diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 683d5c4..ad645ca 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -1,61 +1,70 @@ name: Build container image, publish as GitHub-package # This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. on: push: branches: [ main, develop ] # Publish semver tags as releases. tags: - 'v*.*.*' env: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io # github.repository as / IMAGE_NAME: ${{ github.repository }} jobs: build: runs-on: ubuntu-latest permissions: contents: read packages: write steps: - name: Checkout repository uses: actions/checkout@v4 + # Set up QEMU for cross-building + - name: Set up QEMU + uses: docker/setup-qemu-action@v3.0.0 + + # Set up Docker Buildx + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3.0.0 + # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} if: github.event_name != 'pull_request' uses: docker/login-action@v3.0.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} # Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta uses: docker/metadata-action@v4.6.0 with: images: | ghcr.io/${{ github.repository }} flavor: latest=true # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action - name: Build and push Docker images uses: docker/build-push-action@v5.0.0 with: context: . + platforms: linux/amd64,linux/arm64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} diff --git a/Dockerfile b/Dockerfile index 762a1ee..b572101 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,50 +1,48 @@ # Build image -# SHA256 of golang:1.21-alpine3.18 linux/amd64 -FROM golang@sha256:f475434ea2047a83e9ba02a1da8efc250fa6b2ed0e9e8e4eb8c5322ea6997795 as build +FROM golang:1.21-alpine3.18 as build LABEL org.opencontainers.image.source="https://github.com/writefreely/writefreely" LABEL org.opencontainers.image.description="WriteFreely is a clean, minimalist publishing platform made for writers. Start a blog, share knowledge within your organization, or build a community around the shared act of writing." RUN apk -U upgrade \ && apk add --no-cache nodejs npm make g++ git \ && npm install -g less less-plugin-clean-css \ && mkdir -p /go/src/github.com/writefreely/writefreely WORKDIR /go/src/github.com/writefreely/writefreely COPY . . RUN cat ossl_legacy.cnf > /etc/ssl/openssl.cnf ENV GO111MODULE=on ENV NODE_OPTIONS=--openssl-legacy-provider RUN make build \ && make ui \ && mkdir /stage \ && cp -R /go/bin \ /go/src/github.com/writefreely/writefreely/templates \ /go/src/github.com/writefreely/writefreely/static \ /go/src/github.com/writefreely/writefreely/pages \ /go/src/github.com/writefreely/writefreely/keys \ /go/src/github.com/writefreely/writefreely/cmd \ /stage # Final image -# SHA256 of alpine:3.18.4 linux/amd64 -FROM alpine@sha256:48d9183eb12a05c99bcc0bf44a003607b8e941e1d4f41f9ad12bdcc4b5672f86 +FROM alpine:3.18.4 RUN apk -U upgrade \ && apk add --no-cache openssl ca-certificates COPY --from=build --chown=daemon:daemon /stage /go WORKDIR /go VOLUME /go/keys EXPOSE 8080 USER daemon ENTRYPOINT ["cmd/writefreely/writefreely"] HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \ CMD curl -fSs http://localhost:8080/ || exit 1 \ No newline at end of file