From fad32f79f9021dbb362f28d9b9989104db32ae52 Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Tue, 18 Mar 2025 07:47:14 -0400 Subject: [PATCH] make docker image for Anubis Signed-off-by: Xe Iaso --- .github/workflows/docker.yml | 61 ++++++++++++++++++++++++++++++++++++ Dockerfile | 23 ++++++++++++++ 2 files changed, 84 insertions(+) create mode 100644 .github/workflows/docker.yml create mode 100644 Dockerfile diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000..958f9eb --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,61 @@ +name: Docker image builds + +on: + workflow_dispatch: + push: + branches: [ "main" ] + tags: [ "v*" ] + pull_request: + branches: [ "main" ] + +permissions: + contents: read + packages: write + attestations: write + id-token: write + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log into registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: techarohq + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/techarohq/anubis + + - name: Build and push + id: build + uses: docker/build-push-action@v6 + with: + context: . + cache-to: type=gha + cache-from: type=gha + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/arm64/v8,linux/amd64 + sbom: true + push: true + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v2 + with: + subject-name: ghcr.io/techarohq/anubis + subject-digest: ${{ steps.build.outputs.digest }} + push-to-registry: true \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..9b54c62 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,23 @@ +FROM golang:1.24 AS build +ARG BUILDKIT_SBOM_SCAN_CONTEXT=true BUILDKIT_SBOM_SCAN_STAGE=true + +WORKDIR /app +COPY go.mod go.sum /app/ +RUN go mod download + +COPY . . +RUN --mount=type=cache,target=/root/.cache \ + VERSION=$(git describe --tags --always --dirty) \ + && go build -o /app/bin/anubis -ldflags="-X github.com/TecharoHQ/anubis.Version=${VERSION}" ./cmd/anubis + +FROM debian:bookworm AS runtime +ARG BUILDKIT_SBOM_SCAN_STAGE=true +RUN apt-get update \ + && apt-get -y install ca-certificates + +COPY --from=build /app/bin/anubis /app/bin/anubis + +HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 CMD ["/app/bin/anubis", "--healthcheck"] +CMD ["/app/bin/anubis"] + +LABEL org.opencontainers.image.source="https://github.com/TecharoHQ/anubis" \ No newline at end of file