From 9e9ca6238a6e99cb52ae25ac2f66fc6b64bc6bbc Mon Sep 17 00:00:00 2001 From: Drew Hudson-Viles Date: Wed, 15 Mar 2023 13:38:35 +0000 Subject: [PATCH] patch: adding new process for actions and allowing dockerfile to build binary for testing and eventual deployment (#27) Adjustments to the Dockerfile and actions to allow test to be completed --- .github/workflows/pull_request.yaml | 10 ++++++---- .github/workflows/push.yaml | 7 +++++-- .github/workflows/tag.yml | 9 ++++++--- docker/Dockerfile | 18 +++++++++++++++++- 4 files changed, 34 insertions(+), 10 deletions(-) diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index b593cbb..b9ceda9 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-go@v3 with: - go-version: '1.19' + go-version: '1.19.2' - name: golangci-lint uses: golangci/golangci-lint-action@v3 with: @@ -30,15 +30,16 @@ jobs: go-version: '1.19.2' - run: go test -v -cover ./... - container: + security-checks: runs-on: ubuntu-22.04 + needs: test permissions: contents: read packages: write id-token: write steps: - name: Build Local Container - uses: eschercloudai/container-security-action@main + uses: eschercloudai/container-security-action@v0.0.1-beta.2 if: github.event_name != 'pull_request' id: build-and-scan with: @@ -52,4 +53,5 @@ jobs: publish-image: false cosign-private-key: ${{secrets.COSIGN_KEY}} cosign-password: ${{secrets.COSIGN_PASSWORD}} - + cosign-tlog: false + dockerfile-path: docker diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index aacbb74..76532e9 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -33,15 +33,16 @@ jobs: go-version: '1.19.2' - run: go test -v -cover ./... - container: + security-checks: runs-on: ubuntu-22.04 + needs: test permissions: contents: read packages: write id-token: write steps: - name: Build Local Container - uses: eschercloudai/container-security-action@main + uses: eschercloudai/container-security-action@v0.0.1-beta.2 if: github.event_name != 'pull_request' id: build-and-scan with: @@ -55,3 +56,5 @@ jobs: publish-image: false cosign-private-key: ${{secrets.COSIGN_KEY}} cosign-password: ${{secrets.COSIGN_PASSWORD}} + cosign-tlog: false + dockerfile-path: docker diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml index d0aa7c2..5aa346d 100644 --- a/.github/workflows/tag.yml +++ b/.github/workflows/tag.yml @@ -32,15 +32,16 @@ jobs: go-version: '1.19.2' - run: go test -v -cover ./... - container: + security-checks: runs-on: ubuntu-22.04 + needs: test permissions: contents: read packages: write id-token: write steps: - name: Build Local Container - uses: eschercloudai/container-security-action@main + uses: eschercloudai/container-security-action@v0.0.1-beta.2 if: github.event_name != 'pull_request' id: build-and-scan with: @@ -54,11 +55,13 @@ jobs: publish-image: true cosign-private-key: ${{secrets.COSIGN_KEY}} cosign-password: ${{secrets.COSIGN_PASSWORD}} + cosign-tlog: true + dockerfile-path: docker release: name: Create Release runs-on: 'ubuntu-22.04' - needs: container + needs: security-checks steps: - uses: actions/checkout@v3 with: diff --git a/docker/Dockerfile b/docker/Dockerfile index a5baa1c..ce04ff1 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,3 +1,18 @@ +# syntax=docker/dockerfile:1 +FROM golang as go-builder + +WORKDIR /app + +COPY go.mod ./ +COPY go.sum ./ +COPY cmd ./cmd/ +COPY pkg ./pkg/ + +RUN go mod download + +RUN CGO_ENABLED=0 go build -o /tmp/baski /app/cmd/baski/main.go + + FROM alpine:3.17 RUN apk update --no-cache @@ -9,7 +24,8 @@ RUN echo "baski:x:1000:1000:Baski Non Root,,,:/home/baski:" >> /etc/passwd RUN mkdir -p /home/baski/.config/openstack/ RUN chown baski: -R /home/baski -COPY bin/amd64-linux-gnu/baski /usr/bin/ +COPY --from=go-builder /tmp/baski /usr/bin/ + RUN chmod 755 /usr/bin/baski ENV PATH=${PATH}:/home/baski/.local/bin/