Merge branch 'release/6.0.301'

.github/CODEOWNERS

@@ -0,0 +1,3 @@
+# These owners will be the default owners for everything in the repo and
+# will be requested for review when someone opens a pull request.
+*       @swissgrc/development

.github/renovate.json

@@ -0,0 +1,16 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:base",
+    "helpers:pinGitHubActionDigests"
+  ],
+  "labels": ["dependencies"],
+  "regexManagers": [
+    {
+      "fileMatch": ["(^|/)Dockerfile$", "(^|/)Dockerfile\\.[^/]*$"],
+      "matchStrings": [
+        "#\\srenovate:\\sdatasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?( extractVersion=(?<extractVersion>.*?))?\\s(ENV|ARG) .*?_VERSION(\\s+|=)(?<currentValue>.*)\\s"
+      ]
+    }
+  ]
+}

.github/workflows/linter.yml

@@ -0,0 +1,50 @@
+---
+#################################
+#################################
+## Super Linter GitHub Actions ##
+#################################
+#################################
+name: Lint Code Base
+
+# Documentation:
+# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
+#
+#################################################
+# Start the job on all pull requests on develop #
+#################################################
+on:
+  pull_request:
+    branches: [develop]
+
+###############
+# Set the Job #
+###############
+jobs:
+  build:
+    # Name the Job
+    name: Lint Code Base
+    # Set the agent to run on
+    runs-on: ubuntu-latest
+
+    ##################
+    # Load all steps #
+    ##################
+    steps:
+      ##########################
+      # Checkout the code base #
+      ##########################
+      - name: Checkout Code
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # renovate: tag=v3.0.2
+        with:
+          # Full Git history is needed to get a proper list of changed files
+          fetch-depth: 0
+
+      ################################
+      # Run Linter against code base #
+      ################################
+      - name: Lint Code Base
+        uses: github/super-linter/slim@a320804d310fdeb8d1a46c6c6c1e615d443b10c9 # renovate: tag=v4.9.4
+        env:
+          VALIDATE_ALL_CODEBASE: false
+          DEFAULT_BRANCH: develop
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/publish.yml

@@ -0,0 +1,72 @@
+name: Build
+
+on:
+  push:
+    branches: [develop]
+  release:
+    types: [published]
+  pull_request:
+    branches: [develop]
+
+jobs:
+  build:
+    name: Build and push Docker image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # renovate: tag=v3.0.2
+
+      # Extract metadata (tags, labels) for Docker
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@69f6fc9d46f2f8bf0d5491e4aabe0bb8c6a4678a # renovate: tag=v4.0.1
+        with:
+          images: swissgrc/azure-pipelines-dotnet
+          tags: |
+            type=ref,event=tag
+            type=ref,event=pr
+            # set unstable tag for develop branch
+            type=raw,value=unstable,enable=${{ github.ref == format('refs/heads/{0}', 'develop') }}
+
+      # Build Docker image with Buildx
+      - name: Build Docker image
+        uses: docker/build-push-action@e551b19e49efd4e98792db7592c17c09b89db8d8 # renovate: tag=v3.0.0
+        with:
+          context: .
+          push: false
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      # Scan Docker image (not for release builds since we will have multiple tags)
+      - name: Scan Docker image
+        if: github.event_name != 'release'
+        uses: aquasecurity/trivy-action@0105373003c89c494a3f436bd5efc57f3ac1ca20 # tag=0.5.1
+        with:
+          image-ref: ${{ steps.meta.outputs.tags }}
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      # Publish scan report to GitHub
+      - name: Publish scan report to GitHub
+        if: ${{ github.event_name != 'release' && always() }}
+        uses: github/codeql-action/upload-sarif@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 # tag=v2.1.15
+        with:
+          sarif_file: trivy-results.sarif
+
+      # Login to Docker registry if not PR build
+      - name: Log in to Docker Hub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b # renovate: tag=v2.0.0
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      # Publish Docker image for CI builds if not PR build
+      - name: Push container image
+        uses: docker/build-push-action@e551b19e49efd4e98792db7592c17c09b89db8d8 # renovate: tag=v3.0.0
+        if: github.event_name != 'pull_request'
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

Dockerfile

@@ -0,0 +1,59 @@
+FROM debian:11.3-slim
+
+LABEL org.opencontainers.image.vendor="Swiss GRC AG"
+LABEL org.opencontainers.image.authors="Swiss GRC AG <[email protected]>"
+LABEL org.opencontainers.image.title="azure-pipelines-dotnet"
+LABEL org.opencontainers.image.documentation="https://github.com/swissgrc/docker-azure-pipelines-dotnet"
+
+# Make sure to fail due to an error at any stage in shell pipes
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+# Install Docker CLI
+
+# renovate: datasource=github-tags depName=docker/cli extractVersion=^v(?<version>.*)$
+ENV DOCKERCLI_VERSION=20.10.17
+# renovate: datasource=repology depName=debian_11/curl versioning=loose
+ENV CURL_VERSION=7.74.0-1.3+deb11u1
+# renovate: datasource=repology depName=debian_11/ca-certificates versioning=loose
+ENV CACERTIFICATES_VERSION=20210119
+# renovate: datasource=repology depName=debian_11/lsb-release versioning=loose
+ENV LSBRELEASE_VERSION=11.1.0
+# renovate: datasource=repology depName=debian_11/gnupg2 versioning=loose
+ENV GNUPG_VERSION=2.2.27-2+deb11u1
+
+RUN apt-get update -y && \
+  apt-get install -y --no-install-recommends ca-certificates=${CACERTIFICATES_VERSION} curl=${CURL_VERSION} lsb-release=${LSBRELEASE_VERSION} gnupg=${GNUPG_VERSION} && \
+  mkdir -p /etc/apt/keyrings && \
+  curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
+  echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \
+  apt-get update -y && \
+  apt-get install -y --no-install-recommends docker-ce-cli=5:${DOCKERCLI_VERSION}~3-0~debian-bullseye && \
+  apt-get clean && \
+  rm -rf /var/lib/apt/lists/* && \
+  # Smoke test
+  docker --version
+
+# Install .NET 6
+
+# renovate: datasource=github-tags depName=dotnet/sdk extractVersion=^v(?<version>.*)$
+ENV DOTNET_VERSION=6.0.301
+
+ENV \
+    # Do not show first run text
+    DOTNET_NOLOGO=true \
+    DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true \
+    # Disable telemetry
+    DOTNET_CLI_TELEMETRY_OPTOUT=true \
+    # Enable correct mode for dotnet watch (only mode supported in a container)
+    DOTNET_USE_POLLING_FILE_WATCHER=true \
+    # Skip extraction of XML docs - generally not useful within an image/container - helps performance
+    NUGET_XMLDOC_MODE=skip
+
+RUN curl -o /tmp/packages-microsoft-prod.deb https://packages.microsoft.com/config/debian/11/packages-microsoft-prod.deb && \
+  dpkg -i /tmp/packages-microsoft-prod.deb && \
+  rm -rf /tmp/* && \
+  apt-get update && apt-get install -y --no-install-recommends dotnet-sdk-6.0=${DOTNET_VERSION}-1 && \
+  apt-get clean && \
+  rm -rf /var/lib/apt/lists/* && \
+  # Smoke test
+  dotnet --version

GitReleaseManager.yaml

@@ -0,0 +1,14 @@
+## Configuration values used when creating new releases
+
+## The labels that will be used to include issues in release notes.
+issue-labels-include:
+- Bug
+- Duplicate
+- Enhancement
+- Feature
+- Help Wanted
+- Improvement
+- Invalid
+- Question
+- WontFix
+- Dependencies

README.md

@@ -1,2 +1,55 @@
-# docker-azure-pipelines-dotnet
-Docker image for running .NET in an Azure Pipelines container job
+# Docker image for running .NET in an Azure Pipelines container job
+
+<!-- markdownlint-disable MD013 -->
+[![License](https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square)](https://github.com/swissgrc/docker-azure-pipelines-dotnet/blob/main/LICENSE) [![Build](https://img.shields.io/github/workflow/status/swissgrc/docker-azure-pipelines-dotnet/Build/develop?style=flat-square)](https://github.com/swissgrc/docker-azure-pipelines-dotnet/actions/workflows/publish.yml) [![Pulls](https://img.shields.io/docker/pulls/swissgrc/azure-pipelines-dotnet.svg?style=flat-square)](https://hub.docker.com/r/swissgrc/azure-pipelines-dotnet) [![Stars](https://img.shields.io/docker/stars/swissgrc/azure-pipelines-dotnet.svg?style=flat-square)](https://hub.docker.com/r/swissgrc/azure-pipelines-dotnet)
+<!-- markdownlint-restore -->
+
+Docker image to run .NET in [Azure Pipelines container jobs].
+The image contains also Docker CLI to access Docker engine on the agent.
+
+## Usage
+
+This image can be used to run .NET in [Azure Pipelines container jobs].
+
+### Azure Pipelines Container Job
+
+To use the image in an Azure Pipelines Container Job, add one of the following example tasks and use it with the `container` property.
+
+The following example shows the container used for a deployment step which shows .NET version:
+
+```yaml
+  - stage: deploy
+    jobs:
+      - deployment: runDotNet
+        container: swissgrc/azure-pipelines-dotnet:latest
+        environment: smarthotel-dev
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - bash: |
+                    dotnet --version
+```
+
+### Tags
+
+| Tag      | Description                                                                                                                 | Base Image       | Docker CLI | .NET SDK | Size                                                                                                                            |
+|----------|-----------------------------------------------------------------------------------------------------------------------------|------------------|------------|----------|---------------------------------------------------------------------------------------------------------------------------------|
+| latest   | Latest stable release (from `main` branch)                                                                                  | debian:11.3-slim | 20.10.17   | 6.0.301  | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/swissgrc/azure-pipelines-dotnet/latest?style=flat-square)   |
+| unstable | Latest unstable release (from `develop` branch)                                                                             | debian:11.3-slim | 20.10.17   | 6.0.301  | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/swissgrc/azure-pipelines-dotnet/unstable?style=flat-square) |
+| 6.0.301  | [.NET SDK 6.0.301](https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.6/6.0.6.md?WT.mc_id=dotnet-35129-website) | debian:11.3-slim | 20.10.17   | 6.0.301  | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/swissgrc/azure-pipelines-dotnet/6.0.301?style=flat-square)  |
+
+### Configuration
+
+These environment variables are supported:
+
+| Environment variable   | Default value        | Description                                                      |
+|------------------------|----------------------|------------------------------------------------------------------|
+| DOCKERCLI_VERSION      | `20.10.17`           | Version of Docker CLI installed in the image.                    |
+| DOTNET_VERSION         | `6.0.301`            | Version of .NET installed in the image.                          |
+| CACERTIFICATES_VERSION | `20210119`           | Version of `ca-certificates` package used to install components. |
+| CURL_VERSION           | `7.74.0-1.3+deb11u1` | Version of `curl` package used to install components.            |
+| LSBRELEASE_VERSION     | `11.1.0`             | Version of `lsb-release` package used to install components.     |
+| GNUPG_VERSION          | `2.2.27-2+deb11u1`   | Version of `gnupg` package used to install components.           |
+
+[Azure Pipelines container jobs]: https://docs.microsoft.com/en-us/azure/devops/pipelines/process/container-phases