ci: auto build & push image on main (:latest) + v* tags
Build & push image / build-and-push (push) Successful in 58s
Build & push image / build-and-push (push) Successful in 58s
Mirror mort-ci.yml's build-and-push: BuildKit secrets (REGISTRY_USER/ REGISTRY_PASSWORD) for private majordomo access instead of build-args, and the LAN --add-host so the builder can reach the registry. push main -> :latest + :sha-<short>; tag v* -> :<tag> + :latest; other branches -> :branch-<safe>; PRs build-only (no push). Optional DISCORD_WEBHOOK_URL notifications. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
+13
-11
@@ -1,25 +1,27 @@
|
||||
# syntax=docker/dockerfile:1
|
||||
#
|
||||
# Multi-stage so the private-module access token used to fetch the majordomo
|
||||
# dependency lives ONLY in the build stage and never lands in the final image.
|
||||
# Multi-stage so the private-module credentials (used to fetch the majordomo
|
||||
# dependency) live ONLY in the build stage via BuildKit secrets and never land
|
||||
# in the final image. Mirrors mort's Dockerfile secret idiom.
|
||||
|
||||
FROM golang:1.26 AS build
|
||||
ARG GIT_HOST=gitea.stevedudenhoeffer.com
|
||||
ARG GIT_USER=
|
||||
ARG GIT_TOKEN=
|
||||
ENV CGO_ENABLED=0 \
|
||||
GOFLAGS=-mod=mod \
|
||||
GOSUMDB=off
|
||||
GOSUMDB=off \
|
||||
GOTOOLCHAIN=auto
|
||||
ENV GOPRIVATE=${GIT_HOST}/* GONOSUMDB=${GIT_HOST}/*
|
||||
WORKDIR /src
|
||||
# Private Go module access (majordomo). Token is confined to this stage.
|
||||
RUN if [ -n "$GIT_TOKEN" ]; then \
|
||||
git config --global url."https://${GIT_USER}:${GIT_TOKEN}@${GIT_HOST}/".insteadOf "https://${GIT_HOST}/"; \
|
||||
fi
|
||||
COPY go.mod go.sum ./
|
||||
RUN go mod download
|
||||
RUN --mount=type=secret,id=REGISTRY_USER \
|
||||
--mount=type=secret,id=REGISTRY_PASSWORD \
|
||||
--mount=type=cache,target=/go/pkg/mod \
|
||||
git config --global url."https://$(cat /run/secrets/REGISTRY_USER):$(cat /run/secrets/REGISTRY_PASSWORD)@${GIT_HOST}/".insteadOf "https://${GIT_HOST}/" \
|
||||
&& go mod download
|
||||
COPY . .
|
||||
RUN go build -trimpath -ldflags="-s -w" -o /out/gadfly ./cmd/gadfly
|
||||
RUN --mount=type=cache,target=/go/pkg/mod \
|
||||
--mount=type=cache,target=/root/.cache/go-build \
|
||||
go build -trimpath -ldflags="-s -w" -o /out/gadfly ./cmd/gadfly
|
||||
|
||||
FROM alpine:3.20
|
||||
RUN apk add --no-cache bash git curl jq ca-certificates
|
||||
|
||||
Reference in New Issue
Block a user