diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index df33bcaf..be2c30b5 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -64,4 +64,13 @@ jobs: - name: Lint run: $HOME/go/bin/golangci-lint run --timeout=2m ./... - name: Test - run: go test -failfast -race -covermode=atomic -coverprofile=coverage.txt -cover -json ./... | $HOME/go/bin/tparse \ No newline at end of file + run: go test -failfast -race -covermode=atomic -coverprofile=coverage.txt -cover -json ./... | $HOME/go/bin/tparse + + build_docker_image: + name: Build Docker image from latest tag + runs-on: ubuntu-latest + steps: + - name: Build image + run: docker build https://github.com/bojand/ghz.git + env: + DOCKER_BUILDKIT: '1' diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7a663526..91c7ec45 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -143,4 +143,27 @@ jobs: with: formula-name: ghz env: - COMMITTER_TOKEN: ${{ secrets.GH_PAGES_ACTION_TOKEN }} \ No newline at end of file + COMMITTER_TOKEN: ${{ secrets.GH_PAGES_ACTION_TOKEN }} + + push_docker_image: + name: Push Docker image + needs: github_release + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Build image + run: docker build -t ghcr.io/${{ github.repository }} . + env: + DOCKER_BUILDKIT: '1' + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Push image to GHCR + run: docker push ghcr.io/${{ github.repository }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..44787325 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,35 @@ +# syntax=docker.io/docker/dockerfile:1@sha256:42399d4635eddd7a9b8a24be879d2f9a930d0ed040a61324cfdf59ef1357b3b2 + +FROM --platform=$BUILDPLATFORM docker.io/library/alpine@sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300 AS alpine +FROM --platform=$BUILDPLATFORM gcr.io/distroless/base:nonroot@sha256:02f667185ccf78dbaaf79376b6904aea6d832638e1314387c2c2932f217ac5cb AS distroless + +FROM alpine AS osmap-linux +RUN echo linux >/os +FROM alpine AS osmap-macos +RUN echo darwin >/os +FROM alpine AS osmap-windows +RUN echo windows >/os +FROM osmap-$TARGETOS AS osmap + +FROM alpine AS fetcher +WORKDIR /app +RUN \ + --mount=from=osmap,source=/os,target=/os \ + set -ux \ + && apk add --no-cache curl \ + && export url=https://github.com/bojand/ghz/releases \ + && export arch=x86_64 \ + && export VERSION=$( ( curl -#fSLo /dev/null -w '%{url_effective}' $url/latest && echo ) | while read -r x; do basename $x; done) \ + && curl -#fSLo exe.tar.gz $url/download/$VERSION/ghz-$(cat /os)-$arch.tar.gz \ + && curl -#fSLo sha2 $url/download/$VERSION/ghz-$(cat /os)-$arch.tar.gz.sha256 \ + && sha256sum exe.tar.gz | grep -F $(cat sha2) \ + && tar xvf exe.tar.gz \ + && rm ghz-web* && mkdir exe && mv ghz* exe/ + +FROM scratch AS ghz-binary +COPY --from=fetcher /app/exe/* / + +FROM distroless AS ghz +COPY --from=ghz-binary --chown=nonroot /ghz / +RUN ["/ghz", "--version"] +ENTRYPOINT ["/ghz"]