patch: adding new process for actions and allowing dockerfile to buil…

…d binary for testing and eventual deployment (#27) Adjustments to the Dockerfile and actions to allow test to be completed
eschercloudai · Mar 15, 2023 · 9e9ca62 · 9e9ca62
1 parent 5352e82
commit 9e9ca62
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 10 deletions.
diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
@@ -13,7 +13,7 @@ jobs:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v3
  with:
- go-version: '1.19'
+ go-version: '1.19.2'
  - name: golangci-lint
  uses: golangci/golangci-lint-action@v3
  with:
@@ -30,15 +30,16 @@ jobs:
  go-version: '1.19.2'
  - run: go test -v -cover ./...
 
- container:
+ security-checks:
  runs-on: ubuntu-22.04
+ needs: test
  permissions:
  contents: read
  packages: write
  id-token: write
  steps:
  - name: Build Local Container
- uses: eschercloudai/container-security-action@main
+ uses: eschercloudai/container-security-action@v0.0.1-beta.2
  if: github.event_name != 'pull_request'
  id: build-and-scan
  with:
@@ -52,4 +53,5 @@ jobs:
  publish-image: false
  cosign-private-key: ${{secrets.COSIGN_KEY}}
  cosign-password: ${{secrets.COSIGN_PASSWORD}}
-
+ cosign-tlog: false
+ dockerfile-path: docker
diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml
@@ -33,15 +33,16 @@ jobs:
  go-version: '1.19.2'
  - run: go test -v -cover ./...
 
- container:
+ security-checks:
  runs-on: ubuntu-22.04
+ needs: test
  permissions:
  contents: read
  packages: write
  id-token: write
  steps:
  - name: Build Local Container
- uses: eschercloudai/container-security-action@main
+ uses: eschercloudai/container-security-action@v0.0.1-beta.2
  if: github.event_name != 'pull_request'
  id: build-and-scan
  with:
@@ -55,3 +56,5 @@ jobs:
  publish-image: false
  cosign-private-key: ${{secrets.COSIGN_KEY}}
  cosign-password: ${{secrets.COSIGN_PASSWORD}}
+ cosign-tlog: false
+ dockerfile-path: docker
diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml
@@ -32,15 +32,16 @@ jobs:
  go-version: '1.19.2'
  - run: go test -v -cover ./...
 
- container:
+ security-checks:
  runs-on: ubuntu-22.04
+ needs: test
  permissions:
  contents: read
  packages: write
  id-token: write
  steps:
  - name: Build Local Container
- uses: eschercloudai/container-security-action@main
+ uses: eschercloudai/container-security-action@v0.0.1-beta.2
  if: github.event_name != 'pull_request'
  id: build-and-scan
  with:
@@ -54,11 +55,13 @@ jobs:
  publish-image: true
  cosign-private-key: ${{secrets.COSIGN_KEY}}
  cosign-password: ${{secrets.COSIGN_PASSWORD}}
+ cosign-tlog: true
+ dockerfile-path: docker
 
  release:
  name: Create Release
  runs-on: 'ubuntu-22.04'
- needs: container
+ needs: security-checks
  steps:
  - uses: actions/checkout@v3
  with:

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,3 +1,18 @@
+# syntax=docker/dockerfile:1
+FROM golang as go-builder
+
+WORKDIR /app
+
+COPY go.mod ./
+COPY go.sum ./
+COPY cmd ./cmd/
+COPY pkg ./pkg/
+
+RUN go mod download
+
+RUN CGO_ENABLED=0 go build -o /tmp/baski /app/cmd/baski/main.go
+
+
 FROM alpine:3.17
 
 RUN apk update --no-cache
@@ -9,7 +24,8 @@ RUN echo "baski:x:1000:1000:Baski Non Root,,,:/home/baski:" >> /etc/passwd
 RUN mkdir -p /home/baski/.config/openstack/
 RUN chown baski: -R /home/baski
 
-COPY bin/amd64-linux-gnu/baski /usr/bin/
+COPY --from=go-builder /tmp/baski /usr/bin/
+
 RUN chmod 755 /usr/bin/baski
 ENV PATH=${PATH}:/home/baski/.local/bin/