From 7b8b3b98f27ad911d599ba2635ce304d82a375c2 Mon Sep 17 00:00:00 2001 From: Eric Rakestraw Date: Sun, 1 Feb 2026 09:38:26 -0600 Subject: [PATCH] Added a Dockerfile and completely refactored the Woodpecker pipeline. --- .woodpecker.yml | 38 ------------------- .woodpecker/build-image.yml | 15 ++++++++ Dockerfile | 74 +++++++++++++++++++++++++++++++++++++ 3 files changed, 89 insertions(+), 38 deletions(-) delete mode 100644 .woodpecker.yml create mode 100644 .woodpecker/build-image.yml create mode 100644 Dockerfile diff --git a/.woodpecker.yml b/.woodpecker.yml deleted file mode 100644 index e543e0e..0000000 --- a/.woodpecker.yml +++ /dev/null @@ -1,38 +0,0 @@ -when: - - event: [push, manual] - -steps: - - name: build - image: golang:1.22 - commands: - - go mod edit -dropreplace gitea.maximumdirect.net/ejr/feedkit - - go test ./... - - mkdir -p dist - - CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags "-s -w" -o dist/weatherfeeder ./cmd/weatherfeeder - - | - cat > Dockerfile.ci <<'EOF' - FROM alpine:3.19 - RUN adduser -D -H app \ - && apk add --no-cache ca-certificates - COPY dist/weatherfeeder /usr/local/bin/weatherfeeder - USER app - ENTRYPOINT ["/usr/local/bin/weatherfeeder"] - EOF - - - name: publish - image: woodpeckerci/plugin-kaniko - settings: - registry: https://harbor.maximumdirect.net - repo: build/weatherfeeder - dockerfile: Dockerfile.ci - context: . - tags: - - ${CI_COMMIT_SHA} - - latest - cache: true - cache-repo: build/weatherfeeder-cache - username: - from_secret: HARBOR_ROBOT_USER - password: - from_secret: HARBOR_ROBOT_TOKEN - diff --git a/.woodpecker/build-image.yml b/.woodpecker/build-image.yml new file mode 100644 index 0000000..95be8ea --- /dev/null +++ b/.woodpecker/build-image.yml @@ -0,0 +1,15 @@ +when: + # Allow both normal runs (push) and UI-triggered runs (manual) + - event: [push, manual] + +steps: + - name: build-and-push-image + image: woodpeckerci/plugin-kaniko + settings: + registry: harbor.maximumdirect.net + repo: build/weatherfeeder + auto_tag: true + username: + from_secret: HARBOR_ROBOT_USER + password: + from_secret: HARBOR_ROBOT_TOKEN \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..e4f3077 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,74 @@ +# syntax=docker/dockerfile:1.6 + +ARG GO_VERSION=1.22 + +############################ +# Build stage +############################ +FROM golang:${GO_VERSION}-bookworm AS build + +WORKDIR /src + +# Install baseline packages +RUN apt-get update && apt-get install -y --no-install-recommends \ + ca-certificates tzdata git build-essential \ + && rm -rf /var/lib/apt/lists/* + +# Cache dependencies first +COPY go.mod go.sum ./ +RUN --mount=type=cache,target=/go/pkg/mod \ + go mod download + +# Copy the rest of the source +COPY . . + +# Default to a static build (no CGO) +# If errors, can build with: --build-arg CGO_ENABLED=1 +ARG CGO_ENABLED=0 +ARG TARGETOS=linux +ARG TARGETARCH +ENV CGO_ENABLED=${CGO_ENABLED} \ + GOOS=${TARGETOS} \ + GOARCH=${TARGETARCH} + +# Build your cmd entrypoint +RUN --mount=type=cache,target=/root/.cache/go-build \ + go build \ + -trimpath \ + -ldflags="-s -w" \ + -o /out/weatherfeeder \ + ./cmd/weatherfeeder + + +############################ +# Runtime stage +############################ +FROM debian:bookworm-slim AS runtime + +# Install runtime necessities +RUN apt-get update && apt-get install -y --no-install-recommends \ + ca-certificates tzdata curl \ + && rm -rf /var/lib/apt/lists/* + +# Define /weatherfeeder as the working directory +WORKDIR /weatherfeeder + +# Create an unprivileged user +RUN useradd \ + --system \ + --uid 10001 \ + --create-home \ + --home-dir /nonexistent \ + --shell /usr/sbin/nologin \ + weatherfeeder + +# Copy the binary +COPY --from=build /out/weatherfeeder /weatherfeeder/weatherfeeder + +# Make sure the user can read config.yml when it’s mounted in +RUN chown -R weatherfeeder:weatherfeeder /weatherfeeder + +USER weatherfeeder + +# The application expects config.yml in the same directory as the binary +ENTRYPOINT ["/weatherfeeder/weatherfeeder"]