diff --git a/.github/workflows/publish-docker-images.yml b/.github/workflows/publish-docker-images.yml new file mode 100644 index 0000000..ff8dcdc --- /dev/null +++ b/.github/workflows/publish-docker-images.yml @@ -0,0 +1,78 @@ +name: publish-docker-images +on: + workflow_dispatch: + push: + tags: + - "v*" + +jobs: + build: + name: docker-publish + runs-on: ubuntu-latest + + steps: + - name: Src Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + fetch-tags: true + + - name: write tags env vars + run: | + TAG=$(git describe --tags) + LATEST_TAG=$(git tag -l | grep -viE '(alpha|beta)' | sort -V | tail -n 1) + GITHASH="$(git rev-parse HEAD)" + echo "TAG=$TAG" + echo "TAG=${TAG}" >> "$GITHUB_ENV" + echo "LATEST_TAG=${LATEST_TAG}" + echo "LATEST_TAG=${LATEST_TAG}" >> "$GITHUB_ENV" + echo "GITHASH=${GITHASH}" + echo "GITHASH=${GITHASH}" >> "$GITHUB_ENV" + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + cactus4docker/go-camo + ghcr.io/cactus/go-camo + tags: | + # set latest tag for master branch + type=raw,value=${{ env.TAG }} + type=raw,value=latest,enable=${{ env.TAG == env.LATEST_TAG }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + password: ${{ secrets.DOCKER_PASSWORD }} + username: ${{ secrets.DOCKER_USERNAME }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + push: true + provenance: false + sbom: false + file: ./examples/Dockerfile-build + platforms: linux/amd64,linux/arm64 + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + build-args: | + GITHASH=${{env.GITHASH}} + APP_VER=${{env.TAG}} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml deleted file mode 100644 index d9123d4..0000000 --- a/.github/workflows/publish-docker.yml +++ /dev/null @@ -1,60 +0,0 @@ -name: publish-docker -on: - workflow_dispatch: - push: - tags: - - 'v*' - -jobs: - build: - name: docker-publish - runs-on: ubuntu-latest - - steps: - - name: Src Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Setup Go - uses: actions/setup-go@v5 - with: - go-version: '>=1.22.0' - check-latest: true - id: go - - - name: Build - if: success() - env: - GOPROXY: "https://proxy.golang.org" - run: make build - - - name: Build Container - if: success() - env: - DOCKER_BUILDKIT: 1 - run: | - TAG=$(git describe --tags) - GITHASH="$(git rev-parse HEAD)" - docker build \ - --build-arg GITHASH=${GITHASH} \ - --build-arg VERSION=${TAG} \ - -f examples/Dockerfile \ - -t cactus4docker/go-camo:${TAG} \ - . - - - name: Publish Container - if: success() - env: - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - run: | - TAG=$(git describe --tags) - LATEST_TAG=$(git tag -l | grep -viE '(alpha|beta)' | sort -V | tail -n 1) - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin - docker push cactus4docker/go-camo:${TAG} - if [[ "$TAG" = "$LATEST_TAG" ]]; then - docker tag cactus4docker/go-camo:${TAG} cactus4docker/go-camo:latest - docker push cactus4docker/go-camo:latest - fi - docker logout diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml deleted file mode 100644 index fba58d1..0000000 --- a/.github/workflows/publish-github.yml +++ /dev/null @@ -1,63 +0,0 @@ -name: publish-github -on: - workflow_dispatch: - push: - tags: - - 'v*' - -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - DOCKER_BUILDKIT: 1 - -jobs: - build: - name: docker-publish - runs-on: ubuntu-latest - - steps: - - name: Src Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Setup Go - uses: actions/setup-go@v5 - with: - go-version: '>=1.22.0' - check-latest: true - id: go - - - name: Build - if: success() - env: - GOPROXY: "https://proxy.golang.org" - run: make build - - - name: Build Container - if: success() - run: | - TAG=$(git describe --tags) - GITHASH="$(git rev-parse HEAD)" - docker build \ - --build-arg GITHASH=${GITHASH} \ - --build-arg VERSION=${TAG} \ - -f examples/Dockerfile \ - -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${TAG} \ - . - - - name: Publish Container - if: success() - env: - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - run: | - TAG=$(git describe --tags) - LATEST_TAG=$(git tag -l | grep -viE '(alpha|beta)' | sort -V | tail -n 1) - echo "${{ secrets.GITHUB_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${TAG} - if [[ "$TAG" = "$LATEST_TAG" ]]; then - docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${TAG} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - fi - docker logout diff --git a/examples/Dockerfile-build b/examples/Dockerfile-build new file mode 100644 index 0000000..6a49cb3 --- /dev/null +++ b/examples/Dockerfile-build @@ -0,0 +1,18 @@ +FROM golang:alpine as builder +RUN apk add --no-cache ca-certificates tzdata make git +WORKDIR /workdir +ENV GOEXPERIMENT=loopvar +COPY go.mod go.sum ./ +RUN go mod download +COPY . ./ +ARG APP_VER +RUN make build APP_VER="${APP_VER}" GITHASH="${GITHASH}"; rm -rf /root/.cache/ + +FROM alpine:latest as run +RUN apk add --no-cache ca-certificates tzdata +WORKDIR /app +COPY --from=builder --link /workdir/build/bin/* /bin/ + +USER nobody +EXPOSE 8080/tcp +ENTRYPOINT ["/bin/go-camo"]