add tasks

8 files changed, 209 insertions, 0 deletions

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..de46904
--- /dev/null
+++ b/README.md
@@ -0,0 +1,31 @@
+# concourse
+
+A versioned catalogue of re-usable Concourse bits
+
+## Usage
+
+Include the following resource in the pipeline where you wish to consume a task:
+
+```yaml
+- name: concourse
+  type: git
+  source:
+    uri: https://git.segundo.io/concourse
+```
+
+To use a task, ensure that you `get: concourse` earlier in your plan. Remember to perform any input/output mapping from the generic names _inside_ the task (on the left of the colon), to your specific names _outside_ the task (on the right of the colon).
+
+```yaml
+jobs:
+  name: do-the-thing
+  plan:
+  - get: concourse-tasks
+    # ...
+  - task: tarball-files
+    file: concourse-tasks/tar/task.yml
+    input_mapping: { input: your-directory }
+    output_mapping: { output: name-you-want }
+    params:
+      INCLUDE: file1 file2
+      TARBALL_NAME: my-tarball
+```
diff --git a/tasks/.keep b/tasks/.keep
deleted file mode 100644
index e69de29..0000000
--- a/tasks/.keep
+++ /dev/null
diff --git a/tasks/dgoss/task.yml b/tasks/dgoss/task.yml
new file mode 100644
index 0000000..8727487
--- /dev/null
+++ b/tasks/dgoss/task.yml
@@ -0,0 +1,47 @@
+---
+platform: linux
+image_resource:
+  type: registry-image
+  source: {repository: debian}
+
+inputs:
+  - name: docker-repo
+  - name: image
+
+run:
+  path: /bin/bash
+  args:
+    - -eufo
+    - pipefail
+    - -c
+    - |
+      apt-get update
+      apt-get install --no-install-recommends -y \
+        ca-certificates \
+        curl \
+        fuse-overlayfs \
+        podman
+
+      curl -fsSL https://goss.rocks/install | sh
+
+      export GOSS_SLEEP=${GOSS_SLEEP:-5}
+      export CONTAINER_RUNTIME=${CONTAINER_RUNTIME:-podman}
+      export INPUT_TAR=${INPUT_TAR:-image/image.tar}
+
+      if [ -f docker-repo/goss.yaml ]; then
+        # The default 'mount' strategy uses 'sleep infinity' to keep
+        # the container alive. If there's an ENTRYPOINT or CMD, use 'cp'
+        # instead to prevent dgoss from overriding it.
+        if grep -qE '^(ENTRYPOINT|CMD)' docker-repo/Dockerfile; then
+          export GOSS_FILES_STRATEGY=cp
+        fi
+        goss --gossfile docker-repo/goss.yaml render > goss.yaml
+        dgoss run docker-archive:${INPUT_TAR}
+      else
+        echo "You're a naughty boy, no goss.yaml file found!" >&2
+      fi
+
+params:
+  CONTAINER_RUNTIME:
+  GOSS_SLEEP:
+  INPUT_TAR:
diff --git a/tasks/dockerhub-readme/task.yml b/tasks/dockerhub-readme/task.yml
new file mode 100644
index 0000000..d81d1b3
--- /dev/null
+++ b/tasks/dockerhub-readme/task.yml
@@ -0,0 +1,32 @@
+---
+platform: linux
+image_resource:
+  type: registry-image
+  source:
+    repository: peterevans/dockerhub-description
+    tag: 3
+
+inputs:
+  - name: docker-repo
+
+run:
+  path: ash
+  args:
+    - -eufo
+    - pipefail
+    - -c
+    - |
+      if [ -f "${README_FILEPATH}" ]; then
+        echo "DOCKERHUB_REPOSITORY=${DOCKERHUB_REPOSITORY}"
+        echo "SHORT_DESCRIPTION=${SHORT_DESCRIPTION:-}"
+        sh /entrypoint.sh
+      else
+        echo "No README.md found at ${README_FILEPATH}"
+      fi
+
+params:
+  DOCKERHUB_USERNAME:
+  DOCKERHUB_PASSWORD:
+  DOCKERHUB_REPOSITORY:
+  README_FILEPATH: docker-repo/README.md
+  SHORT_DESCRIPTION:
diff --git a/tasks/hadolint/task.yml b/tasks/hadolint/task.yml
new file mode 100644
index 0000000..40cf683
--- /dev/null
+++ b/tasks/hadolint/task.yml
@@ -0,0 +1,22 @@
+---
+platform: linux
+image_resource:
+  type: registry-image
+  source:
+    repository: docker.io/hadolint/hadolint
+    tag: latest-debian
+
+inputs:
+  - name: docker-repo
+
+run:
+  path: bash
+  args:
+    - -eufo
+    - pipefail
+    - -c
+    - |
+      hadolint "${DOCKERFILE}"
+
+params:
+  DOCKERFILE: docker-repo/Dockerfile
diff --git a/tasks/markdownlint/task.yml b/tasks/markdownlint/task.yml
new file mode 100644
index 0000000..62c5921
--- /dev/null
+++ b/tasks/markdownlint/task.yml
@@ -0,0 +1,24 @@
+---
+platform: linux
+image_resource:
+  type: registry-image
+  source:
+    repository: ghcr.io/igorshubovych/markdownlint-cli
+    tag: latest
+
+inputs:
+  - name: repo
+
+run:
+  path: ash
+  args:
+    - -eufo
+    - pipefail
+    - -c
+    - |
+      echo "PARAMS=${PARAMS:-}"
+      cd repo
+      markdownlint ${PARAMS}
+
+params:
+  PARAMS: '**/*.md'
diff --git a/tasks/shellcheck/task.yml b/tasks/shellcheck/task.yml
new file mode 100644
index 0000000..3a9c40d
--- /dev/null
+++ b/tasks/shellcheck/task.yml
@@ -0,0 +1,25 @@
+---
+platform: linux
+image_resource:
+  type: registry-image
+  source:
+    repository: alpine
+    tag: latest
+
+inputs:
+  - name: repo
+
+run:
+  path: ash
+  args:
+    - -eufo
+    - pipefail
+    - -c
+    - |
+      apk add --no-progress --no-interactive shellcheck findutils
+      shellcheck --version
+      find repo/ \
+        -type f \
+        -name '*.sh' \
+        -print0 |\
+          xargs -r0 shellcheck -x
diff --git a/tasks/trivy-image/task.yml b/tasks/trivy-image/task.yml
new file mode 100644
index 0000000..59940a9
--- /dev/null
+++ b/tasks/trivy-image/task.yml
@@ -0,0 +1,28 @@
+---
+platform: linux
+image_resource:
+  type: registry-image
+  source: {repository: docker.io/aquasec/trivy}
+
+inputs:
+  - name: docker-repo
+  - name: image
+
+run:
+  path: ash
+  args:
+    - -euo
+    - pipefail
+    - -c
+    - |
+      trivy image \
+        --ignore-unfixed \
+        --severity HIGH,CRITICAL \
+        --exit-code ${EXIT_CODE} \
+        --ignorefile "${TRIVY_IGNORE}" \
+        --input "${INPUT_TAR}"
+
+params:
+  TRIVY_IGNORE: docker-repo/.trivyignore
+  INPUT_TAR: image/image.tar
+  EXIT_CODE: 1