diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 7e8db319..b1b1f676 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -17,7 +17,38 @@ permissions: pull-requests: write jobs: - build: + buildx-bake: + runs-on: ubuntu-24.04 + steps: + - name: Checkout code + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + fetch-tags: true + fetch-depth: 0 + persist-credentials: false + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + + - name: Log into registry + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push + id: build + uses: docker/bake-action@76f9fa3a758507623da19f6092dc4089a7e61592 # v6.6.0 + with: + source: . + push: true + sbom: true + cache-from: type=gha + cache-to: type=gha,mode=max + set: "" + + containerbuild: runs-on: ubuntu-24.04 steps: - name: Checkout code diff --git a/docker-bake.hcl b/docker-bake.hcl index 81baa350..6cd06216 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -1,5 +1,6 @@ variable "ALPINE_VERSION" { default = "3.22" } variable "GITHUB_SHA" { default = "devel" } +variable "VERSION" { default = "devel-docker" } group "default" { targets = [ @@ -10,19 +11,22 @@ group "default" { target "osiris" { args = { ALPINE_VERSION = "3.22" + VERSION = "${VERSION}" } context = "." dockerfile = "./docker/osiris.Dockerfile" platforms = [ "linux/amd64", - # "linux/arm64", - # "linux/arm/v7", - # "linux/ppc64le", - # "linux/riscv64", + "linux/arm64", + "linux/arm/v7", + "linux/ppc64le", + "linux/riscv64", ] - pull = true + pull = true + sbom = true + provenance = true tags = [ - "ghcr.io/techarohq/anubis/osiris:${GITHUB_SHA}", + "ghcr.io/techarohq/anubis/osiris:${VERSION}", "ghcr.io/techarohq/anubis/osiris:main" ] } \ No newline at end of file diff --git a/docker/osiris.Dockerfile b/docker/osiris.Dockerfile index df79cabe..20076e0f 100644 --- a/docker/osiris.Dockerfile +++ b/docker/osiris.Dockerfile @@ -1,20 +1,22 @@ ARG ALPINE_VERSION=edge FROM --platform=${BUILDPLATFORM} alpine:${ALPINE_VERSION} AS build -ARG TARGETOS -ARG TARGETARCH -ARG VERSION=devel-docker - RUN apk -U add go nodejs git build-base git npm bash zstd brotli gzip WORKDIR /app COPY go.mod go.sum ./ -RUN go mod download +RUN --mount=type=cache,target=/root/.cache --mount=type=cache,target=/root/go go mod download + +COPY package.json package-lock.json ./ +RUN npm ci + +ARG TARGETOS +ARG TARGETARCH +ARG VERSION=devel-docker COPY . . -RUN --mount=type=cache,target=/root/.cache npm ci && npm run assets -RUN --mount=type=cache,target=/root/.cache GOOS=${TARGETOS} GOARCH=${TARGETARCH} CGO_ENABLED=0 GOARM=7 go build -gcflags "all=-N -l" -o /app/bin/osiris -ldflags "-s -w -extldflags -static -X github.com/TecharoHQ/anubis.Version=${VERSION}" ./cmd/osiris +RUN --mount=type=cache,target=/root/.cache --mount=type=cache,target=/root/go GOOS=${TARGETOS} GOARCH=${TARGETARCH} CGO_ENABLED=0 GOARM=7 go build -gcflags "all=-N -l" -o /app/bin/osiris -ldflags "-s -w -extldflags -static -X github.com/TecharoHQ/anubis.Version=${VERSION}" ./cmd/osiris FROM alpine:${ALPINE_VERSION} AS run WORKDIR /app @@ -23,7 +25,6 @@ RUN apk -U add ca-certificates mailcap COPY --from=build /app/bin/osiris /app/bin/osiris -CMD ["/app/bin/anubis"] -HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "/app/bin/anubis", "--healthcheck" ] +CMD ["/app/bin/osiris"] LABEL org.opencontainers.image.source="https://github.com/TecharoHQ/anubis" \ No newline at end of file