Build and publish images

cmurphy · cmurphy · commit a0d785c1826a · 2021-01-29T19:11:23.000-08:00
Add a Dockerfile and Github Action workflow to build an image and
publish it on Github Container Registry.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,2 @@
+.git
+target
diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml
@@ -0,0 +1,57 @@
+on:
+  push:
+    branches:
+    - main
+    tags:
+    - 'v*'
+
+name: build container image
+
+jobs:
+  build:
+    name: Build container image
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout code
+        uses: actions/checkout@v2
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Login to GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.CR_PAT }}
+      -
+        name: Build and push development container image
+        if: ${{ startsWith(github.ref, 'refs/heads/') }}
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64 #,linux/arm64 <- build fails on arm64 because of libwasmtime missing
+          push: true
+          tags: |
+            ghcr.io/chimera-kube/policy-server:latest
+      -
+        name: Retrieve tag name
+        if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        run: |
+          echo TAG_NAME=$(echo $GITHUB_REF | sed -e "s|refs/tags/||") >> $GITHUB_ENV
+      -
+        name: Build and push tagged container image
+        if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64 #,linux/arm64 <- build fails on arm64 because of libwasmtime missing
+          push: true
+          tags: |
+            ghcr.io/chimera-kube/policy-server:${{ env.TAG_NAME }}
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,24 @@
+# build image
+FROM rust:1.49 as builder
+
+WORKDIR /usr/src/policy-server
+COPY . .
+RUN cargo install --path .
+
+# final image
+FROM rust:1.49-slim
+COPY --from=builder /usr/local/cargo/bin/policy-server /usr/local/bin/policy-server
+
+RUN adduser \
+  --disabled-password \
+  --gecos "" \
+  --no-create-home \
+  --home "/none" \
+  --shell "/sbin/nologin" \
+  --uid 2000 \
+  chimera
+USER chimera
+
+EXPOSE 3000
+
+ENTRYPOINT ["/usr/local/bin/policy-server"]
