diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..9e03c48 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,32 @@ +# Include any files or directories that you don't want to be copied to your +# container here (e.g., local build artifacts, temporary files, etc.). +# +# For more help, visit the .dockerignore file reference guide at +# https://docs.docker.com/go/build-context-dockerignore/ + +**/.DS_Store +**/.classpath +**/.dockerignore +**/.env +**/.git +**/.gitignore +**/.project +**/.settings +**/.toolstarget +**/.vs +**/.vscode +**/*.*proj.user +**/*.dbmdl +**/*.jfm +**/bin +**/charts +**/docker-compose* +**/compose.y*ml +**/Dockerfile* +**/node_modules +**/npm-debug.log +**/obj +**/secrets.dev.yaml +**/values.dev.yaml +LICENSE +README.md diff --git a/.github/workflows/docker-build-push-on-tag-or-release.yaml b/.github/workflows/docker-build-push-on-tag-or-release.yaml new file mode 100644 index 0000000..9b96134 --- /dev/null +++ b/.github/workflows/docker-build-push-on-tag-or-release.yaml @@ -0,0 +1,55 @@ +name: Docker Image Build on tag or release + +on: + push: + tags: + - '*' + release: + types: [published] + +env: + ORG: opentelekomcloud + PROJECT: status-dashboard-v3-api + +jobs: + push_if_tag: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + "${{ secrets.REGISTRY }}/${{ env.ORG }}/${{ env.PROJECT }}" + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ secrets.REGISTRY }} + username: ${{ secrets.REGISTRY_USER }} + password: ${{ secrets.REGISTRY_PASSWORD }} + + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + push: true + build-args: | + BASE_URL=${{ secrets.BASE_URL }} + AUTH_TOKEN=${{ secrets.AUTH_TOKEN }} diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml new file mode 100644 index 0000000..4709e37 --- /dev/null +++ b/.github/workflows/docker-build.yaml @@ -0,0 +1,95 @@ +name: Docker Image Build + +on: + pull_request: + types: + - opened + - closed + - edited + - reopened + - synchronize + +env: + ORG: opentelekomcloud + PROJECT: status-dashboard-v3-api + +jobs: + + build: + if: github.event.pull_request.merged == false + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + "${{ secrets.REGISTRY }}/${{ env.ORG }}/${{ env.PROJECT }}" + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + push: false + build-args: | + BASE_URL=${{ secrets.BASE_URL }} + AUTH_TOKEN=${{ secrets.AUTH_TOKEN }} + + push_if_merged: + if: github.event.pull_request.merged == true + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + "${{ secrets.REGISTRY }}/${{ env.ORG }}/${{ env.PROJECT }}" + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ secrets.REGISTRY }} + username: ${{ secrets.REGISTRY_USER }} + password: ${{ secrets.REGISTRY_PASSWORD }} + + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + push: true + build-args: | + BASE_URL=${{ secrets.BASE_URL }} + AUTH_TOKEN=${{ secrets.AUTH_TOKEN }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..0b0dc3f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,47 @@ +# syntax=docker/dockerfile:1 + +# Create a stage for building the application. +ARG GO_VERSION=1.22 +FROM --platform=$BUILDPLATFORM golang:${GO_VERSION} AS build +WORKDIR /src + +RUN --mount=type=cache,target=/go/pkg/mod/ \ + --mount=type=bind,source=go.sum,target=go.sum \ + --mount=type=bind,source=go.mod,target=go.mod \ + go mod download -x + +ARG TARGETARCH + +RUN --mount=type=cache,target=/go/pkg/mod/ \ + --mount=type=bind,target=. \ + CGO_ENABLED=0 GOARCH=$TARGETARCH go build -o /bin/server ./cmd + +FROM alpine:latest AS final + +RUN --mount=type=cache,target=/var/cache/apk \ + apk --update add \ + ca-certificates \ + tzdata \ + && \ + update-ca-certificates + +# Create a non-privileged user that the app will run under. +ARG UID=10001 +RUN adduser \ + --disabled-password \ + --gecos "" \ + --home "/nonexistent" \ + --shell "/sbin/nologin" \ + --no-create-home \ + --uid "${UID}" \ + appuser +USER appuser + +# Copy the executable from the "build" stage. +COPY --from=build /bin/server /bin/ + +# Expose the port that the application listens on. +EXPOSE 8000 + +# What the container should run when it is started. +ENTRYPOINT [ "/bin/server" ]