diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c3fe3cc..7622b10 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -81,13 +81,13 @@ jobs: run: echo "LATEST_TAG=latest" >>"$GITHUB_ENV" - if: github.event_name == 'pull_request' run: echo "PR_TAG=pr-${{ github.event.pull_request.number }}" >>"$GITHUB_ENV" - - name: Build bouncer + - name: Build CA uses: redhat-actions/buildah-build@v2 - id: build_bouncer + id: build_ca with: - image: ${{ github.repository }}-bouncer + image: ${{ github.repository }}-issuer build-args: GO_VERSION=${{ env.GO_VERSION }} - extra-args: --target=bouncer + extra-args: --target=ca tags: > ${{ env.LATEST_TAG }} ${{ env.SHORT_SHA }} @@ -95,13 +95,12 @@ jobs: ${{ env.PR_TAG }} ${{ github.event.release.tag_name }} containerfiles: Dockerfile - - name: Build issuer + - name: Build bifrost uses: redhat-actions/buildah-build@v2 - id: build_issuer + id: build_bifrost with: - image: ${{ github.repository }}-issuer + image: ${{ github.repository }} build-args: GO_VERSION=${{ env.GO_VERSION }} - extra-args: --target=issuer tags: > ${{ env.LATEST_TAG }} ${{ env.SHORT_SHA }} @@ -109,19 +108,19 @@ jobs: ${{ env.PR_TAG }} ${{ github.event.release.tag_name }} containerfiles: Dockerfile - - name: Push bouncer to ghcr.io + - name: Push issuer to ghcr.io uses: redhat-actions/push-to-registry@v2 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - image: ${{ steps.build_bouncer.outputs.image }} - tags: ${{ steps.build_bouncer.outputs.tags }} - - name: Push issuer to ghcr.io + image: ${{ steps.build_ca.outputs.image }} + tags: ${{ steps.build_ca.outputs.tags }} + - name: Push bifrost to ghcr.io uses: redhat-actions/push-to-registry@v2 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - image: ${{ steps.build_issuer.outputs.image }} - tags: ${{ steps.build_issuer.outputs.tags }} + image: ${{ steps.build_bifrost.outputs.image }} + tags: ${{ steps.build_bifrost.outputs.tags }} diff --git a/Dockerfile b/Dockerfile index cc48a47..705006b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,12 +11,7 @@ ENV GOPRIVATE="github.com/RealImage/*" RUN mkdir /build RUN go build -o /build ./... -FROM gcr.io/distroless/base-debian11 as bouncer -COPY --from=builder /build/bouncer / -ENV PORT=8080 -ENTRYPOINT ["/bouncer"] - -FROM gcr.io/distroless/base-debian11 as issuer +FROM gcr.io/distroless/base-debian11 as ca # uses lambda-web-adapter to run our standard HTTP app in a lambda # https://github.com/awslabs/aws-lambda-web-adapter # for configuration see https://github.com/awslabs/aws-lambda-web-adapter#configurations @@ -28,3 +23,9 @@ ENV PORT=8080 ENV READINESS_CHECK_PATH="/metrics" ENV REMOVE_BASE_PATH="" ENTRYPOINT ["/issuer"] + +FROM gcr.io/distroless/base-debian11 as bifrost +COPY --from=builder /build/bfid / +COPY --from=builder /build/bouncer / +COPY --from=builder /build/issuer / +ENTRYPOINT ["/bouncer"] diff --git a/README.md b/README.md index 3dab8bc..05fe6c0 100644 --- a/README.md +++ b/README.md @@ -20,16 +20,19 @@ Bifrost binaries are available on the [releases](https://github.com/RealImage/bi page. Container images are on ghcr.io. -[bifrost-bouncer](ghcr.io/realimage/bifrost-bouncer): +[bifrost](ghcr.io/realimage/bifrost) contains all binaries. +Its intended for local development. ```console -podman pull ghcr.io/realimage/bifrost-bouncer +podman pull ghcr.io/realimage/bifrost ``` -[bifrost-issuer](ghcr.io/realimage/bifrost-issuer): +[bifrost-ca](ghcr.io/realimage/bifrost-ca) contains the issuer binary. +The image has the [AWS Lambda Web Adapter](github.com/awslabs/aws-lambda-web-adapter) +extension installed. ```console -podman pull ghcr.io/realimage/bifrost-issuer +podman pull ghcr.io/realimage/bifrost-ca ``` ## Identity @@ -115,16 +118,16 @@ go build -o build ./... ### Containers -bouncer: +issuer: ```console -podman build -t gcr.io/realimage/bifrost-bouncer --target=bouncer . +podman build -t ghcr.io/realimage/bifrost-ca --target=ca . ``` -issuer: +bifrost: ```console -podman build -t ghcr.io/realimage/bifrost-issuer --target=issuer . +podman build -t gcr.io/realimage/bifrost . ``` ## Run Issuer CA