Build automation for the post-container era. It's like Makefile and Dockerfile had a baby.
Earthly is a build automation tool for the post-container era. It allows you to execute all your builds in containers. This makes them self-contained, reproducible, portable and parallel. You can use Earthly to create Docker images and artifacts (eg binaries, packages, arbitrary files).
Earthly is meant to be used both on your development machine and in CI. It can run on top of popular CI systems (like Jenkins, Circle, GitHub Actions). It is typically the layer between language-specific tooling (like maven, gradle, npm, pip, go build) and the CI build spec.
Features:
- Reproduce CI failures
- Builds that run the same for everyone
- From zero to working build in minutes
- Build anything via containers - build images or standalone artifacts (binaries, packages, arbitrary files)
- Programming language agnostic - allows use of language-specific build tooling
- Reproducible builds - does not depend on user's local installation. Runs the same locally, as in CI
- Parallelism that just works - builds in parallel without special considerations the user has to make
- Mono-repo friendly - ability to split the build definitions across a vast directory hierarchy
- Multi-repo friendly - ability to import builds or artifacts from other repositories
https://github.com/earthly/earthly
#docker #devops #go
Example:
Output:
Earthly is a build automation tool for the post-container era. It allows you to execute all your builds in containers. This makes them self-contained, reproducible, portable and parallel. You can use Earthly to create Docker images and artifacts (eg binaries, packages, arbitrary files).
Earthly is meant to be used both on your development machine and in CI. It can run on top of popular CI systems (like Jenkins, Circle, GitHub Actions). It is typically the layer between language-specific tooling (like maven, gradle, npm, pip, go build) and the CI build spec.
Features:
- Reproduce CI failures
- Builds that run the same for everyone
- From zero to working build in minutes
- Build anything via containers - build images or standalone artifacts (binaries, packages, arbitrary files)
- Programming language agnostic - allows use of language-specific build tooling
- Reproducible builds - does not depend on user's local installation. Runs the same locally, as in CI
- Parallelism that just works - builds in parallel without special considerations the user has to make
- Mono-repo friendly - ability to split the build definitions across a vast directory hierarchy
- Multi-repo friendly - ability to import builds or artifacts from other repositories
https://github.com/earthly/earthly
#docker #devops #go
Example:
# Earthfile
FROM golang:1.13-alpine3.11
RUN apk --update --no-cache add git
WORKDIR /go-example
all:
BUILD +lint
BUILD +docker
build:
COPY main.go .
RUN go build -o build/go-example main.go
SAVE ARTIFACT build/go-example AS LOCAL build/go-example
lint:
RUN go get golang.org/x/lint/golint
COPY main.go .
RUN golint -set_exit_status ./...
docker:
COPY +build/go-example .
ENTRYPOINT ["/go-example/go-example"]
SAVE IMAGE go-example:latest
Output:
concise commandline monitoring for containers.
Top-like interface for container metrics. ctop comes with built-in support for Docker and runC. As well as a single container view for inspecting a specific container.
Connectors for other container and cluster systems are planned for future releases.
https://github.com/bcicen/ctop
#go #devops #docker
Top-like interface for container metrics. ctop comes with built-in support for Docker and runC. As well as a single container view for inspecting a specific container.
Connectors for other container and cluster systems are planned for future releases.
https://github.com/bcicen/ctop
#go #devops #docker
Put your Nginx inside a bunker! nginx Docker image secure by default.
Avoid the hassle of following security best practices each time you need a web server or reverse proxy. Bunkerized-nginx provides generic security configs, settings and tools so you don't need to do it yourself.
Non-exhaustive list of features :
- HTTPS support with transparent Let's Encrypt automation
- State-of-the-art web security : HTTP security headers, php.ini hardening, prevent leaks, ...
- Integrated ModSecurity WAF with the OWASP Core Rule Set
- Automatic ban of strange behaviors with fail2ban
- Antibot challenge through cookie, javascript, captcha or recaptcha v3
- Block TOR, proxies, bad user-agents, countries, ...
- Perform automatic DNSBL checks to block known bad IP
- Prevent bruteforce attacks with rate limiting
- Detect bad files with ClamAV
- Easy to configure with environment variables
https://github.com/bunkerity/bunkerized-nginx
#devops #docker
Avoid the hassle of following security best practices each time you need a web server or reverse proxy. Bunkerized-nginx provides generic security configs, settings and tools so you don't need to do it yourself.
Non-exhaustive list of features :
- HTTPS support with transparent Let's Encrypt automation
- State-of-the-art web security : HTTP security headers, php.ini hardening, prevent leaks, ...
- Integrated ModSecurity WAF with the OWASP Core Rule Set
- Automatic ban of strange behaviors with fail2ban
- Antibot challenge through cookie, javascript, captcha or recaptcha v3
- Block TOR, proxies, bad user-agents, countries, ...
- Perform automatic DNSBL checks to block known bad IP
- Prevent bruteforce attacks with rate limiting
- Detect bad files with ClamAV
- Easy to configure with environment variables
https://github.com/bunkerity/bunkerized-nginx
#devops #docker
GitHub
GitHub - bunkerity/bunkerweb: 🛡️ Open-source and next-generation Web Application Firewall (WAF)
🛡️ Open-source and next-generation Web Application Firewall (WAF) - bunkerity/bunkerweb
Keep an eye on your #docker image size and prevent it from growing too big!
Limit your docker image size with a simple CLI command. Perfect to be used inside your CI process.
Also available as a Github Action.
https://github.com/wemake-services/docker-image-size-limit
#python
Limit your docker image size with a simple CLI command. Perfect to be used inside your CI process.
Also available as a Github Action.
https://github.com/wemake-services/docker-image-size-limit
#python
So, after recent
This forced me to create our own dind image (https://github.com/wemake-services/wemake-dind/) with everything properly set up: python, rust (required to build `cryptography`), docker-compose, and several #docker quality tools like:
- https://github.com/wemake-services/dump-env which enforces strict .env configuration policies
- https://github.com/wemake-services/docker-image-size-limit which enforces strict image size control
Feel free to use it in your own CI pipelines! Not just for python, but for any docker-in-docker setups that use
cryptography incident (https://github.com/pyca/cryptography/issues/5771) our build-times inside the Alpine-based docker-in-docker CI went from several seconds to ~6 minutes just to install #python dependencies.This forced me to create our own dind image (https://github.com/wemake-services/wemake-dind/) with everything properly set up: python, rust (required to build `cryptography`), docker-compose, and several #docker quality tools like:
- https://github.com/wemake-services/dump-env which enforces strict .env configuration policies
- https://github.com/wemake-services/docker-image-size-limit which enforces strict image size control
Feel free to use it in your own CI pipelines! Not just for python, but for any docker-in-docker setups that use
docker-compose.GitHub
Dependency on rust removes support for a number of platforms · Issue #5771 · pyca/cryptography
I would like to report that the newly added dependency on Rust has made it impossible to package cryptography for a number of supported Gentoo architectures (and these are architectures where peopl...