Initial seperation of containers

Author: matthewbaggett

.actrc

@@ -0,0 +1,10 @@
+--use-new-action-cache
+--action-cache-path=.github/cache/act/actions
+--cache-server-path=.github/cache/act/cache
+--artifact-server-path=.github/cache/act/artifacts
+--artifact-server-port=34007
+--platform self-hosted=ghcr.io/catthehacker/ubuntu:act-latest
+--platform ubuntu-latest=ghcr.io/catthehacker/ubuntu:act-latest
+--platform ubuntu-22.04=ghcr.io/catthehacker/ubuntu:act-22.04
+--platform ubuntu-20.04=ghcr.io/catthehacker/ubuntu:act-20.04
+--platform ubuntu-18.04=ghcr.io/catthehacker/ubuntu:act-18.04

.github/workflows/mysql-proxy.yml

@@ -0,0 +1,67 @@
+name: Build MySQL Proxy
+
+permissions:
+  contents: read
+  packages: write
+
+on:
+  workflow_call:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: "0 14 * * 2" # 2pm Patch Tuesday
+
+concurrency:
+  group: ${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  mysql-proxy-build:
+    name: "Build"
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Setup: Setup QEMU"
+        uses: docker/setup-qemu-action@v3
+
+      - name: "Setup: Expose GitHub Runtime"
+        uses: crazy-max/ghaction-github-runtime@v3
+
+      - name: "Setup: Setup Docker Buildx"
+        uses: docker/setup-buildx-action@v2
+
+      - name: "Setup: Login to Docker Hub"
+        uses: docker/login-action@v3
+        with:
+          username: matthewbaggett
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: "Setup: Login to GHCR"
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: matthewbaggett
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: "Setup: Checkout Source"
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: |
+            mysql-proxy
+
+      - name: "Build: Build & Push Image"
+        uses: docker/build-push-action@v5
+        with:
+          context: mysql-proxy
+          target: mysql-proxy
+          platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
+          pull: true
+          push: true
+          tags: |
+            ${{ !env.ACT && 'benzine/mysql-proxy:latest' || '' }}
+            ${{ !env.ACT && 'ghcr.io/benzine-framework/mysql-proxy:latest' || 'ghcr.io/benzine-framework/mysql-proxy:devel' }}
+          cache-from: ${{ !env.ACT && 'type=gha' || '' }}
+          cache-to: ${{ !env.ACT && 'type=gha,mode=max' || '' }}
+          build-contexts: |
+            marshall:version=docker-image://ghcr.io/benzine-framework/marshall:focal

.github/workflows/trunk.cache.yml

@@ -0,0 +1,36 @@
+name: Trunk Cache
+
+permissions: read-all
+
+on:
+  workflow_call:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - .trunk/trunk.yaml
+  schedule:
+    - cron: "0 9 * * 1" # 9am Tooling Monday
+
+concurrency:
+  group: ${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  trunk-cache:
+    name: Trunk Cache
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+    steps:
+      - name: "Setup PHP"
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.3
+      - name: "Checkout"
+        uses: actions/checkout@v4
+      - name: "Trunk Cache"
+        uses: trunk-io/trunk-action@v1
+        with:
+          check-mode: populate_cache_only

.github/workflows/trunk.check.yml

@@ -0,0 +1,33 @@
+name: Trunk Check
+
+permissions: read-all
+
+on:
+  workflow_call:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: "0 11 * * 2" # 11am Patch Tuesday
+
+concurrency:
+  group: ${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  trunk-check:
+    name: Trunk Check Runner
+    runs-on: ubuntu-latest
+    permissions:
+      checks: write # For trunk to post annotations
+      contents: read # For repo checkout
+    steps:
+      - name: "Setup PHP"
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.3
+      - name: "Checkout"
+        uses: actions/checkout@v4
+      - name: "Trunk Check"
+        uses: trunk-io/trunk-action@v1

.github/workflows/trunk.upgrade.yml

@@ -0,0 +1,47 @@
+name: Trunk Upgrade
+
+permissions: read-all
+
+on:
+  workflow_call:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - .trunk/trunk.yaml
+      - .github/workflows/trunk.upgrade.yml
+  schedule:
+    - cron: "0 11 * * 1" # 11am Tooling Monday
+
+concurrency:
+  group: ${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  trunk-upgrade:
+    name: Upgrade Trunk
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # For trunk to create PRs
+      pull-requests: write # For trunk to create PRs
+    steps:
+      - name: "Setup PHP"
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.3
+      - name: "Checkout"
+        uses: actions/checkout@v4
+      - name: "Trunk Upgrade"
+        uses: trunk-io/trunk-action/upgrade@v1
+      - name: "PR: Find Pull Request"
+        uses: juliangruber/find-pull-request-action@v1
+        id: find-pull-request
+        with:
+          labels: trunk
+      - name: "PR: Enable Pull Request Automerge"
+        continue-on-error: true
+        uses: peter-evans/enable-pull-request-automerge@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          pull-request-number: ${{ steps.find-pull-request.outputs.number }}

.gitignore

@@ -0,0 +1,3 @@
+/.idea
+/vendor/
+/.secrets

.trunk/configs/.checkov.yaml

@@ -0,0 +1,3 @@
+---
+skip-check:
+  - CKV_SECRET_* # Skip all checks that start with CKV_SECRET, we already have gitleaks doing this.

.trunk/configs/.gitleaks.toml

@@ -0,0 +1,3 @@
+title = "Gitleaks config"
+[extend]
+useDefault = true

.trunk/configs/.gitleaksignore

@@ -0,0 +1,3 @@
+ignored:
+  - DL3006
+  - DL3008