From bdc4f154db2828bb6fdc7cc278e6ada9a4375d94 Mon Sep 17 00:00:00 2001 From: Dirk Klimpel <5740567+dklimpel@users.noreply.github.com> Date: Mon, 24 Jun 2024 15:36:15 +0200 Subject: [PATCH] Add pipeline for build goss docker image (#909) * Add pipeline for build goss docker image * use go version from project * adapt setting version to changed var from PR #892 * add docs --- .github/workflows/docker-goss.yaml | 98 ++++++++++++++++++++++++++++++ Dockerfile | 19 ++++++ README.md | 4 ++ docs/.pages | 1 + docs/container_image.md | 53 ++++++++++++++++ 5 files changed, 175 insertions(+) create mode 100644 .github/workflows/docker-goss.yaml create mode 100644 Dockerfile create mode 100644 docs/container_image.md diff --git a/.github/workflows/docker-goss.yaml b/.github/workflows/docker-goss.yaml new file mode 100644 index 000000000..78e07bdcd --- /dev/null +++ b/.github/workflows/docker-goss.yaml @@ -0,0 +1,98 @@ +name: Docker image for Goss + +on: + push: + branches: + - master + tags: + - "v*" + workflow_dispatch: + +env: + PLATFORMS: "linux/amd64,linux/arm64" + +jobs: + goss: + name: Build and push Docker image + runs-on: ubuntu-latest + permissions: + packages: write + contents: read + security-events: write # To upload Trivy sarif files + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/${{ github.repository_owner }}/goss + + - name: Get latest git tag + uses: actions-ecosystem/action-get-latest-tag@v1 + id: get-latest-tag + + - name: Set short git commit SHA + run: | + calculatedSha=$(git rev-parse --short ${{ github.sha }}) + echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV + + - name: Get the current version of Go from project. + run: echo "GO_VERSION_FROM_PROJECT=$(go mod edit -json | jq -r .Go)" >> $GITHUB_ENV + + - name: Build master goss image + if: github.ref_name == 'master' + uses: docker/build-push-action@v5 + with: + build-args: | + GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }} + GOSS_VERSION=${{ steps.get-latest-tag.outputs.tag }}-${{ github.ref_name }}+${{ env.COMMIT_SHORT_SHA }} + context: . + push: true + tags: | + ghcr.io/${{ github.repository_owner }}/goss:master + labels: ${{ steps.meta.outputs.labels }} + platforms: ${{ env.PLATFORMS }} + + - name: Build release goss image + if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') + uses: docker/build-push-action@v5 + with: + build-args: | + GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }} + GOSS_VERSION=${{ github.ref_name }} + context: . + push: true + tags: | + ghcr.io/${{ github.repository_owner }}/goss:latest + ghcr.io/${{ github.repository_owner }}/goss:${{ github.ref_name }} + labels: ${{ steps.meta.outputs.labels }} + platforms: ${{ env.PLATFORMS }} + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ghcr.io/${{ github.repository_owner }}/goss:master + format: "sarif" + output: "trivy-results.sarif" + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: "trivy-results.sarif" diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..93a143a3d --- /dev/null +++ b/Dockerfile @@ -0,0 +1,19 @@ +ARG GO_VERSION=1.21 + +FROM docker.io/golang:${GO_VERSION}-alpine AS base + +ARG GOSS_VERSION=v0.0.0 +WORKDIR /build + +RUN --mount=target=. \ + CGO_ENABLED=0 go build \ + -ldflags "-X github.com/goss-org/goss/util.Version=${GOSS_VERSION} -s -w" \ + -o "/release/goss" \ + ./cmd/goss + +FROM alpine:3.19 + +COPY --from=base /release/* /usr/bin/ + +RUN mkdir /goss +VOLUME /goss diff --git a/README.md b/README.md index 02ede20cb..c1788885c 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,10 @@ make build [Full Documentation](https://github.com/goss-org/goss/blob/e73553f9c3065ac297499dafb4f8abef6acb24ad/docs/manual.md) +## Using the container image + +[Using the Goss container image](docs/container_image.md) + ## Quick start diff --git a/docs/.pages b/docs/.pages index 67373453b..bed10fe4c 100644 --- a/docs/.pages +++ b/docs/.pages @@ -2,6 +2,7 @@ nav: - Home: index.md - installation.md - quickstart.md + - container_image.md - Command Reference: cli.md - The gossfile: gossfile.md - migrations.md diff --git a/docs/container_image.md b/docs/container_image.md new file mode 100644 index 000000000..ba12d30f7 --- /dev/null +++ b/docs/container_image.md @@ -0,0 +1,53 @@ +# Goss container image + +## Dockerfiles + +* [latest](https://github.com/goss-org/goss/blob/master/Dockerfile) + +## Using the base image + +This is a simple alpine image with Goss preinstalled on it. +Can be used as a base image for your projects to allow for easy health checking. + +### Mount example + +Create the container + +```sh +docker run --name goss ghcr.io/goss-org/goss goss +``` + +Create your container and mount goss + +```sh +docker run --rm -it --volumes-from goss --name weby nginx +``` + +Run goss inside your container + +```sh +docker exec weby /goss/goss autoadd nginx +``` + +### HEALTHCHECK example + +```dockerfile +FROM ghcr.io/goss-org/goss:latest + +COPY goss/ /goss/ +HEALTHCHECK --interval=1s --timeout=6s CMD goss -g /goss/goss.yaml validate + +# your stuff.. +``` + +### Startup delay example + +```dockerfile +FROM ghcr.io/goss-org/goss:latest + +COPY goss/ /goss/ + +# Alternatively, the -r option can be set +# using the GOSS_RETRY_TIMEOUT env variable +CMD goss -g /goss/goss.yaml validate -r 5m && exec real_comand.. +```