From 613b237cfafd1bb8470210d4d6d03af6a753339d Mon Sep 17 00:00:00 2001 From: Josh Komoroske Date: Tue, 6 Feb 2024 22:26:19 -0500 Subject: [PATCH] feat: build and push docker image to ghcr.io (#5) --- .dockerignore | 4 +++ .github/workflows/build.yaml | 47 ++++++++++++++++++++++++++++++ Dockerfile | 55 ++++++++++++++++++++++++++++++++++++ 3 files changed, 106 insertions(+) create mode 100644 .dockerignore create mode 100644 .github/workflows/build.yaml create mode 100644 Dockerfile diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..91e3669 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,4 @@ +.git/ +.github/ +.dockerignore +Dockerfile diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000..d4680a8 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,47 @@ +name: Build +on: + pull_request: + push: + branches: + - "master" + +jobs: + build: + name: Build + runs-on: ubuntu-22.04 + + permissions: + contents: read + packages: write + + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - uses: docker/setup-buildx-action@v3 + id: buildx + + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ github.token }} + + - name: output docker build args + id: args + run: | + echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT + echo "revision=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT + echo "version=$(git describe --tags)" >> $GITHUB_OUTPUT + + - uses: docker/build-push-action@v3 + with: + builder: ${{ steps.buildx.outputs.name }} + tags: | + ghcr.io/joshdk/actions-docker-shim:${{ github.sha }} + push: true + build-args: | + CREATED=${{ steps.args.outputs.created }} + REVISION=${{ steps.args.outputs.revision }} + VERSION=${{ steps.args.outputs.version }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..5d336e3 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,55 @@ +# The certs stage is used to obtain a current set of CA certificates. +FROM docker.io/library/alpine:3.19 AS deps + +# hadolint ignore=DL3018 +RUN apk add --no-cache \ + ca-certificates \ + docker-cli + +# The builder build stage compiles the Go code into a static binary. +FROM golang:1.21-alpine as build + +WORKDIR /go/src/github.com/joshdk/actions-docker-shim + +COPY . . + +RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \ + -o /bin/actions-docker-shim \ + -buildvcs=false \ + -ldflags "-buildid= -s -w" \ + -trimpath \ + . + +# The final build stage copies in the compiled binary. +FROM scratch + +ARG CREATED +ARG REVISION +ARG VERSION + +# hadolint ignore=DL4000 +MAINTAINER Josh Komoroske + +# Standard OCI image labels. +# See: https://github.com/opencontainers/image-spec/blob/v1.0.1/annotations.md#pre-defined-annotation-keys +LABEL org.opencontainers.image.created="$CREATED" +LABEL org.opencontainers.image.authors="Josh Komoroske " +LABEL org.opencontainers.image.url="https://github.com/joshdk/actions-docker-shim" +LABEL org.opencontainers.image.documentation="https://github.com/joshdk/actions-docker-shim/blob/master/README.md" +LABEL org.opencontainers.image.source="https://github.com/joshdk/actions-docker-shim" +LABEL org.opencontainers.image.version="$VERSION" +LABEL org.opencontainers.image.revision="$REVISION" +LABEL org.opencontainers.image.vendor="Josh Komoroske " +LABEL org.opencontainers.image.licenses="MIT" +LABEL org.opencontainers.image.ref.name="ghcr.io/joshdk/actions-docker-shim:$VERSION" +LABEL org.opencontainers.image.title="actions-docker-shim" +LABEL org.opencontainers.image.description="Shim that enables using private ghcr.io images in GitHub Actions" + +COPY LICENSE.txt / +COPY --from=deps /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=deps /usr/bin/docker /usr/bin/docker +COPY --from=deps /lib/ld-musl-x86_64.so.1 /lib/ld-musl-x86_64.so.1 +COPY README.md / +COPY --from=build /bin/actions-docker-shim /bin/actions-docker-shim + +ENTRYPOINT ["/bin/actions-docker-shim"]