Added a Dockerfile and completely refactored the Woodpecker pipeline.

2026-02-01 09:38:26 -06:00
parent 4600ca053b
commit 7b8b3b98f2
3 changed files with 89 additions and 38 deletions
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -1,38 +0,0 @@
 when:
  - event: [push, manual]
 steps:
  - name: build
    image: golang:1.22
    commands:
      - go mod edit -dropreplace gitea.maximumdirect.net/ejr/feedkit
      - go test ./...
      - mkdir -p dist
      - CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags "-s -w" -o dist/weatherfeeder ./cmd/weatherfeeder
      - |
        cat > Dockerfile.ci <<'EOF'
        FROM alpine:3.19
        RUN adduser -D -H app \
         && apk add --no-cache ca-certificates
        COPY dist/weatherfeeder /usr/local/bin/weatherfeeder
        USER app
        ENTRYPOINT ["/usr/local/bin/weatherfeeder"]
        EOF
  - name: publish
    image: woodpeckerci/plugin-kaniko
    settings:
      registry: https://harbor.maximumdirect.net
      repo: build/weatherfeeder
      dockerfile: Dockerfile.ci
      context: .
      tags:
        - ${CI_COMMIT_SHA}
        - latest
      cache: true
      cache-repo: build/weatherfeeder-cache
      username:
        from_secret: HARBOR_ROBOT_USER
      password:
        from_secret: HARBOR_ROBOT_TOKEN
--- a/.woodpecker/build-image.yml
+++ b/.woodpecker/build-image.yml
@@ -0,0 +1,15 @@
 when:
  # Allow both normal runs (push) and UI-triggered runs (manual)
  - event: [push, manual]
 steps:
  - name: build-and-push-image
    image: woodpeckerci/plugin-kaniko
    settings:
      registry: harbor.maximumdirect.net
      repo: build/weatherfeeder
      auto_tag: true 
      username:
        from_secret: HARBOR_ROBOT_USER
      password:
        from_secret: HARBOR_ROBOT_TOKEN
--- a/74
+++ b/74
@@ -0,0 +1,74 @@
 # syntax=docker/dockerfile:1.6
 ARG GO_VERSION=1.22
 ############################
 # Build stage
 ############################
 FROM golang:${GO_VERSION}-bookworm AS build
 WORKDIR /src
 # Install baseline packages
 RUN apt-get update && apt-get install -y --no-install-recommends \
      ca-certificates tzdata git build-essential \
    && rm -rf /var/lib/apt/lists/*
 # Cache dependencies first
 COPY go.mod go.sum ./
 RUN --mount=type=cache,target=/go/pkg/mod \
    go mod download
 # Copy the rest of the source
 COPY . .
 # Default to a static build (no CGO)
 # If errors, can build with: --build-arg CGO_ENABLED=1
 ARG CGO_ENABLED=0
 ARG TARGETOS=linux
 ARG TARGETARCH
 ENV CGO_ENABLED=${CGO_ENABLED} \
    GOOS=${TARGETOS} \
    GOARCH=${TARGETARCH}
 # Build your cmd entrypoint
 RUN --mount=type=cache,target=/root/.cache/go-build \
    go build \
      -trimpath \
      -ldflags="-s -w" \
      -o /out/weatherfeeder \
      ./cmd/weatherfeeder
 ############################
 # Runtime stage
 ############################
 FROM debian:bookworm-slim AS runtime
 # Install runtime necessities
 RUN apt-get update && apt-get install -y --no-install-recommends \
      ca-certificates tzdata curl \
    && rm -rf /var/lib/apt/lists/*
 # Define /weatherfeeder as the working directory
 WORKDIR /weatherfeeder
 # Create an unprivileged user
 RUN useradd \
      --system \
      --uid 10001 \
      --create-home \
      --home-dir /nonexistent \
      --shell /usr/sbin/nologin \
      weatherfeeder
 # Copy the binary
 COPY --from=build /out/weatherfeeder /weatherfeeder/weatherfeeder
 # Make sure the user can read config.yml when it’s mounted in
 RUN chown -R weatherfeeder:weatherfeeder /weatherfeeder
 USER weatherfeeder
 # The application expects config.yml in the same directory as the binary
 ENTRYPOINT ["/weatherfeeder/weatherfeeder"]