From 1c2a5e0ceb60c9ef1a013de22a30b827ff356e48 Mon Sep 17 00:00:00 2001 From: jbergner Date: Mon, 22 Sep 2025 22:00:43 +0200 Subject: [PATCH] Update --- .gitea/workflows/registry.yml | 51 +++++++++++++++++++++++++++++++++++ Dockerfile | 25 +++++++++++++++++ 2 files changed, 76 insertions(+) create mode 100644 .gitea/workflows/registry.yml create mode 100644 Dockerfile diff --git a/.gitea/workflows/registry.yml b/.gitea/workflows/registry.yml new file mode 100644 index 0000000..20912ac --- /dev/null +++ b/.gitea/workflows/registry.yml @@ -0,0 +1,51 @@ +name: release-tag +on: + push: + branches: + - 'main' +jobs: + release-image: + runs-on: ubuntu-fast + env: + DOCKER_ORG: ${{ vars.DOCKER_ORG }} + DOCKER_LATEST: latest + RUNNER_TOOL_CACHE: /toolcache + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker BuildX + uses: docker/setup-buildx-action@v2 + with: # replace it with your local IP + config-inline: | + [registry."${{ vars.DOCKER_REGISTRY }}"] + http = true + insecure = true + + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + registry: ${{ vars.DOCKER_REGISTRY }} # replace it with your local IP + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Get Meta + id: meta + run: | + echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}') >> $GITHUB_OUTPUT + echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT + + - name: Build and push + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile + platforms: | + linux/amd64 + push: true + tags: | # replace it with your local IP and tags + ${{ vars.DOCKER_REGISTRY }}/${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }} + ${{ vars.DOCKER_REGISTRY }}/${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }} \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..4120307 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,25 @@ +FROM golang:1.24-alpine AS build +WORKDIR /app + +# Optional: git + certs for private modules; cache modules and build cache +RUN apk add --no-cache git ca-certificates + +# Go deps first (better layer caching) +COPY go.mod go.sum ./ +RUN --mount=type=cache,target=/go/pkg/mod go mod download + +# App sources (incl. templates for go:embed) +COPY . . + +# Build static binary (templates are embedded via //go:embed) +RUN --mount=type=cache,target=/root/.cache/go-build \ + CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \ + go build -trimpath -ldflags "-s -w" -o /out/pgpdashboard ./ + +### Runtime stage (distroless) +FROM gcr.io/distroless/static:nonroot +WORKDIR /app +COPY --from=build /out/pgpdashboard /app/pgpdashboard +EXPOSE 8080 +USER nonroot:nonroot +ENTRYPOINT ["/app/pgpdashboard"]