✨ Support builder with buildkit (#164)

.github/workflows/image-build.yml

@@ -106,3 +106,47 @@ jobs:
           sbom: false
           cache-from: type=registry,ref=ghcr.io/${{ github.repository }}:build-cache-debian
           cache-to: type=registry,ref=ghcr.io/${{ github.repository }}:build-cache-debian,mode=max
+  image-build-builder:
+    name: image-build-builder
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout branch
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          lfs: true
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: tosone
+          password: ${{ secrets.GHCR_TOKEN }}
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ghcr.io/${{ github.repository }}-builder
+          tags: |
+            type=schedule,pattern={{date 'YYYYMMDD-hhmmss' tz='Asia/Shanghai'}}
+            type=ref,event=pr
+            type=ref,event=branch,enable=${{ github.ref != 'refs/heads/main' }}
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=raw,value=nightly,enable={{is_default_branch}}
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: build/Dockerfile.builder
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/main' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          provenance: false
+          sbom: false

.gitignore

@@ -23,7 +23,7 @@ vendor/
 !3rdparty/distribution/vendor
 
 # Binaries for programs
-bin/sigma
+bin/sigma*
 
 ### Node ###
 # Logs

Makefile

@@ -27,14 +27,23 @@ GOFLAGS          = -ldflags '-s -w $(GOLDFLAGS)'
 all: build
 
 ## Build:
-build: ## Build your project and put the output binary in ./bin
+build: ## Build sigma and put the output binary in ./bin
 	@$(GOCMD) mod download
 	@CGO_ENABLED=1 GO111MODULE=on $(GOCMD) build $(GOFLAGS) -tags timetzdata -o bin/$(BINARY_NAME) -v .
 
-build-release: ## Build your project for release and put the output binary in ./bin
+## Build:
+build-builder: ## Build sigma-builder and put the output binary in ./bin
+	@$(GOCMD) mod download
+	@CGO_ENABLED=0 GO111MODULE=on $(GOCMD) build $(GOFLAGS) -tags timetzdata -o bin/$(BINARY_NAME)-builder -v ./cmd/builder
+
+build-release: ## Build sigma for release and put the output binary in ./bin
 	@$(GOCMD) mod download
 	@CGO_ENABLED=1 GO111MODULE=on $(GOCMD) build $(GOFLAGS) -tags timetzdata -o bin/$(BINARY_NAME) -v .
 
+build-builder-release: ## Build sigma-builder for release and put the output binary in ./bin
+	@$(GOCMD) mod download
+	@CGO_ENABLED=0 GO111MODULE=on $(GOCMD) build $(GOFLAGS) -tags timetzdata -o bin/$(BINARY_NAME)-builder -v ./cmd/builder
+
 build-linux: ## Build your project for linux and put the output binary in ./bin
 	@CGO_ENABLED=1 GO111MODULE=on GOOS=linux $(GOCMD) build $(GOFLAGS) -tags timetzdata -o bin/$(BINARY_NAME) -v .
 

build/Dockerfile.builder

@@ -0,0 +1,29 @@
+ARG GOLANG_VERSION=1.20.6-alpine3.18
+
+FROM golang:${GOLANG_VERSION} as builder
+
+COPY . /go/src/github.com/go-sigma/sigma
+
+WORKDIR /go/src/github.com/go-sigma/sigma
+
+RUN set -eux && \
+  # sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories && \
+  apk add --no-cache make bash ncurses build-base git git-lfs
+
+RUN make build-builder-release
+
+FROM moby/buildkit:v0.12.0-rootless
+
+USER root
+RUN set -eux && \
+  # sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories && \
+  apk add --no-cache git-lfs && \
+  mkdir -p /code/ && \
+  chown -R 1000:1000 /opt/ && \
+  chown -R 1000:1000 /code/
+
+COPY --from=builder /go/src/github.com/go-sigma/sigma/bin/sigma-builder /usr/local/bin/sigma-builder
+
+WORKDIR /code
+
+USER 1000:1000