From 054c1e8fbf7f5413b86e70a2ca359b48ca1b0daf Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Tue, 7 May 2024 22:46:11 -0700 Subject: [PATCH 1/8] speed up builds --- .dockerignore | 6 ++++-- Dockerfile | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.dockerignore b/.dockerignore index eda3cca..15a2b67 100644 --- a/.dockerignore +++ b/.dockerignore @@ -2,12 +2,14 @@ docs/ .cache/ .github/ bin/ +assets/ +coverage/ data/ LICENSE Makefile README.md +CONTRIBUTING.md SECURITY.md docker-compose.yml -docker-compose.override.yml -docker-compose.production.yml tmp/ +.ameba.yml diff --git a/Dockerfile b/Dockerfile index 52b7898..319d0f0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,7 +19,7 @@ COPY shard.lock shard.lock COPY shard.yml shard.yml # bootstrap the project -RUN script/bootstrap +RUN RUN USE_LINUX_VENDOR=true script/bootstrap # copy all source files (ensure to use a .dockerignore file for efficient copying) COPY . . From 839327815bc24b4d98fe46b55597f8dfad072767 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Tue, 7 May 2024 22:47:30 -0700 Subject: [PATCH 2/8] remove comments --- Dockerfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 319d0f0..b2f9e59 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,9 +32,6 @@ FROM crystallang/crystal:1.12.1 # install runtime dependencies RUN apt-get update && apt-get install libssh2-1-dev -y -# add curl for healthchecks -# RUN apt-get update && apt-get install -y curl - # create a non-root user for security RUN useradd -m nonroot USER nonroot From c778644cbd202e08e0cc3bfaf8c8ea3bca22b3fe Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Tue, 7 May 2024 23:15:12 -0700 Subject: [PATCH 3/8] remove extra run --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b2f9e59..456bb22 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,7 +19,7 @@ COPY shard.lock shard.lock COPY shard.yml shard.yml # bootstrap the project -RUN RUN USE_LINUX_VENDOR=true script/bootstrap +RUN USE_LINUX_VENDOR=true script/bootstrap # copy all source files (ensure to use a .dockerignore file for efficient copying) COPY . . From ed55b1996259d93ec16d4d007ae39d8d65d07072 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Tue, 7 May 2024 23:16:23 -0700 Subject: [PATCH 4/8] arm64 doesn't actually work --- .github/workflows/docker.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index ecf254f..d98da12 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -64,11 +64,11 @@ jobs: push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - platforms: linux/amd64,linux/arm64 + # platforms: linux/amd64,linux/arm64 - # - name: generate artifact attestation - # uses: actions/attest-build-provenance@v1.1.0 - # with: - # subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} - # subject-digest: ${{ steps.push.outputs.digest }} - # push-to-registry: ${{ github.event_name != 'pull_request' }} + - name: generate artifact attestation + uses: actions/attest-build-provenance@v1.1.0 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: ${{ github.event_name != 'pull_request' }} From e7eb4966d6ccc7a7c7a8b200d9737c28598ecf8b Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Tue, 7 May 2024 23:18:56 -0700 Subject: [PATCH 5/8] add some labels --- Dockerfile | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Dockerfile b/Dockerfile index 456bb22..de5c399 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,12 @@ FROM crystallang/crystal:1.12.1 as builder +LABEL org.opencontainers.image.title="runway" +LABEL org.opencontainers.image.description="clearing code for take off" +LABEL org.opencontainers.image.source="https://github.com/runwaylab/runway" +LABEL org.opencontainers.image.documentation="https://github.com/runwaylab/runway" +LABEL org.opencontainers.image.licenses="MIT" +LABEL org.opencontainers.image.authors="Grant Birkinbine" + WORKDIR /app # install build dependencies From bd7eebddad4cc68a1224c18844776e977ebcbbc2 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Tue, 7 May 2024 23:20:03 -0700 Subject: [PATCH 6/8] add status badge --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index db57491..b0d78a7 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ lint acceptance build + build

From 11b470b18f7159cb81359aeb376e5fe2f45ea5f4 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Tue, 7 May 2024 23:20:48 -0700 Subject: [PATCH 7/8] remove `actions/attest-build-provenance` for now --- .github/workflows/docker.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index d98da12..8d088ec 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -66,9 +66,9 @@ jobs: labels: ${{ steps.meta.outputs.labels }} # platforms: linux/amd64,linux/arm64 - - name: generate artifact attestation - uses: actions/attest-build-provenance@v1.1.0 - with: - subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} - subject-digest: ${{ steps.push.outputs.digest }} - push-to-registry: ${{ github.event_name != 'pull_request' }} + # - name: generate artifact attestation + # uses: actions/attest-build-provenance@v1.1.0 + # with: + # subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + # subject-digest: ${{ steps.push.outputs.digest }} + # push-to-registry: ${{ github.event_name != 'pull_request' }} From 46d7fb4e5ddbf0d2725512cfd4d34023caf6990c Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Tue, 7 May 2024 23:21:52 -0700 Subject: [PATCH 8/8] pin actions --- .github/workflows/docker.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 8d088ec..ba406f3 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -31,7 +31,7 @@ jobs: - name: extract image metadata id: meta - uses: docker/metadata-action@v5.5.1 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # pin@v5.5.1 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | @@ -43,14 +43,14 @@ jobs: type=sha - name: set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # pin@v3 - name: set up docker buildx - uses: docker/setup-buildx-action@v3.3.0 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # pin@v3.3.0 - name: login to ghcr if: github.event_name != 'pull_request' - uses: docker/login-action@v3.1.0 + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # pin@v3.1.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -58,7 +58,7 @@ jobs: - name: build and push id: push - uses: docker/build-push-action@v5.3.0 + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # pin@v5.3.0 with: context: . push: ${{ github.event_name != 'pull_request' }}