-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
151 lines (134 loc) · 5.41 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#syntax=docker/dockerfile:1.10.0
FROM ghcr.io/uniget-org/tools/goreleaser:2.3.2@sha256:b952838506a37ab8b9d97c56d9cbbab9c94c095bd0a0296302c8030447204bc7 AS uniget-goreleaser
FROM ghcr.io/uniget-org/tools/cosign:2.4.0@sha256:f98cc3d9f9a8c8ddddd3d77ee0bb80a4950b7874ffe1cd490162372a0217592a AS uniget-cosign
FROM ghcr.io/uniget-org/tools/syft:1.13.0@sha256:12e81e59a888557ff0414233e677d348d0e0bd0f55c84f65761dd83185885c70 AS uniget-syft
FROM ghcr.io/uniget-org/tools/gh:2.57.0@sha256:97c27c5c35ca2b27a07ff5c72abad6bf1427d794ea5e81789aba40d9ec36a28b AS uniget-gh
FROM ghcr.io/uniget-org/tools/gosec:2.21.3@sha256:087b01525b6b9380bcb34b055d3576be43c1807a362416ce8ee16c6c60b75334 AS uniget-gosec
FROM ghcr.io/uniget-org/tools/golangci-lint:1.61.0@sha256:2f222e9516d3f6a34323a24b80bcb6013c0929ec30bf22e8ee32306b4f603b12 AS lint-base
FROM golang:1.23.1@sha256:2fe82a3f3e006b4f2a316c6a21f62b66e1330ae211d039bb8d1128e12ed57bf1 AS latest-golang
FROM alpine:3.20.3@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d AS latest-alpine
FROM ubuntu:24.04@sha256:dfc10878be8d8fc9c61cbff33166cb1d1fe44391539243703c72766894fa834a AS latest-ubuntu
FROM --platform=${BUILDPLATFORM} latest-golang AS base
SHELL [ "/bin/sh", "-o", "errexit", "-c" ]
WORKDIR /src
COPY go.* .
RUN --mount=type=cache,target=/go/pkg/mod \
go mod download
FROM base AS build
ARG TARGETOS
ARG TARGETARCH
ARG GOOS=${TARGETOS}
ARG GOARCH=${TARGETARCH}
WORKDIR /go/src/github.com/uniget-org/cli
RUN --mount=target=.,readwrite \
--mount=from=uniget-goreleaser,src=/bin/goreleaser,target=/usr/local/bin/goreleaser \
--mount=from=uniget-cosign,src=/bin/cosign,target=/usr/local/bin/cosign \
--mount=from=uniget-syft,src=/bin/syft,target=/usr/local/bin/syft \
--mount=from=uniget-gh,src=/bin/gh,target=/usr/local/bin/gh \
--mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build <<EOF
goreleaser healthcheck
goreleaser build \
--single-target \
--snapshot
mkdir -p /out
find dist -type f -executable -exec cp {} /out/uniget \;
EOF
FROM base AS publish
ARG GITHUB_TOKEN
ARG ACTIONS_ID_TOKEN_REQUEST_URL
ARG ACTIONS_ID_TOKEN_REQUEST_TOKEN
ARG GITHUB_REF_NAME
WORKDIR /go/src/github.com/uniget-org/cli
RUN --mount=target=.,readwrite \
--mount=from=uniget-goreleaser,src=/bin/goreleaser,target=/usr/local/bin/goreleaser \
--mount=from=uniget-cosign,src=/bin/cosign,target=/usr/local/bin/cosign \
--mount=from=uniget-syft,src=/bin/syft,target=/usr/local/bin/syft \
--mount=from=uniget-gh,src=/bin/gh,target=/usr/local/bin/gh \
--mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build <<EOF
goreleaser healthcheck
goreleaser release
bash scripts/release-notes.sh >release-notes.md
echo "Updating release ${GITHUB_REF_NAME} with release notes"
gh release edit "${GITHUB_REF_NAME}" --notes-file release-notes.md
EOF
FROM base AS unit-test
RUN --mount=target=. \
--mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build <<EOF
mkdir -p /out
go test \
-v \
-coverprofile=/out/cover.out \
./...
EOF
FROM base AS cli-test
COPY --from=build /out/uniget /usr/local/bin/
RUN --mount=target=. \
--mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build <<EOF
bash scripts/test.sh
EOF
FROM base AS lint
RUN --mount=target=. \
--mount=from=lint-base,src=/bin/golangci-lint,target=/usr/local/bin/golangci-lint \
--mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/root/.cache/golangci-lint <<EOF
golangci-lint run
EOF
FROM scratch AS unit-test-coverage
COPY --from=unit-test /out/cover.out /cover.out
FROM scratch AS bin-unix
COPY --from=build /out/uniget /
FROM bin-unix AS bin-linux
FROM bin-unix AS bin-darwin
FROM scratch AS bin-windows
COPY --from=build /out/uniget /uniget.exe
FROM bin-${TARGETOS} AS bin
FROM latest-alpine AS ca-certificates
RUN <<EOF
apk update
apk add ca-certificates
EOF
FROM ca-certificates AS uniget
COPY --from=bin /uniget /uniget
ENTRYPOINT [ "/uniget"]
FROM scratch AS scratch-uniget
COPY --from=ca-certificates /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=bin /uniget /uniget
ENTRYPOINT [ "/uniget"]
# docker run -d --name systemd --security-opt seccomp=unconfined --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro -t systemd
# docker run -dt --privileged -v /sys/fs/cgroup:/sys/fs/cgroup systemd
FROM latest-ubuntu AS systemd
ENV container=docker \
LC_ALL=C \
DEBIAN_FRONTEND=noninteractive
RUN <<EOF
apt-get update
apt-get -y install --no-install-recommends \
ca-certificates \
systemd \
systemd-sysv \
systemd-cron \
dbus \
sudo
cd /lib/systemd/system/sysinit.target.wants/
ls | grep -v systemd-tmpfiles-setup | xargs rm -f $1
rm -f /lib/systemd/system/multi-user.target.wants/*
rm -f /etc/systemd/system/*.wants/*
rm -f /lib/systemd/system/local-fs.target.wants/*
rm -f /lib/systemd/system/sockets.target.wants/*udev*
rm -f /lib/systemd/system/sockets.target.wants/*initctl*
rm -f /lib/systemd/system/basic.target.wants/*
rm -f /lib/systemd/system/anaconda.target.wants/*
rm -f /lib/systemd/system/plymouth*
rm -f /lib/systemd/system/systemd-update-utmp*
systemctl set-default multi-user.target
EOF
STOPSIGNAL SIGRTMIN+3
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=journal 3>&1"]
FROM systemd AS systemd-uniget
COPY --from=bin /uniget /uniget