volker.raschek/prometheus-fail2ban-exporter-charts
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

fix(ci): impl project defaults

Browse Source
This commit is contained in:
Markus Pesch 2025-01-04 22:11:50 +01:00
parent a4a6f39173
commit 760a3e69d5
Signed by: volker.raschek
GPG Key ID: 852BCC170D81A982
14 changed files with 340 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.editorconfig
View File

@ -1,6 +1,3 @@
# EditorConfig is awesome: https://EditorConfig.org
# top-most EditorConfig file
root = true root = true
[*] [*]
@ -9,4 +6,7 @@ indent_size = 2
end_of_line = lf end_of_line = lf
charset = utf-8 charset = utf-8
trim_trailing_whitespace = true trim_trailing_whitespace = true
insert_final_newline = false insert_final_newline = false
[Makefile]
indent_style = tab

7
.gitignore vendored
View File

@ -1,3 +1,6 @@
*.tgz charts
node_modules
target
values2.yml values2.yml
values2.yaml values2.yaml
*.tgz

34
.helmignore
View File

@ -2,6 +2,7 @@
# This supports shell glob matching, relative path matching, and # This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line. # negation (prefixed with !). Only one pattern per line.
.DS_Store .DS_Store
# Common VCS dirs # Common VCS dirs
.git/ .git/
.gitignore .gitignore
@ -10,23 +11,50 @@
.hg/ .hg/
.hgignore .hgignore
.svn/ .svn/
# Common backup files # Common backup files
*.swp *.swp
*.bak *.bak
*.tmp *.tmp
*.orig *.orig
*~ *~
# Various IDEs # Various IDEs
.project .project
.idea/ .idea/
*.tmproj *.tmproj
.vscode/ .vscode/
# drone # drone
.drone.yml .drone.yml
# markdownlint
.markdownlint.yaml # editorconfig
.editorconfig
# customized values # customized values
values2.yml values2.yml
values2.yaml values2.yaml
# helm packages # helm packages
*.tgz *.tgz
.helmignore
unittests
# markdownlint
.markdownlint.yml
.markdownlint.yaml
.markdownlintignore
# npm
.prettierignore
.npmrc
package*
# yamllint
.yamllint.yaml
# Others
CONTRIBUTING.md
CODEOWNERS
Makefile
renovate.json

28
.markdownlint.yaml
View File

@ -45,9 +45,9 @@ MD012:
# MD013/line-length - Line length # MD013/line-length - Line length
MD013: MD013:
# Number of characters # Number of characters
line_length: 80 line_length: 120
# Number of characters for headings # Number of characters for headings
heading_line_length: 80 heading_line_length: 120
# Number of characters for code blocks # Number of characters for code blocks
code_block_line_length: 80 code_block_line_length: 80
# Include code blocks # Include code blocks
@ -56,8 +56,6 @@ MD013:
tables: false tables: false
# Include headings # Include headings
headings: true headings: true
# Include headings
headers: true
# Strict length checking # Strict length checking
strict: false strict: false
# Stern length checking # Stern length checking
@ -73,7 +71,7 @@ MD022:
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content # MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
MD024: MD024:
# Only check sibling headings # Only check sibling headings
allow_different_nesting: true siblings_only: true
# MD025/single-title/single-h1 - Multiple top-level headings in the same document # MD025/single-title/single-h1 - Multiple top-level headings in the same document
MD025: MD025:
@ -128,8 +126,22 @@ MD041:
# MD044/proper-names - Proper names should have the correct capitalization # MD044/proper-names - Proper names should have the correct capitalization
MD044: MD044:
# List of proper names # List of proper names
# names: names:
# - drone - Git
- GitDevOps
- Gitea
- GitHub
- GitLab
- GitOps
- kube-prometheus-stack
- Memcached
- Oracle
- ORBIS U
- PostgreSQL
- Prometheus
- prometheus-exporter
- SSL
- TLS
# Include code blocks # Include code blocks
code_blocks: false code_blocks: false
@ -141,4 +153,4 @@ MD046:
# MD048/code-fence-style - Code fence style # MD048/code-fence-style - Code fence style
MD048: MD048:
# Code fence syle # Code fence syle
style: "backtick" style: "backtick"

4
.markdownlintignore Normal file
View File

@ -0,0 +1,4 @@
.github/
Chart.lock
charts/
node_modules/

1
.npmrc Normal file
View File

@ -0,0 +1 @@
engine-strict=true

1
.prettierignore Normal file
View File

@ -0,0 +1 @@
Chart.lock

20
.yamllint.yaml Normal file
View File

@ -0,0 +1,20 @@
---
extends: default
ignore: |
.yamllint
node_modules
templates
rules:
truthy:
allowed-values: ['true', 'false']
check-keys: False
level: error
line-length: disable
document-start: disable
comments:
min-spaces-from-content: 1
braces:
max-spaces-inside: 2

1
CODEOWNERS Normal file
View File

@ -0,0 +1 @@
* @volker.raschek

82
CONTRIBUTING.md Normal file
View File

@ -0,0 +1,82 @@
# Contributing
I am very happy if you would like to provide a pull request 👍
The content of this file describes which requirements contributors should fulfill before submitting a pull request (PR).
1. [Valid Git commits](#valid-git-commits)
## Valid Git commits
### Commit message
The repository is subject to a strict commit message template. This states that there are several types of commits. For
example, `fix`, `chore`, `refac`, `test` or `doc`. All types are described in more detail below.
| type | description |
| ------------------- | ----------------------------------------------------------------- |
| `feat` | New feature. |
| `fix` | Fixes a bug. |
| `refac` | Refactoring production code. |
| `style` | Fixes formatting issues. No production code change. |
| `docs` | Adapt documentation. No production code change. |
| `test` | Adds new or modifies existing tests. No production code change. |
| `chore` | Updating grunt tasks. Is everything which the user does not see. |
Based on these types, commit messaged can then be created. Here are a few examples:
```text
style(README): Wrong indentation
feat(deployment): support restartPolicy
fix(my-app): Add missing volume
docs(CONTRIBUTING): Describe how to commit correctly
```
This type of commit message makes it easier for me as maintainer to keep an overview and does not cause the commits of a
pull request PR to be combined into one commit (squashing).
### Smart commits
Smart commits are excellent when it comes to tracking bugs or issues. In this repository, however, the rebasing of
commits is prohibited, which means that only merge commits are possible. This means that a smart commit message only
needs to be added to the merge commit.
This has the advantage that the maintainer can use the smart commit to find the merge commit and undo the entire history
of a merge without having to select individual commits. The following history illustrates the correct use of smart commits.
```text
* 823edbc7 Volker Raschek (G) | [Close #2] feat(deployment): support additional containers
|\
| * 321aebc3 Volker Raschek (G) | doc(README): generate README with new deployment attributes
| * 8d101dd3 Volker Raschek (G) | test(deployment): Extend unittest of additional containers
| * 6f2abd93 Volker Raschek (G) | fix(deployment): Extend deployment of additional containers
|/
* aa5ebda bob (N) | [Close #1] feat(deployment): support initContainers
```
### Commit signing
Another problem with Git is the chain of trust. Git allows the configuration of any name and e-mail address. An attacker
can impersonate any person and submit pull requests under a false identity. For as Linux Torvalds, the maintainer of the
Linux kernel.
```bash
git config --global user.name 'Linux Torvalds'
git config --global user.email 'torvalds@linux-foundation.org'
```
To avoid this, some Git repositories expect signed commits. In particular, repositories that are subject to direct
delivery to customers. For this reason, the repository is subject to a branch protection rule that only allows signed
commits. *Until* there is *no verified* and *no signed* commit, the pull request is blocked.
The following articles describes how Git can be configured to sign commits. Please keep in mind, that the e-mail
address, which is used as UID of the GPG keyring must also be defined in the profile settings of your GitHub account.
Otherwise will be marked the Git commit as *Unverified*.
1. [Signing Commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
2. [Tell Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key)
Inspect your Git commit via `git log`. There should be mentioned, that your commit is signed.
Furthermore, the GPG key is unique. **Don't loose your private GPG key**. Backup your private key on a safe device. For
example an external USB drive.

107
Makefile Normal file
View File

@ -0,0 +1,107 @@
# CONTAINER_RUNTIME
CONTAINER_RUNTIME?=$(shell which podman)
# HELM_IMAGE
HELM_IMAGE_REGISTRY_HOST?=docker.io
HELM_IMAGE_REPOSITORY=volkerraschek/helm
HELM_IMAGE_VERSION?=3.16.1 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
# MARKDOWNLINKCHECKER_IMAGE
MARKDOWNLINKCHECK_IMAGE_REGISTRY_HOST?=ghcr.io
MARKDOWNLINKCHECK_IMAGE_REPOSITORY=tcort/markdown-link-check
MARKDOWNLINKCHECK_IMAGE_VERSION?=3.12.2 # renovate: datasource=docker registryUrl=https://ghcr.io depName=tcort/markdown-link-check
MARKDOWNLINKCHECK_IMAGE_FULLY_QUALIFIED=${MARKDOWNLINKCHECK_IMAGE_REGISTRY_HOST}/${MARKDOWNLINKCHECK_IMAGE_REPOSITORY}:${MARKDOWNLINKCHECK_IMAGE_VERSION}
# NODE_IMAGE
NODE_IMAGE_REGISTRY_HOST?=docker.io
NODE_IMAGE_REPOSITORY=library/node
NODE_IMAGE_VERSION?=22.9.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=library/node
NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
# MISSING DOT
# ==============================================================================
missing-dot:
grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml
# CONTAINER RUN - README
# ==============================================================================
PHONY+=container-run/readme
container-run/readme: container-run/readme/link container-run/readme/lint container-run/readme/parameters
container-run/readme/link:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${NODE_IMAGE_FULLY_QUALIFIED} \
npm install && npm run readme:link
container-run/readme/lint:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${NODE_IMAGE_FULLY_QUALIFIED} \
npm install && npm run readme:lint
container-run/readme/parameters:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${NODE_IMAGE_FULLY_QUALIFIED} \
npm install && npm run readme:parameters
# CONTAINER RUN - HELM UNITTESTS
# ==============================================================================
PHONY+=container-run/helm-unittests
container-run/helm-unittests:
${CONTAINER_RUNTIME} run \
--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${HELM_IMAGE_FULLY_QUALIFIED} \
unittest --strict --file 'unittests/**/*.yaml' ./
# CONTAINER RUN - HELM UPDATE DEPENDENCIES
# ==============================================================================
PHONY+=container-run/helm-update-dependencies
container-run/helm-update-dependencies:
${CONTAINER_RUNTIME} run \
--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${HELM_IMAGE_FULLY_QUALIFIED} \
dependency update
# CONTAINER RUN - MARKDOWN-LINT
# ==============================================================================
PHONY+=container-run/helm-lint
container-run/helm-lint:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):$(shell pwd) \
--workdir $(shell pwd) \
${HELM_IMAGE_FULLY_QUALIFIED} \
lint --values values.yaml .
# CONTAINER RUN - MARKDOWN-LINK-CHECK
# ==============================================================================
PHONY+=container-run/markdown-link-check
container-run/markdown-link-check:
${CONTAINER_RUNTIME} run \
--rm \
--volume $(shell pwd):/work \
${MARKDOWNLINKCHECK_IMAGE_FULLY_QUALIFIED} \
*.md
# PHONY
# ==============================================================================
# Declare the contents of the PHONY variable as phony. We keep that information
# in a variable so we can use it in if_changed.
.PHONY: ${PHONY}

17
README.md
View File

@ -3,15 +3,13 @@
[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/prometheus-fail2ban-exporter-charts/status.svg)](https://drone.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts) [![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/prometheus-fail2ban-exporter-charts/status.svg)](https://drone.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts)
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek) [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek)
This helm chart contains a daemonset to deploy a fail2ban metric exporter on This helm chart contains a daemonset to deploy a fail2ban metric exporter on kubernetes nodes, which have fail2ban
kubernetes nodes, which have fail2ban locally installed and configured. locally installed and configured.
The fail2ban exporter was repackaged to make it possible to deploy the The fail2ban exporter was repackaged to make it possible to deploy the application on kubernetes. The forked fail2ban
application on kubernetes. The forked fail2ban exporter can be found exporter can be found [here](https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter).
[here](https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter).
This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and can be installed via helm.
can be installed via helm.
```bash ```bash
helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
@ -22,6 +20,5 @@ helm install prometheus-fail2ban-exporter volker.raschek/prometheus-fail2ban-exp
All [configuration All [configuration
options](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/blob/235d34114bdf6c99f8b8154240c007b2491248ea/cfg/cfg.go#L12) options](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/blob/235d34114bdf6c99f8b8154240c007b2491248ea/cfg/cfg.go#L12)
can be defined in the `values.yml` file below the `config` section. can be defined in the `values.yml` file below the `config` section. Alternatively can be the options passed via the
Alternatively can be the options passed via the `--set` flag of the `helm `--set` flag of the `helm install` command.
install` command.

21
package.json Normal file
View File

@ -0,0 +1,21 @@
{
"name": "prometheus-fail2ban-exporter-chart",
"homepage": "https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-chart.git",
"license": "MIT",
"private": true,
"engineStrict": true,
"engines": {
"node": ">=16.0.0",
"npm": ">=8.0.0"
},
"scripts": {
"readme:link": "markdown-link-check *.md",
"readme:lint": "markdownlint *.md -f",
"readme:parameters": "readme-generator -v values.yaml -r README.md"
},
"devDependencies": {
"@bitnami/readme-generator-for-helm": "^2.5.0",
"markdown-link-check": "^3.13.6",
"markdownlint-cli": "^0.43.0"
}
}

57
renovate.json
View File

@ -1,24 +1,7 @@
{ {
"$schema": "https://docs.renovatebot.com/renovate-schema.json", "$schema": "https://docs.renovatebot.com/renovate-schema.json",
"assignees": [ "volker.raschek" ], "assignees": [ "volker.raschek" ],
"labels": [ "renovate" ], "customManagers": [
"packageRules": [
{
"addLabels": [ "renovate/prometheus-fail2ban-exporter", "renovate/automerge" ],
"automerge": true,
"matchManagers": "droneci",
"matchUpdateTypes": [ "minor", "patch"]
},
{
"addLabels": [ "renovate/prometheus-fail2ban-exporter", "renovate/automerge" ],
"automerge": false,
"matchPackageNames": [ "prometheus-fail2ban-exporter" ],
"matchManagers": [ "regex" ]
}
],
"rebaseLabel": "renovate/rebase",
"rebaseWhen": "behind-base-branch",
"regexManagers": [
{ {
"description": "Update container image reference", "description": "Update container image reference",
"fileMatch": [ "fileMatch": [
@ -28,8 +11,40 @@
"appVersion: \"(?<currentValue>.*?)\"\\s+" "appVersion: \"(?<currentValue>.*?)\"\\s+"
], ],
"datasourceTemplate": "docker", "datasourceTemplate": "docker",
"depNameTemplate": "prometheus-fail2ban-exporter", "depNameTemplate": "volker.raschek/prometheus-fail2ban-exporter",
"lookupNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter" "lookupNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter",
"versioningTemplate": "semver"
},
{
"description": "Detect helm chart version in README",
"fileMatch": [
"^README\\.md$"
],
"matchStrings": [
"^CHART_VERSION=(?<currentValue>.*)$"
],
"datasourceTemplate": "git-tags",
"depNameTemplate": "volker.raschek/prometheus-fail2ban-exporter-chart",
"packageNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-chart",
"versioningTemplate": "semver"
} }
] ],
"labels": [ "renovate" ],
"packageRules": [
{
"addLabels": [ "renovate/automerge", "renovate/droneci" ],
"automerge": true,
"matchManagers": "droneci",
"matchUpdateTypes": [ "minor", "patch"]
},
{
"addLabels": [ "renovate/automerge", "renovate/npm" ],
"automerge": true,
"matchPackageNames": [ "markdownlint-cli", "@bitnami/readme-generator-for-helm" ],
"matchManagers": [ "npm" ],
"matchUpdateTypes": [ "minor", "patch"]
}
],
"rebaseLabel": "renovate/rebase",
"rebaseWhen": "behind-base-branch"
} }