diff options
| author | Xe Iaso <me@xeiaso.net> | 2025-03-18 09:10:54 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-18 09:10:54 -0400 |
| commit | 726221c5c62391d2c4d9792532e23b328d14fe5a (patch) | |
| tree | 2b9d06b0e935318e12b9dbb5835a2c997244fc82 | |
| parent | fd6903aeed315b8fddee32890d7458a9271e4798 (diff) | |
| parent | fad32f79f9021dbb362f28d9b9989104db32ae52 (diff) | |
| download | anubis-726221c5c62391d2c4d9792532e23b328d14fe5a.tar.xz anubis-726221c5c62391d2c4d9792532e23b328d14fe5a.zip | |
Merge pull request #7 from TecharoHQ/Xe/docker
make docker image for Anubis
| -rw-r--r-- | .github/workflows/docker.yml | 61 | ||||
| -rw-r--r-- | Dockerfile | 23 |
2 files changed, 84 insertions, 0 deletions
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000..958f9eb --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,61 @@ +name: Docker image builds + +on: + workflow_dispatch: + push: + branches: [ "main" ] + tags: [ "v*" ] + pull_request: + branches: [ "main" ] + +permissions: + contents: read + packages: write + attestations: write + id-token: write + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log into registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: techarohq + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/techarohq/anubis + + - name: Build and push + id: build + uses: docker/build-push-action@v6 + with: + context: . + cache-to: type=gha + cache-from: type=gha + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/arm64/v8,linux/amd64 + sbom: true + push: true + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v2 + with: + subject-name: ghcr.io/techarohq/anubis + subject-digest: ${{ steps.build.outputs.digest }} + push-to-registry: true
\ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..9b54c62 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,23 @@ +FROM golang:1.24 AS build +ARG BUILDKIT_SBOM_SCAN_CONTEXT=true BUILDKIT_SBOM_SCAN_STAGE=true + +WORKDIR /app +COPY go.mod go.sum /app/ +RUN go mod download + +COPY . . +RUN --mount=type=cache,target=/root/.cache \ + VERSION=$(git describe --tags --always --dirty) \ + && go build -o /app/bin/anubis -ldflags="-X github.com/TecharoHQ/anubis.Version=${VERSION}" ./cmd/anubis + +FROM debian:bookworm AS runtime +ARG BUILDKIT_SBOM_SCAN_STAGE=true +RUN apt-get update \ + && apt-get -y install ca-certificates + +COPY --from=build /app/bin/anubis /app/bin/anubis + +HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 CMD ["/app/bin/anubis", "--healthcheck"] +CMD ["/app/bin/anubis"] + +LABEL org.opencontainers.image.source="https://github.com/TecharoHQ/anubis"
\ No newline at end of file |