From 05bc02f6f6525a5f3465af4eb6f0a3472840d2bb Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Sat, 19 Jul 2025 04:57:42 +0000 Subject: [PATCH] chore: set up docker buildx bake Closes #417 Closes #584 Closes #658 Closes #630 Signed-off-by: Xe Iaso --- .dockerignore | 25 +++++++++++++++ .github/workflows/docker-pr.yml | 57 ++++++++------------------------- .github/workflows/docker.yml | 56 ++++++-------------------------- docker-bake.hcl | 33 +++++++++++++++++++ docker/anubis.Dockerfile | 54 +++++++++++++++++++++++++++++++ 5 files changed, 135 insertions(+), 90 deletions(-) create mode 100644 .dockerignore create mode 100644 docker-bake.hcl create mode 100644 docker/anubis.Dockerfile diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..2418994 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,25 @@ +.env +*.deb +*.rpm + +# Additional package locks +pnpm-lock.yaml +yarn.lock + +# Go binaries and test artifacts +main +*.test + +node_modules + +# MacOS +.DS_store + +# Intellij +.idea + +# how does this get here +doc/VERSION + +web/static/js/* +!web/static/js/.gitignore \ No newline at end of file diff --git a/.github/workflows/docker-pr.yml b/.github/workflows/docker-pr.yml index 12fc651..758d808 100644 --- a/.github/workflows/docker-pr.yml +++ b/.github/workflows/docker-pr.yml @@ -2,7 +2,7 @@ name: Docker image builds (pull requests) on: pull_request: - branches: [ "main" ] + branches: ["main"] env: DOCKER_METADATA_SET_OUTPUT_ENV: "true" @@ -11,7 +11,7 @@ permissions: contents: read jobs: - build: + buildx-bake: runs-on: ubuntu-24.04 steps: - name: Checkout code @@ -21,48 +21,17 @@ jobs: fetch-depth: 0 persist-credentials: false - - name: Set up Homebrew - uses: Homebrew/actions/setup-homebrew@main - - - name: Setup Homebrew cellar cache - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 - with: - path: | - /home/linuxbrew/.linuxbrew/Cellar - /home/linuxbrew/.linuxbrew/bin - /home/linuxbrew/.linuxbrew/etc - /home/linuxbrew/.linuxbrew/include - /home/linuxbrew/.linuxbrew/lib - /home/linuxbrew/.linuxbrew/opt - /home/linuxbrew/.linuxbrew/sbin - /home/linuxbrew/.linuxbrew/share - /home/linuxbrew/.linuxbrew/var - key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }} - restore-keys: | - ${{ runner.os }}-go-homebrew-cellar- - - - name: Install Brew dependencies - run: | - brew bundle - - - name: Docker meta - id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 - with: - images: ghcr.io/${{ github.repository }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Build and push id: build - run: | - npm ci - npm run container - env: - PULL_REQUEST_ID: ${{ github.event.number }} - DOCKER_REPO: ghcr.io/${{ github.repository }} - SLOG_LEVEL: debug - - - run: | - echo "Test this with:" - echo "docker pull ${DOCKER_IMAGE}" - env: - DOCKER_IMAGE: ${{ steps.build.outputs.docker_image }} + uses: docker/bake-action@76f9fa3a758507623da19f6092dc4089a7e61592 # v6.6.0 + with: + source: . + push: true + sbom: true + cache-from: type=gha + cache-to: type=gha,mode=max + set: | + anubis.tags=ttl.sh/techaro/pr-${{ github.event.number }}/anubis:24h diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 7e8db31..d563531 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -17,7 +17,7 @@ permissions: pull-requests: write jobs: - build: + buildx-bake: runs-on: ubuntu-24.04 steps: - name: Checkout code @@ -27,33 +27,8 @@ jobs: fetch-depth: 0 persist-credentials: false - - name: Set lowercase image name - run: | - echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV - - - name: Set up Homebrew - uses: Homebrew/actions/setup-homebrew@main - - - name: Setup Homebrew cellar cache - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 - with: - path: | - /home/linuxbrew/.linuxbrew/Cellar - /home/linuxbrew/.linuxbrew/bin - /home/linuxbrew/.linuxbrew/etc - /home/linuxbrew/.linuxbrew/include - /home/linuxbrew/.linuxbrew/lib - /home/linuxbrew/.linuxbrew/opt - /home/linuxbrew/.linuxbrew/sbin - /home/linuxbrew/.linuxbrew/share - /home/linuxbrew/.linuxbrew/var - key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }} - restore-keys: | - ${{ runner.os }}-go-homebrew-cellar- - - - name: Install Brew dependencies - run: | - brew bundle + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Log into registry uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 @@ -62,24 +37,13 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Docker meta - id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 - with: - images: ${{ env.IMAGE }} - - name: Build and push id: build - run: | - npm ci - npm run container - env: - DOCKER_REPO: ${{ env.IMAGE }} - SLOG_LEVEL: debug - - - name: Generate artifact attestation - uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0 + uses: docker/bake-action@76f9fa3a758507623da19f6092dc4089a7e61592 # v6.6.0 with: - subject-name: ${{ env.IMAGE }} - subject-digest: ${{ steps.build.outputs.digest }} - push-to-registry: true + source: . + push: true + sbom: true + cache-from: type=gha + cache-to: type=gha,mode=max + set: "" diff --git a/docker-bake.hcl b/docker-bake.hcl new file mode 100644 index 0000000..e5f8cb1 --- /dev/null +++ b/docker-bake.hcl @@ -0,0 +1,33 @@ +variable "ALPINE_VERSION" { default = "3.22" } +variable "GITHUB_SHA" { default = "devel" } +variable "VERSION" { default = "devel-docker" } + +group "default" { + targets = [ + "anubis", + ] +} + +target "anubis" { + args = { + ALPINE_VERSION = "3.22" + VERSION = "${VERSION}" + } + context = "." + dockerfile = "./docker/anubis.Dockerfile" + platforms = [ + "linux/386", + "linux/amd64", + "linux/arm64", + "linux/arm/v7", + "linux/ppc64le", + "linux/riscv64", + ] + pull = true + sbom = true + provenance = true + tags = [ + "ghcr.io/techarohq/anubis:${VERSION}", + "ghcr.io/techarohq/anubis:main" + ] +} \ No newline at end of file diff --git a/docker/anubis.Dockerfile b/docker/anubis.Dockerfile new file mode 100644 index 0000000..e788b11 --- /dev/null +++ b/docker/anubis.Dockerfile @@ -0,0 +1,54 @@ +ARG ALPINE_VERSION=edge +FROM --platform=${BUILDPLATFORM} alpine:${ALPINE_VERSION} AS build + +RUN apk -U add go nodejs git build-base git npm bash zstd brotli gzip + +WORKDIR /app + +COPY go.mod go.sum ./ +RUN \ + --mount=type=cache,target=/root/.cache \ + --mount=type=cache,target=/root/go \ + go mod download + +COPY package.json package-lock.json ./ +RUN \ + --mount=type=cache,target=/app/node_modules \ + npm ci + +COPY . . +RUN \ + --mount=type=cache,target=/root/.cache \ + --mount=type=cache,target=/root/go \ + --mount=type=cache,target=/app/node_modules \ + npm run assets + +ARG TARGETOS +ARG TARGETARCH +ARG VERSION=devel-docker + +RUN \ + --mount=type=cache,target=/root/.cache \ + --mount=type=cache,target=/root/go \ + --mount=type=cache,target=/app/node_modules \ + GOOS=${TARGETOS} \ + GOARCH=${TARGETARCH} \ + CGO_ENABLED=0 \ + GOARM=7 \ + go build \ + -gcflags "all=-N -l" \ + -o /app/bin/anubis \ + -ldflags "-s -w -extldflags -static -X github.com/TecharoHQ/anubis.Version=${VERSION}" \ + ./cmd/anubis + +FROM alpine:${ALPINE_VERSION} AS run +WORKDIR /app + +RUN apk -U add ca-certificates mailcap + +COPY --from=build /app/bin/anubis /app/bin/anubis + +CMD ["/app/bin/anubis"] +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "/app/bin/anubis", "--healthcheck" ] + +LABEL org.opencontainers.image.source="https://github.com/TecharoHQ/anubis" \ No newline at end of file