diff --git a/.github/workflows/digestabot.yml b/.github/workflows/digestabot.yml new file mode 100644 index 00000000..8f9da589 --- /dev/null +++ b/.github/workflows/digestabot.yml @@ -0,0 +1,24 @@ + +name: Image digest update + +on: + workflow_dispatch: + schedule: + # At the end of every day + - cron: "0 0 * * *" + +jobs: + image-update: + name: Image digest update + runs-on: ubuntu-latest + + permissions: + contents: write # to push the updates + pull-requests: write # to open Pull requests + id-token: write # used to sign the commits using gitsign + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: chainguard-dev/digestabot@4298e530896fb4164f9c89030c561b75b9321149 + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/Dockerfile b/Dockerfile index 8563c0bb..b2b1c037 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,6 @@ +# syntax=docker/dockerfile:latest@sha256:ac85f380a63b13dfcefa89046420e1781752bab202122f8f50032edf31be0021 ## build ergo binary -FROM docker.io/golang:1.21-alpine AS build-env - -RUN apk upgrade -U --force-refresh --no-cache && apk add --no-cache --purge --clean-protected -l -u make git +FROM cgr.dev/chainguard/go:latest@sha256:c894bc454800817b1747c8a1a640ae6d86004b06190f94e791098e7e78dbbc00 AS build-env # copy ergo source WORKDIR /go/src/github.com/ergochat/ergo @@ -15,34 +14,33 @@ RUN sed -i 's/^\(\s*\)\"127.0.0.1:6667\":.*$/\1":6667":/' /go/src/github.com/erg # compile RUN make install +## tmp container for collecting files +FROM scratch AS tmp + +# collect all files +COPY --from=build-env /root/go/bin/ergo \ + /go/src/github.com/ergochat/ergo/default.yaml \ + /go/src/github.com/ergochat/ergo/distrib/docker/run.sh \ + /ircd-bin/ +COPY --from=build-env /go/src/github.com/ergochat/ergo/languages /ircd-bin/languages/ +COPY --from=build-env /go/src/github.com/ergochat/ergo/ergo.motd /ircd/ergo.motd + ## build ergo container -FROM docker.io/alpine:3.13 +FROM cgr.dev/chainguard/busybox:latest-glibc@sha256:f5f11a14dda5355dff116219302d45f1a4fd018285c8922cf848a9b24cae1f3d AS runtime # metadata -LABEL maintainer="Daniel Oaks ,Daniel Thamdrup " \ +LABEL maintainer="Daniel Oaks ,Daniel Thamdrup " \ description="Ergo is a modern, experimental IRC server written in Go" # standard ports listened on EXPOSE 6667/tcp 6697/tcp # ergo itself -COPY --from=build-env /go/bin/ergo \ - /go/src/github.com/ergochat/ergo/default.yaml \ - /go/src/github.com/ergochat/ergo/distrib/docker/run.sh \ - /ircd-bin/ -COPY --from=build-env /go/src/github.com/ergochat/ergo/languages /ircd-bin/languages/ +COPY --from=tmp --chown=nonroot:nonroot / / # running volume holding config file, db, certs VOLUME /ircd WORKDIR /ircd -# default motd -COPY --from=build-env /go/src/github.com/ergochat/ergo/ergo.motd /ircd/ergo.motd - # launch ENTRYPOINT ["/ircd-bin/run.sh"] - -# # uncomment to debug -# RUN apk add --no-cache bash -# RUN apk add --no-cache vim -# CMD /bin/bash