stash: broad cleanup pass, including a shellcheck run [wip]

Author: Matthew X. Economou

LICENSE.md

@@ -1,28 +1,47 @@
 ## A few parts of this project are not in the public domain.
 
-### Files licensed under the MIT License
+### Files Licensed Under the MIT License
 
-Several scripts are adapted from their counterparts in the [Docker Official Image for Python](https://github.com/docker-library/python) (`versions.sh`, `apply-templates.sh`, `update.sh`, `generate-stackbrew-library.sh`, `.github/workflows/ci.yml`, `.github/workflows/verify-templating.yml`) and the [Docker Official Image for PostgreSQL](https://github.com/docker-library/postgres) (`docker-entrypoint.sh`), both provided by Docker, Inc., under the terms of the MIT License.
+Several scripts are adapted from their counterparts in the
+[Docker Official Image for Python](https://github.com/docker-library/python)
+(`versions.sh`, `apply-templates.sh`, `update.sh`,
+`generate-stackbrew-library.sh`, `.github/workflows/ci.yml`,
+`.github/workflows/verify-templating.yml`) and the
+[Docker Official Image for PostgreSQL](https://github.com/docker-library/postgres)
+(`docker-entrypoint.sh`), both provided by Docker, Inc., under the
+terms of the MIT License.
 
 ## The rest of this project is in the worldwide public domain.
 
-As a work of the United States Government, this project is in the public domain within the United States.
+As a work of the United States Government, this project is in the
+public domain within the United States.
 
-Additionally, we waive copyright and related rights in the work worldwide through the CC0 1.0 Universal public domain dedication.
+Additionally, we waive copyright and related rights in the work
+worldwide through the CC0 1.0 Universal public domain dedication.
 
 ## CC0 1.0 Universal Summary
 
-This is a human-readable summary of the [Legal Code (read the full text)](https://creativecommons.org/publicdomain/zero/1.0/legalcode).
+This is a human-readable summary of the
+[Legal Code (read the full text)](https://creativecommons.org/publicdomain/zero/1.0/legalcode).
 
 ### No Copyright
 
-The person who associated a work with this deed has dedicated the work to the public domain by waiving all of his or her rights to the work worldwide under copyright law, including all related and neighboring rights, to the extent allowed by law.
+The person who associated a work with this deed has dedicated the work
+to the public domain by waiving all of his or her rights to the work
+worldwide under copyright law, including all related and neighboring
+rights, to the extent allowed by law.
 
-You can copy, modify, distribute, and perform the work, even for commercial purposes, all without asking permission.
+You can copy, modify, distribute, and perform the work, even for
+commercial purposes, all without asking permission.
 
 ### Other Information
 
-In no way are the patent or trademark rights of any person affected by CC0, nor are the rights that other persons may have in the work or in how the work is used, such as publicity or privacy rights.
+In no way are the patent or trademark rights of any person affected by
+CC0, nor are the rights that other persons may have in the work or in
+how the work is used, such as publicity or privacy rights.
 
-Unless expressly stated otherwise, the person who associated a work with this deed makes no warranties about the work, and disclaims liability for all uses of the work, to the fullest extent permitted by applicable law.
-When using or citing the work, you should not imply endorsement by the author or the affirmer.
+Unless expressly stated otherwise, the person who associated a work
+with this deed makes no warranties about the work, and disclaims
+liability for all uses of the work, to the fullest extent permitted by
+applicable law.  When using or citing the work, you should not imply
+endorsement by the author or the affirmer.

README.md

@@ -1,18 +1,28 @@
 # satosa-docker
 
-This is the source repository of the [Docker "Official Image"](https://github.com/docker-library/official-images#what-are-official-images) for [`satosa`](https://hub.docker.com/_/satosa/).
+This is the source repository of the
+[Docker "Official Image"](https://github.com/docker-library/official-images#what-are-official-images)
+for [`satosa`](https://hub.docker.com/_/satosa/).
 
-The image description on Docker Hub is generated from [the docker-library/docs repository](https://github.com/docker-library/docs), specifically [the `satosa` directory](https://github.com/docker-library/docs/tree/master/satosa).
+The image description on Docker Hub is generated from
+[the docker-library/docs repository](https://github.com/docker-library/docs),
+specifically
+[the `satosa` directory](https://github.com/docker-library/docs/tree/master/satosa).
 
 ## See a change merged here that hasn't shown up on Docker Hub?
 
-For more information about the Docker "Official Images" change lifecycle, see [the "An image's source changed in Git, now what?" FAQ entry](https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what).
+For more information about the Docker "Official Images" change
+lifecycle, see
+[the "An image's source changed in Git, now what?" FAQ entry](https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what).
 
-For outstanding `satosa` image PRs, check [PRs with the "library/satosa" label on the official-images repository](https://github.com/docker-library/official-images/labels/library%2Fsatosa). For the current "source of truth" for the `satosa` image, see [the `library/satosa` file in the official-images repository](https://github.com/docker-library/official-images/blob/master/library/satosa).
+For outstanding `satosa` image PRs, check
+[PRs with the "library/satosa" label on the official-images repository](https://github.com/docker-library/official-images/labels/library%2Fsatosa). For
+the current "source of truth" for the `satosa` image, see
+[the `library/satosa` file in the official-images repository](https://github.com/docker-library/official-images/blob/master/library/satosa).
 
 ---
 
--	[![build status badge](https://img.shields.io/github/workflow/status/IdentityPython/satosa-docker/GitHub%20CI/main?label=GitHub%20CI)](https://github.com/IdentityPython/satosa-docker/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amain)
+- [![build status badge](https://img.shields.io/github/workflow/status/IdentityPython/satosa-docker/GitHub%20CI/main?label=GitHub%20CI)](https://github.com/IdentityPython/satosa-docker/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amain)
 
 | Build | Status | Badges | (per-arch) |
 |:-:|:-:|:-:|:-:|
@@ -24,37 +34,62 @@ For outstanding `satosa` image PRs, check [PRs with the "library/satosa" label o
 
 # Contributing
 
-This project uses the [Git feature branch workflow](https://www.atlassian.com/git/tutorials/comparing-workflows/feature-branch-workflow).  Please submit your changes for review as a [GitHub pull request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests).
+This project uses the
+[Git feature branch workflow](https://www.atlassian.com/git/tutorials/comparing-workflows/feature-branch-workflow).
+Please submit your changes for review as a
+[GitHub pull request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests).
 
-In forks of this repository, enable the GitHub Actions workflows. GitHub Actions runs two workflows when developers push commits to a branch. [Verify Templating](actions/workflows/verify-templating.yml) checks for uncommitted changes. [GitHub CI](actions/workflows/ci.yml) builds and tests the container images.
+In forks of this repository, enable the GitHub Actions
+workflows. GitHub Actions runs two workflows when developers push
+commits to a branch.
+[Verify Templating](actions/workflows/verify-templating.yml) checks
+for uncommitted changes. [GitHub CI](actions/workflows/ci.yml) builds
+and tests the container images.
 
 ## Development Environment
 
 This project uses the following software:
 
-- [Docker 20.10 or newer](https://docs.docker.com/engine/install/)
+- [Docker 20.10 or newer](https://docs.docker.com/engine/install/);
 
-- [GNU awk](https://www.gnu.org/software/gawk/), [GNU Find Utilities](https://www.gnu.org/software/findutils/), [GNU Wget](https://www.gnu.org/software/wget/), and [jq](https://stedolan.github.io/jq/), for the templating engine and version tracker
+- [GNU awk](https://www.gnu.org/software/gawk/),
+  [GNU Find Utilities](https://www.gnu.org/software/findutils/),
+  [GNU Wget](https://www.gnu.org/software/wget/), and
+  [jq](https://stedolan.github.io/jq/), for the templating engine and
+  version tracker;
 
-- [GNU Make](https://www.gnu.org/software/make/) and [Go](https://go.dev/), required by bashbrew and manifest-tool
+- [GNU Make](https://www.gnu.org/software/make/) and
+  [Go](https://go.dev/), required by bashbrew and manifest-tool;
 
-- [bashbrew](https://github.com/docker-library/bashbrew), the Docker Official Images build tool
+- [bashbrew](https://github.com/docker-library/bashbrew), the Docker
+  Official Images build tool;
 
-- [manifest-tool](https://github.com/estesp/manifest-tool), which generates the shared tag index
+- [manifest-tool](https://github.com/estesp/manifest-tool), which
+  generates the shared tag index; and
 
-- (optional) [qemu-user-static](https://github.com/multiarch/qemu-user-static), to test containers on other hardware architecture via emulation
+- (optional)
+  [qemu-user-static](https://github.com/multiarch/qemu-user-static),
+  to test containers on other hardware architecture via emulation
 
-Before cloning the repository or working within it, set the [file mode creation mask](https://en.wikipedia.org/wiki/Umask) to `0022` or `u=rwx,g=rx,o=rx`.
+Before cloning the repository or working within it, set the
+[file mode creation mask](https://en.wikipedia.org/wiki/Umask) to
+`0022` or `u=rwx,g=rx,o=rx`.
 
 ## Coding Style
 
-Follow [the Docker Official Images review guidelines](https://github.com/docker-library/official-images#review-guidelines) and [Dockerfile best practices](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/).
+Follow
+[the Docker Official Images review guidelines](https://github.com/docker-library/official-images#review-guidelines)
+and
+[Dockerfile best practices](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/).
 
-In Dockerfiles and shell scripts, please use tabs for indentation instead of spaces.
+In Dockerfiles and shell scripts, please use tabs for indentation
+instead of spaces.
 
 ## Commit Messages
 
-This project uses [Conventional Commits 1.0.0](https://www.conventionalcommits.org/en/v1.0.0/).  Valid commit types are:
+This project uses
+[Conventional Commits 1.0.0](https://www.conventionalcommits.org/en/v1.0.0/).
+Valid commit types are:
 
 - **build**—changes to the build system or external dependencies
 
@@ -68,7 +103,8 @@ This project uses [Conventional Commits 1.0.0](https://www.conventionalcommits.o
 
 - **perf**—a code change that improves performance
 
-- **refactor**—a code change that neither fixes a bug nor adds a feature
+- **refactor**—a code change that neither fixes a bug nor adds a
+  feature
 
 - **test**—new tests or corrections to existing tests
 
@@ -78,52 +114,63 @@ No commit scopes are currently in use.
 
 In a fork of this repository:
 
-1. Review the list of version aliases at the beginning of `generate-stackbrew-library.sh`.
+1. Review the list of version aliases at the beginning of
+   `generate-stackbrew-library.sh`.
 
-2. Run [update.sh](update.sh), specifying the desired major and minor version of SATOSA. For example:
+2. Run [update.sh](update.sh), specifying the desired major and minor
+   version of SATOSA. For example:
 
    ```bash
    ./update.sh 8.1
    ```
 
-3. Remove outdated versions of SATOSA or base container images from `versions.json`, and delete the corresponding SATOSA container image definitions from the repository, e.g., the `8.0/` or `8.1/*alpine3.14*/` folders.
+3. Remove outdated versions of SATOSA or base container images from
+   `versions.json`, and delete the corresponding SATOSA container
+   image definitions from the repository, e.g., the `8.0/` or
+   `8.1/*alpine3.14*/` folders.
 
-4. Mention the new SATOSA or base container version in the commit message subject, reference the release announcement in the commit message body. For example:
+4. Mention the new SATOSA or base container version in the commit
+   message subject, reference the release announcement in the commit
+   message body. For example:
 
-    ```
-    feat: version bump to SATOSA v8.1.0
+  ```
+  feat: version bump to SATOSA v8.1.0
 
-    Cf. https://github.com/IdentityPython/SATOSA/commit/d44b54433c5b817cf0409855881f6f2c80c27f5c
-    ```
+  Cf. https://github.com/IdentityPython/SATOSA/commit/d44b54433c5b817cf0409855881f6f2c80c27f5c
+  ```
 
-    Or for example:
+  Or for example:
 
-    ```
-    feat: version bump to Alpine Linux v3.16
+  ```
+  feat: version bump to Alpine Linux v3.16
 
-    Cf. https://www.alpinelinux.org/posts/Alpine-3.16.0-released.html
-    ```
+  Cf. https://www.alpinelinux.org/posts/Alpine-3.16.0-released.html
+  ```
 
-5. Submit a pull request after both GitHub Actions workflows complete successfully.
+5. Submit a pull request after both GitHub Actions workflows complete
+   successfully.
 
-After accepting a pull request, fork and edit [the Docker Official Images library entry for SATOSA](https://github.com/docker-library/official-images/edit/master/library/satosa):
+After accepting a pull request, fork and edit
+[the Docker Official Images library entry for SATOSA](https://github.com/docker-library/official-images/edit/master/library/satosa):
 
-1. Replace its contents with the output of [generate-stackbrew-library.sh](generate-stackbrew-library.sh).
+1. Replace that file's contents with the output of
+   [generate-stackbrew-library.sh](generate-stackbrew-library.sh).
 
-2. Use a commit message referencing the release announcement. For example:
+2. Use a commit message referencing the release announcement. For
+   example:
 
-   ```
-   Update SATOSA to v8.0.1
+  ```
+  Update SATOSA to v8.0.1
 
-   Cf. https://github.com/IdentityPython/SATOSA/commit/1a408439a6b8855346e5ca2c645dee6ab1ce8c0a
-   ```
+  Cf. https://github.com/IdentityPython/SATOSA/commit/1a408439a6b8855346e5ca2c645dee6ab1ce8c0a
+  ```
 
-    Or for example:
+   Or for example:
 
-   ```
-   Update SATOSA base container images to Alpine Linux v3.16
+  ```
+  Update SATOSA base container images to Alpine Linux v3.16
 
-   Cf. https://www.alpinelinux.org/posts/Alpine-3.16.0-released.html
-   ```
+  Cf. https://www.alpinelinux.org/posts/Alpine-3.16.0-released.html
+  ```
 
 3. Submit a pull request when finished.

apply-templates.sh

@@ -9,7 +9,7 @@ fi
 jqt='.jq-template.awk'
 if [ -n "${BASHBREW_SCRIPTS:-}" ]; then
 	jqt="$BASHBREW_SCRIPTS/jq-template.awk"
-elif [ "$BASH_SOURCE" -nt "$jqt" ]; then
+elif [ "${BASH_SOURCE[0]}" -nt "$jqt" ]; then
 	# https://github.com/docker-library/bashbrew/blob/master/scripts/jq-template.awk
 	wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/1da7341a79651d28fbcc3d14b9176593c4231942/scripts/jq-template.awk'
 fi

generate-stackbrew-library.sh

@@ -5,8 +5,8 @@ declare -A aliases=(
 	[8.4]='8 latest'
 )
 
-self="$(basename "$BASH_SOURCE")"
-cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+self="$(basename "${BASH_SOURCE[0]}")"
+cd "$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")"
 
 if [ "$#" -eq 0 ]; then
 	versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)"
@@ -69,7 +69,7 @@ getArches 'satosa'
 cat <<-EOH
 # This file is generated via https://github.com/IdentityPython/satosa-docker/blob/$(fileCommit "$self")/$self
 
-Maintainers: Matthew X. Economou <economoum@niaid.nih.gov> (@niheconomoum)
+Maintainers: Matthew X. Economou <xenophon+idpy@irtnog.org> (@xenophonf)
 GitRepo: https://github.com/IdentityPython/satosa-docker.git
 GitFetch: refs/heads/main
 EOH

update.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -Eeuo pipefail
 
-cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+cd "$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")"
 
 ./versions.sh "$@"
 ./apply-templates.sh "$@"

versions.sh

@@ -3,7 +3,7 @@ set -Eeuo pipefail
 shopt -s nullglob
 
 # operate in same directory as this script
-cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+cd "$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")"
 
 # when bootstrapping, create a directory for each desired SATOSA
 # version, then run this script with no arguments
@@ -21,9 +21,11 @@ eval $(
 	curl -s https://raw.githubusercontent.com/docker-library/python/master/versions.json \
 		| jq -r '
 			. as $versions
-			| [ $versions|keys[] | select(contains("-rc") | not) ] | sort_by(split(".") | map(tonumber)) | last as $latest
-			| [ $versions | .[$latest].variants[] | select(test("alpine3.19|slim-bookworm")) ] | join(" ") as $variants
-			| @sh "export python_version=\($latest) variants=\($variants)"
+			| [ $versions|keys[] | select(contains("-rc") | not) ] | sort_by(split(".") | map(tonumber)) | last as $latest_python
+			| [ $versions | .[$latest].variants[] | select(test("alpine")) ] | sort_by(ltrimstr("alpine") | split(".") | map(tonumber)) | last as $latest_alpine
+			| [ $versions | .[$latest].variants[] | select(test("slim-bookworm")) ] | join(" ") as $latest_debian
+                        | $latest_alpine + " " + $latest_debian as $variants
+			| @sh "export python_version=\($latest_python) variants=\($variants)"
 		'
 )