Build docker images with ko (goreleaser) (#1716)
* make dockerfiles testing only note Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * setup ko image builder for goreleaser Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove release-docker Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove non-debug Dockerfile Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * Comments and lint Signed-off-by: Kristoffer Dalby <kristoffer@dalby.cc> * build debug images based on debian Signed-off-by: Kristoffer Dalby <kristoffer@dalby.cc> * remove debug flag for goreleaser Signed-off-by: Kristoffer Dalby <kristoffer@dalby.cc> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> Signed-off-by: Kristoffer Dalby <kristoffer@dalby.cc>
This commit is contained in:
parent
e3553aae50
commit
0333e97630
7 changed files with 90 additions and 172 deletions
138
.github/workflows/release-docker.yml
vendored
138
.github/workflows/release-docker.yml
vendored
|
@ -1,138 +0,0 @@
|
||||||
---
|
|
||||||
name: Release Docker
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
tags:
|
|
||||||
- "*" # triggers only if push new tag version
|
|
||||||
workflow_dispatch:
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
docker-release:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 0
|
|
||||||
- name: Set up Docker Buildx
|
|
||||||
uses: docker/setup-buildx-action@v1
|
|
||||||
- name: Set up QEMU for multiple platforms
|
|
||||||
uses: docker/setup-qemu-action@master
|
|
||||||
with:
|
|
||||||
platforms: arm64,amd64
|
|
||||||
- name: Cache Docker layers
|
|
||||||
uses: actions/cache@v2
|
|
||||||
with:
|
|
||||||
path: /tmp/.buildx-cache
|
|
||||||
key: ${{ runner.os }}-buildx-${{ github.sha }}
|
|
||||||
restore-keys: |
|
|
||||||
${{ runner.os }}-buildx-
|
|
||||||
- name: Docker meta
|
|
||||||
id: meta
|
|
||||||
uses: docker/metadata-action@v3
|
|
||||||
with:
|
|
||||||
# list of Docker images to use as base name for tags
|
|
||||||
images: |
|
|
||||||
${{ secrets.DOCKERHUB_USERNAME }}/headscale
|
|
||||||
ghcr.io/${{ github.repository_owner }}/headscale
|
|
||||||
tags: |
|
|
||||||
type=semver,pattern={{version}}
|
|
||||||
type=semver,pattern={{major}}.{{minor}}
|
|
||||||
type=semver,pattern={{major}}
|
|
||||||
type=sha
|
|
||||||
type=raw,value=develop
|
|
||||||
- name: Login to DockerHub
|
|
||||||
uses: docker/login-action@v1
|
|
||||||
with:
|
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
||||||
- name: Login to GHCR
|
|
||||||
uses: docker/login-action@v1
|
|
||||||
with:
|
|
||||||
registry: ghcr.io
|
|
||||||
username: ${{ github.repository_owner }}
|
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
- name: Build and push
|
|
||||||
id: docker_build
|
|
||||||
uses: docker/build-push-action@v2
|
|
||||||
with:
|
|
||||||
push: true
|
|
||||||
context: .
|
|
||||||
tags: ${{ steps.meta.outputs.tags }}
|
|
||||||
labels: ${{ steps.meta.outputs.labels }}
|
|
||||||
platforms: linux/amd64,linux/arm64
|
|
||||||
cache-from: type=local,src=/tmp/.buildx-cache
|
|
||||||
cache-to: type=local,dest=/tmp/.buildx-cache-new
|
|
||||||
build-args: |
|
|
||||||
VERSION=${{ steps.meta.outputs.version }}
|
|
||||||
- name: Prepare cache for next build
|
|
||||||
run: |
|
|
||||||
rm -rf /tmp/.buildx-cache
|
|
||||||
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
|
|
||||||
|
|
||||||
docker-debug-release:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 0
|
|
||||||
- name: Set up Docker Buildx
|
|
||||||
uses: docker/setup-buildx-action@v1
|
|
||||||
- name: Set up QEMU for multiple platforms
|
|
||||||
uses: docker/setup-qemu-action@master
|
|
||||||
with:
|
|
||||||
platforms: arm64,amd64
|
|
||||||
- name: Cache Docker layers
|
|
||||||
uses: actions/cache@v2
|
|
||||||
with:
|
|
||||||
path: /tmp/.buildx-cache-debug
|
|
||||||
key: ${{ runner.os }}-buildx-debug-${{ github.sha }}
|
|
||||||
restore-keys: |
|
|
||||||
${{ runner.os }}-buildx-debug-
|
|
||||||
- name: Docker meta
|
|
||||||
id: meta-debug
|
|
||||||
uses: docker/metadata-action@v3
|
|
||||||
with:
|
|
||||||
# list of Docker images to use as base name for tags
|
|
||||||
images: |
|
|
||||||
${{ secrets.DOCKERHUB_USERNAME }}/headscale
|
|
||||||
ghcr.io/${{ github.repository_owner }}/headscale
|
|
||||||
flavor: |
|
|
||||||
suffix=-debug,onlatest=true
|
|
||||||
tags: |
|
|
||||||
type=semver,pattern={{version}}
|
|
||||||
type=semver,pattern={{major}}.{{minor}}
|
|
||||||
type=semver,pattern={{major}}
|
|
||||||
type=sha
|
|
||||||
type=raw,value=develop
|
|
||||||
- name: Login to DockerHub
|
|
||||||
uses: docker/login-action@v1
|
|
||||||
with:
|
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
||||||
- name: Login to GHCR
|
|
||||||
uses: docker/login-action@v1
|
|
||||||
with:
|
|
||||||
registry: ghcr.io
|
|
||||||
username: ${{ github.repository_owner }}
|
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
- name: Build and push
|
|
||||||
id: docker_build
|
|
||||||
uses: docker/build-push-action@v2
|
|
||||||
with:
|
|
||||||
push: true
|
|
||||||
context: .
|
|
||||||
file: Dockerfile.debug
|
|
||||||
tags: ${{ steps.meta-debug.outputs.tags }}
|
|
||||||
labels: ${{ steps.meta-debug.outputs.labels }}
|
|
||||||
platforms: linux/amd64,linux/arm64
|
|
||||||
cache-from: type=local,src=/tmp/.buildx-cache-debug
|
|
||||||
cache-to: type=local,dest=/tmp/.buildx-cache-debug-new
|
|
||||||
build-args: |
|
|
||||||
VERSION=${{ steps.meta-debug.outputs.version }}
|
|
||||||
- name: Prepare cache for next build
|
|
||||||
run: |
|
|
||||||
rm -rf /tmp/.buildx-cache-debug
|
|
||||||
mv /tmp/.buildx-cache-debug-new /tmp/.buildx-cache-debug
|
|
2
.github/workflows/release.yml
vendored
2
.github/workflows/release.yml
vendored
|
@ -20,6 +20,6 @@ jobs:
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
- uses: DeterminateSystems/magic-nix-cache-action@main
|
||||||
|
|
||||||
- name: Run goreleaser
|
- name: Run goreleaser
|
||||||
run: nix develop --command -- goreleaser release --clean
|
run: nix develop --command -- "goreleaser release --clean"
|
||||||
env:
|
env:
|
||||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
|
@ -9,7 +9,7 @@ release:
|
||||||
|
|
||||||
builds:
|
builds:
|
||||||
- id: headscale
|
- id: headscale
|
||||||
main: ./cmd/headscale/headscale.go
|
main: ./cmd/headscale
|
||||||
mod_timestamp: "{{ .CommitTimestamp }}"
|
mod_timestamp: "{{ .CommitTimestamp }}"
|
||||||
env:
|
env:
|
||||||
- CGO_ENABLED=0
|
- CGO_ENABLED=0
|
||||||
|
@ -63,7 +63,6 @@ nfpms:
|
||||||
bindir: /usr/bin
|
bindir: /usr/bin
|
||||||
formats:
|
formats:
|
||||||
- deb
|
- deb
|
||||||
# - rpm
|
|
||||||
contents:
|
contents:
|
||||||
- src: ./config-example.yaml
|
- src: ./config-example.yaml
|
||||||
dst: /etc/headscale/config.yaml
|
dst: /etc/headscale/config.yaml
|
||||||
|
@ -80,6 +79,85 @@ nfpms:
|
||||||
postinstall: ./docs/packaging/postinstall.sh
|
postinstall: ./docs/packaging/postinstall.sh
|
||||||
postremove: ./docs/packaging/postremove.sh
|
postremove: ./docs/packaging/postremove.sh
|
||||||
|
|
||||||
|
kos:
|
||||||
|
- id: ghcr
|
||||||
|
repository: ghcr.io/juanfont/headscale
|
||||||
|
base_image: gcr.io/distroless/base-debian12
|
||||||
|
build: headscale
|
||||||
|
main: ./cmd/headscale
|
||||||
|
env:
|
||||||
|
- CGO_ENABLED=0
|
||||||
|
platforms:
|
||||||
|
- linux/amd64
|
||||||
|
- linux/386
|
||||||
|
- linux/arm64
|
||||||
|
- linux/arm/v7
|
||||||
|
tags:
|
||||||
|
- latest
|
||||||
|
- "{{ .Tag }}"
|
||||||
|
- "{{ .Major }}.{{ .Minor }}.{{ .Patch }}"
|
||||||
|
- "{{ .Major }}.{{ .Minor }}"
|
||||||
|
- "{{ .Major }}"
|
||||||
|
- "sha-{{ .ShortCommit }}"
|
||||||
|
- "{{ if not .Prerelease }}stable{{ end }}"
|
||||||
|
|
||||||
|
- id: dockerhub
|
||||||
|
build: headscale
|
||||||
|
base_image: gcr.io/distroless/base-debian12
|
||||||
|
repository: headscale/headscale
|
||||||
|
platforms:
|
||||||
|
- linux/amd64
|
||||||
|
- linux/386
|
||||||
|
- linux/arm64
|
||||||
|
- linux/arm/v7
|
||||||
|
tags:
|
||||||
|
- latest
|
||||||
|
- "{{ .Tag }}"
|
||||||
|
- "{{ .Major }}.{{ .Minor }}.{{ .Patch }}"
|
||||||
|
- "{{ .Major }}.{{ .Minor }}"
|
||||||
|
- "{{ .Major }}"
|
||||||
|
- "sha-{{ .ShortCommit }}"
|
||||||
|
- "{{ if not .Prerelease }}stable{{ end }}"
|
||||||
|
|
||||||
|
- id: ghcr-debug
|
||||||
|
repository: ghcr.io/juanfont/headscale
|
||||||
|
base_image: "debian:12"
|
||||||
|
build: headscale
|
||||||
|
main: ./cmd/headscale
|
||||||
|
env:
|
||||||
|
- CGO_ENABLED=0
|
||||||
|
platforms:
|
||||||
|
- linux/amd64
|
||||||
|
- linux/386
|
||||||
|
- linux/arm64
|
||||||
|
- linux/arm/v7
|
||||||
|
tags:
|
||||||
|
- latest
|
||||||
|
- "{{ .Tag }}-debug"
|
||||||
|
- "{{ .Major }}.{{ .Minor }}.{{ .Patch }}-debug"
|
||||||
|
- "{{ .Major }}.{{ .Minor }}-debug"
|
||||||
|
- "{{ .Major }}-debug"
|
||||||
|
- "sha-{{ .ShortCommit }}-debug"
|
||||||
|
- "{{ if not .Prerelease }}stable{{ end }}-debug"
|
||||||
|
|
||||||
|
- id: dockerhub-debug
|
||||||
|
build: headscale
|
||||||
|
base_image: "debian:12"
|
||||||
|
repository: headscale/headscale
|
||||||
|
platforms:
|
||||||
|
- linux/amd64
|
||||||
|
- linux/386
|
||||||
|
- linux/arm64
|
||||||
|
- linux/arm/v7
|
||||||
|
tags:
|
||||||
|
- latest
|
||||||
|
- "{{ .Tag }}-debug"
|
||||||
|
- "{{ .Major }}.{{ .Minor }}.{{ .Patch }}-debug"
|
||||||
|
- "{{ .Major }}.{{ .Minor }}-debug"
|
||||||
|
- "{{ .Major }}-debug"
|
||||||
|
- "sha-{{ .ShortCommit }}-debug"
|
||||||
|
- "{{ if not .Prerelease }}stable{{ end }}-debug"
|
||||||
|
|
||||||
checksum:
|
checksum:
|
||||||
name_template: "checksums.txt"
|
name_template: "checksums.txt"
|
||||||
snapshot:
|
snapshot:
|
||||||
|
|
30
Dockerfile
30
Dockerfile
|
@ -1,30 +0,0 @@
|
||||||
# Builder image
|
|
||||||
FROM docker.io/golang:1.21-bookworm AS build
|
|
||||||
ARG VERSION=dev
|
|
||||||
ENV GOPATH /go
|
|
||||||
WORKDIR /go/src/headscale
|
|
||||||
|
|
||||||
COPY go.mod go.sum /go/src/headscale/
|
|
||||||
RUN go mod download
|
|
||||||
|
|
||||||
COPY . .
|
|
||||||
|
|
||||||
RUN CGO_ENABLED=0 GOOS=linux go install -ldflags="-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=$VERSION" -a ./cmd/headscale
|
|
||||||
RUN strip /go/bin/headscale
|
|
||||||
RUN test -e /go/bin/headscale
|
|
||||||
|
|
||||||
# Production image
|
|
||||||
FROM docker.io/debian:bookworm-slim
|
|
||||||
|
|
||||||
RUN apt-get update \
|
|
||||||
&& apt-get install -y ca-certificates \
|
|
||||||
&& rm -rf /var/lib/apt/lists/* \
|
|
||||||
&& apt-get clean
|
|
||||||
|
|
||||||
COPY --from=build /go/bin/headscale /bin/headscale
|
|
||||||
ENV TZ UTC
|
|
||||||
|
|
||||||
RUN mkdir -p /var/run/headscale
|
|
||||||
|
|
||||||
EXPOSE 8080/tcp
|
|
||||||
CMD ["headscale"]
|
|
|
@ -1,4 +1,7 @@
|
||||||
# Builder image
|
# This Dockerfile and the images produced are for testing headscale,
|
||||||
|
# and are in no way endorsed by Headscale's maintainers as an
|
||||||
|
# official nor supported release or distribution.
|
||||||
|
|
||||||
FROM docker.io/golang:1.22-bookworm AS build
|
FROM docker.io/golang:1.22-bookworm AS build
|
||||||
ARG VERSION=dev
|
ARG VERSION=dev
|
||||||
ENV GOPATH /go
|
ENV GOPATH /go
|
||||||
|
|
|
@ -1,3 +1,7 @@
|
||||||
|
# This Dockerfile and the images produced are for testing headscale,
|
||||||
|
# and are in no way endorsed by Headscale's maintainers as an
|
||||||
|
# official nor supported release or distribution.
|
||||||
|
|
||||||
FROM golang:latest
|
FROM golang:latest
|
||||||
|
|
||||||
RUN apt-get update \
|
RUN apt-get update \
|
||||||
|
|
|
@ -75,6 +75,7 @@
|
||||||
gotestsum
|
gotestsum
|
||||||
gotests
|
gotests
|
||||||
ksh
|
ksh
|
||||||
|
ko
|
||||||
|
|
||||||
# 'dot' is needed for pprof graphs
|
# 'dot' is needed for pprof graphs
|
||||||
# go tool pprof -http=: <source>
|
# go tool pprof -http=: <source>
|
||||||
|
|
Loading…
Reference in a new issue