Mirror/Erupe
1
0
Fork 0
mirror of https://github.com/Mezeporta/Erupe.git synced 2026-03-22 07:32:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

ci: add Docker CD workflow to push images to GHCR

Browse Source 
Multi-stage Dockerfile for smaller runtime image, CD workflow triggers
on main branch pushes and version tags, docker-compose defaults to the
prebuilt GHCR image.
This commit is contained in:
Houmgaor
2026-02-17 00:28:37 +01:00
parent 220de4cf3b
commit 7d54dd0ee6
3 changed files with 54 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
.github/workflows/docker.yml vendored
View File

@@ -1,48 +1,58 @@
name: Create and publish a Docker image name: Docker
# Configures this workflow to run every time a tag is created.
on: on:
push: push:
branches:
- main
tags: tags:
- '*' - 'v*'
# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
env: env:
REGISTRY: ghcr.io REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }} IMAGE_NAME: ${{ github.repository }}
# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
jobs: jobs:
build-and-push-image: build-and-push-image:
runs-on: ubuntu-latest runs-on: ubuntu-latest
# Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
permissions: permissions:
contents: read contents: read
packages: write packages: write
# attestations: write
id-token: write
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
# Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
- name: Log in to the Container registry - name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 uses: docker/login-action@v3
with: with:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
# This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
- name: Extract metadata (tags, labels) for Docker - name: Extract metadata (tags, labels) for Docker
id: meta id: meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 uses: docker/metadata-action@v5
with: with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
# This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. tags: |
# It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. type=ref,event=branch
# It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Build and push Docker image - name: Build and push Docker image
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 id: push
uses: docker/build-push-action@v6
with: with:
context: . context: .
push: true push: true
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v2
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true

31
Dockerfile
View File

@@ -1,14 +1,29 @@
FROM golang:1.25-alpine3.21 # Build stage
FROM golang:1.25-alpine3.21 AS builder
ENV GO111MODULE=on WORKDIR /build
WORKDIR /app/erupe
COPY go.mod .
COPY go.sum .
COPY go.mod go.sum ./
RUN go mod download RUN go mod download
COPY . . COPY . .
RUN CGO_ENABLED=0 go build -o erupe-ce .
CMD [ "go", "run", "." ] # Runtime stage
FROM alpine:3.21
RUN adduser -D -h /app erupe
WORKDIR /app
COPY --from=builder /build/erupe-ce .
COPY --from=builder /build/www/ ./www/
COPY --from=builder /build/schemas/ ./schemas/
# bundled-schema/ is optional demo data, copy if present
RUN mkdir -p bundled-schema
# bin/ and savedata/ are mounted at runtime via docker-compose
# config.json is also mounted at runtime
USER erupe
ENTRYPOINT ["./erupe-ce"]

8
docker/docker-compose.yml
View File

@@ -38,9 +38,11 @@ services:
depends_on: depends_on:
db: db:
condition: service_healthy condition: service_healthy
# If using prebuilt container change paths and config image: ghcr.io/mezeporta/erupe:main
build: # To build locally instead of using the prebuilt image, comment out
context: ../ # the 'image' line above and uncomment the 'build' section below:
# build:
# context: ../
volumes: volumes:
- ../config.json:/app/erupe/config.json - ../config.json:/app/erupe/config.json
- ../bin:/app/erupe/bin - ../bin:/app/erupe/bin