Resume Repo with Gitea

Published: Nov 21, 2023 by Isaac Johnson

I recently read an article by Bui Dang Binh/Bing on using GIT to drive one’s resume.

Part of his pitch for using GIT was:

  1. Version Control
  2. Collaboration with others
  3. Backup and Safety
  4. Streamlined workflow

I’ve been using Google Docs for a very long time to hold my Resume.

/content/images/2023/11/resume-01.png

I add revisions and occasionally try and create blocks for specific applications. That is, a few times I’ve tried for ‘stretch jobs’ where I’m angling for a career advancement to a title I’ve yet to achieve (e.g. C-suite or VP).

Other times, it’s for a company I get really sold on for their mission or IP and I rework it for an Individual Contributor role.

The problem for me (and go ahead, call me an old man gray hair) is I have TOO much experience.

/content/images/2023/11/isaacjohnson_cartoon_of_recruiter_at_desk_saying_something_sup_67cc7e0c-c980-4d80-9cab-d5f8d5807b7b.jpg

Then the question becomes, what is relevant to the position for which I’m applying? What would be really attention getting and what would be seen as noise.

For people in later stages of our careers, what do we start to leave off? I mean, other than for chuckles, I could hardly imagine a future position that would care to know I worked the VCR rental POS machine at a grocery store when I was 16 in the 1990s.

Let’s first discuss some Resume Patterns one can use:

The Uber Resume

There was a point that I had someone give me the suggestion to create a massive “everything” resume. It wouldn’t matter if it was 40 pages mono-spaced with single lines,

But then I had this big giant document that got unwieldy, and I had to play copy-paste games to create each new draft.

Version control in Doc names

To date, this is what I have done. I have a major and minor (and occasionally bugfix) - $Mjr.$Min.$Bug` .. the idea is that if I made a mistake (typo, small issue in formatting or year), I could revise the last revision with a point release (1.13 to 1.13.1 to denote a minor modification or correction)

A more substantial update, like a large job experience or engagement would create a minor release (1.13 to 1.14). Only wide expansive changes would push me to revise the major.

I also would sometimes create an “ICR” variant for “Individual Contributor Role”. In my station in life, I have the option to go Management, Architecture, or ICR (if it’s a particularily unique company).

Troubles with multiple versions and Google Docs

But then I have these side versions and it gets messy. And none of this really fixes generation of alternative formats.

As anyone who has used “Save as Word Doc” from Google Docs, or frankly any other office editor from any other time in history, you know it won’t look the same in MS Word.

Benefits of a Git-based approach (As I see it)

1. Revision control when using Markdown.

As the original author pointed out, versioning is great. But more importantly, basing things on an immutable SHA in a repo allows hot fixes and merge backs a lot easier than brining up two graphical documents side by side and visually comparing.

A smaller but key component of GIT is that it’s an industry standard. I might have to rebuild some workflows and relaunch agents, but I should be able to sync and migrate between Github, Gitlab and Gitea with relative ease. (I hate abhor lock-in)

2. PRs for WIP

It also allows for Work In Progress, that is, candidate changes. Just as I’m writing this blog entry now, I do it in chunks as inspired. I’ll save aside the file and come back to it on it’s own branch. I could create a Pull Request for other people to review. I could only see that being of benefit if a close connection is trying to bring me in and I want her to review what I wrote. However, in my experience, that is very rare – to seek reviews at the Resume stage.

3. Release Branches for former Applications

There is a particular company, whom I won’t name, for whom I would really love to work. I’ve applied over the years a few times. Sometimes getting pretty far. The thing is, their backend resume system apparently drops things over time, moreover, if I have a resume in there when I come back, it’s often very out of date. I almost want a branch for that employer.

4. Projects in Github

I have this rather strange idea - using Issues and Project boards in Github/Gitea/Gitlab to actually drive some of my “resume-driven development”. Sometimes, one knows they lack certain specific skills or certifications for that next role. Having them as a list - actionable tickets - might be of benefit.

To be honest, I’ve maintained my Azure certification for as long as I have not because my employer desires it (GCP yes, Azure, not so much). I do this because I like Azure, I want to use it more, and I want employers to see that as a “oh, he knows Azure already” note.

I could also see them collecting feedback from recruiters if you are declined on a role. Good requirements that drive future actions and learnings.

5. Extras :: Side-quests

We all have passion projects, hobbies and community engagements of some form or another. That could include missional work with a religious body, volunteer work in a community, or mentoring. In some cases, you may feel that would be of import to a particular employer. In others, it would be noise.

It would be nice to design a system that has these content plugins you could optionally drop in an application.

The How

So far, we talked at length about the what and why. It’s time to dig into the HOW

A challenge that immediately came to mind is “what about cell phone and address?”

I’m not really sure I want that exposed, by default, globally.

/content/images/2023/11/resume-03.png

I’m thinking that is a lot like a PAT or Secret - something we will pull in at build time, perhaps even setting inside the artifact, but not shared out globally.

I’ll create a new repo. For this, I’ll use Gitea I host internally on my on-prem K3s cluster.

/content/images/2023/11/resume-04.png

I’ll start with it to be private (we’ll come back later to this and have it be public)

/content/images/2023/11/resume-05.png

I’ll clone it and init the main

builder@LuiGi17:~/Workspaces$ git clone https://gitea.freshbrewed.science/builder/resume.git
Cloning into 'resume'...
Username for 'https://gitea.freshbrewed.science': builder
Password for 'https://builder@gitea.freshbrewed.science':
warning: You appear to have cloned an empty repository.
builder@LuiGi17:~/Workspaces$ cd resume/
builder@LuiGi17:~/Workspaces/resume$ git checkout -b main
Switched to a new branch 'main'
builder@LuiGi17:~/Workspaces/resume$ vi resume.md

I’ll npm init and add the md-to-pdf

builder@LuiGi17:~/Workspaces/resume$ npm init
This utility will walk you through creating a package.json file.
It only covers the most common items, and tries to guess sensible defaults.

See `npm help init` for definitive documentation on these fields
and exactly what they do.

Use `npm install <pkg>` afterwards to install a package and
save it as a dependency in the package.json file.

Press ^C at any time to quit.
package name: (resume)
version: (1.0.0)
description:
entry point: (index.js)
test command:
git repository:
keywords:
author:
license: (ISC)
About to write to /home/builder/Workspaces/resume/package.json:

{
  "name": "resume",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC"
}


Is this OK? (yes) yes
npm notice
npm notice New minor version of npm available! 10.1.0 -> 10.2.3
npm notice Changelog: https://github.com/npm/cli/releases/tag/v10.2.3
npm notice Run npm install -g npm@10.2.3 to update!
npm notice
builder@LuiGi17:~/Workspaces/resume$ nvm list
       v14.21.3
       v16.20.2
       v18.18.1
->      v20.8.0
default -> node (-> v20.8.0)
iojs -> N/A (default)
unstable -> N/A (default)
node -> stable (-> v20.8.0) (default)
stable -> 20.8 (-> v20.8.0) (default)
lts/* -> lts/iron (-> N/A)
lts/argon -> v4.9.1 (-> N/A)
lts/boron -> v6.17.1 (-> N/A)
lts/carbon -> v8.17.0 (-> N/A)
lts/dubnium -> v10.24.1 (-> N/A)
lts/erbium -> v12.22.12 (-> N/A)
lts/fermium -> v14.21.3
lts/gallium -> v16.20.2
lts/hydrogen -> v18.18.2 (-> N/A)
lts/iron -> v20.9.0 (-> N/A)
builder@LuiGi17:~/Workspaces/resume$ npm install --save md-to-pdf

added 225 packages, and audited 226 packages in 29s

14 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

I needed to add some packages to sort out headless chrome

sudo apt install libnss3-dev libgdk-pixbuf2.0-dev libgtk-3-dev libxss-dev

I also added a run target in package.json

builder@LuiGi17:~/Workspaces/resume$ cat package.json
{
  "name": "resume",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1",
    "makepdf": "md-to-pdf resume.md"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "md-to-pdf": "^5.2.4"
  }
}

I’ll make a quick sample resume (mostly to test Div tag alignment)

builder@LuiGi17:~/Workspaces/resume$ cat resume.md
# Isaac Johnson
### Cloud Architect / SRE

<div style="text-align: right"> 555-555-5555<br/>isaac@freshbrewed.science </div>

# Experience

afsadf

Now can I run it

builder@LuiGi17:~/Workspaces/resume$ npm run makepdf

> resume@1.0.0 makepdf
> md-to-pdf resume.md


  Puppeteer old Headless deprecation warning:
    In the near future `headless: true` will default to the new Headless mode
    for Chrome instead of the old Headless implementation. For more
    information, please see https://developer.chrome.com/articles/new-headless/.
    Consider opting in early by passing `headless: "new"` to `puppeteer.launch()`
    If you encounter any bugs, please report them to https://github.com/puppeteer/puppeteer/issues/new/choose.

  ✔ generating PDF from resume.md

I think it looks plain but still pretty good:

/content/images/2023/11/resume-06.png

I’m thinking I could substitute in real values, like phone number, using env vars and a step.

e.g.

$ sed -i s/555-555-5555/555-666-7777/g resume.md  && npm run makepdf && git checkout -- resume.md

/content/images/2023/11/resume-07.png

Which created

/content/images/2023/11/resume-08.png

I’m going to want to enable Gitea Actions next. I often forget to enable Actions on new repos.

/content/images/2023/11/resume-09c.png

Because the Gitea runner I have runs as root, I had some challenges running Chromium

> resume@1.0.0 makepdf
> md-to-pdf resume.md
[12:33:33] generating PDF from resume.md [started]
  Puppeteer old Headless deprecation warning:
    In the near future `headless: true` will default to the new Headless mode
    for Chrome instead of the old Headless implementation. For more
    information, please see https://developer.chrome.com/articles/new-headless/.
    Consider opting in early by passing `headless: "new"` to `puppeteer.launch()`
    If you encounter any bugs, please report them to https://github.com/puppeteer/puppeteer/issues/new/choose.
[12:33:33] generating PDF from resume.md [failed]
[12:33:33] → Failed to launch the browser process!
[1107/123333.562164:ERROR:zygote_host_impl_linux.cc(100)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.
TROUBLESHOOTING: https://pptr.dev/troubleshooting
ListrError: Something went wrong
    at /workspace/builder/resume/node_modules/listr/index.js:102:18
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async main (/workspace/builder/resume/node_modules/md-to-pdf/dist/cli.js:120:5) {
  errors: [
    Error: Failed to launch the browser process!
    [1107/123333.562164:ERROR:zygote_host_impl_linux.cc(100)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.


    TROUBLESHOOTING: https://pptr.dev/troubleshooting

        at Interface.onClose (/workspace/builder/resume/node_modules/@puppeteer/browsers/lib/cjs/launch.js:271:24)
        at Interface.emit (node:events:525:35)
        at Interface.close (node:readline:590:8)
        at Socket.onend (node:readline:280:10)
        at Socket.emit (node:events:525:35)
        at endReadableNT (node:internal/streams/readable:1358:12)
        at processTicksAndRejections (node:internal/process/task_queues:83:21)
  ],
  context: [Object: null prototype] {}
}

The key to fixing that was to add a --no-sandbox option to the invokation (makepdfr)

$ cat package.json
{
  "name": "resume",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1",
    "makepdf": "md-to-pdf resume.md",
    "makepdfr": "md-to-pdf --launch-options '{ \"args\": [\"--no-sandbox\"] }' resume.md"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "md-to-pdf": "^5.2.4"
  }
}

My build.yaml file then looked as such

name: Gitea Actions Demo
run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
on: [push]
jobs:
  Explore-Gitea-Actions:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v3
      - name: apt
        run: |
          # if running as non-root, add sudo
          apt update
          apt install -y libnss3-dev libgdk-pixbuf2.0-dev libgtk-3-dev libxss-dev libasound2
      - name: Npm
        run: |
          npm install
      - name: NpmMakePDF
        run: |
          # need no sandbox for root user
          npm run makepdfr
      - run: echo "💡 The ${{ gitea.repository }} repository has been cloned to the runner."
      - run: echo "🖥️ The workflow is now ready to test your code on the runner."
      - name: List files in the repository
        run: |
          ls ${{ gitea.workspace }}
      - run: echo "🍏 This job's status is ${{ gitea.status }}."

We can see it built the PDF

/content/images/2023/11/resume-09b.png

I mean, that is great and all. But the PDF sitting in ephemeral build output won’t do me much good.

I’ll want to upload an artifact and create a release.

To do the release, I’ll need a token which we can generate under our user settings

/content/images/2023/11/resume-10.png

I can then add it as a repo secret to the Resume repo

/content/images/2023/11/resume-11.png

and see that it’s saved

/content/images/2023/11/resume-12.png

Now I’ll try and use it

name: Gitea Actions Demo
run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
on: [push]
jobs:
  Explore-Gitea-Actions:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v3
      - name: apt
        run: |
          # if running as non-root, add sudo
          apt update
          apt install -y libnss3-dev libgdk-pixbuf2.0-dev libgtk-3-dev libxss-dev libasound2
      - name: Npm
        run: |
          npm install
      - name: NpmMakePDF
        run: |
          # need no sandbox for root user
          npm run makepdfr
      - name: Upload the Resume Artifact
        uses: actions/upload-artifact@v3
        with:
          name: Resume-${{ matrix.node-version }}
          path: /*.pdf
      - name: setup go
        uses: https://github.com/actions/setup-go@v4
        with:
          go-version: '>=1.20.1'
      - name: Create Release 
        id: use-go-action
        uses: https://gitea.com/actions/release-action@main
        with:
          files: /*.pdf            
          api_key: '${{secrets.RELEASE_TOKEN}}'
      - run: echo "💡 The ${{ gitea.repository }} repository has been cloned to the runner."
      - run: echo "🖥️ The workflow is now ready to test your code on the runner."
      - name: List files in the repository
        run: |
          ls ${{ gitea.workspace }}
      - run: echo "🍏 This job's status is ${{ gitea.status }}."

I found I had a lot of issues in the artifact name, but upon closer look, I realized the errors were “404” responses. This lead me to find that Artifact Uploads weren’t added until 1.20.x and I’m running Gitea 1.19.3 presently

Let’s update to the latest 1.20.5. (Spoiler alert, there be dragons ahead - save thy repos locally!)

builder@DESKTOP-QADGF36:~/Workspaces/resume$ helm get values gitea -o yaml > gitea.values.yaml

builder@DESKTOP-QADGF36:~/Workspaces/resume$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Unable to get an update from the "myharbor" chart repository (https://harbor.freshbrewed.science/chartrepo/library):
        failed to fetch https://harbor.freshbrewed.science/chartrepo/library/index.yaml : 404 Not Found
...Unable to get an update from the "freshbrewed" chart repository (https://harbor.freshbrewed.science/chartrepo/library):
        failed to fetch https://harbor.freshbrewed.science/chartrepo/library/index.yaml : 404 Not Found
...Successfully got an update from the "nfs" chart repository
...Successfully got an update from the "portainer" chart repository
...Successfully got an update from the "btungut" chart repository
...Successfully got an update from the "zabbix-community" chart repository
...Successfully got an update from the "azure-samples" chart repository
...Successfully got an update from the "hashicorp" chart repository
...Successfully got an update from the "actions-runner-controller" chart repository
...Successfully got an update from the "dapr" chart repository
...Successfully got an update from the "gitea-charts" chart repository
...Successfully got an update from the "kiwigrid" chart repository
...Successfully got an update from the "akomljen-charts" chart repository
...Unable to get an update from the "epsagon" chart repository (https://helm.epsagon.com):
        Get "https://helm.epsagon.com/index.yaml": dial tcp: lookup helm.epsagon.com on 172.22.64.1:53: no such host
...Successfully got an update from the "castai-helm" chart repository
...Successfully got an update from the "kubecost" chart repository
...Successfully got an update from the "longhorn" chart repository
...Successfully got an update from the "lifen-charts" chart repository
...Successfully got an update from the "datadog" chart repository
...Successfully got an update from the "signoz" chart repository
...Successfully got an update from the "harbor" chart repository
...Successfully got an update from the "openzipkin" chart repository
...Successfully got an update from the "argo-cd" chart repository
...Successfully got an update from the "incubator" chart repository
...Successfully got an update from the "grafana" chart repository
...Successfully got an update from the "gitlab" chart repository
...Successfully got an update from the "newrelic" chart repository
...Successfully got an update from the "kube-state-metrics" chart repository
...Successfully got an update from the "ngrok" chart repository
...Successfully got an update from the "prometheus-community" chart repository
...Successfully got an update from the "opencost" chart repository
...Successfully got an update from the "jfelten" chart repository
...Successfully got an update from the "confluentinc" chart repository
...Successfully got an update from the "adwerx" chart repository
...Successfully got an update from the "sonarqube" chart repository
...Successfully got an update from the "kuma" chart repository
...Successfully got an update from the "novum-rgi-helm" chart repository
...Successfully got an update from the "rhcharts" chart repository
...Successfully got an update from the "nginx-stable" chart repository
...Successfully got an update from the "sumologic" chart repository
...Successfully got an update from the "open-telemetry" chart repository
...Successfully got an update from the "elastic" chart repository
...Successfully got an update from the "rook-release" chart repository
...Successfully got an update from the "crossplane-stable" chart repository
...Successfully got an update from the "rancher-latest" chart repository
...Successfully got an update from the "uptime-kuma" chart repository
...Successfully got an update from the "bitnami" chart repository
Update Complete. ⎈Happy Helming!⎈

I like to do a dry run just to ensure we see that it’s fetching the right version (you can grep on image tags as well)

builder@DESKTOP-QADGF36:~/Workspaces/resume$ helm upgrade --dry-run -f gitea.values.yaml gitea gitea-charts/gitea | grep version: | head -n6
    app.kubernetes.io/version: "1.20.5"
    version: "1.20.5"
    app.kubernetes.io/version: "1.20.5"
    version: "1.20.5"
    app.kubernetes.io/version: "1.20.5"
    version: "1.20.5"

No time like the present. I went ahead and upgraded

builder@DESKTOP-QADGF36:~/Workspaces/resume$ helm upgrade -f gitea.values.yaml gitea gitea-charts/gitea
Release "gitea" has been upgraded. Happy Helming!
NAME: gitea
LAST DEPLOYED: Tue Nov  7 07:48:01 2023
NAMESPACE: default
STATUS: deployed
REVISION: 10
NOTES:
1. Get the application URL by running these commands:
  https://gitea.freshbrewed.science/

I see the app in a crash loop

$ kubectl get pods --all-namespaces | grep gitea
default                     gitea-postgresql-ha-postgresql-2                            0/1     Running                 0                  82s
default                     gitea-redis-cluster-3                                       1/1     Running                 0                  81s
default                     gitea-redis-cluster-5                                       1/1     Running                 0                  80s
default                     gitea-redis-cluster-4                                       1/1     Running                 0                  80s
default                     gitea-redis-cluster-0                                       1/1     Running                 0                  83s
default                     gitea-redis-cluster-1                                       1/1     Running                 0                  83s
default                     gitea-redis-cluster-2                                       1/1     Running                 0                  82s
default                     gitea-postgresql-ha-postgresql-0                            1/1     Running                 0                  84s
default                     gitea-postgresql-ha-pgpool-85dd977744-lpkjs                 1/1     Running                 0                  84s
default                     gitea-postgresql-ha-postgresql-1                            1/1     Running                 0                  83s
default                     gitea-bccc66889-kqlhz                                       0/1     Init:CrashLoopBackOff   3 (13s ago)        83

I think the root of the issue is the DB migrate is falling down

/content/images/2023/11/resume-13.png

Well I found the issue. They removed MySQL/MariaDB by default. There was also something about new versions of GIT breaking things.

The end results was I got it to come back, using the same MariaDB database as before with

$ helm upgrade -f gitea.values.yaml --set mariadb.enabled=true --set postgresql-ha.enabled=false --set postgresql.enabled=false gitea gitea-charts/gitea
Release "gitea" has been upgraded. Happy Helming!
NAME: gitea
LAST DEPLOYED: Tue Nov  7 08:10:24 2023
NAMESPACE: default
STATUS: deployed
REVISION: 11
NOTES:
1. Get the application URL by running these commands:
  https://gitea.freshbrewed.science/

but it lost all my repo data (perhaps it created new PVCs?)

$ kubectl get pvc | grep gitea
data-gitea-postgresql-0                               Bound    pvc-baf09625-a70c-4628-b18b-e69ec9626edd   10Gi       RWO            managed-nfs-storage   112d
data-gitea-0                                          Bound    pvc-dbb24e9f-d7e5-4229-99b9-173a05d2dd45   10Gi       RWO            managed-nfs-storage   112d
data-gitea-postgresql-ha-postgresql-0                 Bound    pvc-a42b86e8-7d0b-40ac-85e8-25a9ea1be647   8Gi        RWO            managed-nfs-storage   6h9m
redis-data-gitea-redis-cluster-0                      Bound    pvc-068e7a7a-0cae-413f-85d3-7b98cc15c14c   8Gi        RWO            managed-nfs-storage   6h9m
data-gitea-postgresql-ha-postgresql-2                 Bound    pvc-fcbcfa4e-9505-4e7e-8e1f-82d4d1c1294f   8Gi        RWO            managed-nfs-storage   6h9m
redis-data-gitea-redis-cluster-1                      Bound    pvc-ca977aa4-decd-44ef-9919-14aa73b7b53b   8Gi        RWO            managed-nfs-storage   6h9m
redis-data-gitea-redis-cluster-2                      Bound    pvc-4859c13f-b647-4faa-a3de-be1609f7b278   8Gi        RWO            managed-nfs-storage   6h9m
data-gitea-postgresql-ha-postgresql-1                 Bound    pvc-33b7ed7a-bc83-48cb-bb14-24026fcd230f   8Gi        RWO            managed-nfs-storage   6h9m
redis-data-gitea-redis-cluster-4                      Bound    pvc-8a148d27-3264-41c0-9c21-d995fb6184af   8Gi        RWO            managed-nfs-storage   6h9m
redis-data-gitea-redis-cluster-3                      Bound    pvc-d3926a7e-f2a9-41eb-aadd-b4d9aca6060c   8Gi        RWO            managed-nfs-storage   6h9m
redis-data-gitea-redis-cluster-5                      Bound    pvc-da65f09e-7fab-4a59-8d08-4406f51b192e   8Gi        RWO            managed-nfs-storage   6h9m
gitea-shared-storage                                  Bound    pvc-3c7f678b-dadf-4965-9f8c-290368964735   10Gi       RWO            local-path            6h9m

As a result, my repo (content) was wiped out

/content/images/2023/11/resume-14.png

However, GIT is great in that the history and code is local.

I just made a new repo and pushed all the data back for my two blown-up repos

builder@DESKTOP-QADGF36:~/Workspaces/AzureDevOpsAgent$ git remote add origin2 https://gitea.freshbrewed.science/builder/AzureDevOpsAgent-NEW.git
builder@DESKTOP-QADGF36:~/Workspaces/AzureDevOpsAgent$ git push origin2 main
Enumerating objects: 86, done.
Counting objects: 100% (86/86), done.
Delta compression using up to 16 threads
Compressing objects: 100% (69/69), done.
Writing objects: 100% (86/86), 15.95 KiB | 2.28 MiB/s, done.
Total 86 (delta 30), reused 0 (delta 0)
remote: . Processing 1 references
remote: Processed 1 references in total
To https://gitea.freshbrewed.science/builder/AzureDevOpsAgent-NEW.git
 * [new branch]      main -> main

Yes, I had to create the secret again (it was moved in the UI), but I’m now unblocked

/content/images/2023/11/resume-15.png

More importantly, the packaging task works now that I’m at 1.20.x

/content/images/2023/11/resume-16.png

I want to test the Release Action next.

I’ll create a tag

/content/images/2023/11/resume-17.png

Once created

/content/images/2023/11/resume-18.png

I can see it queue a build

/content/images/2023/11/resume-19.png

But the release action still fails

/content/images/2023/11/resume-20.png

I did get the release to work

name: release
run-name: ${{ gitea.actor }} Releasing Resume

on: 
  push:
    tags:
      - '*'

jobs:
  Release-Resume:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v3
      - name: apt
        run: |
          # if running as non-root, add sudo
          apt update
          apt install -y libnss3-dev libgdk-pixbuf2.0-dev libgtk-3-dev libxss-dev libasound2
      - name: Npm
        run: |
          npm install
      - name: NpmMakePDF
        run: |
          # need no sandbox for root user
          npm run makepdfr
      - name: debug
        run: |
          set -x
          pwd
          ls -ltra
          export
      - name: Upload the Resume Artifact
        uses: actions/upload-artifact@v3
        with:
          name: Resume-${{ github.run_number }}.pdf
          path: ${{ gitea.workspace }}/resume.pdf
      - name: setup go
        uses: https://github.com/actions/setup-go@v4
        with:
          go-version: '>=1.20.1'
      - name: Create Release 
        id: use-go-action
        uses: https://gitea.com/actions/release-action@main
        with:
          files: ${{ gitea.workspace }}/resume.pdf           
          api_key: '${{secrets.RELEASE_TOKEN}}'
      - name: List files in the repository
        run: |
          ls ${{ gitea.workspace }}
      - run: echo "🍏 This job's status is ${{ gitea.status }}."

but it wasn’t what I desired - just a zip of source

/content/images/2023/11/resume-21.png

Nexus

Knowing I might need a proper artifact storage service, I added the (now deprecated as of Oct 2023) Sonatype OS Helm repo

$ helm repo add sonatype https://sonatype.github.io/helm3-charts/
"sonatype" has been added to your repositories

$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "backstage" chart repository
...Successfully got an update from the "sonatype" chart repository
...Successfully got an update from the "ananace-charts" chart repository
...Successfully got an update from the "frappe" chart repository
...Successfully got an update from the "deliveryhero" chart repository
...Successfully got an update from the "bitnami" chart repository
Update Complete. ⎈Happy Helming!⎈

and installed Nexus

$ helm install -f nexus.values.yaml my-nexus-repository-manager sonatype/nexus-repository-manager --version 61.0.2
NAME: my-nexus-repository-manager
LAST DEPLOYED: Tue Nov  7 20:24:51 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
1. Your ingresses are available here:
  https://nexus.freshbrewed.science/

/content/images/2023/11/resume-22.png

We can get the admin password with a kubectl

$ kubectl exec `kubectl get pods -l app.kubernetes.io/instance=my-nexus-repository-manager --output=jsonpath={.items..metadata.name}` cat /nexus-data/admin.password
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I can now create a deploy user:

/content/images/2023/11/resume-23.png

I’ll need to add Maven

$ sudo apt install maven
[sudo] password for builder:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libcanberra0 libjson-glib-1.0-0 libjson-glib-1.0-common libntfs-3g89 libpipewire-0.3-0 libpipewire-0.3-common libpipewire-0.3-modules libspa-0.2-modules libtdb1
  libvorbisfile3 libwebrtc-audio-processing1 pipewire pipewire-bin pipewire-media-session rtkit sound-theme-freedesktop
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
  ca-certificates-java default-jre-headless java-common libaopalliance-java libapache-pom-java libatinject-jsr330-api-java libcdi-api-java libcommons-cli-java
  libcommons-io-java libcommons-lang3-java libcommons-parent-java libgeronimo-annotation-1.3-spec-java libgeronimo-interceptor-3.0-spec-java libguava-java
  libguice-java libhawtjni-runtime-java libjansi-java libjansi-native-java libjsr305-java libmaven-parent-java libmaven-resolver-java libmaven-shared-utils-java
  libmaven3-core-java libpcsclite1 libplexus-cipher-java libplexus-classworlds-java libplexus-component-annotations-java libplexus-interpolation-java
  libplexus-sec-dispatcher-java libplexus-utils2-java libsisu-inject-java libsisu-plexus-java libslf4j-java libwagon-file-java libwagon-http-shaded-java
  libwagon-provider-api-java openjdk-11-jre-headless
Suggested packages:
  default-jre libaopalliance-java-doc libatinject-jsr330-api-java-doc libel-api-java libcommons-io-java-doc libcommons-lang3-java-doc libasm-java libcglib-java
  libjsr305-java-doc libmaven-shared-utils-java-doc liblogback-java pcscd libplexus-classworlds-java-doc libplexus-sec-dispatcher-java-doc libplexus-utils2-java-doc
  junit4 testng libcommons-logging-java liblog4j1.2-java libnss-mdns fonts-dejavu-extra fonts-ipafont-gothic fonts-ipafont-mincho fonts-wqy-microhei
  | fonts-wqy-zenhei fonts-indic
The following NEW packages will be installed:
  ca-certificates-java default-jre-headless java-common libaopalliance-java libapache-pom-java libatinject-jsr330-api-java libcdi-api-java libcommons-cli-java
  libcommons-io-java libcommons-lang3-java libcommons-parent-java libgeronimo-annotation-1.3-spec-java libgeronimo-interceptor-3.0-spec-java libguava-java
  libguice-java libhawtjni-runtime-java libjansi-java libjansi-native-java libjsr305-java libmaven-parent-java libmaven-resolver-java libmaven-shared-utils-java
  libmaven3-core-java libpcsclite1 libplexus-cipher-java libplexus-classworlds-java libplexus-component-annotations-java libplexus-interpolation-java
  libplexus-sec-dispatcher-java libplexus-utils2-java libsisu-inject-java libsisu-plexus-java libslf4j-java libwagon-file-java libwagon-http-shaded-java
  libwagon-provider-api-java maven openjdk-11-jre-headless
0 upgraded, 38 newly installed, 0 to remove and 21 not upgraded.
Need to get 52.8 MB of archives.
After this operation, 189 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://archive.ubuntu.com/ubuntu jammy/main amd64 java-common all 0.72build2 [6782 B]
Get:2 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libpcsclite1 amd64 1.9.5-3ubuntu1 [19.8 kB]
Get:3 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 openjdk-11-jre-headless amd64 11.0.20.1+1-0ubuntu1~22.04 [42.5 MB]
Get:4 http://archive.ubuntu.com/ubuntu jammy/main amd64 default-jre-headless amd64 2:1.11-72build2 [3042 B]
Get:5 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 ca-certificates-java all 20190909ubuntu1.2 [12.1 kB]
Get:6 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libapache-pom-java all 18-1 [4720 B]
Get:7 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libatinject-jsr330-api-java all 1.0+ds1-5 [5348 B]
Get:8 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libgeronimo-interceptor-3.0-spec-java all 1.0.1-4fakesync [8616 B]
Get:9 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libcdi-api-java all 1.2-3 [54.3 kB]
Get:10 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libcommons-cli-java all 1.4-2 [55.8 kB]
Get:11 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libcommons-parent-java all 43-1 [10.8 kB]
Get:12 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libcommons-io-java all 2.11.0-2 [297 kB]
Get:13 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libcommons-lang3-java all 3.11-1 [526 kB]
Get:14 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libgeronimo-annotation-1.3-spec-java all 1.3-1 [11.2 kB]
Get:15 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libjsr305-java all 0.1~+svn49-11 [27.0 kB]
Get:16 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libguava-java all 29.0-6 [2418 kB]
Get:17 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libaopalliance-java all 20070526-6 [9084 B]
Get:18 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libguice-java all 4.2.3-2 [1434 kB]
Get:19 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libhawtjni-runtime-java all 1.17-1 [28.8 kB]
Get:20 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libjansi-native-java all 1.8-1 [23.8 kB]
Get:21 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libjansi-java all 1.18-1 [56.8 kB]
Get:22 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libmaven-parent-java all 31-2 [5140 B]
Get:23 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libplexus-utils2-java all 3.3.0-1 [250 kB]
Get:24 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libwagon-provider-api-java all 3.3.4-1 [48.5 kB]
Get:25 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libmaven-resolver-java all 1.4.2-3build1 [555 kB]
Get:26 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libmaven-shared-utils-java all 3.3.0-1 [149 kB]
Get:27 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libplexus-cipher-java all 1.8-2 [15.1 kB]
Get:28 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libplexus-classworlds-java all 2.6.0-1 [49.4 kB]
Get:29 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libplexus-component-annotations-java all 2.1.0-1 [6564 B]
Get:30 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libplexus-interpolation-java all 1.26-1 [76.8 kB]
Get:31 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libplexus-sec-dispatcher-java all 1.4-4 [28.1 kB]
Get:32 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libslf4j-java all 1.7.32-1 [141 kB]
Get:33 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libsisu-inject-java all 0.3.4-2 [347 kB]
Get:34 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libsisu-plexus-java all 0.3.4-3 [181 kB]
Get:35 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libmaven3-core-java all 3.6.3-5 [1535 kB]
Get:36 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libwagon-file-java all 3.3.4-1 [7928 B]
Get:37 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libwagon-http-shaded-java all 3.3.4-1 [1855 kB]
Get:38 http://archive.ubuntu.com/ubuntu jammy/universe amd64 maven all 3.6.3-5 [17.8 kB]
Fetched 52.8 MB in 11s (4642 kB/s)
Extracting templates from packages: 100%
Selecting previously unselected package java-common.
(Reading database ... 157465 files and directories currently installed.)
Preparing to unpack .../00-java-common_0.72build2_all.deb ...
Unpacking java-common (0.72build2) ...
Selecting previously unselected package libpcsclite1:amd64.
Preparing to unpack .../01-libpcsclite1_1.9.5-3ubuntu1_amd64.deb ...
Unpacking libpcsclite1:amd64 (1.9.5-3ubuntu1) ...
Selecting previously unselected package openjdk-11-jre-headless:amd64.
Preparing to unpack .../02-openjdk-11-jre-headless_11.0.20.1+1-0ubuntu1~22.04_amd64.deb ...
Unpacking openjdk-11-jre-headless:amd64 (11.0.20.1+1-0ubuntu1~22.04) ...
Selecting previously unselected package default-jre-headless.
Preparing to unpack .../03-default-jre-headless_2%3a1.11-72build2_amd64.deb ...
Unpacking default-jre-headless (2:1.11-72build2) ...
Selecting previously unselected package ca-certificates-java.
Preparing to unpack .../04-ca-certificates-java_20190909ubuntu1.2_all.deb ...
Unpacking ca-certificates-java (20190909ubuntu1.2) ...
Selecting previously unselected package libapache-pom-java.
Preparing to unpack .../05-libapache-pom-java_18-1_all.deb ...
Unpacking libapache-pom-java (18-1) ...
Selecting previously unselected package libatinject-jsr330-api-java.
Preparing to unpack .../06-libatinject-jsr330-api-java_1.0+ds1-5_all.deb ...
Unpacking libatinject-jsr330-api-java (1.0+ds1-5) ...
Selecting previously unselected package libgeronimo-interceptor-3.0-spec-java.
Preparing to unpack .../07-libgeronimo-interceptor-3.0-spec-java_1.0.1-4fakesync_all.deb ...
Unpacking libgeronimo-interceptor-3.0-spec-java (1.0.1-4fakesync) ...
Selecting previously unselected package libcdi-api-java.
Preparing to unpack .../08-libcdi-api-java_1.2-3_all.deb ...
Unpacking libcdi-api-java (1.2-3) ...
Selecting previously unselected package libcommons-cli-java.
Preparing to unpack .../09-libcommons-cli-java_1.4-2_all.deb ...
Unpacking libcommons-cli-java (1.4-2) ...
Selecting previously unselected package libcommons-parent-java.
Preparing to unpack .../10-libcommons-parent-java_43-1_all.deb ...
Unpacking libcommons-parent-java (43-1) ...
Selecting previously unselected package libcommons-io-java.
Preparing to unpack .../11-libcommons-io-java_2.11.0-2_all.deb ...
Unpacking libcommons-io-java (2.11.0-2) ...
Selecting previously unselected package libcommons-lang3-java.
Preparing to unpack .../12-libcommons-lang3-java_3.11-1_all.deb ...
Unpacking libcommons-lang3-java (3.11-1) ...
Selecting previously unselected package libgeronimo-annotation-1.3-spec-java.
Preparing to unpack .../13-libgeronimo-annotation-1.3-spec-java_1.3-1_all.deb ...
Unpacking libgeronimo-annotation-1.3-spec-java (1.3-1) ...
Selecting previously unselected package libjsr305-java.
Preparing to unpack .../14-libjsr305-java_0.1~+svn49-11_all.deb ...
Unpacking libjsr305-java (0.1~+svn49-11) ...
Selecting previously unselected package libguava-java.
Preparing to unpack .../15-libguava-java_29.0-6_all.deb ...
Unpacking libguava-java (29.0-6) ...
Selecting previously unselected package libaopalliance-java.
Preparing to unpack .../16-libaopalliance-java_20070526-6_all.deb ...
Unpacking libaopalliance-java (20070526-6) ...
Selecting previously unselected package libguice-java.
Preparing to unpack .../17-libguice-java_4.2.3-2_all.deb ...
Unpacking libguice-java (4.2.3-2) ...
Selecting previously unselected package libhawtjni-runtime-java.
Preparing to unpack .../18-libhawtjni-runtime-java_1.17-1_all.deb ...
Unpacking libhawtjni-runtime-java (1.17-1) ...
Selecting previously unselected package libjansi-native-java.
Preparing to unpack .../19-libjansi-native-java_1.8-1_all.deb ...
Unpacking libjansi-native-java (1.8-1) ...
Selecting previously unselected package libjansi-java.
Preparing to unpack .../20-libjansi-java_1.18-1_all.deb ...
Unpacking libjansi-java (1.18-1) ...
Selecting previously unselected package libmaven-parent-java.
Preparing to unpack .../21-libmaven-parent-java_31-2_all.deb ...
Unpacking libmaven-parent-java (31-2) ...
Selecting previously unselected package libplexus-utils2-java.
Preparing to unpack .../22-libplexus-utils2-java_3.3.0-1_all.deb ...
Unpacking libplexus-utils2-java (3.3.0-1) ...
Selecting previously unselected package libwagon-provider-api-java.
Preparing to unpack .../23-libwagon-provider-api-java_3.3.4-1_all.deb ...
Unpacking libwagon-provider-api-java (3.3.4-1) ...
Selecting previously unselected package libmaven-resolver-java.
Preparing to unpack .../24-libmaven-resolver-java_1.4.2-3build1_all.deb ...
Unpacking libmaven-resolver-java (1.4.2-3build1) ...
Selecting previously unselected package libmaven-shared-utils-java.
Preparing to unpack .../25-libmaven-shared-utils-java_3.3.0-1_all.deb ...
Unpacking libmaven-shared-utils-java (3.3.0-1) ...
Selecting previously unselected package libplexus-cipher-java.
Preparing to unpack .../26-libplexus-cipher-java_1.8-2_all.deb ...
Unpacking libplexus-cipher-java (1.8-2) ...
Selecting previously unselected package libplexus-classworlds-java.
Preparing to unpack .../27-libplexus-classworlds-java_2.6.0-1_all.deb ...
Unpacking libplexus-classworlds-java (2.6.0-1) ...
Selecting previously unselected package libplexus-component-annotations-java.
Preparing to unpack .../28-libplexus-component-annotations-java_2.1.0-1_all.deb ...
Unpacking libplexus-component-annotations-java (2.1.0-1) ...
Selecting previously unselected package libplexus-interpolation-java.
Preparing to unpack .../29-libplexus-interpolation-java_1.26-1_all.deb ...
Unpacking libplexus-interpolation-java (1.26-1) ...
Selecting previously unselected package libplexus-sec-dispatcher-java.
Preparing to unpack .../30-libplexus-sec-dispatcher-java_1.4-4_all.deb ...
Unpacking libplexus-sec-dispatcher-java (1.4-4) ...
Selecting previously unselected package libslf4j-java.
Preparing to unpack .../31-libslf4j-java_1.7.32-1_all.deb ...
Unpacking libslf4j-java (1.7.32-1) ...
Selecting previously unselected package libsisu-inject-java.
Preparing to unpack .../32-libsisu-inject-java_0.3.4-2_all.deb ...
Unpacking libsisu-inject-java (0.3.4-2) ...
Selecting previously unselected package libsisu-plexus-java.
Preparing to unpack .../33-libsisu-plexus-java_0.3.4-3_all.deb ...
Unpacking libsisu-plexus-java (0.3.4-3) ...
Selecting previously unselected package libmaven3-core-java.
Preparing to unpack .../34-libmaven3-core-java_3.6.3-5_all.deb ...
Unpacking libmaven3-core-java (3.6.3-5) ...
Selecting previously unselected package libwagon-file-java.
Preparing to unpack .../35-libwagon-file-java_3.3.4-1_all.deb ...
Unpacking libwagon-file-java (3.3.4-1) ...
Selecting previously unselected package libwagon-http-shaded-java.
Preparing to unpack .../36-libwagon-http-shaded-java_3.3.4-1_all.deb ...
Unpacking libwagon-http-shaded-java (3.3.4-1) ...
Selecting previously unselected package maven.
Preparing to unpack .../37-maven_3.6.3-5_all.deb ...
Unpacking maven (3.6.3-5) ...
Setting up libslf4j-java (1.7.32-1) ...
Setting up libplexus-utils2-java (3.3.0-1) ...
Setting up libplexus-classworlds-java (2.6.0-1) ...
Setting up libjsr305-java (0.1~+svn49-11) ...
Setting up java-common (0.72build2) ...
Setting up libaopalliance-java (20070526-6) ...
Setting up libcommons-cli-java (1.4-2) ...
Setting up libplexus-component-annotations-java (2.1.0-1) ...
Setting up libplexus-cipher-java (1.8-2) ...
Setting up libgeronimo-annotation-1.3-spec-java (1.3-1) ...
Setting up libgeronimo-interceptor-3.0-spec-java (1.0.1-4fakesync) ...
Setting up libapache-pom-java (18-1) ...
Setting up libatinject-jsr330-api-java (1.0+ds1-5) ...
Setting up libplexus-interpolation-java (1.26-1) ...
Setting up libpcsclite1:amd64 (1.9.5-3ubuntu1) ...
Setting up libplexus-sec-dispatcher-java (1.4-4) ...
Setting up libwagon-http-shaded-java (3.3.4-1) ...
Setting up libcdi-api-java (1.2-3) ...
Setting up libhawtjni-runtime-java (1.17-1) ...
Setting up libwagon-provider-api-java (3.3.4-1) ...
Setting up libmaven-parent-java (31-2) ...
Setting up libcommons-parent-java (43-1) ...
Setting up libsisu-inject-java (0.3.4-2) ...
Setting up libsisu-plexus-java (0.3.4-3) ...
Setting up libmaven-resolver-java (1.4.2-3build1) ...
Setting up libguava-java (29.0-6) ...
Setting up libcommons-lang3-java (3.11-1) ...
Setting up libjansi-native-java (1.8-1) ...
Setting up libwagon-file-java (3.3.4-1) ...
Setting up libcommons-io-java (2.11.0-2) ...
Setting up libguice-java (4.2.3-2) ...
Setting up libjansi-java (1.18-1) ...
Setting up libmaven-shared-utils-java (3.3.0-1) ...
Setting up libmaven3-core-java (3.6.3-5) ...
Setting up default-jre-headless (2:1.11-72build2) ...
Setting up openjdk-11-jre-headless:amd64 (11.0.20.1+1-0ubuntu1~22.04) ...
update-alternatives: using /usr/lib/jvm/java-11-openjdk-amd64/bin/java to provide /usr/bin/java (java) in auto mode
update-alternatives: using /usr/lib/jvm/java-11-openjdk-amd64/bin/jjs to provide /usr/bin/jjs (jjs) in auto mode
update-alternatives: using /usr/lib/jvm/java-11-openjdk-amd64/bin/keytool to provide /usr/bin/keytool (keytool) in auto mode
update-alternatives: using /usr/lib/jvm/java-11-openjdk-amd64/bin/rmid to provide /usr/bin/rmid (rmid) in auto mode
update-alternatives: using /usr/lib/jvm/java-11-openjdk-amd64/bin/rmiregistry to provide /usr/bin/rmiregistry (rmiregistry) in auto mode
update-alternatives: using /usr/lib/jvm/java-11-openjdk-amd64/bin/pack200 to provide /usr/bin/pack200 (pack200) in auto mode
update-alternatives: using /usr/lib/jvm/java-11-openjdk-amd64/bin/unpack200 to provide /usr/bin/unpack200 (unpack200) in auto mode
update-alternatives: using /usr/lib/jvm/java-11-openjdk-amd64/lib/jexec to provide /usr/bin/jexec (jexec) in auto mode
Setting up maven (3.6.3-5) ...
update-alternatives: using /usr/share/maven/bin/mvn to provide /usr/bin/mvn (mvn) in auto mode
Setting up ca-certificates-java (20190909ubuntu1.2) ...
head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
Adding debian:HARICA_TLS_RSA_Root_CA_2021.pem
Adding debian:Buypass_Class_2_Root_CA.pem
Adding debian:Certainly_Root_E1.pem
Adding debian:vTrus_ECC_Root_CA.pem
Adding debian:D-TRUST_BR_Root_CA_1_2020.pem
Adding debian:Microsec_e-Szigno_Root_CA_2009.pem
Adding debian:XRamp_Global_CA_Root.pem
Adding debian:Certigna_Root_CA.pem
Adding debian:HARICA_TLS_ECC_Root_CA_2021.pem
Adding debian:Entrust_Root_Certification_Authority_-_G4.pem
Adding debian:T-TeleSec_GlobalRoot_Class_3.pem
Adding debian:QuoVadis_Root_CA_1_G3.pem
Adding debian:Certainly_Root_R1.pem
Adding debian:AC_RAIZ_FNMT-RCM.pem
Adding debian:USERTrust_RSA_Certification_Authority.pem
Adding debian:SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
Adding debian:CFCA_EV_ROOT.pem
Adding debian:D-TRUST_Root_Class_3_CA_2_EV_2009.pem
Adding debian:ISRG_Root_X2.pem
Adding debian:DigiCert_High_Assurance_EV_Root_CA.pem
Adding debian:DigiCert_Assured_ID_Root_CA.pem
Adding debian:GTS_Root_R4.pem
Adding debian:Go_Daddy_Root_Certificate_Authority_-_G2.pem
Adding debian:Actalis_Authentication_Root_CA.pem
Adding debian:Hongkong_Post_Root_CA_3.pem
Adding debian:GlobalSign_Root_CA_-_R3.pem
Adding debian:ANF_Secure_Server_Root_CA.pem
Adding debian:Security_Communication_Root_CA.pem
Adding debian:GTS_Root_R3.pem
Adding debian:GlobalSign_ECC_Root_CA_-_R5.pem
Adding debian:Trustwave_Global_ECC_P256_Certification_Authority.pem
Adding debian:Amazon_Root_CA_2.pem
Adding debian:GLOBALTRUST_2020.pem
Adding debian:Certigna.pem
Adding debian:GlobalSign_Root_CA.pem
Adding debian:GlobalSign_ECC_Root_CA_-_R4.pem
Adding debian:COMODO_RSA_Certification_Authority.pem
Adding debian:GlobalSign_Root_R46.pem
Adding debian:DigiCert_Global_Root_G2.pem
Adding debian:SecureSign_RootCA11.pem
Adding debian:SZAFIR_ROOT_CA2.pem
Adding debian:Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
Adding debian:GTS_Root_R2.pem
Adding debian:vTrus_Root_CA.pem
Adding debian:AffirmTrust_Premium_ECC.pem
Adding debian:Trustwave_Global_Certification_Authority.pem
Adding debian:SSL.com_Root_Certification_Authority_ECC.pem
Adding debian:DigiCert_Trusted_Root_G4.pem
Adding debian:NAVER_Global_Root_Certification_Authority.pem
Adding debian:Baltimore_CyberTrust_Root.pem
Adding debian:E-Tugra_Certification_Authority.pem
Adding debian:T-TeleSec_GlobalRoot_Class_2.pem
Adding debian:Certum_Trusted_Network_CA.pem
Adding debian:SwissSign_Gold_CA_-_G2.pem
Adding debian:Hongkong_Post_Root_CA_1.pem
Adding debian:Entrust_Root_Certification_Authority.pem
Adding debian:Certum_Trusted_Root_CA.pem
Adding debian:USERTrust_ECC_Certification_Authority.pem
Adding debian:emSign_ECC_Root_CA_-_G3.pem
Adding debian:Microsoft_ECC_Root_Certificate_Authority_2017.pem
Adding debian:Trustwave_Global_ECC_P384_Certification_Authority.pem
Adding debian:DigiCert_Global_Root_G3.pem
Adding debian:ISRG_Root_X1.pem
Adding debian:SSL.com_EV_Root_Certification_Authority_ECC.pem
Adding debian:GDCA_TrustAUTH_R5_ROOT.pem
Adding debian:Certum_EC-384_CA.pem
Adding debian:Go_Daddy_Class_2_CA.pem
Adding debian:GTS_Root_R1.pem
Adding debian:COMODO_ECC_Certification_Authority.pem
Adding debian:NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem
Adding debian:emSign_Root_CA_-_G1.pem
Adding debian:UCA_Global_G2_Root.pem
Adding debian:Security_Communication_ECC_RootCA1.pem
Adding debian:QuoVadis_Root_CA_2_G3.pem
Adding debian:Certum_Trusted_Network_CA_2.pem
Adding debian:IdenTrust_Public_Sector_Root_CA_1.pem
Adding debian:Entrust.net_Premium_2048_Secure_Server_CA.pem
Adding debian:QuoVadis_Root_CA_2.pem
Adding debian:ACCVRAIZ1.pem
Adding debian:TeliaSonera_Root_CA_v1.pem
Adding debian:SecureTrust_CA.pem
Adding debian:OISTE_WISeKey_Global_Root_GB_CA.pem
Adding debian:DigiCert_TLS_RSA4096_Root_G5.pem
Adding debian:ePKI_Root_Certification_Authority.pem
Adding debian:AffirmTrust_Networking.pem
Adding debian:TWCA_Global_Root_CA.pem
Adding debian:Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
Adding debian:QuoVadis_Root_CA_3_G3.pem
Adding debian:TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
Adding debian:D-TRUST_Root_Class_3_CA_2_2009.pem
Adding debian:certSIGN_ROOT_CA.pem
Adding debian:emSign_Root_CA_-_C1.pem
Adding debian:E-Tugra_Global_Root_CA_RSA_v3.pem
Adding debian:GlobalSign_Root_CA_-_R6.pem
Adding debian:Amazon_Root_CA_1.pem
Adding debian:TWCA_Root_Certification_Authority.pem
Adding debian:IdenTrust_Commercial_Root_CA_1.pem
Adding debian:Starfield_Root_Certificate_Authority_-_G2.pem
Adding debian:DigiCert_TLS_ECC_P384_Root_G5.pem
Adding debian:SwissSign_Silver_CA_-_G2.pem
Adding debian:Telia_Root_CA_v2.pem
Adding debian:Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068_2.pem
Adding debian:HiPKI_Root_CA_-_G1.pem
Adding debian:certSIGN_Root_CA_G2.pem
Adding debian:e-Szigno_Root_CA_2017.pem
Adding debian:DigiCert_Assured_ID_Root_G3.pem
Adding debian:COMODO_Certification_Authority.pem
Adding debian:Buypass_Class_3_Root_CA.pem
Adding debian:AffirmTrust_Premium.pem
Adding debian:CA_Disig_Root_R2.pem
Adding debian:D-TRUST_EV_Root_CA_1_2020.pem
Adding debian:QuoVadis_Root_CA_3.pem
Adding debian:UCA_Extended_Validation_Root.pem
Adding debian:TunTrust_Root_CA.pem
Adding debian:AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
Adding debian:Amazon_Root_CA_3.pem
Adding debian:emSign_ECC_Root_CA_-_C3.pem
Adding debian:Secure_Global_CA.pem
Adding debian:Amazon_Root_CA_4.pem
Adding debian:Comodo_AAA_Services_root.pem
Adding debian:DigiCert_Assured_ID_Root_G2.pem
Adding debian:Starfield_Services_Root_Certificate_Authority_-_G2.pem
Adding debian:AffirmTrust_Commercial.pem
Adding debian:Starfield_Class_2_CA.pem
Adding debian:Security_Communication_RootCA2.pem
Adding debian:Entrust_Root_Certification_Authority_-_EC1.pem
Adding debian:DigiCert_Global_Root_CA.pem
Adding debian:OISTE_WISeKey_Global_Root_GC_CA.pem
Adding debian:E-Tugra_Global_Root_CA_ECC_v3.pem
Adding debian:Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
Adding debian:SSL.com_Root_Certification_Authority_RSA.pem
Adding debian:Izenpe.com.pem
Adding debian:Entrust_Root_Certification_Authority_-_G2.pem
Adding debian:Microsoft_RSA_Root_Certificate_Authority_2017.pem
Adding debian:GlobalSign_Root_E46.pem
Adding debian:Atos_TrustedRoot_2011.pem
Adding debian:Security_Communication_RootCA3.pem
done.
Processing triggers for libc-bin (2.35-0ubuntu3.4) ...
Processing triggers for man-db (2.10.2-1) ...
Processing triggers for ca-certificates (20230311ubuntu0.22.04.1) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...

done.
done.

And use it to upload a file to test

$ cat settings.xml
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
   <servers>
     <server>
       <id>maven-releases</id>
       <username>deployuser</username>
       <password>MyDeployUserPassword</password>
     </server>
   </servers>

   <pluginGroups></pluginGroups>
   <proxies></proxies>
   <mirrors></mirrors>
   <profiles></profiles>
</settings>



$ mvn --settings ./settings.xml deploy:deploy-file -DgroupId=science.freshbrewed -DartifactId=project -Dversion=1.0.2 -
DgeneratePom=true -Dpackaging=zip -DrepositoryId=maven-releases -Durl=https://nexus.freshbrewed.science/repository/maven-releases -Dfile=test.zip
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------< org.apache.maven:standalone-pom >-------------------
[INFO] Building Maven Stub Project (No POM) 1
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- maven-deploy-plugin:2.7:deploy-file (default-cli) @ standalone-pom ---
Uploading to maven-releases: https://nexus.freshbrewed.science/repository/maven-releases/science/freshbrewed/project/1.0.2/project-1.0.2.zip
Uploaded to maven-releases: https://nexus.freshbrewed.science/repository/maven-releases/science/freshbrewed/project/1.0.2/project-1.0.2.zip (745 B at 380 B/s)
Uploading to maven-releases: https://nexus.freshbrewed.science/repository/maven-releases/science/freshbrewed/project/1.0.2/project-1.0.2.pom
Uploaded to maven-releases: https://nexus.freshbrewed.science/repository/maven-releases/science/freshbrewed/project/1.0.2/project-1.0.2.pom (429 B at 394 B/s)
Downloading from maven-releases: https://nexus.freshbrewed.science/repository/maven-releases/science/freshbrewed/project/maven-metadata.xml
Downloaded from maven-releases: https://nexus.freshbrewed.science/repository/maven-releases/science/freshbrewed/project/maven-metadata.xml (337 B at 1.1 kB/s)
Uploading to maven-releases: https://nexus.freshbrewed.science/repository/maven-releases/science/freshbrewed/project/maven-metadata.xml
Uploaded to maven-releases: https://nexus.freshbrewed.science/repository/maven-releases/science/freshbrewed/project/maven-metadata.xml (368 B at 421 B/s)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  4.689 s
[INFO] Finished at: 2023-11-08T22:16:25-06:00
[INFO] ------------------------------------------------------------------------

You can see it in the repo

/content/images/2023/11/resume-24.png

So now let’s add our file to Nexus

name: BuildResume
run-name: ${{ gitea.actor }} building Resume
on: [push]

jobs:
  Build-Resume:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v3
      - name: apt
        run: |
          # if running as non-root, add sudo
          apt update
          apt install -y libnss3-dev libgdk-pixbuf2.0-dev libgtk-3-dev libxss-dev libasound2 maven zip
      - name: Npm
        run: |
          npm install
      - name: NpmMakePDF
        run: |
          # need no sandbox for root user
          npm run makepdfr
      - name: debug
        run: |
          set -x
          pwd
          ls -ltra
          export
      - name: mavensettings
        run: |
          cat <<EOF > ${{ gitea.workspace }}/settings.xml
          <?xml version="1.0" encoding="UTF-8"?>
          <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
            <servers>
              <server>
                <id>maven-releases</id>
                <username>deployuser</username>
                <password>${{secrets.MAVENPASSWORD}}</password>
              </server>
            </servers>

            <pluginGroups></pluginGroups>
            <proxies></proxies>
            <mirrors></mirrors>
            <profiles></profiles>
          </settings>
          EOF
      - name: zipAndMaven
        run: |
          zip ${{ gitea.workspace }}/test.zip ${{ gitea.workspace }}/resume.pdf
          mvn --settings ${{ gitea.workspace }}/settings.xml deploy:deploy-file -DgroupId=science.freshbrewed -DartifactId=project -Dversion=1.0.$GITHUB_RUN_NUMBER -DgeneratePom=true -Dpackaging=zip -DrepositoryId=maven-releases -Durl=https://nexus.freshbrewed.science/repository/maven-releases -Dfile=${{ gitea.workspace }}/test.zip
      - name: Upload the Resume Artifact
        uses: actions/upload-artifact@v3
        with:
          name: Resume-${{ github.run_number }}.pdf
          path: ${{ gitea.workspace }}/resume.pdf
      - run: echo "💡 The ${{ gitea.repository }} repository has been cloned to the runner."
      - run: echo "🖥️ The workflow is now ready to test your code on the runner."
      - name: List files in the repository
        run: |
          ls ${{ gitea.workspace }}
      - run: echo "🍏 This job's status is ${{ gitea.status }}."

which ran and uploaded the zip

/content/images/2023/11/resume-25.png

Which we can see uploaded to Nexus

/content/images/2023/11/resume-26.png

We can see the PDF in the Zip

/content/images/2023/11/resume-27.png

We can search Nexus for it as well to find the latest copy.

/content/images/2023/11/resume-28.png

We can also browse the HTML Backend and get a direct link

/content/images/2023/11/resume-29.png

Warp Up / Walk through

The final version of the build.yaml (Available at https://gitea.freshbrewed.science/builder/PublicResume/src/branch/main/.gitea/workflows/build.yaml):

name: BuildResume
run-name: ${{ gitea.actor }} building Resume
on: [push]

jobs:
  Build-Resume:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v3
      - name: apt
        run: |
          # if running as non-root, add sudo
          apt update
          apt install -y libnss3-dev libgdk-pixbuf2.0-dev libgtk-3-dev libxss-dev libasound2 maven zip
      - name: Npm
        run: |
          npm install
      - name: NpmMakePDF
        run: |
          # need no sandbox for root user
          npm run makepdfr
      - name: debug
        run: |
          set -x
          pwd
          ls -ltra
          export
      - name: mavensettings
        run: |
          cat <<EOF > ${{ gitea.workspace }}/settings.xml
          <?xml version="1.0" encoding="UTF-8"?>
          <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
            <servers>
              <server>
                <id>maven-releases</id>
                <username>deployuser</username>
                <password>${{secrets.MAVENPASSWORD}}</password>
              </server>
            </servers>

            <pluginGroups></pluginGroups>
            <proxies></proxies>
            <mirrors></mirrors>
            <profiles></profiles>
          </settings>
          EOF
      - name: zipAndMaven
        run: |
          zip ${{ gitea.workspace }}/test.zip ${{ gitea.workspace }}/resume.pdf
          mvn --settings ${{ gitea.workspace }}/settings.xml deploy:deploy-file -DgroupId=science.freshbrewed -DartifactId=project -Dversion=1.0.$GITHUB_RUN_NUMBER -DgeneratePom=true -Dpackaging=zip -DrepositoryId=maven-releases -Durl=https://nexus.freshbrewed.science/repository/maven-releases -Dfile=${{ gitea.workspace }}/test.zip
      - name: Upload the Resume Artifact
        uses: actions/upload-artifact@v3
        with:
          name: Resume-${{ github.run_number }}.pdf
          path: ${{ gitea.workspace }}/resume.pdf
      - run: echo "💡 The ${{ gitea.repository }} repository has been cloned to the runner."
      - run: echo "🖥️ The workflow is now ready to test your code on the runner."
      - name: List files in the repository
        run: |
          ls ${{ gitea.workspace }}
      - run: echo "🍏 This job's status is ${{ gitea.status }}."

And the release.yaml (Available at https://gitea.freshbrewed.science/builder/PublicResume/src/branch/main/.gitea/workflows/release.yaml)

name: release
run-name: ${{ gitea.actor }} Releasing Resume

on: 
  push:
    tags:
      - '*'

jobs:
  Release-Resume:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: setup go
        uses: https://github.com/actions/setup-go@v4
        with:
          go-version: '>=1.20.1'
      - name: apt
        run: |
          # if running as non-root, add sudo
          apt update
          apt install -y libnss3-dev libgdk-pixbuf2.0-dev libgtk-3-dev libxss-dev libasound2
      - name: Npm
        run: |
          npm install
      - name: NpmMakePDF
        run: |
          # need no sandbox for root user
          npm run makepdfr
      - name: debug
        run: |
          set -x
          pwd
          ls -ltra
          export
      - name: Upload the Resume Artifact
        uses: actions/upload-artifact@v3
        with:
          name: Resume-${{ github.run_number }}.pdf
          path: ${{ gitea.workspace }}/resume.pdf
      - name: Create Release 
        id: use-go-action
        uses: https://gitea.com/actions/release-action@main
        with:
          files: |-
            *.pdf        
          api_key: ${{secrets.RELEASE_TOKEN}}
      - name: List files in the repository
        run: |
          ls ${{ gitea.workspace }}
      - run: echo "🍏 This job's status is ${{ gitea.status }}."

Let’s show a demo of adding some content:

Summary

I clearly have some work to turn this into a real resume, however the foundations are set. The format as markdown means I can generate PDF or DOCX quite easily. Because it’s in a GIT repo, we can create PRs and various versions. We installed the OS version of Sonatype Nexus, albeit not in HA mode. This gives us a decent on-prem artifact sharing mechanism we could engage with using maven. Lastly, we worked out a working build YAML and showed an end-to-end demo.

My next move will be to create branch builds that would be pathed differently as well as generate Docx versions. I want some form of tagging to indicate versions that have been released (sent out). I need to have the version bundled into the File itself for actual Document revision tracking. Lastly, I want some form of a front page or link in my Github profile. That is mostly because pointing someone at a Nexus URL doesn’t seem like the best user experience.

Resume Repo Git Nexus

Have something to add? Feedback? You can use the feedback form

Isaac Johnson

Isaac Johnson

Cloud Solutions Architect

Isaac is a CSA and DevOps engineer who focuses on cloud migrations and devops processes. He also is a dad to three wonderful daughters (hence the references to Princess King sprinkled throughout the blog).

Theme built by C.S. Rhymes