fix: Propagate CGO_ENABLED environment variable to docker build

[burdzwastaken]

Description

This PR aims to enable the generation of statically linked binaries for increased portability and ease of deployment. Selfishly we would like to use your upstream docker images and copy the binary across to our internal base image so we can use a tool like dependabot/renovate to keep up to date with the latest version.

Please let me know if you would like this be handled in a different way

Changes

• Updated the Makefile to conditionally set CGO_ENABLED=0 when the STATIC flag is provided.
• Ensured that the STATIC flag can be toggled via the Makefile, allowing flexibility in the build process.

Testing

[statically-compiled-binaries] burdz@~/code/pgweb: make release 
Removing all artifacts
Building binaries...
-> target: darwin/amd64
-> target: darwin/arm64
-> target: linux/amd64
-> target: linux/arm64
-> target: windows/amd64
-> target: arm/v5
-> target: arm64/v7
[statically-compiled-binaries] burdz@~/code/pgweb: for file in "bin/*"; do file $file; done
bin/pgweb_darwin_amd64:   Mach-O 64-bit x86_64 executable, flags:<|DYLDLINK|PIE>
bin/pgweb_darwin_arm64:   Mach-O 64-bit arm64 executable, flags:<|DYLDLINK|PIE>
bin/pgweb_linux_amd64:    ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, Go BuildID=Eel_FR4ifLWGHvxRUiT9/OM0f38rHo0olim4ke5eZ/FTVPCQyzkE-4Y_9B2klm/pruHN4XmwQDMpCbxqri8, stripped
bin/pgweb_linux_arm64:    ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=uT8vDBaFlEbA8Lj0S4wo/DOn6kasaXhsYi8gPFy9G/0sUxCZepX6jDdv5y0fNx/YPQ4ekXfT5egNy8Omdt3, stripped
bin/pgweb_linux_arm64_v7: ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=uT8vDBaFlEbA8Lj0S4wo/DOn6kasaXhsYi8gPFy9G/0sUxCZepX6jDdv5y0fNx/YPQ4ekXfT5egNy8Omdt3, stripped
bin/pgweb_linux_arm_v5:   ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=jHqYeORzcXUpvJWkRUoi/RymztH6G6e6EKSrxtIof/QWb0xR0_nf3bYktZ7pmf/J5M9YNTfEla0HRsBzFCO, stripped
bin/pgweb_windows_amd64:  PE32+ executable (console) x86-64, for MS Windows
[statically-compiled-binaries] burdz@~/code/pgweb: make release STATIC=true
Removing all artifacts
Building binaries...
-> target: darwin/amd64
-> target: darwin/arm64
-> target: linux/amd64
-> target: linux/arm64
-> target: windows/amd64
-> target: arm/v5
-> target: arm64/v7
[statically-compiled-binaries] burdz@~/code/pgweb: for file in "bin/*"; do file $file; done
bin/pgweb_darwin_amd64:   Mach-O 64-bit x86_64 executable, flags:<|DYLDLINK|PIE>
bin/pgweb_darwin_arm64:   Mach-O 64-bit arm64 executable, flags:<|DYLDLINK|PIE>
bin/pgweb_linux_amd64:    ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=QO4Lwqu070Bsj_mcwulF/vgcadX5SjtZvNi31KyjW/Xe5M7aUseLRj4_Kkxap5/ByKC_tHd1BEn_jap73u_, stripped
bin/pgweb_linux_arm64:    ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=tGXvkH2I5oI6GN0qrU4i/sEkMs-2KuGzJgcr0qhnA/0sUxCZepX6jDdv5y0fNx/PSLnwpVICcbXUsrkw0wH, stripped
bin/pgweb_linux_arm64_v7: ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=tGXvkH2I5oI6GN0qrU4i/sEkMs-2KuGzJgcr0qhnA/0sUxCZepX6jDdv5y0fNx/PSLnwpVICcbXUsrkw0wH, stripped
bin/pgweb_linux_arm_v5:   ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=d6bB18NN55mF5jCeTwz_/hsHJM3VlGMrIYkyUIrvC/QWb0xR0_nf3bYktZ7pmf/G0cRRC2-8pLBWJepAFtd, stripped
bin/pgweb_windows_amd64:  PE32+ executable (console) x86-64, for MS Windows

[sosedoff]

FYI docker images are already built with CGO_ENABLED=0 by default. Relevant config piece: https://github.com/sosedoff/pgweb/blob/master/.github/workflows/release.yml#L10

[burdzwastaken]

I don't believe that env var it is being passed along to the docker image

[statically-compiled-binaries] burdz@~/code/pgweb: cat Dockerfile.test 
FROM docker.io/sosedoff/pgweb@sha256:18226b304e976592d87d5fc578c5da292d59b5c9e77f960cb5638a488ea3dbcb

USER root
RUN apt-get update && \
    apt-get install -qq --no-install-recommends file

RUN file /usr/bin/pgweb
[statically-compiled-binaries] burdz@~/code/pgweb: docker build -f Dockerfile.test .
STEP 1/4: FROM docker.io/sosedoff/pgweb@sha256:18226b304e976592d87d5fc578c5da292d59b5c9e77f960cb5638a488ea3dbcb
STEP 2/4: USER root
--> Using cache 7d6a54297a4fc02addd8e3195ef650b11146ab9e5fff4615813ef0e1286fab14
--> 7d6a54297a4f
STEP 3/4: RUN apt-get update &&     apt-get install -qq --no-install-recommends file
Hit:1 http://deb.debian.org/debian bullseye InRelease
Get:2 http://deb.debian.org/debian-security bullseye-security InRelease [48.4 kB]
Get:3 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
Get:4 http://deb.debian.org/debian-security bullseye-security/main amd64 Packages [270 kB]
Get:5 http://apt.postgresql.org/pub/repos/apt bullseye-pgdg InRelease [123 kB]
Get:6 http://apt.postgresql.org/pub/repos/apt bullseye-pgdg/main amd64 Packages [309 kB]
Fetched 795 kB in 2s (392 kB/s)
Reading package lists...
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package libmagic-mgc.
(Reading database ... 9568 files and directories currently installed.)
Preparing to unpack .../libmagic-mgc_1%3a5.39-3+deb11u1_amd64.deb ...
Unpacking libmagic-mgc (1:5.39-3+deb11u1) ...
Selecting previously unselected package libmagic1:amd64.
Preparing to unpack .../libmagic1_1%3a5.39-3+deb11u1_amd64.deb ...
Unpacking libmagic1:amd64 (1:5.39-3+deb11u1) ...
Selecting previously unselected package file.
Preparing to unpack .../file_1%3a5.39-3+deb11u1_amd64.deb ...
Unpacking file (1:5.39-3+deb11u1) ...
Setting up libmagic-mgc (1:5.39-3+deb11u1) ...
Setting up libmagic1:amd64 (1:5.39-3+deb11u1) ...
Setting up file (1:5.39-3+deb11u1) ...
Processing triggers for libc-bin (2.31-13+deb11u8) ...
--> 558700a6436b
STEP 4/4: RUN file /usr/bin/pgweb
/usr/bin/pgweb: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, Go BuildID=K7xgUVwJgQUwaVJaEYVG/MTIDcSFDZZUppDZx9Mib/AvOIxxYUNCmaWruT2DfE/1AqmfWvCoiX1F4fYSNdY, stripped
COMMIT
--> 86d644ef5e18
86d644ef5e18ab20ed3c54a122ae6b150e0fdc4810cd621b5f0c9a46c97f41c2

[burdzwastaken]

sorry for missing the env var in the GitHub action, I'm happy to adjust my PR to pass the supplied env var in your GitHub action along to the docker build step

[sosedoff]

Hm i thought Actions env vars get propagated to steps without additional configuration, are you saying this is not the case with Pgweb?

[burdzwastaken]

actions environment variables get propagated to the steps however since the build is inside docker it does not inherit them. to handle this I propose we can use ARG and ENV inside docker and pass it along from actions via build-args. here is a sample pipeline I created to show the difference in behaviour:
branch: https://github.com/sosedoff/pgweb/compare/master...burdzwastaken:pgweb:statically-compiled-binaries-envvar?expand=1
build: https://github.com/burdzwastaken/pgweb/actions/runs/8419078468/job/23050925506

the change then which I am happy to make on my branch is to remove the make target that I added and update the Dockerfile/github actions files like so

[statically-compiled-binaries] burdz@~/code/pgweb: gd
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index abcd259..d1ed1ca 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -33,3 +33,5 @@ jobs:
           push: false
           tags: pgweb:latest
           platforms: linux/amd64,linux/arm64,linux/arm/v5,linux/arm/v7
+          build-args: |
+            "CGO_ENABLED=${{ env.CGO_ENABLED }}"
diff --git a/Dockerfile b/Dockerfile
index 6ef5d4f..9f9c70f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,6 +3,10 @@
 # ------------------------------------------------------------------------------
 FROM golang:1.20-bullseye AS build
 
+# Set default build argument for CGO_ENABLED to 0
+ARG CGO_ENABLED=0
+ENV CGO_ENABLED ${CGO_ENABLED}
+
 WORKDIR /build
 
 RUN git config --global --add safe.directory /build

please let me know whichever method you prefer and I can update this branch accordingly

[sosedoff]

You're totally right about the env var propagation.

[burdzwastaken]

PR updated to just propagate the environment variable that already exists in the github action

[burdzwastaken]

@sosedoff thanks for merging, do you mind cutting a release so we can utilise the changes in docker behaviour?

[sosedoff]

I'll do some testing before cutting a new release but that should not take too long.

[burdzwastaken]

@sosedoff thank you so much and I appreciate your efforts maintaining this great tool