ci: refactor dockerfile to build with many speed

Signed-off-by: Xe Iaso <me@xeiaso.net>
2026-04-10 18:48:44 +00:00 · 2025-07-18 23:52:58 +00:00
parent 89b6af05a3
commit 153da4f5ac
3 changed files with 52 additions and 16 deletions
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -17,7 +17,38 @@ permissions:
  pull-requests: write

 jobs:
-  build:
+  buildx-bake:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-tags: true
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+
+      - name: Log into registry
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        id: build
+        uses: docker/bake-action@76f9fa3a758507623da19f6092dc4089a7e61592 # v6.6.0
+        with:
+          source: .
+          push: true
+          sbom: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          set: ""
+
+  containerbuild:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout code
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -1,5 +1,6 @@
 variable "ALPINE_VERSION" { default = "3.22" }
 variable "GITHUB_SHA" { default = "devel" }
+variable "VERSION" { default = "devel-docker" }

 group "default" {
  targets = [
@@ -10,19 +11,22 @@ group "default" {
 target "osiris" {
  args = {
    ALPINE_VERSION = "3.22"
+    VERSION        = "${VERSION}"
  }
  context    = "."
  dockerfile = "./docker/osiris.Dockerfile"
  platforms = [
    "linux/amd64",
-    # "linux/arm64",
-    # "linux/arm/v7",
-    # "linux/ppc64le",
-    # "linux/riscv64",
+    "linux/arm64",
+    "linux/arm/v7",
+    "linux/ppc64le",
+    "linux/riscv64",
  ]
-  pull = true
+  pull       = true
+  sbom       = true
+  provenance = true
  tags = [
-    "ghcr.io/techarohq/anubis/osiris:${GITHUB_SHA}",
+    "ghcr.io/techarohq/anubis/osiris:${VERSION}",
    "ghcr.io/techarohq/anubis/osiris:main"
  ]
 }
--- a/docker/osiris.Dockerfile
+++ b/docker/osiris.Dockerfile
@@ -1,20 +1,22 @@
 ARG ALPINE_VERSION=edge
 FROM --platform=${BUILDPLATFORM} alpine:${ALPINE_VERSION} AS build

-ARG TARGETOS
-ARG TARGETARCH
-ARG VERSION=devel-docker
-
 RUN apk -U add go nodejs git build-base git npm bash zstd brotli gzip

 WORKDIR /app

 COPY go.mod go.sum ./
-RUN go mod download
+RUN --mount=type=cache,target=/root/.cache --mount=type=cache,target=/root/go go mod download
+
+COPY package.json package-lock.json ./
+RUN npm ci
+
+ARG TARGETOS
+ARG TARGETARCH
+ARG VERSION=devel-docker

 COPY . .
-RUN --mount=type=cache,target=/root/.cache npm ci && npm run assets
-RUN --mount=type=cache,target=/root/.cache GOOS=${TARGETOS} GOARCH=${TARGETARCH} CGO_ENABLED=0 GOARM=7 go build -gcflags "all=-N -l" -o /app/bin/osiris -ldflags "-s -w -extldflags -static -X github.com/TecharoHQ/anubis.Version=${VERSION}" ./cmd/osiris
+RUN --mount=type=cache,target=/root/.cache --mount=type=cache,target=/root/go GOOS=${TARGETOS} GOARCH=${TARGETARCH} CGO_ENABLED=0 GOARM=7 go build -gcflags "all=-N -l" -o /app/bin/osiris -ldflags "-s -w -extldflags -static -X github.com/TecharoHQ/anubis.Version=${VERSION}" ./cmd/osiris

 FROM alpine:${ALPINE_VERSION} AS run
 WORKDIR /app
@@ -23,7 +25,6 @@ RUN apk -U add ca-certificates mailcap

 COPY --from=build /app/bin/osiris /app/bin/osiris

-CMD ["/app/bin/anubis"]
-HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "/app/bin/anubis", "--healthcheck" ]
+CMD ["/app/bin/osiris"]

 LABEL org.opencontainers.image.source="https://github.com/TecharoHQ/anubis"