From 6a90e200fe600f429edcaf3a2a3db89a01609f17 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Benas=20Taurosevi=C4=8Dius?=
 <benas.taurosevicius@plumery.com>
Date: Tue, 9 Apr 2024 11:26:39 +0200
Subject: [PATCH] Add additional docker image that is based on alpine (#165)

* Add additional alpine-release stage to Dockerfile
Add alpine-release build to workflows
* Add image documentation
---
 .../workflows/docker-publish-on-comment.yml   | 24 +++++++++++++++++
 .github/workflows/docker-publish.yml          | 26 +++++++++++++++++++
 Dockerfile                                    | 11 +++++++-
 docs/installation.md                          | 10 +++++++
 4 files changed, 70 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/docker-publish-on-comment.yml b/.github/workflows/docker-publish-on-comment.yml
index af224fc4..50ea0bfd 100644
--- a/.github/workflows/docker-publish-on-comment.yml
+++ b/.github/workflows/docker-publish-on-comment.yml
@@ -93,6 +93,30 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+
+      - name: Extract Docker metadata - alpine
+        id: meta-alpine
+        uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c
+        with:
+          context: git
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=sha
+          flavor: prefix=alpine-,onlatest=true
+      - name: Build and push Docker image - alpine
+        id: build-and-push-alpine
+        uses: docker/build-push-action@9f6f8c940b91232557f8699b21341a08624a8dce
+        with:
+          context: .
+          target: alpine-release
+          push: true
+          tags: ${{ steps.meta-alpine.outputs.tags }}
+          labels: ${{ steps.meta-alpine.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
       - name: Set latest commit status as ${{ job.status }}
         uses: myrotvorets/set-commit-status-action@master
         if: always()
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index dbf7ed92..162cd9db 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -91,6 +91,32 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
+    # Extract metadata (tags, labels) for Docker
+    # https://github.com/docker/metadata-action
+    # 1st image name is for GH package repo
+    # 2nd image name is for DockerHub image
+      - name: Extract Docker metadata - alpine
+        id: meta-alpine
+        uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c
+        with:
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          flavor: prefix=alpine-,onlatest=true
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image - alpine
+        id: build-and-push-alpine
+        uses: docker/build-push-action@9f6f8c940b91232557f8699b21341a08624a8dce
+        with:
+          context: .
+          target: alpine-release
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta-alpine.outputs.tags }}
+          labels: ${{ steps.meta-alpine.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
 
       # Sign the resulting Docker image digest except on PRs.
       # This will only write to the public Rekor transparency log when the Docker
diff --git a/Dockerfile b/Dockerfile
index 27977d85..cba245bd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,7 +8,7 @@ COPY . ./
 RUN make test
 
 FROM test as build
-# FROM golang:1.18.3 as build
+# FROM golang:1.21.5 as build
 ARG GOPROXY
 ENV GOPATH=/go
 ENV PATH="$PATH:$GOPATH/bin"
@@ -17,6 +17,15 @@ COPY . ./
 RUN make build
 
 
+FROM alpine:latest as alpine-release
+WORKDIR /telefonistka
+COPY --from=build /go/src/github.com/wayfair-incubator/telefonistka/telefonistka /telefonistka/bin/telefonistka
+COPY templates/ /telefonistka/templates/
+# This next line is hack to overcome GH actions lack of support for docker workdir override https://github.com/actions/runner/issues/878
+COPY templates/ /github/workspace/templates/
+USER 1001
+ENTRYPOINT ["/telefonistka/bin/telefonistka"]
+CMD ["server"]
 
 
 
diff --git a/docs/installation.md b/docs/installation.md
index db097c6e..143aca81 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -59,6 +59,16 @@ The Github side of the configuration can be done via a creation of an GitHub App
   * Ensure the service account has the relevant permission on the repo.
   * Add `telefonistka.yaml` to repo root.
 
+## Images
+
+Telefonistka comes in 2 flavors:
+
+* A normal container image, that is built from `scratch` and contains only a telefonistka binary and CA certificates.
+  This image is preferred and meant to be used in a production environment.
+* A container image that is built on `alpine` and contains the full alpine base OS. Denoted by the `alpine-` prefix.
+  This image is meant for development and debugging purposes.
+  And in rare cases when it is used in CI and requires shell variable expansion.
+
 ## Server Configuration
 
 Environment variables for the webhook process: