diff --git a/.forgejo/workflows/docker.yml b/.forgejo/workflows/docker.yml new file mode 100644 index 0000000..7a0936b --- /dev/null +++ b/.forgejo/workflows/docker.yml @@ -0,0 +1,51 @@ +name: Build and Push Docker Image to Docker Hub + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + +env: + REGISTRY: docker.io + IMAGE_NAME: wneessen/apg-go + +jobs: + build: + runs-on: docker + steps: + - uses: actions/checkout@v3 + - name: Build the Docker image + run: docker-compose build --no-cache --force-rm + test: + runs-on: docker + steps: + - uses: actions/checkout@v2 + - name: Test the Docker image + run: docker-compose up -d + push_to_registry: + name: Push Docker image to Docker Hub + runs-on: docker + steps: + - name: Check out the repo + uses: actions/checkout@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Log in to Docker Hub + uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Build and push Docker image + uses: docker/build-push-action@v2 + with: + context: "{{defaultContext}}" + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 6f86013..4144c6e 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -93,14 +93,5 @@ gitea_urls: api: https://src.neessen.cloud/api/v1 download: https://src.neessen.cloud -dockers: - - image_templates: - - wneessen/apg-go - -docker_signs: - - artifacts: all - stdin: '{{ .Env.COSIGN_PWD }}' - cmd: cosign - gomod: mod: mod diff --git a/Dockerfile b/Dockerfile index 08a7973..b6f3496 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,20 @@ -# SPDX-FileCopyrightText: 2021-2024 Winni Neessen -# -# SPDX-License-Identifier: MIT +## Build first +FROM golang:latest AS builder +RUN mkdir /builddir +ADD . /builddir/ +WORKDIR /builddir +RUN CGO_ENABLED=0 go build -a -installsuffix cgo -ldflags '-w -s -extldflags "-static"' -o apg-go \ + github.com/wneessen/apg-go/cmd/apg +## Create scratch image FROM scratch -ENTRYPOINT ["/apg"] -COPY apg / +LABEL maintainer="wn@neessen.dev" +COPY ["docker-files/passwd", "/etc/passwd"] +COPY ["docker-files/group", "/etc/group"] +COPY --from=builder ["/etc/ssl/certs/ca-certificates.crt", "/etc/ssl/cert.pem"] +COPY --chown=apg-go ["LICENSE", "/apg-go/LICENSE"] +COPY --chown=apg-go ["README.md", "/apg-go/README.md"] +COPY --from=builder --chown=apg-go ["/builddir/apg-go", "/apg-go/apg-go"] +WORKDIR /apg-go +USER apg-go +ENTRYPOINT ["/apg-go/apg-go"] \ No newline at end of file diff --git a/docker-files/group b/docker-files/group new file mode 100644 index 0000000..4cbfc65 --- /dev/null +++ b/docker-files/group @@ -0,0 +1 @@ +apg-go:*:1000:apg-go diff --git a/docker-files/passwd b/docker-files/passwd new file mode 100644 index 0000000..8efc7d9 --- /dev/null +++ b/docker-files/passwd @@ -0,0 +1 @@ +apg-go:*:1000:1000:Automated Password Generator User:/apg-go:/usr/bin/false