Merge pull request #1011 from pixil98/master

Run docker image as non-root user
rmcrackan · Nov 14, 2024 · 5fff22a · 5fff22a
2 parents f1c8b32 + cd7040c
commit 5fff22a
Show file tree

Hide file tree

Showing 10 changed files with 298 additions and 128 deletions.
diff --git a/.github/workflows/build-linux.yml b/.github/workflows/build-linux.yml
@@ -8,37 +8,37 @@ on:
     inputs:
       version_override:
         type: string
-        description: 'Version number override'
+        description: "Version number override"
         required: false
       run_unit_tests:
         type: boolean
-        description: 'Skip running unit tests'
+        description: "Skip running unit tests"
         required: false
         default: true
       runs_on:
         type: string
-        description: 'The GitHub hosted runner to use'
+        description: "The GitHub hosted runner to use"
         required: true
       OS:
         type: string
         description: >
           The operating system targeted by the build.
-          
+
           There must be a corresponding Bundle_$OS.sh script file in ./Scripts
         required: true
       architecture:
         type: string
-        description: 'CPU architecture targeted by the build.'
+        description: "CPU architecture targeted by the build."
         required: true
 
 env:
-  DOTNET_CONFIGURATION: 'Release'
-  DOTNET_VERSION: '8.0.x'
-  RELEASE_NAME: 'chardonnay'
+  DOTNET_CONFIGURATION: "Release"
+  DOTNET_VERSION: "8.0.x"
+  RELEASE_NAME: "chardonnay"
 
 jobs:
   build:
-    name: '${{ inputs.OS }}-${{ inputs.architecture }}'
+    name: "${{ inputs.OS }}-${{ inputs.architecture }}"
     runs-on: ${{ inputs.runs_on }}
     steps:
       - uses: actions/checkout@v4
@@ -60,7 +60,7 @@ jobs:
             version="$(grep -Eio -m 1 '<Version>.*</Version>' ./Source/AppScaffolding/AppScaffolding.csproj | sed -r 's/<\/?Version>//g')"
           fi
           echo "version=${version}" >> "${GITHUB_OUTPUT}"
-          
+
       - name: Unit test
         if: ${{ inputs.run_unit_tests }}
         working-directory: ./Source
@@ -69,7 +69,7 @@ jobs:
       - name: Publish
         id: publish
         working-directory: ./Source
-        run: |          
+        run: |
           if [[ "${{ inputs.OS }}" == "MacOS" ]]
           then
             display_os="macOS"
@@ -78,13 +78,13 @@ jobs:
             display_os="Linux"
             RUNTIME_ID="linux-${{ inputs.architecture }}"
           fi
-          
+
           OUTPUT="bin/Publish/${display_os}-${{ inputs.architecture }}-${{ env.RELEASE_NAME }}"
-          
+
           echo "display_os=${display_os}" >> $GITHUB_OUTPUT
           echo "Runtime Identifier: $RUNTIME_ID"
           echo "Output Directory: $OUTPUT"
-          
+
           dotnet publish \
               LibationAvalonia/LibationAvalonia.csproj \
               --runtime $RUNTIME_ID \
@@ -122,7 +122,7 @@ jobs:
           ${SCRIPT} "${BUNDLE_DIR}" "${{ steps.get_version.outputs.version }}" "${{ inputs.architecture }}"
           artifact=$(ls ./bundle)
           echo "artifact=${artifact}" >> "${GITHUB_OUTPUT}"
-          
+
       - name: Publish bundle
         uses: actions/upload-artifact@v4
         with:

diff --git a/.github/workflows/build-windows.yml b/.github/workflows/build-windows.yml
@@ -8,21 +8,21 @@ on:
     inputs:
       version_override:
         type: string
-        description: 'Version number override'
+        description: "Version number override"
         required: false
       run_unit_tests:
         type: boolean
-        description: 'Skip running unit tests'
+        description: "Skip running unit tests"
         required: false
         default: true
 
 env:
-  DOTNET_CONFIGURATION: 'Release'
-  DOTNET_VERSION: '8.0.x'
+  DOTNET_CONFIGURATION: "Release"
+  DOTNET_VERSION: "8.0.x"
 
 jobs:
   build:
-    name: '${{ matrix.os }}-${{ matrix.release_name }}'
+    name: "${{ matrix.os }}-${{ matrix.release_name }}"
     runs-on: windows-latest
     strategy:
       matrix:
@@ -112,4 +112,4 @@ jobs:
           name: ${{ steps.zip.outputs.artifact }}.zip
           path: ./Source/bin/Publish/${{ steps.zip.outputs.artifact }}.zip
           if-no-files-found: error
-          retention-days: 7          
+          retention-days: 7
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -8,22 +8,21 @@ on:
     inputs:
       version_override:
         type: string
-        description: 'Version number override'
+        description: "Version number override"
         required: false
       run_unit_tests:
         type: boolean
-        description: 'Skip running unit tests'
+        description: "Skip running unit tests"
         required: false
-        default: true        
+        default: true
 
 jobs:
-
   windows:
     uses: ./.github/workflows/build-windows.yml
     with:
       version_override: ${{ inputs.version_override }}
       run_unit_tests: ${{ inputs.run_unit_tests }}
-      
+
   linux:
     strategy:
       matrix:
@@ -36,7 +35,7 @@ jobs:
       OS: ${{ matrix.OS }}
       architecture: ${{ matrix.architecture }}
       run_unit_tests: ${{ inputs.run_unit_tests }}
-      
+
   macos:
     strategy:
       matrix:
@@ -47,4 +46,4 @@ jobs:
       runs_on: macos-latest
       OS: MacOS
       architecture: ${{ matrix.architecture }}
-      run_unit_tests: ${{ inputs.run_unit_tests }}     
+      run_unit_tests: ${{ inputs.run_unit_tests }}
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -8,20 +8,22 @@ on:
     inputs:
       version:
         type: string
-        description: 'Version number'
+        description: "Version number"
+        required: true
+      release:
+        type: boolean
+        description: "Is this a release build?"
         required: true
     secrets:
       docker_username:
         required: true
       docker_token:
         required: true
 
-env:
-  DOCKER_IMAGE: ${{ secrets.docker_username }}/libation
-
 jobs:
-  docker:
+  build_and_push:
     runs-on: ubuntu-latest
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -33,14 +35,29 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: Login to Docker Hub
+        if: ${{ inputs.release }}
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.docker_username }}
           password: ${{ secrets.docker_token }}
 
-      - name: Build and push
-        uses: docker/build-push-action@v5
+      - name: Generate docker image tags
+        id: metadata
+        uses: docker/metadata-action@v5
+        with:
+          flavor: |
+            latest=true
+          images: |
+            name=${{ secrets.docker_username }}/libation
+          tags: |
+            type=raw,value=${{ inputs.version }},enable=${{ inputs.release }}
+
+      - name: Build and push image
+        uses: docker/build-push-action@v6
         with:
-          push: true
-          build-args: 'FOLDER_NAME=Linux-chardonnay'
-          tags: ${{ env.DOCKER_IMAGE }}:latest,${{ env.DOCKER_IMAGE }}:${{ inputs.version }}
+          platforms: linux/amd64,linux/arm64
+          push: ${{ steps.metadata.outputs.tags != ''}}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -5,7 +5,7 @@ name: release
 on:
   push:
     tags:
-      - 'v*'
+      - "v*"
 jobs:
   prerelease:
     runs-on: ubuntu-latest
@@ -15,14 +15,15 @@ jobs:
       - name: Get tag version
         id: get_version
         run: |
-          export TAG='${{ github.ref_name }}'
+          export TAG="${{ github.ref_name }}"
           echo "version=${TAG#v}" >> "${GITHUB_OUTPUT}"
 
   docker:
     needs: [prerelease]
     uses: ./.github/workflows/docker.yml
     with:
       version: ${{ needs.prerelease.outputs.version }}
+      release: true
     secrets:
       docker_username: ${{ secrets.DOCKERHUB_USERNAME }}
       docker_token: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -33,9 +34,9 @@ jobs:
     with:
       version_override: ${{ needs.prerelease.outputs.version }}
       run_unit_tests: false
-      
+
   release:
-    needs: [prerelease,build]
+    needs: [prerelease, build]
     runs-on: ubuntu-latest
     steps:
       - name: Download artifacts
@@ -55,7 +56,7 @@ jobs:
       - name: Upload release assets
         uses: dwenegar/upload-release-assets@v2
         env:
-          GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
-          release_id: '${{ steps.release.outputs.id }}'
+          release_id: "${{ steps.release.outputs.id }}"
           assets_path: ./artifacts
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
@@ -1,5 +1,5 @@
 # validate.yml
-# Validates that Libation will build on a pull request or push to master. 
+# Validates that Libation will build on a pull request or push to master.
 ---
 name: validate
 
@@ -12,3 +12,11 @@ on:
 jobs:
   build:
     uses: ./.github/workflows/build.yml
+  docker:
+    uses: ./.github/workflows/docker.yml
+    with:
+      version: ${GITHUB_SHA}
+      release: false
+    secrets:
+      docker_username: ${{ secrets.DOCKERHUB_USERNAME }}
+      docker_token: ${{ secrets.DOCKERHUB_TOKEN }}
diff --git a/Docker/appsettings.json b/Docker/appsettings.json
@@ -0,0 +1,3 @@
+{
+  "LibationFiles": "/config-internal"
+}