-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: refactoring docker system #81
Open
albttx
wants to merge
3
commits into
atomone-hub:main
Choose a base branch
from
albttx:ci/docker
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,51 +1,62 @@ | ||
| # source: https://docs.github.com/en/enterprise-cloud@latest/actions/publishing-packages/publishing-docker-images | ||
| name: Create and publish a Docker image | ||
|
|
||
| on: | ||
| push: | ||
| branches: ['release'] | ||
| release: | ||
| types: [published] | ||
|
|
||
| env: | ||
| REGISTRY: ghcr.io | ||
| IMAGE_NAME: ${{ github.repository }} | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
|
|
||
| jobs: | ||
| build-and-push-image: | ||
| build-docker: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Log in to the Container registry | ||
| uses: docker/login-action@v3.0.0 | ||
| # Seems required for cache | ||
| - uses: actions/setup-go@v5 | ||
|
|
||
| - name: Login to Docker registry | ||
| uses: docker/login-action@v2 | ||
| with: | ||
| registry: ${{ env.REGISTRY }} | ||
| username: ${{ github.actor }} | ||
| registry: ghcr.io | ||
| username: ${{ github.repository_owner }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Extract metadata (tags, labels) for Docker | ||
| id: meta | ||
| uses: docker/metadata-action@v5.5.1 | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Go Build Cache for Docker | ||
| uses: actions/cache@v3 | ||
| with: | ||
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
| path: go-build-cache | ||
| key: ${{ runner.os }}-go-build-cache-${{ hashFiles('**/go.sum') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-go-build-cache- | ||
|
|
||
| - name: Build and push Docker image | ||
| uses: docker/build-push-action@v5.1.0 | ||
| - name: inject go-build-cache into docker | ||
| uses: reproducible-containers/buildkit-cache-dance@v3.1.0 | ||
| with: | ||
| context: . | ||
| push: true | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| cache-source: go-build-cache | ||
|
|
||
| - name: Build and push e2e docker image | ||
| uses: docker/build-push-action@v5.1.0 | ||
| - name: Docker meta | ||
| id: meta | ||
| uses: docker/metadata-action@v4 | ||
| with: | ||
| context: . | ||
| file: Dockerfile.e2e | ||
| images: ghcr.io/${{ github.repository }} | ||
| tags: | | ||
| type=raw,value=latest | ||
| type=semver,pattern={{version}} | ||
|
|
||
| - name: Build and push | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| platforms: linux/amd64,linux/arm64 | ||
| pull: true | ||
| push: true | ||
| tags: ${{ steps.meta.outputs.tags }}-e2e | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,20 +1,22 @@ | ||
| ARG IMG_TAG=latest | ||
| ARG GO_VERSION="1.22.10" | ||
| ARG ALPINE_VERSION=latest | ||
|
|
||
| # Compile the atomoned binary | ||
| FROM golang:1.22-alpine AS atomoned-builder | ||
| FROM golang:$GO_VERSION-alpine AS builder | ||
| WORKDIR /src/app/ | ||
| COPY go.mod go.sum* ./ | ||
| RUN go mod download | ||
| COPY . . | ||
| ENV PACKAGES curl make git libc-dev bash gcc linux-headers eudev-dev python3 | ||
| ENV PACKAGES="curl make git libc-dev bash gcc linux-headers eudev-dev python3" | ||
| RUN apk add --no-cache $PACKAGES | ||
| RUN CGO_ENABLED=0 make install | ||
|
|
||
| # Add to a distroless container | ||
| FROM cgr.dev/chainguard/static:$IMG_TAG | ||
| ARG IMG_TAG | ||
| COPY --from=atomoned-builder /go/bin/atomoned /usr/local/bin/ | ||
| # Final image | ||
| FROM alpine:$ALPINE_VERSION | ||
| RUN adduser -D nonroot | ||
| ARG ALPINE_VERSION | ||
| COPY --from=builder /go/bin/atomoned /usr/local/bin/ | ||
| EXPOSE 26656 26657 1317 9090 | ||
| USER 0 | ||
|
|
||
| ENTRYPOINT ["atomoned", "start"] | ||
| USER nonroot | ||
| ENTRYPOINT [ "atomoned" ] | ||
| CMD [ "start" ] | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's not have a default value here. I assume without it the gh action will fail because it currently relies on it, but this is not what we want. We want the GO_VERSION to match the version declared in the go.mod, like in
make docker-build-debug.Probably the simplest way to handle this is to call
make docker-build-debugin the gh action (or maybe use an aliasmake docker-build).There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mhhh, i don't like not having value here, because a simple
docker build -t my-img .would failThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or we can move the
-alpinein the makefile, and have by defaultalpinewhich will take the latest go version ?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, and it's not a problem per say.
The problem here is if we upgrade the go version in the go.mod, the docker build will fail because the
make installcommand will return an error because the go versions (docker image and go.mod) does not match.In other words, if we upgrade the go version in the go.mod, we also have to change this
ARGhere, and this is what I want to avoid.Maybe it is possible to guess the go version in a preliminary stage of the docker file, where
go list -f {{.GoVersion}} -mis executed just like in the Makefile. If yes then we don't need thatARG. But I'm not sure it is possible to defineARGwith executed content inside the docker file.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But the go version of the docker build must match the go of the go.mod, like the restriction we have in the makefile. I don't understand why do you want to ignore the restrictions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, i've updated this way :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you, but I think the gh action needs to be updated accordingly. The step
docker/build-push-action@v5will not feed the GO_VERSION arg I suppose. Is there a way to test this gh action?