v0.2.1

Use bake-action instead of build-and-push action.

.gitea/workflows/ci.yaml

@@ -20,16 +20,16 @@ jobs:
       contents: write
     steps:
       - name: Login to Docker
-        uses: docker/login-action@v3
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           username: ${{ vars.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Ruby Setup
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # v1.235.0
         with:
           ruby-version: '3.4'
           bundler-cache: true
@@ -45,10 +45,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Test
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # v1.235.0
         with:
           ruby-version: '3.4'
           bundler-cache: true
@@ -66,9 +66,11 @@ jobs:
     defaults:
       run:
         shell: bash
+    outputs:
+      metadata: ${{ steps.output.outputs.metadata }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0 # all history for all branches and tags
 
@@ -83,12 +85,28 @@ jobs:
           printf "GITHUB_SHA=%s\n" "$GITHUB_SHA"
           printf "VERSION=%s\n" "$VERSION" | tee -a "$GITHUB_OUTPUT"
 
-      - name: Docker meta
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+
+      - name: Login to Gitea registry
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          registry: git.kill0.net
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Docker meta (debian)
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
         with:
           images: |
             git.kill0.net/ryanc/kubernaut
+          flavor: |
+            latest=auto
+          bake-target: docker-metadata-action
           tags: |
             type=schedule
             type=ref,event=branch
@@ -98,25 +116,36 @@ jobs:
             type=semver,pattern={{major}}
             type=sha
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to Gitea registry
-        uses: docker/login-action@v3
+      - name: Docker meta (alpine)
+        id: meta-alpine
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
         with:
-          registry: git.kill0.net
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
+          images: |
+            git.kill0.net/ryanc/kubernaut
+          bake-target: docker-metadata-action-alpine
+          flavor: |
+            latest=auto
+            suffix=-alpine,onlatest=true
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
 
       - name: Docker build and push
-        uses: docker/build-push-action@v5
+        uses: docker/bake-action@76f9fa3a758507623da19f6092dc4089a7e61592 # v6.6.0
         with:
           push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          files: |
+            ./docker-bake.hcl
+            cwd://${{ steps.meta.outputs.bake-file }}
+            cwd://${{ steps.meta-alpine.outputs.bake-file }}
 
       - name: Setup Helm
-        uses: azure/setup-helm@v4.3.0
+        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
 
       - name: Publish Helm chart
         if: ${{ contains(github.ref, 'refs/tags/') }}

Dockerfile

@@ -1,40 +0,0 @@
-FROM ruby:alpine AS base
-
-WORKDIR /app
-
-RUN <<EOT
-  gem update --system --no-document
-  gem install -N bundler
-  apk update
-  apk upgrade --no-cache
-EOT
-
-
-FROM base AS build
-
-RUN <<EOT
-  apk add gcc musl-dev ruby-dev make
-EOT
-
-COPY Gemfile* .
-
-RUN <<EOT
-  bundle config set --local without development
-  bundle install
-EOT
-
-
-FROM base
-
-# RUN useradd ruby --home /app --shell /bin/sh
-RUN adduser ruby -h /app -D
-
-USER ruby:ruby
-
-COPY --from=build /usr/local/bundle /usr/local/bundle
-COPY --from=build --chown=ruby:ruby /app /app
-
-COPY --chown=ruby:ruby . .
-
-EXPOSE 4567
-CMD [ "bundle", "exec", "rackup", "--host", "0.0.0.0", "--port", "4567" ]

Gemfile

@@ -3,7 +3,6 @@ source "https://rubygems.org"
 gem "sinatra"
 gem "sinatra-contrib"
 gem "puma"
-gem "rackup"
 
 gem "anyflake"
 gem "ksuid"

Gemfile.lock

@@ -5,13 +5,13 @@ GEM
     ast (2.4.3)
     base64 (0.2.0)
     bigdecimal (3.1.9)
-    csv (3.3.3)
+    csv (3.3.4)
     diff-lcs (1.6.1)
     httparty (0.23.1)
       csv
       mini_mime (>= 1.0.0)
       multi_xml (>= 0.5.2)
-    json (2.10.2)
+    json (2.11.3)
     jwt (2.10.1)
       base64
     ksuid (1.0.0)
@@ -27,15 +27,15 @@ GEM
       ruby2_keywords (~> 0.0.1)
     nanoid (2.0.0)
     nio4r (2.7.4)
-    parallel (1.26.3)
-    parser (3.3.7.4)
+    parallel (1.27.0)
+    parser (3.3.8.0)
       ast (~> 2.4.1)
       racc
     prism (1.4.0)
     puma (6.6.0)
       nio4r (~> 2.0)
     racc (1.8.1)
-    rack (3.1.12)
+    rack (3.1.13)
     rack-protection (4.1.1)
       base64 (>= 0.1.0)
       logger (>= 1.6.0)
@@ -45,8 +45,6 @@ GEM
       rack (>= 3.0.0)
     rack-test (2.2.0)
       rack (>= 1.3)
-    rackup (2.2.1)
-      rack (>= 3)
     rainbow (3.1.1)
     rake (13.2.1)
     rbs (3.9.2)
@@ -65,7 +63,7 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-support (3.13.2)
-    rubocop (1.73.2)
+    rubocop (1.75.4)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -73,17 +71,17 @@ GEM
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 2.9.3, < 3.0)
-      rubocop-ast (>= 1.38.0, < 2.0)
+      rubocop-ast (>= 1.44.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.43.0)
+    rubocop-ast (1.44.1)
       parser (>= 3.3.7.2)
       prism (~> 1.4)
-    rubocop-performance (1.24.0)
+    rubocop-performance (1.25.0)
       lint_roller (~> 1.1)
-      rubocop (>= 1.72.1, < 2.0)
+      rubocop (>= 1.75.0, < 2.0)
       rubocop-ast (>= 1.38.0, < 2.0)
-    ruby-lsp (0.23.13)
+    ruby-lsp (0.23.15)
       language_server-protocol (~> 3.17.0)
       prism (>= 1.2, < 2.0)
       rbs (>= 3, < 4)
@@ -103,19 +101,19 @@ GEM
       rack-protection (= 4.1.1)
       sinatra (= 4.1.1)
       tilt (~> 2.0)
-    sorbet-runtime (0.5.11971)
-    standard (1.47.0)
+    sorbet-runtime (0.5.12043)
+    standard (1.49.0)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.0)
-      rubocop (~> 1.73.0)
+      rubocop (~> 1.75.2)
       standard-custom (~> 1.0.0)
-      standard-performance (~> 1.7)
+      standard-performance (~> 1.8)
     standard-custom (1.0.2)
       lint_roller (~> 1.0)
       rubocop (~> 1.50)
-    standard-performance (1.7.0)
+    standard-performance (1.8.0)
       lint_roller (~> 1.1)
-      rubocop-performance (~> 1.24.0)
+      rubocop-performance (~> 1.25.0)
     tilt (2.6.0)
     ulid (1.4.0)
     unicode-display_width (3.1.4)
@@ -138,7 +136,6 @@ DEPENDENCIES
   nanoid
   puma
   rack-test
-  rackup
   rake
   rspec
   ruby-lsp
@@ -149,4 +146,4 @@ DEPENDENCIES
   uuid7
 
 BUNDLED WITH
-   2.6.6
+   2.6.8

app.rb

@@ -21,7 +21,7 @@ $LOAD_PATH.unshift File.dirname(__FILE__) + "/lib"
 
 require "config"
 
-VERSION = "0.1.3"
+VERSION = "0.2.1"
 
 CHUNK_SIZE = 1024**2
 SESSION_SECRET_HEX_LENGTH = 64
@@ -117,7 +117,6 @@ class TickTock
   def initialize
     @pid = ppid
     @procfs_f = format "/proc/%s/stat", @pid
-    puts @pid
   end
 
   def uptime
@@ -185,20 +184,11 @@ class Sleep
 end
 
 def ppid
-  pid = Process.pid
-  # self
-  ps = File.open "/proc/#{pid}/stat", &:readline
-  ps = ps.split(" ")
-  ppid = Integer(ps[3])
-
-  # ppid
-  ps = File.open "/proc/#{ppid}/stat", &:readline
-  ps = ps.split(" ")
-
-  if ps[1].include? "ruby"
-    ppid
-  else
-    pid
+  pid = ENV.fetch "PUMA_PID", Process.pid
+  begin
+    Integer pid
+  rescue ArgumentError
+    -1
   end
 end
 
@@ -384,7 +374,7 @@ post "/halt" do
   nil
 end
 
-get "/pid" do
+get "/pid", provides: "json" do
   pretty = params.key? :pretty
 
   jsonify({ppid: ppid, pid: Process.pid}, pretty:)

charts/kubernaut/Chart.yaml

@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.3
+version: 0.2.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.3"
+appVersion: "0.2.1"

config/puma.rb

@@ -0,0 +1,5 @@
+ENV["PUMA_PID"] = Process.pid.to_s
+
+port ENV.fetch("PORT", 4567)
+
+pidfile ENV["PIDFILE"] if ENV["PIDFILE"]

docker-bake.hcl

@@ -0,0 +1,22 @@
+group "default" {
+    targets = [ "bookworm", "alpine" ]
+}
+
+target "docker-metadata-action" {}
+target "docker-metadata-action-alpine" {}
+
+target "_common" {
+    args = {
+        RUBY_VERSION = "3.4.3"
+    }
+}
+
+target "bookworm" {
+    dockerfile = "./dockerfiles/bookworm.Dockerfile"
+    inherits = [ "_common", "docker-metadata-action" ]
+}
+
+target "alpine" {
+    dockerfile = "./dockerfiles/alpine.Dockerfile"
+    inherits = [ "_common", "docker-metadata-action-alpine" ]
+}

dockerfiles/alpine.Dockerfile

@@ -0,0 +1,51 @@
+ARG RUBY_VERSION="3.4.3"
+FROM docker.io/library/ruby:${RUBY_VERSION}-alpine AS base
+
+WORKDIR /kubernaut
+
+RUN <<EOT
+  apk update -q
+  apk add bash jemalloc
+  rm -rf /var/cache/apk
+  gem update --system --no-document
+  gem install -N bundler
+EOT
+
+ENV RACK_ENV="production" \
+  BUNDLE_DEPLOYMENT=true \
+  BUNDLE_PATH="/usr/local/bundle" \
+  BUNDLE_WITHOUT="development test"
+
+FROM base AS build
+
+RUN <<EOT
+  apk add musl-dev gcc make
+  rm -rf /var/cache/apk
+EOT
+
+COPY Gemfile Gemfile.lock ./
+
+RUN <<EOT
+  bundle install
+  rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
+EOT
+
+COPY . .
+
+FROM base
+
+ENV PORT=4567
+
+RUN <<EOT
+  addgroup --system --gid 666 kubernaut
+  adduser --system --uid 666 --ingroup kubernaut --shell /bin/bash --disabled-password kubernaut
+EOT
+
+COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
+COPY --from=build /kubernaut /kubernaut
+
+USER kubernaut:kubernaut
+
+EXPOSE $PORT
+ENTRYPOINT [ "/kubernaut/dockerfiles/entrypoint.sh" ]
+CMD [ "bundle", "exec", "puma" ]

dockerfiles/bookworm.Dockerfile

@@ -0,0 +1,52 @@
+ARG RUBY_VERSION="3.4.3"
+FROM docker.io/library/ruby:${RUBY_VERSION}-slim-bookworm AS base
+
+WORKDIR /kubernaut
+
+RUN <<EOT
+  apt-get update -qq
+  apt-get install --yes --no-install-recommends libjemalloc2
+  rm -rf /var/lib/apt/lists /var/cache/apt/archives
+  gem update --system --no-document
+  gem install -N bundler
+EOT
+
+ENV RACK_ENV="production" \
+  BUNDLE_DEPLOYMENT=true \
+  BUNDLE_PATH="/usr/local/bundle" \
+  BUNDLE_WITHOUT="development test"
+
+FROM base AS build
+
+RUN <<EOT
+  apt-get update -qq
+  apt-get install --yes --no-install-recommends gcc make libc-dev
+  rm -rf /var/lib/apt/lists /var/cache/apt/archives
+EOT
+
+COPY Gemfile Gemfile.lock ./
+
+RUN <<EOT
+  bundle install
+  rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
+EOT
+
+COPY . .
+
+FROM base
+
+ENV PORT=4567
+
+RUN <<EOT
+  groupadd --system --gid 666 kubernaut
+  useradd --system --uid 666 --gid kubernaut --create-home --shell /bin/bash kubernaut
+EOT
+
+COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
+COPY --from=build /kubernaut /kubernaut
+
+USER kubernaut:kubernaut
+
+EXPOSE $PORT
+ENTRYPOINT [ "/kubernaut/dockerfiles/entrypoint.sh" ]
+CMD [ "bundle", "exec", "puma" ]

dockerfiles/entrypoint.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# output debugging info
+ruby --version
+printf "rubygems %s\n" "$(gem --version)"
+bundle version
+
+if [ -z "${LD_PRELOAD+x}" ]; then
+    LD_PRELOAD="$(find /usr/lib -name libjemalloc.so.2 -print -quit)"
+    export LD_PRELOAD
+fi
+
+exec "${@}"

kustomize/app/deployment.yaml

@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
         - name: kubernaut
-          image: git.kill0.net/ryanc/kubernaut:0.1.3
+          image: git.kill0.net/ryanc/kubernaut:0.2.1
           imagePullPolicy: Always
           ports:
             - name: sinatra-web