feat: init ubi8-minimal image

Author: hairmare

.dockerignore

@@ -0,0 +1,2 @@
+.github/
+README.md

.github/dependabot.yml

@@ -0,0 +1,16 @@
+
+version: 2
+updates:
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: "feat: "
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: "chore(ci): "
+    open-pull-requests-limit: 10

.github/workflow/release.yaml

@@ -0,0 +1,69 @@
+name: Publish Container Images
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+  pull_request:
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/[email protected]
+
+      - name: Prepare Image Metadata
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            ghcr.io/radiorabe/ubi8-minimal
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v1
+        if: github.event_name != 'pull_request'
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: |
+            name="ubi8-minimal"
+            version=${{ steps.meta.outputs.version }}
+            com.redhat.component="rabe-ubi8-minimal-container"
+            io.k8s.display-name="RaBe Universal Base Image 8 Minimal"
+            io.openshift.expose-services=""
+            io.openshift.tags="minimal rhel8 rabe"
+            org.opencontainers.image.title=${{ github.event.repository.name }}
+            org.opencontainers.image.description=${{ github.event.repository.description }}
+            org.opencontainers.image.url=${{ github.event.repository.html_url }}
+            org.opencontainers.image.source=${{ github.event.repository.html_url }}
+            org.opencontainers.image.version=${{ steps.meta.outputs.version }}
+            org.opencontainers.image.created=${{ steps.meta.outputs.created }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}

.github/workflow/semantic-release.yaml

@@ -0,0 +1,24 @@
+name: Run semantic-release
+
+on:
+  push:
+    branches:
+      - main
+      - master
+      - develop
+
+jobs:
+  semantic-release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/[email protected]
+        with:
+          fetch-depth: 0
+
+      - name: Run go-semantic-release
+        id: semrel
+        uses: go-semantic-release/action@v1
+        with:
+          github-token: ${{ secrets.RABE_ITREAKTION_GITHUB_TOKEN }}
+          allow-initial-development-versions: true

Dockerfile

@@ -0,0 +1,7 @@
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.5-218
+
+LABEL maintainer="Radio Bern RaBe"
+
+# Add RaBe CA trust anchor
+COPY rabe/rabe-ca.crt /etc/pki/ca-trust/source/anchors/
+RUN update-ca-trust extract 

README.md

@@ -0,0 +1,64 @@
+# RaBe Universal Base Image 8 Minimal
+
+The RaBe Universal Base Image 8 Minimal is a stripped down image that uses microdnf as a package.
+
+The image is based on the [Red Hat Universal Base Image 8 Minimal](https://catalog.redhat.com/software/containers/ubi8/ubi-minimal/)
+container provided by Red Hat.
+
+## Features
+
+- Based on UBI8 minimal
+- Uses microdnf as a package manager
+- Establishes Trust with the RaBe Root CA
+
+## Usage
+
+Create a downstream image from this image:
+
+```Dockerfile
+FROM ghcr.io/radiorabe/ubi8-minimal:latest
+
+RUN    microdnf install -y cowsay \
+    && microdnf clean all
+```
+
+## Release Management
+
+The CI/CD setup uses semantic commit messages following the [conventional commits standard](https://www.conventionalcommits.org/en/v1.0.0/).
+There is a GitHub Action in [.github/workflows/semantic-release.yaml](./.github/workflows/semantic-release.yaml)
+that uses [go-semantic-commit](https://go-semantic-release.xyz/) to create new
+releases.
+
+The commit message should be structured as follows:
+
+```
+<type>[optional scope]: <description>
+
+[optional body]
+
+[optional footer(s)]
+```
+
+The commit contains the following structural elements, to communicate intent to the consumers of your library:
+
+1. **fix:** a commit of the type `fix` patches gets released with a PATCH version bump
+1. **feat:** a commit of the type `feat` gets released as a MINOR version bump
+1. **BREAKING CHANGE:** a commit that has a footer `BREAKING CHANGE:` gets released as a MAJOR version bump
+1. types other than `fix:` and `feat:` are allowed and don't trigger a release
+
+If a commit does not contain a conventional commit style message you can fix
+it during the squash and merge operation on the PR.
+
+## Build Process
+
+The CI/CD setup uses the [Docker build-push Action](https://github.com/docker/build-push-action) to publish ocntainer images. This is managed in [.github/workflows/release.yaml](./.github/workflows/release.yaml).
+
+## License
+
+This application is free software: you can redistribute it and/or modify it under
+the terms of the GNU Affero General Public License as published by the Free
+Software Foundation, version 3 of the License.
+
+## Copyright
+
+Copyright (c) 2022 [Radio Bern RaBe](http://www.rabe.ch)

rabe/rabe-ca.crt

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDlTCCAn2gAwIBAgIBATANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKDAtJTlQu
+UkFCRS5DSDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE2MDYy
+MzExNTUzOVoXDTM2MDYyMzExNTUzOVowNjEUMBIGA1UECgwLSU5ULlJBQkUuQ0gx
+HjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMmCtYNSbVHVtmPtq7Ys60NhQd4sMND9uP5IEXlbh2MK
+RfQ4G/jUXlFDsWuNpsMMOj7zveXPwVn5JF+j3YjQXWCeDxfqjsTA0fpDIJnMPydZ
+HOPFr5MSDb8GhWvgfMP7zw5a34DZwk/UGLGsRs0yMp5xg0MtIrAGQb30fA+Sees3
+6J+qDYq3qci6ynWCkrBUiyVtuZaQyjKNbYOiKnVfHwPRCQfUnSjT/GMnKLMaRCNe
+1OPh8Rx/1RorQjbiQogUgnl5EY+LiCKnW38nWZAfpkdiq1srocorq1dnR3GOuiS7
+nz9p9cQuJPvWBKjSjy+KaRFNaJtx1mOOY11EagluaQsCAwEAAaOBrTCBqjAfBgNV
+HSMEGDAWgBQx4/sibdYJdca+q17Q/r02w/uWQTAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBxjAdBgNVHQ4EFgQUMeP7Im3WCXXGvqte0P69NsP7lkEwRwYI
+KwYBBQUHAQEEOzA5MDcGCCsGAQUFBzABhitodHRwOi8vaXBhMDEuc2VydmljZS5p
+bnQucmFiZS5jaDo4MC9jYS9vY3NwMA0GCSqGSIb3DQEBCwUAA4IBAQCPFi1KGans
+7T0U4z/BS97AgiQ1R5qBCVS4XSco7jiLlL3YTl3QQceoZaZuz4P9eizLanukSd0e
+82QI2eSW70KEo9cBG96EHq6zAdOkoilKN4AnGCc7yZ/77FaAjwNfyLXtNM0xH3Iu
+1UPApiNQGnNcP9+cNRUIwFUM3vWuZEAEkG3L0YNROv5dqXzmyg2RznZ4o+4nkZ0N
+ZlAI5dc/YBXor7SjoFtSBs3nib1ikNQ+BoB/I7aNxVxouovwraJMhX0uvQSo3cI9
+ZBG9JD+ZEfngycJUtVF9zh1Kn9znIifWQeJOomw5oG451QO6/IxmvoXPlLrde1YH
+XeAbl7fsKaCr
+-----END CERTIFICATE-----