sozu-proxy · shanduur · Nov 15, 2024 · Nov 15, 2024 · Nov 15, 2024 · Nov 15, 2024
@@ -0,0 +1,31 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "cargo"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "fix"
+      include: "scope"
+    labels: []
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "fix"
+      include: "scope"
+    labels: []
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "fix"
+      include: "scope"
+    labels: []
@@ -1,6 +1,12 @@
 ---
 name: CI
+
 on: [ push, pull_request ]
+
+permissions:
+  contents: write
+  packages: write
+
 jobs:
   test:
     name: Test
@@ -36,6 +42,7 @@ jobs:
         with:
           command: test
           args: --verbose ${{ matrix.features }}
+
   doc:
     name: Build documentation
     runs-on: ubuntu-latest
@@ -55,6 +62,7 @@ jobs:
         with:
           command: doc
           args: --verbose
+
   coverage:
     name: Coverage
     runs-on: ubuntu-latest
@@ -81,21 +89,46 @@ jobs:
         with:
           command: tarpaulin
           args: --coveralls $TOKEN
-  dockerhub:
-    name: Docker build and push to Docker Hub
+
+  ghcr:
+    name: Docker build and push to GitHub Container Registry
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/main'
     steps:
-      - uses: actions/checkout@v2
-      - uses: docker/setup-qemu-action@v1
-      - uses: docker/setup-buildx-action@v1
-      - uses: docker/login-action@v1
+      - uses: actions/checkout@v4
+      - uses: docker/login-action@v3
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - uses: docker/build-push-action@v2
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/setup-qemu-action@v3
+      - id: buildx
+        uses: docker/setup-buildx-action@v3
         with:
-          context: .
-          push: 'true'
-          tags: clevercloud/sozu:${{ github.sha }}
+          platforms: linux/amd64,linux/arm64
+      - id: config
+        run: |
+          var="${{ github.ref_name }}"
+          if [[ "$var" == "main" || "$var" == v* ]]; then
+            # TODO: this won't build on arm64, need to fix kawa lib first
+            # echo arch=linux/amd64,linux/arm64 >> ${GITHUB_OUTPUT}
+            echo arch=linux/amd64 >> ${GITHUB_OUTPUT}
+            echo tag=$var >> ${GITHUB_OUTPUT}
+          else
+            echo arch=linux/amd64 >> ${GITHUB_OUTPUT}
+            echo tag=dev >> ${GITHUB_OUTPUT}
+          fi
+      - uses: docker/build-push-action@v6
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          platforms: ${{ steps.config.outputs.arch }}
+          push: ${{ startsWith(github.ref, 'refs/tags/v') || (github.ref == 'refs/heads/main') }}
+          load: ${{ !(startsWith(github.ref, 'refs/tags/v') || (github.ref == 'refs/heads/main')) }}
+          tags: |
+            ghcr.io/sozu-proxy/sozu:${{ steps.config.outputs.tag }}
+      - name: Scan image using Grype
+        uses: anchore/scan-action@v5
+        with:
+          image: ghcr.io/sozu-proxy/sozu:${{ steps.config.outputs.tag }}
+          output-format: table
+          severity-cutoff: high
 ...
@@ -1,45 +1,54 @@
-ARG ALPINE_VERSION=edge
-
-FROM alpine:$ALPINE_VERSION as builder
-
-RUN apk update && apk add --no-cache --virtual .build-dependencies \
-  cargo \
-  build-base \
-  file \
-  libgcc \
-  musl-dev \
-  protobuf \
-  protobuf-dev \
-  rust
-
-RUN apk add --no-cache llvm-libunwind \
-  pkgconfig
-
+# Stage 1: Build the application
+FROM docker.io/library/rust:1.80-alpine AS builder
+
+# Update Alpine packages and install build dependencies
+RUN apk update && \
+    apk add --no-cache --virtual .build-dependencies \
+        musl-dev \
+        libgcc \
+        cmake \
+        build-base \
+        file \
+        protobuf \
+        protobuf-dev && \
+    apk add --no-cache \
+        llvm-libunwind
+
+# Copy the source code into the image
 COPY . /usr/src/sozu
 WORKDIR /usr/src/sozu
 
+# Build the application in release mode with a frozen lockfile
 RUN cargo vendor --locked
 RUN cargo build --release --frozen
 
-FROM alpine:$ALPINE_VERSION as bin
+# Stage 2: Create the runtime environment
+FROM docker.io/library/alpine:3.20 AS bin
 
+# Expose ports for the application
 EXPOSE 80
 EXPOSE 443
 
+# Define volumes for configuration and runtime state
 VOLUME /etc/sozu
 VOLUME /run/sozu
 
+# Create a directory for persistent state
 RUN mkdir -p /var/lib/sozu
 
+# Install runtime dependencies
 RUN apk update && apk add --no-cache \
-  llvm-libunwind \
-  libgcc \
-  ca-certificates
+    llvm-libunwind \
+    libgcc \
+    ca-certificates
 
+# Copy the built binary from the builder stage
 COPY --from=builder /usr/src/sozu/target/release/sozu /usr/local/bin/sozu
+
+# Copy the default configuration file
 COPY os-build/config.toml /etc/sozu/config.toml
-COPY lib/assets/404.html /etc/sozu/html/404.html
-COPY lib/assets/503.html /etc/sozu/html/503.html
 
+# Set the default entry point to the binary and provide default command
+# to start the application with a specific config
 ENTRYPOINT ["/usr/local/bin/sozu"]
 CMD ["start", "-c", "/etc/sozu/config.toml"]
@@ -32,15 +32,12 @@ Check out the command line [documentation](./configure_cli.md) for more informat
 
 ## Run it with Docker
 
-The repository provides a multi-stage [Dockerfile][df] image based on `alpine:edge`.
+The repository provides a multi-stage [Dockerfile][df] image based on `alpine:3.20`.
 
 You can build the image by doing:
 
     docker build -t sozu .
 
-There's also the [clevercloud/sozu](https://hub.docker.com/r/clevercloud/sozu/) image
-following the master branch (outdated).
-
 Run it with the command:
 
 ```bash
@@ -55,10 +52,6 @@ docker run \
   sozu
 ```
 
-To build an image with a specific version of Alpine:
-
-    docker build --build-arg ALPINE_VERSION=3.14 -t sozu:main-alpine-3.14 .
-
 ### Using a custom `config.toml` configuration file
 
 The default configuration for sozu can be found in `../os-build/docker/config.toml`.