hailey.at / cocoon
An atproto PDS written in Go
fork atom

Create multiplatform image, add curl to image for healthcheck (#45)

Aadi Desai 113ced56 3bff74e0

options
unified split
Changed files
+57 -9
.github
workflows
docker-image.yml
Dockerfile
+56 -8
.github/workflows/docker-image.yml 
···

       
14

       
14

       
 

       



     

       
15

       
15

       
 

       
jobs:


     

       
16

       
16

       
 

       
  build-and-push-image:


     

       
17

       

       
-

       
    runs-on: ubuntu-latest


     

       

       
17

       
+

       
    strategy:


     

       

       
18

       
+

       
      matrix:


     

       

       
19

       
+

       
        include:


     

       

       
20

       
+

       
          - arch: amd64


     

       

       
21

       
+

       
            runner: ubuntu-latest


     

       

       
22

       
+

       
          - arch: arm64


     

       

       
23

       
+

       
            runner: ubuntu-24.04-arm


     

       

       
24

       
+

       
    runs-on: ${{ matrix.runner }}


     

       
18

       
25

       
 

       
    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.


     

       
19

       
26

       
 

       
    permissions:


     

       
20

       
27

       
 

       
      contents: read


     

       
21

       
28

       
 

       
      packages: write


     

       
22

       
29

       
 

       
      attestations: write


     

       
23

       
30

       
 

       
      id-token: write


     

       
24

       

       
-

       
      #


     

       

       
31

       
+

       
    outputs:


     

       

       
32

       
+

       
      digest-amd64: ${{ matrix.arch == 'amd64' && steps.push.outputs.digest || '' }}


     

       

       
33

       
+

       
      digest-arm64: ${{ matrix.arch == 'arm64' && steps.push.outputs.digest || '' }}


     

       
25

       
34

       
 

       
    steps:


     

       
26

       
35

       
 

       
      - name: Checkout repository


     

       
27

       
36

       
 

       
        uses: actions/checkout@v4


     
···

       
41

       
50

       
 

       
        with:


     

       
42

       
51

       
 

       
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}


     

       
43

       
52

       
 

       
          tags: |


     

       
44

       

       
-

       
            type=raw,value=latest,enable={{is_default_branch}}


     

       
45

       

       
-

       
            type=sha


     

       
46

       

       
-

       
            type=sha,format=long


     

       
47

       

       
-

       
            type=semver,pattern={{version}}


     

       
48

       

       
-

       
            type=semver,pattern={{major}}.{{minor}}


     

       

       
53

       
+

       
            type=raw,value=latest,enable={{is_default_branch}},suffix=-${{ matrix.arch }}


     

       

       
54

       
+

       
            type=sha,suffix=-${{ matrix.arch }}


     

       

       
55

       
+

       
            type=sha,format=long,suffix=-${{ matrix.arch }}


     

       

       
56

       
+

       
            type=semver,pattern={{version}},suffix=-${{ matrix.arch }}


     

       

       
57

       
+

       
            type=semver,pattern={{major}}.{{minor}},suffix=-${{ matrix.arch }}


     

       
49

       
58

       
 

       



     

       
50

       
59

       
 

       
      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.


     

       
51

       
60

       
 

       
      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.


     
···

       
59

       
68

       
 

       
          tags: ${{ steps.meta.outputs.tags }}


     

       
60

       
69

       
 

       
          labels: ${{ steps.meta.outputs.labels }}


     

       
61

       
70

       
 

       



     

       

       
71

       
+

       
  publish-manifest:


     

       

       
72

       
+

       
    needs: build-and-push-image


     

       

       
73

       
+

       
    runs-on: ubuntu-latest


     

       

       
74

       
+

       
    permissions:


     

       

       
75

       
+

       
      packages: write


     

       

       
76

       
+

       
      attestations: write


     

       

       
77

       
+

       
      id-token: write


     

       

       
78

       
+

       
    steps:


     

       

       
79

       
+

       
      - name: Log in to the Container registry


     

       

       
80

       
+

       
        uses: docker/login-action@v3


     

       

       
81

       
+

       
        with:


     

       

       
82

       
+

       
          registry: ${{ env.REGISTRY }}


     

       

       
83

       
+

       
          username: ${{ github.actor }}


     

       

       
84

       
+

       
          password: ${{ secrets.GITHUB_TOKEN }}


     

       

       
85

       
+

       



     

       

       
86

       
+

       
      - name: Extract metadata (tags, labels) for Docker


     

       

       
87

       
+

       
        id: meta


     

       

       
88

       
+

       
        uses: docker/metadata-action@v5


     

       

       
89

       
+

       
        with:


     

       

       
90

       
+

       
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}


     

       

       
91

       
+

       
          tags: |


     

       

       
92

       
+

       
            type=raw,value=latest,enable={{is_default_branch}}


     

       

       
93

       
+

       
            type=sha


     

       

       
94

       
+

       
            type=sha,format=long


     

       

       
95

       
+

       
            type=semver,pattern={{version}}


     

       

       
96

       
+

       
            type=semver,pattern={{major}}.{{minor}}


     

       

       
97

       
+

       



     

       

       
98

       
+

       
      - name: Create and push manifest


     

       

       
99

       
+

       
        run: |


     

       

       
100

       
+

       
          # Split tags into an array


     

       

       
101

       
+

       
          readarray -t tags <<< "${{ steps.meta.outputs.tags }}"


     

       

       
102

       
+

       



     

       

       
103

       
+

       
          # Create and push manifest for each tag


     

       

       
104

       
+

       
          for tag in "${tags[@]}"; do


     

       

       
105

       
+

       
            docker buildx imagetools create -t "$tag" \


     

       

       
106

       
+

       
              "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ needs.build-and-push-image.outputs.digest-amd64 }}" \


     

       

       
107

       
+

       
              "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ needs.build-and-push-image.outputs.digest-arm64 }}"


     

       

       
108

       
+

       
          done


     

       

       
109

       
+

       



     

       
62

       
110

       
 

       
      # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)."


     

       
63

       
111

       
 

       
      - name: Generate artifact attestation


     

       
64

       
112

       
 

       
        uses: actions/attest-build-provenance@v1


     

       
65

       
113

       
 

       
        with:


     

       
66

       
114

       
 

       
          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}


     

       
67

       

       
-

       
          subject-digest: ${{ steps.push.outputs.digest }}


     

       

       
115

       
+

       
          subject-digest: ${{ needs.build-and-push-image.outputs.digest-amd64 }}


     

       
68

       
116

       
 

       
          push-to-registry: true
+1 -1
Dockerfile 
···

       
11

       
11

       
 

       
### Run stage


     

       
12

       
12

       
 

       
FROM debian:bookworm-slim AS run


     

       
13

       
13

       
 

       



     

       
14

       

       
-

       
RUN apt-get update && apt-get install -y dumb-init runit ca-certificates && rm -rf /var/lib/apt/lists/*


     

       

       
14

       
+

       
RUN apt-get update && apt-get install -y dumb-init runit ca-certificates curl && rm -rf /var/lib/apt/lists/*


     

       
15

       
15

       
 

       
ENTRYPOINT ["dumb-init", "--"]


     

       
16

       
16

       
 

       



     

       
17

       
17

       
 

       
WORKDIR /