Fix dockerfile not working #647
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| name: Docker Image CI | ||
|
|
||
| on: | ||
| push: | ||
| branches: [ "main" ] | ||
| pull_request: | ||
| branches: [ "main" ] | ||
|
|
||
| permissions: | ||
| packages: write | ||
|
|
||
| jobs: | ||
|
|
||
| build: | ||
|
|
||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
| - | ||
| name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v2 | ||
| - | ||
| name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v2 | ||
| - name: Docker Login | ||
| # You may pin to the exact commit or the version. | ||
| # uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a | ||
| uses: docker/[email protected] | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
There was a problem hiding this comment. i need to put my own token for the CI right? There was a problem hiding this comment. You don't need to change it. That will auto-login to your GHCR instance. |
||
| - name: Build and push | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
| context: . | ||
| platforms: linux/amd64,linux/arm64 | ||
| push: true | ||
| tags: ghcr.io/${{ github.repository_owner }}/esmd:latest | ||
|
There was a problem hiding this comment. i prefer There was a problem hiding this comment. Sorry, I don't want to change it anymore. |
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,14 +1,28 @@ | ||
| # syntax=docker/dockerfile:1 | ||
| FROM golang:1.18 AS build | ||
|
|
||
| WORKDIR /app | ||
| COPY . . | ||
| RUN apt-get update -y && apt-get install -y xz-utils | ||
|
There was a problem hiding this comment. again, let's use the latest tag instead of main branch There was a problem hiding this comment. Reading the version information from git is better than manual changes each time. |
||
| RUN go build -o /esmd | ||
|
|
||
| FROM node:18-alpine3.16 | ||
| ENV USER_ID=65535 | ||
|
There was a problem hiding this comment. just wondered, can we remove the There was a problem hiding this comment. If you want the script to run as root, you can. You can pass the That full command is: That's a security question. |
||
| ENV GROUP_ID=65535 | ||
| ENV USER_NAME=esm | ||
| ENV GROUP_NAME=esm | ||
|
|
||
| RUN apk add --no-cache libc6-compat xz | ||
| RUN addgroup -g $GROUP_ID $GROUP_NAME && \ | ||
| adduser --shell /sbin/nologin --disabled-password \ | ||
| --uid $USER_ID --ingroup $GROUP_NAME $USER_NAME | ||
| RUN mkdir -p /usr/local/lib && chown -R $USER_NAME:$GROUP_NAME /usr/local | ||
|
Comment on lines
+15
to
+19
There was a problem hiding this comment. This code is prepared for non-root users. You must add the lib |
||
|
|
||
| USER $USER_NAME | ||
|
|
||
| WORKDIR /home/esm | ||
| COPY --from=build /esmd /home/esm/esmd | ||
|
|
||
| RUN echo "{\"port\":80,\"workDir\":\"/home/esm/workdir\"}" >> /home/esm/config.json | ||
|
|
||
| ENTRYPOINT ["/home/esm/esmd", "--config", "config.json"] | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe just on tags like
v124? because we may put bad code to the main branchThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, you can.
But it's hard to debug if I do not have the repo permission.
I have no permission to push images to your GHCR instance.
Github action has strict permission.
I recommend you copy the action from my existing file.
It can auto-build images based on tag, branch, and pull requests.
And will auto-comment the result to PR if the action trigger comes from PR.
That tags will be like that.
The PR Comments