Merge pull request #9 from manala/chore/update-stack

chore: update stack

Author: nervo

.ansible-lint

@@ -0,0 +1,19 @@
+---
+
+profile: production
+
+offline: true
+
+exclude_paths:
+  - .github
+  - .manala
+
+enable_list:
+  - empty-string-compare
+  - galaxy-version-incorrect
+  - loop-var-prefix
+  - name[prefix]
+  - no-log-password
+  - no-prompting
+  - no-same-owner
+  - only-builtins

.ansible-lint.yaml

@@ -1,2 +1,2 @@
 # Ansible Galaxy
-ANSIBLE_GALAXY_TOKEN_PATH=galaxy_token
+ANSIBLE_GALAXY_TOKEN_PATH = galaxy_token

.env

@@ -11,7 +11,7 @@ jobs:
     steps:
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up system
         uses: ./.manala/github/system/setup

.github/workflows/lint.yaml

@@ -13,7 +13,7 @@ jobs:
     steps:
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set ansible galaxy token
         run: |
@@ -37,7 +37,7 @@ jobs:
           make build VERBOSE=1
 
       - name: Upload build artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           path: build/manala-path-${{ steps.version.outputs.version }}.tar.gz
           name: manala-path-${{ steps.version.outputs.version }}.tar.gz

.github/workflows/release.yaml

@@ -11,7 +11,7 @@ jobs:
     steps:
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up system
         uses: ./.manala/github/system/setup

.github/workflows/test.yaml

@@ -1,3 +1,7 @@
 build/
 .env.local
 galaxy_token
+
+# Ignore ansible-lint cache
+# See: https://github.com/ansible/ansible-lint/issues/4533
+.ansible/

.gitignore

@@ -19,20 +19,23 @@ project:
 
 system:
     dir: /usr/share/ansible/collections/ansible_collections/manala/path
+    # ansible-test needs en_US.UTF-8 locale
+    locale: en_US.UTF-8
     env_file:
         - .env
         - path: .env.local
           required: false
+    tmpfs:
+        # ansible-test needs an executable /tmp
+        - /tmp:exec
     git:
         config: |
             # Silence false positive dubious ownership errors
             [safe]
             directory = *
     ansible:
-        version: 2.16.9
-        config: |
-            [defaults]
-            force_color = True
-            retry_files_enabled = False
+        version: 2.18.9
     ansible-lint:
-        version: 24.7.0
+        version: 25.9.1
+    ansible-creator:
+        version: 25.9.0

.manala.yaml

@@ -49,7 +49,7 @@ sh:
 	else \
 		$(call manala_docker_command, \
 			$(if $(PORT),--publish $(PORT)), \
-		) bash --login ; \
+		) zsh --login ; \
 	fi
 .PHONY: sh
 

.manala/Makefile

@@ -1,79 +1,99 @@
+# syntax=docker/dockerfile:1
+
 ########
 # Base #
 ########
 
-FROM debian:bookworm-slim
+FROM debian:trixie-slim
 
 ARG DEBIAN_FRONTEND="noninteractive"
 
 ARG MANALA_USER_ID="1000"
 ARG MANALA_GROUP_ID="1000"
 
-ARG GOSU_VERSION="1.17"
-ARG GOMPLATE_VERSION="4.1.0"
-ARG DIRENV_VERSION="2.34.0"
+ARG GOMPLATE_VERSION="4.3.3"
+ARG DIRENV_VERSION="2.37.1"
 ARG JQ_VERSION="1.7.1"
-ARG YQ_VERSION="4.44.3"
+ARG YQ_VERSION="4.48.1"
+ARG STARSHIP_VERSION="1.24.0"
+ARG FZF_VERSION="0.66.1"
 
 # The 'container' environment variable tells systemd that it's running inside a
 # Docker container environment.
 # It's also internally used for checking we're running inside a container.
 ENV container="docker"
 
-# Default locale
-ENV LANG="C.UTF-8"
-
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-
-RUN \
-    apt-get --quiet update \
-    && apt-get --quiet --yes --purge --autoremove upgrade \
-    && apt-get --quiet --yes --no-install-recommends --verbose-versions install \
-        bash-completion \
-        bzip2 \
-        ca-certificates \
-        curl \
-        git \
-        gnupg \
-        less \
-        libarchive-tools \
-        make \
-        rsync \
-        s6 \
-        socat \
-        sudo \
-        vim \
-    # User
-    && addgroup --gid ${MANALA_GROUP_ID} lazy \
-    && adduser --home /home/lazy --shell /bin/bash --uid ${MANALA_USER_ID} --gecos lazy --ingroup lazy --disabled-password lazy \
-    && install --verbose --mode 0755 --group lazy --owner lazy --directory /run/user/${MANALA_USER_ID} \
-    && echo "lazy ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/lazy \
-    # Gosu
-    && curl -sSLf "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$(case $(dpkg --print-architecture) in "amd64") echo "amd64" ;; "arm64") echo "arm64" ;; esac)" \
-        --output /usr/local/bin/gosu \
-    && chmod +x /usr/local/bin/gosu \
-    # Gomplate
-    && curl -sSLf "https://github.com/hairyhenderson/gomplate/releases/download/v${GOMPLATE_VERSION}/gomplate_linux-$(case $(dpkg --print-architecture) in "amd64") echo "amd64" ;; "arm64") echo "arm64" ;; esac)" \
-        --output /usr/local/bin/gomplate \
-    && chmod +x /usr/local/bin/gomplate \
-    # Direnv
-    && curl -sSLf "https://github.com/direnv/direnv/releases/download/v${DIRENV_VERSION}/direnv.linux-$(case $(dpkg --print-architecture) in "amd64") echo "amd64" ;; "arm64") echo "arm64" ;; esac)" \
-        --output /usr/local/bin/direnv \
-    && chmod +x /usr/local/bin/direnv \
-    # Jq
-    && curl -sSLf "https://github.com/jqlang/jq/releases/download/jq-${JQ_VERSION}/jq-linux-$(case $(dpkg --print-architecture) in "amd64") echo "amd64" ;; "arm64") echo "arm64" ;; esac)" \
-        --output /usr/local/bin/jq \
-    && chmod +x /usr/local/bin/jq \
-    # Yq
-    && curl -sSLf "https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_$(case $(dpkg --print-architecture) in "amd64") echo "amd64" ;; "arm64") echo "arm64" ;; esac)" \
-        --output /usr/local/bin/yq \
-    && chmod +x /usr/local/bin/yq \
-    # Bash completion
-    && install --verbose --mode 0755 --directory /etc/bash_completion.d \
-    # Oh My Bash
-    && git clone https://github.com/ohmybash/oh-my-bash.git /usr/local/share/oh-my-bash \
-    # Clean
-    && rm -rf /var/lib/apt/lists/*
+# Starship
+ENV STARSHIP_CONFIG=/etc/starship/starship.toml
+
+SHELL ["/bin/bash", "-e", "-o", "pipefail", "-c"]
+
+RUN <<EOF
+# Packages
+apt-get --quiet update
+apt-get --quiet --yes --purge --autoremove upgrade
+apt-get --quiet --yes --no-install-recommends --verbose-versions install \
+    bzip2 \
+    ca-certificates \
+    curl \
+    git \
+    gnupg \
+    gosu \
+    less \
+    libarchive-tools \
+    make \
+    rsync \
+    s6 \
+    socat \
+    sudo \
+    vim \
+    zsh
+# Locale
+apt-get --quiet --yes --no-install-recommends --verbose-versions install \
+    locales
+sed -i "/^# *en_US.UTF-8\b/s/^# *//" /etc/locale.gen
+dpkg-reconfigure locales
+# User
+addgroup --gid ${MANALA_GROUP_ID} lazy
+adduser --home /home/lazy --shell /bin/zsh --uid ${MANALA_USER_ID} --gecos lazy --ingroup lazy --disabled-password lazy
+install --verbose --mode 0755 --group lazy --owner lazy --directory /run/user/${MANALA_USER_ID}
+echo "lazy ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/lazy
+# Gomplate
+curl -sSLf "https://github.com/hairyhenderson/gomplate/releases/download/v${GOMPLATE_VERSION}/gomplate_linux-$(case $(dpkg --print-architecture) in "amd64") echo "amd64" ;; "arm64") echo "arm64" ;; esac)" \
+    --output /usr/local/bin/gomplate
+chmod +x /usr/local/bin/gomplate
+# Direnv
+curl -sSLf "https://github.com/direnv/direnv/releases/download/v${DIRENV_VERSION}/direnv.linux-$(case $(dpkg --print-architecture) in "amd64") echo "amd64" ;; "arm64") echo "arm64" ;; esac)" \
+    --output /usr/local/bin/direnv
+chmod +x /usr/local/bin/direnv
+# Jq
+curl -sSLf "https://github.com/jqlang/jq/releases/download/jq-${JQ_VERSION}/jq-linux-$(case $(dpkg --print-architecture) in "amd64") echo "amd64" ;; "arm64") echo "arm64" ;; esac)" \
+    --output /usr/local/bin/jq
+chmod +x /usr/local/bin/jq
+# Yq
+curl -sSLf "https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_$(case $(dpkg --print-architecture) in "amd64") echo "amd64" ;; "arm64") echo "arm64" ;; esac)" \
+    --output /usr/local/bin/yq
+chmod +x /usr/local/bin/yq
+# Oh My Zsh
+git clone https://github.com/ohmyzsh/ohmyzsh.git /usr/local/share/oh-my-zsh
+# See: https://github.com/ohmyzsh/ohmyzsh/issues/11995
+git clone https://github.com/zsh-users/zsh-autosuggestions.git /usr/local/share/oh-my-zsh/custom/plugins/zsh-autosuggestions
+git clone https://github.com/zsh-users/zsh-syntax-highlighting.git /usr/local/share/oh-my-zsh/custom/plugins/zsh-syntax-highlighting
+echo "ZDOTDIR=/etc/zsh" > /etc/zsh/zshenv
+# Starship
+curl -sSLf "https://github.com/starship/starship/releases/download/v${STARSHIP_VERSION}/starship-$(case $(dpkg --print-architecture) in "amd64") echo "x86_64" ;; "arm64") echo "aarch64" ;; esac)-unknown-linux-musl.tar.gz" \
+    | bsdtar -xvf - -C /usr/local/bin
+echo "Defaults env_keep += STARSHIP_CONFIG" > /etc/sudoers.d/starship
+# Fzf
+curl -sSLf "https://github.com/junegunn/fzf/releases/download/v${FZF_VERSION}/fzf-${FZF_VERSION}-linux_$(case $(dpkg --print-architecture) in "amd64") echo "amd64" ;; "arm64") echo "arm64" ;; esac).tar.gz" \
+    | bsdtar -xvf - -C /usr/local/bin
+chmod +x /usr/local/bin/fzf
+# Clean
+rm -rf /var/lib/apt/lists/*
+EOF
+
+# Locale
+ENV LANG="en_US.UTF-8"
 
 ##########
 # System #
@@ -82,43 +102,49 @@ RUN \
 ENV PIPX_HOME="/usr/local/pipx"
 ENV PIPX_BIN_DIR="/usr/local/bin"
 
-RUN \
-    apt-get --quiet update \
-    && apt-get --quiet --yes --no-install-recommends --verbose-versions install \
-        openssh-client \
-        pipx \
-        python3 \
-        python3-argcomplete \
-        shellcheck \
-        sshpass \
-    # Sudo
-    && echo "Defaults env_keep += \"PIPX_*\"" > /etc/sudoers.d/pipx \
-    # Bash completion
-    && activate-global-python-argcomplete --dest /etc/bash_completion.d \
-    # Clean
-    && rm -rf /var/lib/apt/lists/*
+RUN <<EOF
+apt-get --quiet update
+apt-get --quiet --yes --no-install-recommends --verbose-versions install \
+    openssh-client \
+    pipx \
+    python3 \
+    shellcheck \
+    sshpass
+# Sudo
+echo "Defaults env_keep += \"PIPX_*\"" > /etc/sudoers.d/pipx
+# Clean
+rm -rf /var/lib/apt/lists/*
+EOF
 
 # Ansible
-RUN \
-    pipx install --pip-args="--no-cache-dir" \
-        ansible-core==2.16.9
+RUN <<EOF
+pipx install --pip-args="--no-cache-dir" \
+    ansible-core==2.18.9
+EOF
 
 # Ansible Lint
-RUN \
-    BUILD_PACKAGES=( \
-        libpython3-dev gcc \
-    ) \
-    && apt-get --quiet update \
-    && apt-get --quiet --yes --no-install-recommends --verbose-versions install \
-        "${BUILD_PACKAGES[@]}" \
-    && pipx install --pip-args="--no-cache-dir" \
-        ansible-lint==24.7.0 \
-    # Clean
-    && apt-get --quiet --yes --autoremove purge \
-        "${BUILD_PACKAGES[@]}" \
-    && rm -rf /var/lib/apt/lists/*
+RUN <<EOF
+BUILD_PACKAGES=( \
+    libpython3-dev gcc \
+)
+apt-get --quiet update
+apt-get --quiet --yes --no-install-recommends --verbose-versions install \
+    "${BUILD_PACKAGES[@]}"
+pipx install --pip-args="--no-cache-dir" \
+    ansible-lint[lock]==25.9.1
+# Clean
+apt-get --quiet --yes --autoremove purge \
+    "${BUILD_PACKAGES[@]}"
+rm -rf /var/lib/apt/lists/*
+EOF
+
+# Ansible Creator
+RUN <<EOF
+pipx install --pip-args="--no-cache-dir" \
+    ansible-creator==25.9.0
+EOF
 
 # Run
 COPY docker/entrypoint.sh /
 ENTRYPOINT ["/entrypoint.sh"]
-CMD ["bash"]
+CMD ["zsh"]