAGE_VERSION}.apk && rm glibc-i18n-${ALPINE_GLIBC_PACKAGE_VERSION}.apk && \
-  /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true && \
-  printf "export LANG=%s\n" "$LANG" > /etc/profile.d/locale.sh && \
-  apk del glibc-i18n && \
-  rm -f /usr/glibc-compat/lib/ld-linux-x86-64.so.2 && \
-  /usr/glibc-compat/sbin/ldconfig
-
-
-# Remove conflicting link, install libc6-compat, restore link to glibc
-RUN mv /lib64/ld-linux-x86-64.so.2 /lib64/glibc-ld-linux-x86-64.so.2 && \
-  apk add --force-overwrite libc6-compat && \
-  rm -f /lib64/ld-linux-x86-64.so.2 && \
-  mv /lib64/glibc-ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2  && \
-  /usr/glibc-compat/sbin/ldconfig
-
-
-# Now you can install packages
-# https://github.com/cloudposse/geodesic/blob/91336bf56fb7ff0d9812e01ceacc40ca59a17cce/os/alpine/Dockerfile.alpine#L81-L88
-
-
-# Now you can move AWS CLI v1 aside, keep it as an alternative, and install AWS CLI v2
-
-# Move AWS CLI v1 to aws1 and set up alternatives
-RUN mv /usr/bin/aws /usr/local/bin/aws1 && \
-    update-alternatives --install /usr/local/bin/aws aws /usr/local/bin/aws1 1
-
-
-# Install AWS CLI 2
-# Get version from https://github.com/aws/aws-cli/blob/v2/CHANGELOG.rst
-# We cannot automatically track the release versions, so we just install the latest
-# ARG AWS_CLI_VERSION=2.1.34
-RUN AWSTMPDIR=$(mktemp -d -t aws-inst-XXXXXXXXXX) && \
-    curl -sSsSL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64${AWS_CLI_VERSION:+-${AWS_CLI_VERSION}}.zip" -o "$AWSTMPDIR/awscliv2.zip" && \
-    cd $AWSTMPDIR && \
-    unzip -qq awscliv2.zip && \
-    ./aws/install -i /usr/share/aws/v2 -b /usr/share/aws/v2/bin && \
-    update-alternatives --install /usr/local/bin/aws aws /usr/share/aws/v2/bin/aws 2 && \
-    rm -rf $AWSTMPDIR
-
-

Makefile

@@ -47,17 +47,22 @@ build: $(DOCKER_BASE_OS).build
 install: $(DOCKER_BASE_OS).install
 
 run:
-	@geodesic
+	@$(APP_NAME)
+
+run/solo:
+	@$(APP_NAME) --solo
 
 %.run: %.build %.install
-	@geodesic
+	@$(APP_NAME)
 
 run/check:
 	@if [[ -n "$$(docker ps --format '{{ .Names }}' --filter name="^/$(APP_NAME)\$$")" ]]; then \
 		printf "**************************************************************************\n" ; \
 		printf "Not launching new container because old container is still running.\n"; \
-		printf "Exit all running container shells gracefully or kill the container with\n\n"; \
-		printf "  docker kill %s\n\n" "$(APP_NAME)" ; \
+		printf "Exit all running container shells gracefully or quit the container with\n\n"; \
+		printf "  %s stop\n\n" "$(APP_NAME)" ; \
+		printf "Then, all new shells will be running in the same new container.\n\n" ; \
+		printf "Alternately, run \`make run/solo\` or \`$(APP_NAME) --solo\` to start a new container.\n" ; \
 		printf "**************************************************************************\n" ; \
 		exit 9 ; \
 	fi