From 79075ef2121ae03232b24d0bb8463cb6c49be02b Mon Sep 17 00:00:00 2001 From: Rogee Date: Fri, 14 Nov 2025 14:18:24 +0800 Subject: [PATCH] feat: add work flow --- .dockerignore | 27 ++++++++--- .github/workflows/docker-release.yml | 67 ++++++++++++++++++++++++++++ Dockerfile | 21 +++++++++ 3 files changed, 110 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/docker-release.yml create mode 100644 Dockerfile diff --git a/.dockerignore b/.dockerignore index 824d659..c470449 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,9 +1,26 @@ -# Exclude build context noise and secrets -.git/ +# Build metadata and VCS noise +.git +.github +.codex node_modules/ coverage/ +logs +storage *.log* -.env* -.dockerignore -Dockerfile* +*.out +# Local configs or secrets +.env* +config.toml +config.*.toml +configs/*.toml + +# Editor and tooling noise +.vscode +.idea +.DS_Store +*.swp + +# Tests and docs not needed at runtime +/specs +/tests diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml new file mode 100644 index 0000000..07d1dd9 --- /dev/null +++ b/.github/workflows/docker-release.yml @@ -0,0 +1,67 @@ +name: docker-release + +on: + push: + tags: + - "v*" + +env: + GHCR_IMAGE: ghcr.io/${{ github.repository_owner }}/any-hub + DOCKERHUB_IMAGE: docker.io/${{ secrets.DOCKERHUB_USERNAME }}/any-hub + +jobs: + build-and-push: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GHP_TOKEN }} + + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.GHCR_IMAGE }} + ${{ env.DOCKERHUB_IMAGE }} + tags: | + type=ref,event=tag + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + labels: | + org.opencontainers.image.source=${{ github.repository }} + + - name: Build and push + uses: docker/build-push-action@v6 + with: + context: . + push: true + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + VERSION=${{ github.ref_name }} + COMMIT=${{ github.sha }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..9152c4a --- /dev/null +++ b/Dockerfile @@ -0,0 +1,21 @@ +# syntax=docker/dockerfile:1.7 + +FROM golang:1.25 AS builder +ARG TARGETOS=linux +ARG TARGETARCH=amd64 +ARG VERSION=dev +ARG COMMIT=dev +WORKDIR /src +COPY go.mod go.sum ./ +RUN --mount=type=cache,target=/go/pkg/mod \ + go mod download +COPY . . +RUN --mount=type=cache,target=/root/.cache/go-build \ + CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH \ + go build -trimpath -ldflags "-s -w -X github.com/any-hub/any-hub/internal/version.Version=${VERSION} -X github.com/any-hub/any-hub/internal/version.Commit=${COMMIT}" -o /out/any-hub ./cmd/any-hub + +FROM gcr.io/distroless/static-debian12:nonroot +COPY --from=builder /out/any-hub /usr/local/bin/any-hub +USER nonroot:nonroot +ENTRYPOINT ["/usr/local/bin/any-hub"] +CMD ["--help"]