diff options
| -rw-r--r-- | .github/workflows/docker.yaml | 52 | ||||
| -rw-r--r-- | hived/Dockerfile | 2 | ||||
| -rw-r--r-- | hived/Dockerfile_distroless | 9 | ||||
| -rw-r--r-- | hived/Dockerfile_distroless_vendored | 10 |
4 files changed, 71 insertions, 2 deletions
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml new file mode 100644 index 0000000..91be6e3 --- /dev/null +++ b/.github/workflows/docker.yaml @@ -0,0 +1,52 @@ +name: Publish Docker image +on: + release: + types: [published] + push: + branches: [ "main" ] +jobs: + push_to_registry: + name: Push Docker image to Docker Hub + runs-on: ubuntu-latest + permissions: + packages: write + contents: read + attestations: write + id-token: write + steps: + - name: Check out the repo + uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Log in to Docker Hub + uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: terminaldweller/hived + - name: Build and push Docker image + id: push + uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 + with: + context: . + file: ./Dockerfile + push: true + sbom: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + provenance: mode=max + # - name: Docker Scout + # id: docker-scout + # if: ${{ github.event_name == 'pull_request' }} + # uses: docker/scout-action@v1 + # with: + # command: cves + # image: ${{ github.event.repository.name }} + # ignore-unchanged: true + # only-severities: critical,high,medium,low + # write-comment: true + # github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/hived/Dockerfile b/hived/Dockerfile index a9c84ac..407c8ac 100644 --- a/hived/Dockerfile +++ b/hived/Dockerfile @@ -1,6 +1,4 @@ FROM golang:1.22-alpine3.20 as builder -RUN apk update && apk upgrade -RUN apk add go git COPY go.* /hived/ RUN cd /hived && go mod download COPY *.go /hived/ diff --git a/hived/Dockerfile_distroless b/hived/Dockerfile_distroless new file mode 100644 index 0000000..c21dd2d --- /dev/null +++ b/hived/Dockerfile_distroless @@ -0,0 +1,9 @@ +FROM golang:1.22-alpine3.20 as builder +COPY go.* /hived/ +RUN cd /hived && go mod download +COPY *.go /hived/ +RUN cd /hived && go build + +FROM gcr.io/distroless/static-debian12 +COPY --from=builder /hived/hived "/usr/bin/hived" +ENTRYPOINT ["hived"] diff --git a/hived/Dockerfile_distroless_vendored b/hived/Dockerfile_distroless_vendored new file mode 100644 index 0000000..125c0ae --- /dev/null +++ b/hived/Dockerfile_distroless_vendored @@ -0,0 +1,10 @@ +FROM golang:1.22-alpine3.20 as builder +WORKDIR /hived +COPY go.sum go.mod /hived/ +COPY vendor /hived/vendor +COPY *.go /hived/ +RUN go build + +FROM gcr.io/distroless/static-debian12 +COPY --from=builder /hived/hived "/usr/bin/hived" +ENTRYPOINT ["hived"] |