From 07f79984169031d75d0ae4355f11b1991f96b819 Mon Sep 17 00:00:00 2001 From: Jeff McCune Date: Tue, 7 Nov 2023 20:01:17 -0800 Subject: [PATCH] Add workflow to track and customize golang:1.21-bullseye --- .github/workflows/golang.yaml | 64 +++++++++++++++++++++++++++++++++++ golang/Dockerfile | 20 +++++++++++ 2 files changed, 84 insertions(+) create mode 100644 .github/workflows/golang.yaml create mode 100644 golang/Dockerfile diff --git a/.github/workflows/golang.yaml b/.github/workflows/golang.yaml new file mode 100644 index 0000000..0f3c9f6 --- /dev/null +++ b/.github/workflows/golang.yaml @@ -0,0 +1,64 @@ +name: Golang + +on: + workflow_dispatch: + schedule: + - cron: "0 1 * * *" # 1AM UTC, 6PM PST + +jobs: + git: + runs-on: [dev-runners] + steps: + - name: Checkout + uses: actions/checkout@v4 + aws: + runs-on: [dev-runners] + permissions: + id-token: write # Necessary to get aws creds via oidc token exchange + contents: read + steps: + - name: AWS Credentials + id: login-aws + uses: aws-actions/configure-aws-credentials@v4 + with: + # Defined at https://github.com/holos-run/holos-infra/blob/main/terraform/projects/nonprod-holos/shared_services/aws/github_oidc/main.tf#L90-L106 + role-to-assume: arn:aws:iam::271053619184:role/gha-app-role + aws-region: us-east-2 + output-credentials: true + - name: AWS ECR Credentials + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + - name: Docker Login + id: docker-login + run: | + echo -n ${{ steps.login-ecr.outputs.docker_password_271053619184_dkr_ecr_us_east_2_amazonaws_com }} | docker login --password-stdin --username ${{ steps.login-ecr.outputs.docker_username_271053619184_dkr_ecr_us_east_2_amazonaws_com }} ${{ steps.login-ecr.outputs.registry }} + echo "docker-config=$(cat ~/.docker/config.json | base64 -w 0)" >> $GITHUB_OUTPUT + outputs: + registry: ${{ steps.login-ecr.outputs.registry }} + docker-config: ${{ steps.docker-login.outputs.docker-config }} + kaniko: + needs: [git, aws] + runs-on: [dev-runners] + container: + image: gcr.io/kaniko-project/executor:v1.17.0-debug + permissions: + contents: read # read the repository + steps: + - name: Build and push container image + run: | + # Kaniko + echo -n ${{ needs.aws.outputs.docker-config }} | base64 -d > /kaniko/.docker/config.json + + # Configure git credentials to access github private repositories. + export GIT_USERNAME='holos-server-go' + export GIT_PASSWORD='${{ secrets.GITHUB_TOKEN }}' + + # Build and push + /kaniko/executor --dockerfile=golang/Dockerfile \ + --context='${{ github.repositoryUrl }}#${{ needs.git.outputs.sha }}' \ + --destination=${{ needs.aws.outputs.registry }}/holos-run/container-images/golang:1.21-bullseye + --push-retry 5 \ + --image-name-with-digest-file /workspace/image-digest.txt + + # Make this an artifact? + cat /workspace/image-digest.txt diff --git a/golang/Dockerfile b/golang/Dockerfile new file mode 100644 index 0000000..1480cf1 --- /dev/null +++ b/golang/Dockerfile @@ -0,0 +1,20 @@ +FROM public.ecr.aws/docker/library/golang:1.21-bullseye AS final + +# Install NodeJS 20 +RUN mkdir -p /etc/apt/keyrings && \ + curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \ + echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" \ + | tee /etc/apt/sources.list.d/nodesource.list + +# Install tools +RUN apt-get -qq -y update && \ + apt-get -qq -y install \ + nodejs \ + git \ + curl \ + sqlite + +RUN curl -fsSL -o /bin/yarn https://github.com/yarnpkg/yarn/releases/download/v1.22.19/yarn-1.22.19.js && \ + chmod a+x /bin/yarn + +RUN groupadd --gid 8192 app && useradd -c "App" -m --uid 8192 --gid 8192 app