Skip to content

Commit

Permalink
cleanup: refactor to use stagex
Browse files Browse the repository at this point in the history
  • Loading branch information
lrvick committed Jun 12, 2024
1 parent 8626353 commit e78b093
Show file tree
Hide file tree
Showing 4 changed files with 103 additions and 147 deletions.
71 changes: 46 additions & 25 deletions .github/workflows/publish-container.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,41 +16,62 @@ jobs:
permissions:
contents: read
packages: write
env:
tags: >-
${{ github.ref == format('refs/heads/{0}', 'main') && 'latest' || '' }}
${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || '' }}
${{ github.event_name == 'push' && github.ref_name || '' }}
sha-${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
steps:
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Docker meta
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: |
ghcr.io/tkhq/ecr-proxy
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=ref,event=pr
type=semver,pattern={{version}}
type=sha,format=long
- name: Get committer date
- name: Setup and configure Docker
shell: 'script -q -e -c "bash {0}"'
run: |
echo "committer_date=$(git log -1 --pretty=%ct)" >> "$GITHUB_ENV"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
[[ $EUID -ne 0 ]] && exec sudo /bin/sh "$0" "$@"
for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; \
do apt-get remove $pkg; \
done
apt-get update
apt-get install ca-certificates curl
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
cat << EOF >/etc/docker/daemon.json
{
"features": {
"containerd-snapshotter": true
},
"registry-mirrors": ["https://ghcr.io/tkhq"]
}
EOF
apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
systemctl restart docker
docker buildx create --driver docker-container --bootstrap --name build --use
- name: Login to GHCR
if: github.event_name != 'pull_request'
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
with:
context: .
platforms: linux/amd64,linux/arm64
build-args: |
SOURCE_DATE_EPOCH=${{ env.committer_date }}
provenance: "false"
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
- name: Build
shell: 'script -q -e -c "bash {0}"'
run: |
make
- name: Push
shell: 'script -q -e -c "bash {0}"'
run: |
env -C out/ecr-proxy tar -cf - . | docker load
docker tag "tkhq/ecr-proxy:latest" "ghcr.io/tkhq/ecr-proxy:latest"
for tag in ${tags}; do
docker tag "tkhq/ecr-proxy:latest" "ghcr.io/tkhq/ecr-proxy:${tag}"
done
docker image push --all-tags "ghcr.io/tkhq/ecr-proxy"
45 changes: 45 additions & 0 deletions Containerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
FROM stagex/busybox:sx2024.04.2@sha256:8cb9360041cd17e8df33c5cbc6c223875045c0c249254367ed7e0eb445720757 AS busybox
FROM stagex/musl:sx2024.04.2@sha256:f888fcf45fabaaae3d0268bcec902ceb94edba7bf8d09ef6966ebb20e00b7127 AS musl
FROM stagex/go:sx2024.04.2@sha256:7a0c200995e220519aae02554c082b45cc3f7452480ea45d19e15ad3ecdffb4c AS go
FROM stagex/ca-certificates:sx2024.04.2@sha256:f9fe6e67df91083fee3d88cf221f84ef77f0b67480fb5b0689e890509a712533 AS ca-certificates

FROM scratch as builder
COPY --from=busybox . /
COPY --from=musl . /
COPY --from=go . /
COPY --from=ca-certificates . /

ARG TARGETOS
ARG TARGETARCH

ENV GOPATH=/usr/home/build
ENV GOOS=${TARGETOS}
ENV GOARCH=${TARGETARCH}
ENV GOPROXY=off
ENV CGO_ENABLED=0
ENV GOPROXY="https://proxy.golang.org,direct"
ENV GO_BUILDFLAGS="-x -v -trimpath -buildvcs=false"
ENV GO_LDFLAGS="-s -w -buildid= -extldflags=-static"
ENV GOFLAGS=${GO_BUILDFLAGS} -ldflags="${GO_LDFLAGS}"

RUN <<-EOF
set -eux
mkdir -p /newroot/etc/ssl/certs
cp -ra --parents /etc/ssl/certs /newroot/
EOF

WORKDIR /usr/home/build/src

COPY ./src/go.mod ./src/go.sum ./
RUN go mod download

COPY ./src ./
RUN --network=none go build ${GOFLAGS} \
-o /newroot/usr/local/bin/ecr-proxy \
./cmd/ecr-proxy

FROM scratch
LABEL org.opencontainers.image.source https://github.com/tkhq/ecr-proxy
COPY --from=builder /newroot /
USER 65532:65532
ENTRYPOINT ["/usr/local/bin/ecr-proxy"]
39 changes: 0 additions & 39 deletions Dockerfile

This file was deleted.

95 changes: 12 additions & 83 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,90 +1,19 @@
include $(PWD)/src/toolchain/Makefile

KEYS := \
6B61ECD76088748C70590D55E90A401336C8AAA9 \
A8864A8303994E3A18ACD1760CAB4418C834B102 \
66039AA59D823C8BD68DB062D3EC673DF9843E7B \
DE050A451E6FAF94C677B58B9361DEC647A087BD

LOCAL_BUILD_DIR := 'build'

.DEFAULT_GOAL :=
export
.PHONY: default
default: \
cache \
toolchain \
$(patsubst %,$(KEY_DIR)/%.asc,$(KEYS)) \
$(OUT_DIR)/ecr-proxy.linux-x86_64 \
$(OUT_DIR)/ecr-proxy.linux-aarch64 \
$(OUT_DIR)/release.env \
toolchain-profile
default: out/ecr-proxy/index.json

.PHONY: lint
lint:
$(call toolchain,' \
GOCACHE=/home/build/$(CACHE_DIR) \
GOPATH=/home/build/$(CACHE_DIR) \
env -C $(SRC_DIR) go vet -v ./... \
')

.PHONY: cache
cache:
ifneq ($(TOOLCHAIN_REPRODUCE),true)
git lfs pull --include=cache/toolchain.tgz
$(MAKE) toolchain-restore-mtime
touch fetch/apt/Packages.bz2 cache/toolchain.tgz
endif

.PHONY: dist
dist: toolchain-dist

.PHONY: reproduce
reproduce:
git lfs pull --include=fetch/apt/
$(MAKE) toolchain-reproduce toolchain-profile
env -C src go vet -v ./...

.PHONY: test
test: $(OUT_DIR)/ecr-proxy.linux-x86_64
$(call toolchain,' \
GOCACHE=/home/build/$(CACHE_DIR) \
GOPATH=/home/build/$(CACHE_DIR) \
env -C $(SRC_DIR) go test -v ./... \
')

.PHONY: install
install: default
mkdir -p ~/.local/bin
cp $(OUT_DIR)/ecr-proxy.$(HOST_OS)-$(HOST_ARCH) ~/.local/bin/ecr-proxy

# Clean repo back to initial clone state
.PHONY: clean
clean: toolchain-clean
git clean -dfx $(SRC_DIR)
rm -rf $(LOCAL_BUILD_DIR)

$(KEY_DIR)/%.asc:
$(call fetch_pgp_key,$(basename $(notdir $@)))

$(OUT_DIR)/ecr-proxy.%:
$(call toolchain-profile-start)
$(call toolchain,' \
GOHOSTOS="linux" \
GOHOSTARCH="amd64" \
GOOS="$(word 1,$(subst -, ,$(word 2,$(subst ., ,$@))))" \
GOARCH="$(call altarch,$(word 2,$(subst -, ,$(word 2,$(subst ., ,$@)))))" \
GOCACHE=/home/build/$(CACHE_DIR) \
GOPATH=/home/build/$(CACHE_DIR) \
CGO_ENABLED=0 \
env -C $(SRC_DIR)/cmd/ecr-proxy \
go build \
-trimpath \
-ldflags="-s -w -buildid=''" \
-o /home/build/$@ . \
')
$(call toolchain-profile-stop)

.PHONY: build-local
build-local:
pushd $(shell git rev-parse --show-toplevel)/src; \
go build -o ../$(LOCAL_BUILD_DIR)/ecr-proxy; \
popd;
test:
env -C src go test -v ./...

out/ecr-proxy/index.json:
docker build \
-f Containerfile \
--tag tkhq/ecr-proxy:latest \
--output type=oci,tar=false,rewrite_timestamps=true,dest=out/ecr-proxy \
.

0 comments on commit e78b093

Please sign in to comment.