Skip to content

Instantly share code, notes, and snippets.

@ant31
Last active November 25, 2022 01:01
Show Gist options
  • Save ant31/cf962396818f69ec732fc5a08883f98b to your computer and use it in GitHub Desktop.
Save ant31/cf962396818f69ec732fc5a08883f98b to your computer and use it in GitHub Desktop.
# syntax=docker/dockerfile:1.4
# STAGE 1
FROM golang:1.19 as builder
WORKDIR /app
# ONLY needed for builds with private repo dependencies
RUN --mount=type=secret,id=GHTOKEN \
export GHTOKEN=$(cat /run/secrets/GHTOKEN) \
&& git config --global url.https://me:$GHTOKEN@github.com/.insteadOf https://github.com/
COPY . ./
RUN make build CONTAINERIZE_BUILD=false
# STAGE 2
FROM gcr.io/distroless/static-debian11 as app
WORKDIR /app
COPY --from=builder /app/bin/linux/amd64/myapp /usr/local/bin/
ENTRYPOINT ["/usr/local/bin/myapp"]
name: CI
'on':
pull_request:
branches:
- main
push:
branches:
- main
tags:
- '*'
schedule:
- cron: 0 0 * * *
workflow_dispatch: {}
env:
CONTAINER_PUSH: '${{ github.ref == ''refs/heads/main'' }}'
GOPRIVATE:
IMAGE_NAME: '${{ github.repository }}'
REGISTRY: ghcr.io
jobs:
build-and-push-image:
permissions:
contents: read
packages: write
runs-on: ubuntu-latest
steps:
- name: Chekout
uses: actions/checkout@v3
with: {}
- id: commit
uses: pr-mpt/actions-commit-hash@v1
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
with: {}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with: {}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with: {}
- name: Log in to the Container registry
uses: docker/login-action@v2
with:
password: '${{ secrets.GITHUB_TOKEN }}'
registry: '${{ env.REGISTRY }}'
username: '${{ github.actor }}'
- name: Docker build stage1
uses: docker/build-push-action@v3
with:
context: .
push: '${{ env.CONTAINER_PUSH }}'
secrets: 'GHTOKEN=${{ secrets.GHTOKEN }}'
tags: >-
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:build-${{
steps.commit.outputs.short }},${{ env.REGISTRY }}/${{ env.IMAGE_NAME
}}:build,${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:build-latest
target: builder
- name: Docker build App container
uses: docker/build-push-action@v3
with:
context: .
push: '${{ env.CONTAINER_PUSH }}'
secrets: 'GHTOKEN=${{ secrets.GHTOKEN }}'
tags: >-
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{
steps.commit.outputs.short }},${{ env.REGISTRY }}/${{ env.IMAGE_NAME
}}:latest
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/cache@v3
with:
key: 'go-${{ hashFiles(''**/go.sum'') }}'
path: ~/.cache/go-build ~/go/pkg/mod ./vendor
- run: >-
git config --global url.https://me:${{ secrets.GHTOKEN
}}@github.com/.insteadOf https://github.com/
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: '1.18'
- name: Vendor
run: make vendor
- name: lint
run: |-
make vendor
git diff --exit-code
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/cache@v3
with:
key: 'go-${{ hashFiles(''**/go.sum'') }}'
path: ~/.cache/go-build ~/go/pkg/mod ./vendor
- run: >-
git config --global url.https://me:${{ secrets.GHTOKEN
}}@github.com/.insteadOf https://github.com/
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: '1.18'
- name: Vendor
run: make vendor
- name: test
run: CONTAINERIZE_BUILD=false make test
vendor:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/cache@v3
with:
key: 'go-${{ hashFiles(''**/go.sum'') }}'
path: ~/.cache/go-build ~/go/pkg/mod ./vendor
- run: >-
git config --global url.https://me:${{ secrets.GHTOKEN
}}@github.com/.insteadOf https://github.com/
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: '1.18'
- name: Vendor
run: make vendor
- name: vendor
run: make lint
CONTAINERIZE_BUILD ?= true
.PHONY: build
build: $(BINS)
.PHONY: build-in-container
build-in-container: $(BIN_DIR)
@echo "Create builder container..."
@docker buildx build -q . -t myimage/name:builder --target=builder --secret=type=env,env=GHTOKEN,id=GHTOKEN
@echo "Copy binaries"
@docker run --rm \
-u $$(id -u):$$(id -g) \
-v $$(pwd)/$(BIN_DIR):/localbins \
-w /app \
myimage/name:builder \
cp -r /app/bin/. /localbins
$(BINS): $(SRC) go.mod
ifeq ($(CONTAINERIZE_BUILD),false)
export GOPRIVATE=github.com/somerepo
@mkdir -p $(BIN_DIR)/$(word 2,$(subst /, ,$@))/$(word 3,$(subst /, ,$@))
@echo "building: $@"
GOARCH=$(word 3,$(subst /, ,$@)) \
GOOS=$(word 2,$(subst /, ,$@)) \
GOCACHE=$$(pwd)/.cache \
GOMODCACHE=$$(pwd)/.gomodcache \
CGO_ENABLED=0 \
go build -mod=readonly -o $@ \
$(LD_FLAGS) \
./cmd/$(@F)
else
@echo "building: $@"
@$(MAKE) -s build-in-container
endif
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment