Skip to content

Build own binary test #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
SereneVirus merged 8 commits into from
Oct 30, 2025
Merged

Build own binary test #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
60cf071
Update Dockerfile.release
SereneVirus Oct 30, 2025
42af104
Update Dockerfile.release
SereneVirus Oct 30, 2025
5272c27
Create docker-build.yaml
SereneVirus Oct 30, 2025
b485a81
Update docker-build.yaml
SereneVirus Oct 30, 2025
2409923
Remove minisig verify of binary
SereneVirus Oct 30, 2025
5222887
Removed minisig entirely
SereneVirus Oct 30, 2025
9165e47
Removed fluff and environment variable from static-curl
SereneVirus Oct 30, 2025
8b38121
Removed docker build script and moved it into RUN commands
SereneVirus Oct 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions .github/workflows/docker-build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: docker-build
on:
pull_request: {}
push:
branches:
- "elx-vault-main"

env:
IMAGE_NAME: elx-vault

jobs:
push:
runs-on: self-hosted
permissions:
packages: write
contents: read

steps:
- uses: actions/checkout@v5
- name: Build image
run: docker build . --file Dockerfile.release --tag $IMAGE_NAME --label "runnumber=${GITHUB_RUN_ID}"
- name: Log in to registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin

- name: Push image
run: |
IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME

IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')

VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')

[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')

[ "$VERSION" == "main" ] && VERSION=latest
echo IMAGE_ID=$IMAGE_ID
echo VERSION=$VERSION
docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
docker push $IMAGE_ID:$VERSION
22 changes: 9 additions & 13 deletions Dockerfile.release
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,24 +15,20 @@ RUN apk add -U --no-cache ca-certificates && \
go install aead.dev/minisign/cmd/minisign@v0.2.1

# Download minio binary and signature files
RUN curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE} -o /go/bin/minio && \
curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.minisig -o /go/bin/minio.minisig && \
curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.sha256sum -o /go/bin/minio.sha256sum && \
chmod +x /go/bin/minio
#RUN curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE} -o /go/bin/minio && \
# curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.minisig -o /go/bin/minio.minisig && \
# curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.sha256sum -o /go/bin/minio.sha256sum && \
# chmod +x /go/bin/minio

RUN go install github.com/minio/minio@latest
RUN chmod +x /go/bin/minio

# Download mc binary and signature files
RUN curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc -o /go/bin/mc && \
curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.minisig -o /go/bin/mc.minisig && \
curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.sha256sum -o /go/bin/mc.sha256sum && \
chmod +x /go/bin/mc

# Verify binary signature using public key "RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGavRUN"
RUN minisign -Vqm /go/bin/minio -x /go/bin/minio.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav && \
minisign -Vqm /go/bin/mc -x /go/bin/mc.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav

COPY dockerscripts/download-static-curl.sh /build/download-static-curl
RUN chmod +x /build/download-static-curl && \
/build/download-static-curl
RUN curl -f -L -s -q https://github.com/moparisthebest/static-curl/releases/latest/download/curl-amd64 -o /go/bin/curl
RUN chmod +x /go/bin/curl

FROM registry.access.redhat.com/ubi9/ubi-micro:latest

Expand Down
14 changes: 1 addition & 13 deletions dockerscripts/download-static-curl.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,7 @@

function download_arch_specific_executable {
curl -f -L -s -q \
https://github.com/moparisthebest/static-curl/releases/latest/download/curl-$1 \
https://github.com/moparisthebest/static-curl/releases/latest/download/curl-amd64 \
-o /go/bin/curl || exit 1
chmod +x /go/bin/curl
}

case $TARGETARCH in
"arm64")
download_arch_specific_executable aarch64
;;
"s390x")
echo "Not downloading static cURL because it does not exist for the $TARGETARCH architecture."
;;
*)
download_arch_specific_executable "$TARGETARCH"
;;
esac