diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..07a3ea4 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,75 @@ +# Docker ignore file to reduce build context size + +# Temp files +*~ +~* +.*~ +\#* +.#* +*# +dist + +# Build files +build +dist +pkg +*.egg +*.egg-info + +# Debian Files +debian/files +debian/python-github-backup* + +# Sphinx build +doc/_build + +# Generated man page +doc/github_backup.1 + +# Annoying macOS files +.DS_Store +._* + +# IDE configuration files +.vscode +.atom +.idea +*.code-workspace + +# RSA +id_rsa +id_rsa.pub + +# Virtual env +venv +.venv + +# Git +.git +.gitignore +.gitchangelog.rc +.github + +# Documentation +*.md +!README.md + +# Environment variables files +.env +.env.* +!.env.example +*.log + +# Cache files +**/__pycache__/ +*.py[cod] + +# Docker files +docker-compose.yml +Dockerfile* + +# Other files +release +*.tar +*.zip +*.gzip diff --git a/.github/workflows/automatic-release.yml b/.github/workflows/automatic-release.yml index 4c2150e..c6eb48b 100644 --- a/.github/workflows/automatic-release.yml +++ b/.github/workflows/automatic-release.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 ssh-key: ${{ secrets.DEPLOY_PRIVATE_KEY }} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index b0607f7..2c7cb38 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: persist-credentials: false diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 541242d..03686f4 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 - name: Setup Python diff --git a/.gitignore b/.gitignore index f0ed9db..652f035 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -*.py[oc] +*.py[cod] # Temp files *~ @@ -33,6 +33,7 @@ doc/github_backup.1 # IDE configuration files .vscode .atom +.idea README @@ -42,3 +43,4 @@ id_rsa.pub # Virtual env venv +.venv diff --git a/Dockerfile b/Dockerfile index 6217594..2c28829 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,38 @@ -FROM python:3.9.18-slim +FROM python:3.12-alpine3.22 AS builder -RUN --mount=type=cache,target=/var/cache/apt \ - apt-get update && apt-get install -y git git-lfs +RUN pip install --no-cache-dir --upgrade pip \ + && pip install --no-cache-dir uv -WORKDIR /usr/src/app +WORKDIR /app -COPY release-requirements.txt . -RUN --mount=type=cache,target=/root/.cache/pip \ - pip install -r release-requirements.txt +RUN --mount=type=cache,target=/root/.cache/uv \ + --mount=type=bind,source=requirements.txt,target=requirements.txt \ + --mount=type=bind,source=release-requirements.txt,target=release-requirements.txt \ + uv venv \ + && uv pip install -r release-requirements.txt COPY . . -RUN --mount=type=cache,target=/root/.cache/pip \ - pip install . -ENTRYPOINT [ "github-backup" ] +RUN --mount=type=cache,target=/root/.cache/uv \ + uv pip install . + + +FROM python:3.12-alpine3.22 +ENV PYTHONUNBUFFERED=1 + +RUN apk add --no-cache \ + ca-certificates \ + git \ + git-lfs \ + && addgroup -g 1000 appuser \ + && adduser -D -u 1000 -G appuser appuser + +COPY --from=builder --chown=appuser:appuser /app /app + +WORKDIR /app + +USER appuser + +ENV PATH="/app/.venv/bin:$PATH" + +ENTRYPOINT ["github-backup"] diff --git a/release-requirements.txt b/release-requirements.txt index 788fa95..2e16603 100644 --- a/release-requirements.txt +++ b/release-requirements.txt @@ -1,8 +1,8 @@ autopep8==2.3.2 black==25.1.0 bleach==6.2.0 -certifi==2025.7.14 -charset-normalizer==3.4.2 +certifi==2025.8.3 +charset-normalizer==3.4.3 click==8.1.8 colorama==0.4.6 docutils==0.22 @@ -25,7 +25,7 @@ pycodestyle==2.14.0 pyflakes==3.4.0 Pygments==2.19.2 readme-renderer==44.0 -requests==2.32.4 +requests==2.32.5 requests-toolbelt==1.0.0 restructuredtext-lint==1.4.0 rfc3986==2.0.0