From 4ee5383f7d3de2878aec5183bf62578a91bb01ff Mon Sep 17 00:00:00 2001 From: yusing Date: Wed, 25 Sep 2024 10:46:45 +0800 Subject: [PATCH] github ci fix attempt, speedup docker build on CI --- .github/workflows/docker-image.yml | 28 ++++++++++++++++++++-------- Dockerfile | 29 ++++++++++++++++++++++------- 2 files changed, 42 insertions(+), 15 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 0245a17..53442fe 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -11,6 +11,13 @@ jobs: build: name: Build multi-platform Docker image runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + id-token: write + attestations: write + strategy: fail-fast: false matrix: @@ -40,7 +47,7 @@ jobs: - name: Login to registry uses: docker/login-action@v3 with: - registry: ghcr.io + registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} @@ -54,6 +61,13 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.build.outputs.digest }} + push-to-registry: true + - name: Export digest run: | mkdir -p /tmp/digests @@ -71,6 +85,10 @@ jobs: runs-on: ubuntu-latest needs: - build + permissions: + contents: read + packages: write + id-token: write steps: - name: Download digests uses: actions/download-artifact@v4 @@ -91,6 +109,7 @@ jobs: - name: Login to registry uses: docker/login-action@v3 with: + registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} @@ -101,13 +120,6 @@ jobs: docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ $(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *) - - name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 - with: - subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} - subject-digest: ${{ steps.push.outputs.digest }} - push-to-registry: true - - name: Inspect image run: | docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} diff --git a/Dockerfile b/Dockerfile index 80c1cf2..7a6c787 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,13 +1,25 @@ +# Stage 1: Builder FROM golang:1.23.1-alpine AS builder RUN apk add --no-cache tzdata -COPY src /src -ENV GOCACHE=/root/.cache/go-build + WORKDIR /src + +# Only copy go.mod and go.sum initially for better caching +COPY src/go.mod src/go.sum ./ + +# Utilize build cache +RUN --mount=type=cache,target="/go/pkg/mod" \ + go mod download + +# Now copy the remaining files +COPY src/ ./ + +# Build the application with better caching RUN --mount=type=cache,target="/go/pkg/mod" \ --mount=type=cache,target="/root/.cache/go-build" \ - go mod download && \ - CGO_ENABLED=0 GOOS=linux go build -pgo=auto -o go-proxy github.com/yusing/go-proxy + CGO_ENABLED=0 GOOS=linux go build -pgo=auto -o go-proxy ./ +# Stage 2: Final image FROM scratch LABEL maintainer="yusing@6uo.me" @@ -17,9 +29,11 @@ COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo # copy binary COPY --from=builder /src/go-proxy /app/ -COPY schema/ /app/schema -# copy cert required for setup +# copy schema directory +COPY schema/ /app/schema/ + +# copy certs COPY --from=builder /etc/ssl/certs /etc/ssl/certs ENV DOCKER_HOST=unix:///var/run/docker.sock @@ -30,4 +44,5 @@ EXPOSE 8888 EXPOSE 443 WORKDIR /app -CMD ["/app/go-proxy"] \ No newline at end of file + +CMD ["/app/go-proxy"]