Add workflow to track and customize golang:1.21-bullseye

holos-run · Nov 8, 2023 · 07f7998 · 07f7998
commit 07f7998
Show file tree

Hide file tree

Showing 2 changed files with 84 additions and 0 deletions.
diff --git a/.github/workflows/golang.yaml b/.github/workflows/golang.yaml
@@ -0,0 +1,64 @@
+name: Golang
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 1 * * *" # 1AM UTC, 6PM PST
+
+jobs:
+  git:
+    runs-on: [dev-runners]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+  aws:
+    runs-on: [dev-runners]
+    permissions:
+      id-token: write # Necessary to get aws creds via oidc token exchange
+      contents: read
+    steps:
+      - name: AWS Credentials
+        id: login-aws
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          # Defined at https://github.com/holos-run/holos-infra/blob/main/terraform/projects/nonprod-holos/shared_services/aws/github_oidc/main.tf#L90-L106
+          role-to-assume: arn:aws:iam::271053619184:role/gha-app-role
+          aws-region: us-east-2
+          output-credentials: true
+      - name: AWS ECR Credentials
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+      - name: Docker Login
+        id: docker-login
+        run: |
+          echo -n ${{ steps.login-ecr.outputs.docker_password_271053619184_dkr_ecr_us_east_2_amazonaws_com }} | docker login --password-stdin --username ${{ steps.login-ecr.outputs.docker_username_271053619184_dkr_ecr_us_east_2_amazonaws_com }} ${{ steps.login-ecr.outputs.registry }}
+          echo "docker-config=$(cat ~/.docker/config.json | base64 -w 0)" >> $GITHUB_OUTPUT
+    outputs:
+      registry: ${{ steps.login-ecr.outputs.registry }}
+      docker-config: ${{ steps.docker-login.outputs.docker-config }}
+  kaniko:
+    needs: [git, aws]
+    runs-on: [dev-runners]
+    container:
+      image: gcr.io/kaniko-project/executor:v1.17.0-debug
+    permissions:
+      contents: read # read the repository
+    steps:
+      - name: Build and push container image
+        run: |
+          # Kaniko
+          echo -n ${{ needs.aws.outputs.docker-config }} | base64 -d > /kaniko/.docker/config.json
+
+          # Configure git credentials to access github private repositories.
+          export GIT_USERNAME='holos-server-go'
+          export GIT_PASSWORD='${{ secrets.GITHUB_TOKEN }}'
+
+          # Build and push
+          /kaniko/executor --dockerfile=golang/Dockerfile \
+            --context='${{ github.repositoryUrl }}#${{ needs.git.outputs.sha }}' \
+            --destination=${{ needs.aws.outputs.registry }}/holos-run/container-images/golang:1.21-bullseye
+            --push-retry 5 \
+            --image-name-with-digest-file /workspace/image-digest.txt
+
+          # Make this an artifact?
+          cat /workspace/image-digest.txt
diff --git a/golang/Dockerfile b/golang/Dockerfile
@@ -0,0 +1,20 @@
+FROM public.ecr.aws/docker/library/golang:1.21-bullseye AS final
+
+# Install NodeJS 20
+RUN mkdir -p /etc/apt/keyrings && \
+    curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \
+    echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" \
+      | tee /etc/apt/sources.list.d/nodesource.list
+
+# Install tools
+RUN apt-get -qq -y update && \
+    apt-get -qq -y install \
+      nodejs \
+      git \
+      curl \
+      sqlite
+
+RUN curl -fsSL -o /bin/yarn https://github.com/yarnpkg/yarn/releases/download/v1.22.19/yarn-1.22.19.js && \
+    chmod a+x /bin/yarn
+
+RUN groupadd --gid 8192 app && useradd -c "App" -m --uid 8192 --gid 8192 app