From 54a0b8ef011c72aabed1fadb67bb48078adaab5f Mon Sep 17 00:00:00 2001 From: ihardy Date: Mon, 13 Apr 2026 14:59:22 -0400 Subject: [PATCH 1/3] add go build gh action for DEVOPS-7450 --- .github/workflows/go.yml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .github/workflows/go.yml diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml new file mode 100644 index 0000000..0577392 --- /dev/null +++ b/.github/workflows/go.yml @@ -0,0 +1,33 @@ +name: build + +on: + workflow_dispatch: + push: + branches: [ "main", "DEVOPS-7450-deployment" ] + pull_request: + branches: [ "main" ] + +env: + GO_VERSION: "1.23" + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GO_VERSION }} + + - name: Build + run: make + + - name: Test + run: make test + + - name: Lint + run: make lint + continue-on-error: true From 35003000691e854f5c8f257169d32a8def40058a Mon Sep 17 00:00:00 2001 From: ihardy Date: Mon, 13 Apr 2026 15:28:23 -0400 Subject: [PATCH 2/3] fix go version in gh action --- .github/workflows/go.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 0577392..d8faaa1 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -8,7 +8,7 @@ on: branches: [ "main" ] env: - GO_VERSION: "1.23" + GO_VERSION: "1.26.1" jobs: build: From 1f971ed26d9945f3486bcf2a61578055ed66fa12 Mon Sep 17 00:00:00 2001 From: ihardy Date: Mon, 13 Apr 2026 16:25:35 -0400 Subject: [PATCH 3/3] add dockerfile, docker workflow, update action versions --- .github/workflows/docker.yml | 86 ++++++++++++++++++++++++++++++++++++ .github/workflows/go.yml | 6 +-- Dockerfile | 51 +++++++++++++++++++++ 3 files changed, 140 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/docker.yml create mode 100644 Dockerfile diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000..c8b4492 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,86 @@ +name: publish-image + +on: + workflow_dispatch: + # Dockerfile builds again but does not run tests so we only + # run this workflow after successful Go build-test + workflow_run: + workflows: ['build'] + types: [completed] + branches: ['main'] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build-and-push-image: + if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }} + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - module: mod-cyclops + dockerfile: ./Dockerfile + image: ghcr.io/${{ github.repository }} + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v6 + + - name: Set up Go + uses: actions/setup-go@v6 + with: + go-version: stable + cache-dependency-path: | + go.work.sum + ${{ matrix.module }}/go.sum + + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ matrix.image }} + tags: | + type=schedule + type=ref,event=branch + type=ref,event=tag + type=ref,event=pr + type=sha + + - name: Cache Docker layers + uses: actions/cache@v4 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ hashFiles(matrix.dockerfile) }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and push Docker image + uses: docker/build-push-action@v6 + with: + context: . + file: ${{ matrix.dockerfile }} + push: true + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache,mode=max + build-args: | + GOCACHE=/root/.cache/go-build + GOMODCACHE=/go/pkg/mod diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index d8faaa1..dd9ba06 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -3,7 +3,7 @@ name: build on: workflow_dispatch: push: - branches: [ "main", "DEVOPS-7450-deployment" ] + branches: [ "main" ] pull_request: branches: [ "main" ] @@ -15,10 +15,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ env.GO_VERSION }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..51c103f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,51 @@ +# syntax=docker/dockerfile:1 + +FROM golang:1.26.1 AS build + +WORKDIR /app + +# Copy module files first so dependency downloads can be cached. +COPY go.mod go.sum ./ + +# Download go deps, caches GOMODCACHE. +RUN --mount=type=cache,sharing=shared,target=/go/pkg/mod \ + go mod download + +COPY . ./ + +# Build, caches GOCACHE +RUN --mount=type=cache,sharing=shared,target=/root/.cache/go-build \ + CGO_ENABLED=0 \ + GOOS=linux \ + go build -o /mod-cyclops . + +# create runtime user +RUN adduser \ + --disabled-password \ + --gecos "" \ + --home "/nonexistent" \ + --shell "/sbin/nologin" \ + --no-create-home \ + --uid 65532 \ + cyclops-user + +# create small runtime image +FROM scratch + +# need to copy SSL certs and runtime use +COPY --from=build /usr/share/zoneinfo /usr/share/zoneinfo +COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=build /etc/passwd /etc/passwd +COPY --from=build /etc/group /etc/group + +# copy binaries +COPY --from=build /mod-cyclops . +# copy migrations if needed +#COPY --from=build /app/migrations /migrations + +ENV HTTP_PORT=12370 +EXPOSE ${HTTP_PORT} + +# Run +USER cyclops-user:cyclops-user +CMD ["/mod-cyclops"]