From 6585525455ec339163bde00c262c95efaa97d579 Mon Sep 17 00:00:00 2001
From: Jason Hall <jason@chainguard.dev>
Date: Mon, 14 Nov 2022 10:15:15 -0500
Subject: [PATCH] Use ko to build the container image
---
.github/workflows/docker.yml | 46 ++++++++++--------------------------
Dockerfile | 18 --------------
README.md | 4 +++-
3 files changed, 15 insertions(+), 53 deletions(-)
delete mode 100644 Dockerfile
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 0f623c8..862eea0 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -7,10 +7,6 @@ on:
pull_request:
branches: [ 'main' ]
-env:
- REGISTRY: ghcr.io
- IMAGE_NAME: ${{ github.repository }}
-
jobs:
build-and-push-image:
runs-on: ubuntu-latest
@@ -21,39 +17,21 @@ jobs:
steps:
- uses: actions/checkout@v3
-
- - name: Setup Docker buildx
- uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
-
- - name: Log into registry ${{ env.REGISTRY }}
- uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
- if: github.event_name != 'pull_request'
- with:
- registry: ${{ env.REGISTRY }}
- username: ${{ github.actor }}
- password: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Extract Docker metadata
- id: meta
- uses: docker/metadata-action@57396166ad8aefe6098280995947635806a0e6ea # v4.1.1
+ - uses: actions/setup-go@v3
with:
- images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+ go-version: '>=1.19'
+ - uses: imjasonh/setup-ko@v0.6
- - name: Build and push Docker image
- id: build-and-push
- uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
- with:
- context: .
- push: ${{ github.event_name != 'pull_request' }}
- tags: ${{ steps.meta.outputs.tags }}
- labels: ${{ steps.meta.outputs.labels }}
-
- # Sign the Docker image
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b #v2.8.1
- - name: Sign the published Docker image
- if: github.event_name != 'pull_request'
+ - if: github.event_name != 'pull_request'
env:
- COSIGN_EXPERIMENTAL: "true"
- run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
+ COSIGN_EXPERIMENTAL: true
+ run: cosign sign $(ko build ./cmd/golink --bare)
+
+ - if: github.event_name == 'pull_request'
+ env:
+ KO_DOCKER_REPO: ko.local
+ run: ko build ./cmd/golink
+
diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index aa25354..0000000
--- a/Dockerfile
+++ /dev/null
@@ -1,18 +0,0 @@
-FROM cgr.dev/chainguard/go:1.19 as build
-
-WORKDIR /work
-
-COPY go.mod go.sum ./
-RUN go mod download
-
-COPY . .
-RUN CGO_ENABLED=0 GOOS=linux go build -v ./cmd/golink
-
-
-FROM cgr.dev/chainguard/static:latest
-
-ENV HOME /root
-
-COPY --from=build /work/golink /golink
-ENTRYPOINT ["/golink"]
-CMD ["--sqlitedb", "/root/golink.db", "--verbose"]
diff --git a/README.md b/README.md
index 64eaa4f..0458e42 100644
--- a/README.md
+++ b/README.md
@@ -62,7 +62,9 @@ Two pieces of data should be on persistent volumes:
In the docker image, both are stored in `/root`, so you can mount a persistent volume at /root:
- docker run -v /persistant/data:/root ghcr.io/tailscale/golink:main
+ docker run -v /persistant/data:/root ghcr.io/tailscale/golink:main \
+ --sqlitedb /root/golink.db \
+ --verbose
No ports need to be exposed, whether running as a binary or in docker.
golink will listen on port 80 on the tailscale interface, so can be accessed at http://go/.