ci: minor cleanup

sebthom · sebthom · commit 2b947030ffbe · 2025-05-21T19:53:26.000+02:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -53,9 +53,7 @@ jobs:
     strategy:
       matrix:
         SOFTHSM_VERSION: [ "latest", "develop" ]
-        DOCKER_BASE_IMAGE:
-        - ghcr.io/dockerhub-mirror/alpine:latest
-        - ghcr.io/dockerhub-mirror/debian:stable-slim
+        DOCKER_BASE_IMAGE: [ alpine:latest, "debian:stable-slim" ]
 
     steps:
     - name: "Show: GitHub context"
@@ -148,7 +146,7 @@ jobs:
 
     - name: Build ${{ env.DOCKER_REPO_NAME }}:${{ matrix.SOFTHSM_VERSION }}
       env:
-        DOCKER_BASE_IMAGE: ${{ matrix.DOCKER_BASE_IMAGE }}
+        DOCKER_BASE_IMAGE: ghcr.io/dockerhub-mirror/${{ matrix.DOCKER_BASE_IMAGE }}
         DOCKER_IMAGE_REPO: ${{ github.repository_owner }}/${{ env.DOCKER_REPO_NAME }}
         SOFTHSM_VERSION: ${{ matrix.SOFTHSM_VERSION }}
         TRIVY_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -1,4 +1,4 @@
-# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
+# https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions
 name: Stale issues
 
 on:
diff --git a/README.md b/README.md
@@ -16,7 +16,7 @@
 
 > **SoftHSM has been developed for development purposes only. Don't use in production!**
 
-Docker image to run a virtual HSM (Hardware Security Module) network service based on [SoftHSM2](https://github.com/softhsm/SoftHSMv2) and
+Multi-arch Docker image to run a virtual HSM (Hardware Security Module) network service based on [SoftHSM2](https://github.com/softhsm/SoftHSMv2) and
 [pkcs11-proxy](https://github.com/SUNET/pkcs11-proxy/).
 
 Client applications can communicate with the HSM via TCP/TLS using libpkcs11-proxy.so and an OpenSSL TLS-PSK:
diff --git a/build-image.sh b/build-image.sh
@@ -83,7 +83,7 @@ image_name=${tags[0]}
 # build the image
 #################################################
 log INFO "Building docker image [$image_name]..."
-if [[ $OSTYPE == cygwin || $OSTYPE == msys ]]; then
+if [[ $OSTYPE == "cygwin" || $OSTYPE == "msys" ]]; then
    project_root=$(cygpath -w "$project_root")
 fi
 
@@ -97,7 +97,7 @@ esac
 set -x
 
 docker --version
-export DOCKER_BUILD_KIT=1
+export DOCKER_BUILDKIT=1
 export DOCKER_CLI_EXPERIMENTAL=1 # prevents "docker: 'buildx' is not a docker command."
 
 # Register QEMU emulators for all architectures so Docker can run and build multi-arch images
@@ -111,6 +111,7 @@ echo "
 
 docker buildx version # ensures buildx is enabled
 docker buildx create --config /etc/buildkitd.toml --use # prevents: error: multiple platforms feature is currently not supported for docker driver. Please switch to a different driver (eg. "docker buildx create --use")
+trap 'docker buildx stop' EXIT
 # shellcheck disable=SC2154,SC2046  # base_layer_cache_key is referenced but not assigned / Quote this to prevent word splitting
 docker buildx build "$project_root" \
    --file "image/$dockerfile" \
@@ -129,18 +130,17 @@ docker buildx build "$project_root" \
    --build-arg PKCS11_PROXY_SOURCE_URL="https://codeload.github.com/smallstep/pkcs11-proxy/tar.gz/refs/heads/master" \
    `#--build-arg PKCS11_PROXY_SOURCE_URL="https://codeload.github.com/scobiej/pkcs11-proxy/tar.gz/refs/heads/osx-openssl1-1"` \
    `#--build-arg PKCS11_PROXY_SOURCE_URL="https://codeload.github.com/SUNET/pkcs11-proxy/tar.gz/refs/heads/master"` \
-   $(if [[ ${ACT:-} == true || ${DOCKER_PUSH:-} != true ]]; then \
+   $(if [[ ${ACT:-} == "true" || ${DOCKER_PUSH:-} != "true" ]]; then \
       echo -n "--load --output type=docker"; \
    else \
       echo -n "--platform linux/amd64,linux/arm64" `# ,linux/arm/v7"`; \
    fi) \
    "${tag_args[@]}" \
-   $(if [[ ${DOCKER_PUSH:-} == true ]]; then echo -n "--push"; fi) \
+   $(if [[ ${DOCKER_PUSH:-} == "true" ]]; then echo -n "--push"; fi) \
    "$@"
-docker buildx stop
 set +x
 
-if [[ ${DOCKER_PUSH:-} == true ]]; then
+if [[ ${DOCKER_PUSH:-} == "true" ]]; then
    docker image pull "$image_name"
 fi
 
@@ -157,15 +157,15 @@ echo
 #################################################
 # perform security audit
 #################################################
-if [[ ${DOCKER_AUDIT_IMAGE:-1} == 1 ]]; then
+if [[ ${DOCKER_AUDIT_IMAGE:-1} == "1" ]]; then
    bash "$shared_lib/cmd/audit-image.sh" "$image_name"
 fi
 
 
 #################################################
 # push image to ghcr.io
 #################################################
-if [[ ${DOCKER_PUSH_GHCR:-} == true ]]; then
+if [[ ${DOCKER_PUSH_GHCR:-} == "true" ]]; then
    for tag in "${tags[@]}"; do
       set -x
       docker run --rm \
diff --git a/client.alpine.Dockerfile b/client.alpine.Dockerfile
@@ -1,9 +1,7 @@
-# Copyright 2021 by Vegard IT GmbH, Germany, https://vegardit.com
+# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com)
+# SPDX-FileContributor: Sebastian Thomschke
 # SPDX-License-Identifier: Apache-2.0
-#
-# Author: Sebastian Thomschke, Vegard IT GmbH
-#
-# https://github.com/vegardit/docker-softhsm2-pkcs11-proxy
+# SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-softhsm2-pkcs11-proxy
 
 FROM alpine:latest
 
diff --git a/client.debian.Dockerfile b/client.debian.Dockerfile
@@ -1,9 +1,7 @@
-# Copyright 2021 by Vegard IT GmbH, Germany, https://vegardit.com
+# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com)
+# SPDX-FileContributor: Sebastian Thomschke
 # SPDX-License-Identifier: Apache-2.0
-#
-# Author: Sebastian Thomschke, Vegard IT GmbH
-#
-# https://github.com/vegardit/docker-softhsm2-pkcs11-proxy
+# SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-softhsm2-pkcs11-proxy
 
 FROM debian:stable-slim
 
diff --git a/image/init-token.sh b/image/init-token.sh
@@ -1,11 +1,9 @@
 #!/usr/bin/env bash
 #
-# Copyright 2021 by Vegard IT GmbH, Germany, https://vegardit.com
+# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com)
+# SPDX-FileContributor: Sebastian Thomschke
 # SPDX-License-Identifier: Apache-2.0
-#
-# Author: Sebastian Thomschke, Vegard IT GmbH
-#
-# https://github.com/vegardit/docker-softhsm2-pkcs11-proxy
+# SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-softhsm2-pkcs11-proxy
 
 # shellcheck disable=SC1091  # Not following: /opt/bash-init.sh was not specified as input
 type -t log >/dev/null || source /opt/bash-init.sh
diff --git a/image/run.sh b/image/run.sh
@@ -1,14 +1,12 @@
 #!/usr/bin/env bash
 #
-# Copyright 2021 by Vegard IT GmbH, Germany, https://vegardit.com
+# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com)
+# SPDX-FileContributor: Sebastian Thomschke
 # SPDX-License-Identifier: Apache-2.0
-#
-# Author: Sebastian Thomschke, Vegard IT GmbH
-#
-# https://github.com/vegardit/docker-softhsm2-pkcs11-proxy
+# SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-softhsm2-pkcs11-proxy
 
 # shellcheck disable=SC1091  # Not following: /opt/bash-init.sh was not specified as input
-source /opt/bash-init.sh
+source /opt/bash-init.sh  # https://github.com/vegardit/docker-shared/blob/v1/lib/bash-init.sh
 
 #################################################
 # print header

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions`
	`1`	`+# https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions`
`2`	`2`	`name: Stale issues`
`3`	`3`
`4`	`4`	`on:`