From 0333e97630b05454e7214a148d9d4b1f352f6f9a Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Mon, 12 Feb 2024 14:53:07 +0100 Subject: [PATCH] Build docker images with ko (goreleaser) (#1716) * make dockerfiles testing only note Signed-off-by: Kristoffer Dalby * setup ko image builder for goreleaser Signed-off-by: Kristoffer Dalby * remove release-docker Signed-off-by: Kristoffer Dalby * remove non-debug Dockerfile Signed-off-by: Kristoffer Dalby * Comments and lint Signed-off-by: Kristoffer Dalby * build debug images based on debian Signed-off-by: Kristoffer Dalby * remove debug flag for goreleaser Signed-off-by: Kristoffer Dalby --------- Signed-off-by: Kristoffer Dalby Signed-off-by: Kristoffer Dalby --- .github/workflows/release-docker.yml | 138 --------------------------- .github/workflows/release.yml | 2 +- .goreleaser.yml | 82 +++++++++++++++- Dockerfile | 30 ------ Dockerfile.debug | 5 +- Dockerfile.tailscale-HEAD | 4 + flake.nix | 1 + 7 files changed, 90 insertions(+), 172 deletions(-) delete mode 100644 .github/workflows/release-docker.yml delete mode 100644 Dockerfile diff --git a/.github/workflows/release-docker.yml b/.github/workflows/release-docker.yml deleted file mode 100644 index d82f3268..00000000 --- a/.github/workflows/release-docker.yml +++ /dev/null @@ -1,138 +0,0 @@ ---- -name: Release Docker - -on: - push: - tags: - - "*" # triggers only if push new tag version - workflow_dispatch: - -jobs: - docker-release: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - name: Set up QEMU for multiple platforms - uses: docker/setup-qemu-action@master - with: - platforms: arm64,amd64 - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - name: Docker meta - id: meta - uses: docker/metadata-action@v3 - with: - # list of Docker images to use as base name for tags - images: | - ${{ secrets.DOCKERHUB_USERNAME }}/headscale - ghcr.io/${{ github.repository_owner }}/headscale - tags: | - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=sha - type=raw,value=develop - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to GHCR - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push - id: docker_build - uses: docker/build-push-action@v2 - with: - push: true - context: . - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - platforms: linux/amd64,linux/arm64 - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache-new - build-args: | - VERSION=${{ steps.meta.outputs.version }} - - name: Prepare cache for next build - run: | - rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache - - docker-debug-release: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - name: Set up QEMU for multiple platforms - uses: docker/setup-qemu-action@master - with: - platforms: arm64,amd64 - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache-debug - key: ${{ runner.os }}-buildx-debug-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-debug- - - name: Docker meta - id: meta-debug - uses: docker/metadata-action@v3 - with: - # list of Docker images to use as base name for tags - images: | - ${{ secrets.DOCKERHUB_USERNAME }}/headscale - ghcr.io/${{ github.repository_owner }}/headscale - flavor: | - suffix=-debug,onlatest=true - tags: | - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=sha - type=raw,value=develop - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to GHCR - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push - id: docker_build - uses: docker/build-push-action@v2 - with: - push: true - context: . - file: Dockerfile.debug - tags: ${{ steps.meta-debug.outputs.tags }} - labels: ${{ steps.meta-debug.outputs.labels }} - platforms: linux/amd64,linux/arm64 - cache-from: type=local,src=/tmp/.buildx-cache-debug - cache-to: type=local,dest=/tmp/.buildx-cache-debug-new - build-args: | - VERSION=${{ steps.meta-debug.outputs.version }} - - name: Prepare cache for next build - run: | - rm -rf /tmp/.buildx-cache-debug - mv /tmp/.buildx-cache-debug-new /tmp/.buildx-cache-debug diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 72eddbcb..7e5ecb60 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,6 +20,6 @@ jobs: - uses: DeterminateSystems/magic-nix-cache-action@main - name: Run goreleaser - run: nix develop --command -- goreleaser release --clean + run: nix develop --command -- "goreleaser release --clean" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.goreleaser.yml b/.goreleaser.yml index 5f82deb0..9ef00fba 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -9,7 +9,7 @@ release: builds: - id: headscale - main: ./cmd/headscale/headscale.go + main: ./cmd/headscale mod_timestamp: "{{ .CommitTimestamp }}" env: - CGO_ENABLED=0 @@ -63,7 +63,6 @@ nfpms: bindir: /usr/bin formats: - deb - # - rpm contents: - src: ./config-example.yaml dst: /etc/headscale/config.yaml @@ -80,6 +79,85 @@ nfpms: postinstall: ./docs/packaging/postinstall.sh postremove: ./docs/packaging/postremove.sh +kos: + - id: ghcr + repository: ghcr.io/juanfont/headscale + base_image: gcr.io/distroless/base-debian12 + build: headscale + main: ./cmd/headscale + env: + - CGO_ENABLED=0 + platforms: + - linux/amd64 + - linux/386 + - linux/arm64 + - linux/arm/v7 + tags: + - latest + - "{{ .Tag }}" + - "{{ .Major }}.{{ .Minor }}.{{ .Patch }}" + - "{{ .Major }}.{{ .Minor }}" + - "{{ .Major }}" + - "sha-{{ .ShortCommit }}" + - "{{ if not .Prerelease }}stable{{ end }}" + + - id: dockerhub + build: headscale + base_image: gcr.io/distroless/base-debian12 + repository: headscale/headscale + platforms: + - linux/amd64 + - linux/386 + - linux/arm64 + - linux/arm/v7 + tags: + - latest + - "{{ .Tag }}" + - "{{ .Major }}.{{ .Minor }}.{{ .Patch }}" + - "{{ .Major }}.{{ .Minor }}" + - "{{ .Major }}" + - "sha-{{ .ShortCommit }}" + - "{{ if not .Prerelease }}stable{{ end }}" + + - id: ghcr-debug + repository: ghcr.io/juanfont/headscale + base_image: "debian:12" + build: headscale + main: ./cmd/headscale + env: + - CGO_ENABLED=0 + platforms: + - linux/amd64 + - linux/386 + - linux/arm64 + - linux/arm/v7 + tags: + - latest + - "{{ .Tag }}-debug" + - "{{ .Major }}.{{ .Minor }}.{{ .Patch }}-debug" + - "{{ .Major }}.{{ .Minor }}-debug" + - "{{ .Major }}-debug" + - "sha-{{ .ShortCommit }}-debug" + - "{{ if not .Prerelease }}stable{{ end }}-debug" + + - id: dockerhub-debug + build: headscale + base_image: "debian:12" + repository: headscale/headscale + platforms: + - linux/amd64 + - linux/386 + - linux/arm64 + - linux/arm/v7 + tags: + - latest + - "{{ .Tag }}-debug" + - "{{ .Major }}.{{ .Minor }}.{{ .Patch }}-debug" + - "{{ .Major }}.{{ .Minor }}-debug" + - "{{ .Major }}-debug" + - "sha-{{ .ShortCommit }}-debug" + - "{{ if not .Prerelease }}stable{{ end }}-debug" + checksum: name_template: "checksums.txt" snapshot: diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 367afe94..00000000 --- a/Dockerfile +++ /dev/null @@ -1,30 +0,0 @@ -# Builder image -FROM docker.io/golang:1.21-bookworm AS build -ARG VERSION=dev -ENV GOPATH /go -WORKDIR /go/src/headscale - -COPY go.mod go.sum /go/src/headscale/ -RUN go mod download - -COPY . . - -RUN CGO_ENABLED=0 GOOS=linux go install -ldflags="-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=$VERSION" -a ./cmd/headscale -RUN strip /go/bin/headscale -RUN test -e /go/bin/headscale - -# Production image -FROM docker.io/debian:bookworm-slim - -RUN apt-get update \ - && apt-get install -y ca-certificates \ - && rm -rf /var/lib/apt/lists/* \ - && apt-get clean - -COPY --from=build /go/bin/headscale /bin/headscale -ENV TZ UTC - -RUN mkdir -p /var/run/headscale - -EXPOSE 8080/tcp -CMD ["headscale"] diff --git a/Dockerfile.debug b/Dockerfile.debug index ac7e7348..659ae4cc 100644 --- a/Dockerfile.debug +++ b/Dockerfile.debug @@ -1,4 +1,7 @@ -# Builder image +# This Dockerfile and the images produced are for testing headscale, +# and are in no way endorsed by Headscale's maintainers as an +# official nor supported release or distribution. + FROM docker.io/golang:1.22-bookworm AS build ARG VERSION=dev ENV GOPATH /go diff --git a/Dockerfile.tailscale-HEAD b/Dockerfile.tailscale-HEAD index 2a3aac76..83ff9fe5 100644 --- a/Dockerfile.tailscale-HEAD +++ b/Dockerfile.tailscale-HEAD @@ -1,3 +1,7 @@ +# This Dockerfile and the images produced are for testing headscale, +# and are in no way endorsed by Headscale's maintainers as an +# official nor supported release or distribution. + FROM golang:latest RUN apt-get update \ diff --git a/flake.nix b/flake.nix index 3b07ede7..7a8dfd16 100644 --- a/flake.nix +++ b/flake.nix @@ -75,6 +75,7 @@ gotestsum gotests ksh + ko # 'dot' is needed for pprof graphs # go tool pprof -http=: