docker/bake-action v6.6.0

Use bake-action instead of build-and-push action.
2025-04-27 01:01:49 -05:00 · 2025-04-27 01:01:49 -05:00 · ba7dbf279d
commit ba7dbf279d
parent c153a0af33
4 changed files with 146 additions and 11 deletions
--- a/.gitea/workflows/ci.yaml
+++ b/.gitea/workflows/ci.yaml
@ -83,6 +83,16 @@ jobs:
          printf "GITHUB_SHA=%s\n" "$GITHUB_SHA"
          printf "VERSION=%s\n" "$VERSION" | tee -a "$GITHUB_OUTPUT"

+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+
+      - name: Login to Gitea registry
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          registry: git.kill0.net
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
@ -98,22 +108,44 @@ jobs:
            type=semver,pattern={{major}}
            type=sha

-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-
-      - name: Login to Gitea registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          registry: git.kill0.net
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
      - name: Docker build and push
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        uses: docker/bake-action@76f9fa3a758507623da19f6092dc4089a7e61592 # v6.6.0
        with:
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
+          targets: "bookworm"
+          files: |
+            ./docker-bake.hcl
+            cwd://${{ steps.meta.outputs.bake-file }}
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        with:
+          images: |
+            git.kill0.net/ryanc/kubernaut
+          flavor: |
+            suffix=-alpine
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+
+      - name: Docker build and push
+        uses: docker/bake-action@76f9fa3a758507623da19f6092dc4089a7e61592 # v6.6.0
+        with:
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          targets: "alpine"
+          files: |
+            ./docker-bake.hcl
+            cwd://${{ steps.meta.outputs.bake-file }}

      - name: Setup Helm
        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -0,0 +1,20 @@
+group "default" {
+    targets = [ "bookworm", "alpine" ]
+}
+target "_common" {
+    args = {
+        RUBY_VERSION = "3.4.3"
+    }
+}
+
+target "bookworm" {
+    dockerfile = "./dockerfiles/bookworm.Dockerfile"
+    inherits = [ "_common" ]
+    tags = [ "git.kill0.net/ryanc/kubernaut" ]
+}
+
+target "alpine" {
+    dockerfile = "./dockerfiles/alpine.Dockerfile"
+    inherits = [ "_common" ]
+    tags = [ "git.kill0.net/ryanc/kubernaut" ]
+}
--- a/dockerfiles/alpine.Dockerfile
+++ b/dockerfiles/alpine.Dockerfile
@ -0,0 +1,41 @@
+ARG RUBY_VERSION="3.4.3"
+FROM ruby:${RUBY_VERSION}-alpine AS base
+
+WORKDIR /app
+
+RUN <<EOT
+  apk update
+  gem update --system --no-document
+  gem install -N bundler
+EOT
+
+
+FROM base AS build
+
+RUN <<EOT
+  apk add musl-dev gcc make
+EOT
+
+COPY Gemfile* .
+
+RUN <<EOT
+  bundle config set --local without development
+  bundle install
+EOT
+
+
+FROM base
+
+ENV PORT=4567
+
+RUN adduser --home /app --disabled-password app
+
+USER app:app
+
+COPY --from=build /usr/local/bundle /usr/local/bundle
+COPY --from=build --chown=app:app /app /app
+
+COPY --chown=app:app . .
+
+EXPOSE 4567
+CMD [ "puma", "--bind", "0.0.0.0", "--port", "$PORT" ]
--- a/dockerfiles/bookworm.Dockerfile
+++ b/dockerfiles/bookworm.Dockerfile
@ -0,0 +1,42 @@
+ARG RUBY_VERSION="3.4.3"
+FROM ruby:${RUBY_VERSION}-slim-bookworm AS base
+
+WORKDIR /app
+
+RUN <<EOT
+  apt-get update
+  gem update --system --no-document
+  gem install -N bundler
+EOT
+
+
+FROM base AS build
+
+RUN <<EOT
+  apt-get install --yes gcc make
+EOT
+
+COPY Gemfile* .
+
+RUN <<EOT
+  bundle config set --local without development
+  bundle install
+EOT
+
+
+FROM base
+
+ENV PORT=4567
+
+# RUN useradd ruby --home /app --shell /bin/sh
+RUN useradd --home /app --create-home app
+
+USER app:app
+
+COPY --from=build /usr/local/bundle /usr/local/bundle
+COPY --from=build --chown=app:app /app /app
+
+COPY --chown=app:app . .
+
+EXPOSE 4567
+CMD [ "puma", "--bind", "0.0.0.0", "--port", "$PORT" ]