diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..b5405eb --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,13 @@ +# Default owner for everything else. +* @fossas/analysis + +# The following files have no owner, +# this allows PRs that only update dependencies +# to be merged without review +# (e.g. by dependabot or by team members). +# +# The codeowners file is parsed in bottom-up precedence, +# so these are matched before the universal glob above. +**/Cargo.toml +Cargo.lock +Cargo.toml diff --git a/.github/workflows/auto-dependabot.yml b/.github/workflows/auto-dependabot.yml new file mode 100644 index 0000000..c93e59c --- /dev/null +++ b/.github/workflows/auto-dependabot.yml @@ -0,0 +1,21 @@ +name: dependabot-automation + +on: pull_request +permissions: + contents: write + pull-requests: write + +jobs: + automerge: + runs-on: ubuntu-latest + steps: + - run: gh pr review --approve "$PR_URL" + if: github.actor == 'dependabot[bot]' + env: + PR_URL: ${{github.event.pull_request.html_url}} + GH_TOKEN: ${{secrets.GITHUB_TOKEN}} + - run: gh pr merge --auto --squash "$PR_URL" + if: github.actor == 'dependabot[bot]' + env: + PR_URL: ${{github.event.pull_request.html_url}} + GH_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/check-dependencies.yml b/.github/workflows/check-dependencies.yml index bfc2c1a..78ea892 100644 --- a/.github/workflows/check-dependencies.yml +++ b/.github/workflows/check-dependencies.yml @@ -6,8 +6,8 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - run: "curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash" + - uses: actions/checkout@v4 + - run: "curl https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash" - run: fossa analyze --only-target cargo . env: diff --git a/README.md b/README.md index cffb3b1..2b8bfac 100644 --- a/README.md +++ b/README.md @@ -1,29 +1,32 @@ -# template-rust +# circe -Template repository for a Rust project. +_Circe (named after the Odyssean sorceress who transformed vessels and their contents) extracts and examines the contents of containers._ -TODOs for a new project: -- [ ] Change the license if MPL2 is not appropriate for the project. Make sure to do this before adding any code. -- [ ] Ensure the dev docs (in particular the release and compatibility semantics) are valid for this project. -- [ ] Set [CODEOWNERS] to the team that owns the repository. -- [ ] Create an API user in [FOSSA] and store it as a secret named `FOSSA_API_KEY`. - - Consider naming it with the pattern `ci-{REPO_NAME}`. For example, `ci-template-rust`. -- [ ] Update repository permissions as appropriate. Generally, the CODEOWNER team is set as admin. -- [ ] Update branch protection rules as appropriate. -- [ ] Update repository features and settings. Recommended defaults: - - [ ] Turn off all features (Wikis, Issues, Sponsorships, Discussions, Projects); FOSSA uses other systems for these. - - [ ] Only allow squash merging. - - [ ] Always suggest updating PR branches. - - [ ] Allow auto-merge. - - [ ] Automatically delete head branches. +# usage -Then just edit the included Rust project, or remove it and `cargo init` your project, and get going! +TBD, but generally the goal will be something like: -[codeowners]: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners -[fossa]: https://app.fossa.com +```shell +# Export the contents of the image to disk +; circe extract docker.io/contribsys/faktory:latest ./faktory --layers squash --platform linux/amd64 -# recommendations +# Export the contents of the image to stdout as NDJSON +; circe read docker.io/contribsys/faktory:latest --layers squash --platform linux/amd64 +``` -- If publishing a Linux binary, consider providing two: one that [statically links libc](./docs/dev/reference/static-binary.md), and one that doesn't. -- If publishing a macOS binary, consider providing two: one for [Intel and one for M-series CPUs](./docs/dev/reference/macos-arch.md). -- If this application may be used on AWS Graviton or similar, consider providing an ARM build for Linux as well. +# planned features + +- [ ] Support extracting contents of OCI images: + - [ ] From OCI stores + - [ ] From local container hosts (e.g. Docker) + - [ ] From local tarballs +- [ ] Extract the contents: + - [ ] To disk + - [ ] To stdout (as NDJSON) +- [ ] Extract layers by: + - [ ] Squashed layer sets (e.g. "base + rest" or "all layers" or other combinations) + - [ ] Individual layers + - [ ] Filtered layers +- [ ] Specify target(s) to extract (e.g. `linux/amd64`, `darwin/arch64`, etc) +- [ ] Filter file(s) to extract +- [ ] When extracting files to stdout, store large blobs at temporary locations and reference them