First commit

.dockerignore

@@ -0,0 +1,3 @@
+*
+!index.html
+!entrypoint.sh

.editorconfig

@@ -0,0 +1,17 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+indent_style = space
+indent_size = 4
+trim_trailing_whitespace = true
+max_line_length = 110
+quote_type = single
+
+[*.{yaml,json5,md,whitesource}]
+indent_size = 2
+
+[Makefile]
+indent_style = tab

.github/renovate.json5

@@ -0,0 +1,74 @@
+{
+  extends: ['config:base'],
+  timezone: 'Europe/Zurich',
+  schedule: 'after 5pm on the first day of the month',
+  labels: ['dependencies'],
+  separateMajorMinor: true,
+  separateMinorPatch: true,
+  prHourlyLimit: 0,
+  prConcurrentLimit: 0,
+  lockFileMaintenance: {
+    enabled: true,
+    automerge: true,
+    schedule: 'after 5pm on the first day of the month',
+  },
+  'pre-commit': { enabled: true },
+  regexManagers: [
+    /** Do updates on pre-commit additional dependencies */
+    {
+      fileMatch: ['^\\.pre\\-commit\\-config\\.yaml$'],
+      matchStrings: [" +- '?(?<depName>[^' @=]+)(@|==)(?<currentValue>[^' @=]+)'? # (?<datasource>.+)"],
+    },
+    /** Do update on the schema present in the ci/config.yaml */
+    {
+      fileMatch: ['^ci/config\\.yaml$'],
+      matchStrings: [
+        '.*https://raw\\.githubusercontent\\.com/(?<depName>[^\\s]+)/(?<currentValue>[0-9\\.]+)/.*',
+      ],
+      datasourceTemplate: 'github-tags',
+    },
+  ],
+  packageRules: [
+    /** Docker images versioning */
+    {
+      matchDatasources: ['docker'],
+      versioning: 'loose',
+    },
+    /** Auto merge the dev dependency update */
+    {
+      matchDepTypes: ['devDependencies'],
+      automerge: true,
+    },
+    /** Group and auto merge the patch updates */
+    {
+      matchUpdateTypes: ['patch'],
+      groupName: 'all patch versions',
+      automerge: true,
+    },
+    /** Group and auto merge the minor updates */
+    {
+      matchUpdateTypes: ['minor'],
+      groupName: 'all minor versions',
+      automerge: true,
+    },
+    /** Accept only the patch on stabilization branches */
+    {
+      matchBaseBranches: [
+        '/^[0-9]+\\.[0-9]+$/',
+      ],
+      matchUpdateTypes: ['major', 'minor', 'pin', 'digest', 'lockFileMaintenance', 'rollback', 'bump'],
+      enabled: false,
+    },
+    /** Support the 4 parts of shellcheck-py version with a v prefix */
+    {
+      versioning: 'regex:^v(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)\\.(?<build>\\d+)$',
+      matchDepNames: ['shellcheck-py/shellcheck-py'],
+    },
+    /** Group and auto merge the CI dependencies */
+    {
+      matchFileNames: ['.github/**', '.pre-commit-config.yaml', 'ci/**'],
+      groupName: 'CI dependencies',
+      automerge: true,
+    },
+  ],
+}

.github/workflows/backport.yaml

@@ -0,0 +1,22 @@
+name: Backport
+
+on:
+  pull_request:
+    types:
+      - closed
+      - labeled
+
+env:
+  HAS_SECRETS: ${{ secrets.HAS_SECRETS }}
+
+jobs:
+  backport:
+    name: Backport
+    runs-on: ubuntu-22.04
+    timeout-minutes: 5
+
+    steps:
+      - uses: camptocamp/backport-action@master
+        with:
+          token: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}
+        if: env.HAS_SECRETS == 'HAS_SECRETS'

.github/workflows/main.yaml

@@ -0,0 +1,67 @@
+name: Continuous integration
+
+on:
+  push:
+    branches:
+      - master
+      - '[0-9]+.[0-9]'
+    tags:
+      - '*'
+  pull_request:
+
+env:
+  HAS_SECRETS: ${{ secrets.HAS_SECRETS }}
+
+jobs:
+  main:
+    name: Continuous integration
+    runs-on: ubuntu-22.04
+    timeout-minutes: 40
+    if: "!startsWith(github.event.head_commit.message, '[skip ci] ')"
+
+    steps:
+      # Versions
+      - run: docker system prune --all --force
+      - run: docker --version
+      - uses: actions/checkout@v4
+
+      - uses: camptocamp/initialise-gopass-summon-action@v2
+        with:
+          ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
+          github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
+          patterns: docker
+        if: env.HAS_SECRETS == 'HAS_SECRETS'
+
+      - run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH}
+      - run: python3 -m pip install --user --requirement=ci/requirements.txt
+
+      - uses: actions/cache@v4
+        with:
+          path: ~/.cache/pre-commit
+          key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+          restore-keys: "pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}\npre-commit-"
+      - run: pre-commit run --all-files
+      - run: git diff --exit-code --patch > /tmp/pre-commit.patch || true
+        if: failure()
+      - uses: actions/upload-artifact@v4
+        with:
+          name: Apply pre-commit fix.patch
+          path: /tmp/pre-commit.patch
+          retention-days: 1
+        if: failure()
+      - name: Print environment information
+        run: c2cciutils-env
+
+      - run: make build
+
+      - name: Publish
+        run: c2cciutils-publish
+        if: env.HAS_SECRETS == 'HAS_SECRETS'
+      - run: git diff --exit-code --patch > /tmp/dpkg-versions.patch || true
+        if: failure()
+      - uses: actions/upload-artifact@v4
+        with:
+          name: Update dpkg versions list.patch
+          path: /tmp/dpkg-versions.patch
+          retention-days: 1
+        if: failure()

.github/workflows/pull-request-automation.yaml

@@ -0,0 +1,51 @@
+name: Auto reviews, merge and close pull requests
+
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  auto-merge:
+    name: Auto reviews pull requests from bots
+    runs-on: ubuntu-22.04
+    timeout-minutes: 5
+
+    steps:
+      - name: Print event
+        run: echo "${GITHUB}" | jq
+        env:
+          GITHUB: ${{ toJson(github) }}
+      - name: Print context
+        uses: actions/github-script@v7
+        with:
+          script: |-
+            console.log(context);
+      - name: Auto reviews GHCI updates
+        uses: actions/github-script@v7
+        with:
+          script: |-
+            github.rest.pulls.createReview({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.payload.pull_request.number,
+              event: 'APPROVE',
+            })
+        if: |-
+          startsWith(github.head_ref, 'ghci/audit/')
+          && (github.event.pull_request.user.login == 'geo-ghci-test[bot]'
+            || github.event.pull_request.user.login == 'geo-ghci-int[bot]'
+            || github.event.pull_request.user.login == 'geo-ghci[bot]')
+      - name: Auto reviews Renovate updates
+        uses: actions/github-script@v7
+        with:
+          script: |-
+            github.rest.pulls.createReview({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.payload.pull_request.number,
+              event: 'APPROVE',
+            })
+        if: |-
+          github.event.pull_request.user.login == 'renovate[bot]'

.hadolint.yaml

@@ -0,0 +1,3 @@
+ignored:
+  - DL3003 # Use WORKDIR to switch to a directory
+  - DL3008 # Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`

.pre-commit-config.yaml

@@ -0,0 +1,100 @@
+repos:
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: v3.1.0
+    hooks:
+      - id: prettier
+        additional_dependencies:
+          - prettier@2.8.4
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: detect-private-key
+      - id: check-merge-conflict
+      - id: check-ast
+      - id: debug-statements
+      - id: check-toml
+      - id: check-yaml
+      - id: check-json
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: mixed-line-ending
+  - repo: https://github.com/sbrunner/hooks
+    rev: 1.0.0
+    hooks:
+      - id: copyright
+      - id: poetry-check
+        additional_dependencies:
+          - poetry==1.8.3 # pypi
+        exclude: ^pyproject.toml$
+      - id: poetry-lock
+        additional_dependencies:
+          - poetry==1.8.3 # pypi
+        exclude: ^pyproject.toml$
+  - repo: https://github.com/codespell-project/codespell
+    rev: v2.3.0
+    hooks:
+      - id: codespell
+        exclude: |-
+          (?x)(
+            (.*/)?poetry\.lock
+            |.github/changelog-generator-cache/.*
+          )
+  - repo: https://github.com/shellcheck-py/shellcheck-py
+    rev: v0.10.0.1
+    hooks:
+      - id: shellcheck
+  - repo: https://github.com/jumanjihouse/pre-commit-hooks
+    rev: 3.0.0
+    hooks:
+      - id: git-check
+  - repo: https://github.com/python-jsonschema/check-jsonschema
+    rev: 0.29.1
+    hooks:
+      - id: check-github-actions
+      - id: check-github-workflows
+      - id: check-jsonschema
+        name: Check GitHub Workflows set timeout-minutes
+        files: ^\.github/workflows/[^/]+$
+        types:
+          - yaml
+        args:
+          - --builtin-schema
+          - github-workflows-require-timeout
+      - id: check-renovate
+        additional_dependencies:
+          - pyjson5==1.6.6 # pypi
+  - repo: https://github.com/sirwart/ripsecrets
+    rev: v0.1.8
+    hooks:
+      - id: ripsecrets
+  - repo: https://github.com/PyCQA/autoflake
+    rev: v2.3.1
+    hooks:
+      - id: autoflake
+  - repo: https://github.com/asottile/pyupgrade
+    rev: v3.17.0
+    hooks:
+      - id: pyupgrade
+        args:
+          - --py39-plus
+  - repo: https://github.com/PyCQA/isort
+    rev: 5.13.2
+    hooks:
+      - id: isort
+  - repo: https://github.com/psf/black
+    rev: 24.4.2
+    hooks:
+      - id: black
+  - repo: https://github.com/sbrunner/jsonschema-validator
+    rev: 0.1.0
+    hooks:
+      - id: jsonschema-validator
+        files: ^ci/config\.yaml$
+ci:
+  autoupdate_schedule: quarterly
+  skip:
+    - copyright
+    - poetry-check
+    - poetry-lock
+    - ripsecrets
+    - jsonschema-validator

Dockerfile

@@ -0,0 +1,19 @@
+FROM ubuntu:24.04
+
+RUN --mount=type=cache,target=/var/lib/apt/lists \
+    --mount=type=cache,target=/var/cache,sharing=locked \
+    --mount=type=cache,target=/root/.cache \
+  apt-get update && \
+  apt-get upgrade && \
+  apt-get install --yes --no-install-recommends netcat
+
+COPY index.html /app/index.html
+COPY entrypoint.sh /usr/bin/entrypoint.sh
+
+ENV PORT=80 \
+    RESPONSE_CODE=200 \
+    TITLE="Maintenance" \
+    HEADLINE="Maintenance" \
+    MESSAGE="This application is in maintenance mode"
+
+CMD ["/usr/bin/entrypoint.sh"]

LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2015-2023, Camptocamp SA
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.