Merge pull request #7 from jr200/feature/minimise_image

reduce docker image size

.github/workflows/build_docker_image.yml

@@ -104,6 +104,7 @@ jobs:
           platforms: ${{ matrix.platform }}
           labels: ${{ steps.meta.outputs.labels }}
           outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
+          file: docker/Dockerfile
           context: .
           provenance: false
           # tags: ${{ steps.meta.outputs.tags }}

Makefile

@@ -43,9 +43,16 @@ OUT_DIR := ./dist
 
 .DEFAULT_GOAL := all
 
+ifneq ($(wildcard ./private/charts/nats-iam-broker),)
+VALUES_PATH := ./private/charts/nats-iam-broker/values.yaml
+else
+VALUES_PATH := ./charts/nats-iam-broker/values.yaml
+endif
+
+
 DOCKER_REGISTRY ?= ghcr.io/jr200
 IMAGE_NAME ?= nats-iam-broker
-
+K8S_NAMESPACE ?= nats-iam-broker
 
 ################################################################################
 # Target: all                                                                  #
@@ -75,12 +82,13 @@ build:
 
 
 ################################################################################
-# Target: docker-build-example                                                 #
+# Target: docker-build                                                 #
 ################################################################################
-.PHONY: docker-build-example
-docker-build-example:
-	docker build \
-		-f Dockerfile \
+.PHONY: docker-build
+docker-build:
+	podman build \
+	    --layers \
+		-f docker/Dockerfile.example \
 		--build-arg GOOS=linux --build-arg GOARCH=amd64 \
 		-t nats-iam-broker:debug \
 		.
@@ -91,34 +99,35 @@ docker-build-example:
 .PHONY: chart-deps
 chart-deps:
 	helm dependency build charts/nats-iam-broker --skip-refresh
+	kubectl create namespace $(K8S_NAMESPACE) || echo "OK"
 
 ################################################################################
 # Target: helm chart install
 ################################################################################
 .PHONY: chart-install
 chart-install: chart-deps
-	helm uninstall nats-iam-broker || echo "OK"
-	helm upgrade nats-iam-broker charts/nats-iam-broker \
+	helm upgrade -n $(K8S_NAMESPACE)  nats-iam-broker charts/nats-iam-broker \
 		--install \
 		--set vault-actions.bootstrapToken=$(VAULT_TOKEN) \
-		-f charts/nats-iam-broker/values.yaml
+		-f $(VALUES_PATH)
 
 ################################################################################
 # Target: helm template
 ################################################################################
 .PHONY: chart-template
 chart-template: chart-deps
-	helm template nats-iam-broker charts/nats-iam-broker \
+	helm template -n $(K8S_NAMESPACE)  nats-iam-broker charts/nats-iam-broker \
 		--set vault-actions.bootstrapToken=$(VAULT_TOKEN) \
-		-f charts/nats-iam-broker/values.yaml
+		-f $(VALUES_PATH)
 
 ################################################################################
 # Target: helm template
 ################################################################################
 .PHONY: chart-dry-run
 chart-dry-run:
 	helm install \
-		-f charts/nats-iam-broker/values.yaml \
+		-n $(K8S_NAMESPACE) 
+		-f $(VALUES_PATH) \
 		--generate-name \
 		--dry-run \
 		--debug \
@@ -129,19 +138,19 @@ chart-dry-run:
 # Target: example-shell                                                        #
 ################################################################################
 .PHONY: example-shell
-example-shell: docker-build-example
+example-shell: docker-build
 	docker run --rm -it --entrypoint bash nats-iam-broker:debug
 
 ################################################################################
 # Target: example-basic                                                        #
 ################################################################################
 .PHONY: example-basic
-example-basic: docker-build-example
+example-basic: docker-build
 	docker run --rm --entrypoint examples/basic/run.sh nats-iam-broker:debug -log-human -log=info
 
 ################################################################################
 # Target: example-rgb_org                                                      #
 ################################################################################
 .PHONY: example-rgb_org
-example-rgb_org: docker-build-example
+example-rgb_org: docker-build
 	docker run --rm --entrypoint examples/rgb_org/run.sh nats-iam-broker:debug -log-human -log=info

charts/nats-iam-broker/Chart.yaml

@@ -21,7 +21,7 @@ version: 0.1.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "v0.1.3"
+appVersion: "v0.1.4"
 
 dependencies:
   - name: vault-actions

docker/Dockerfile

@@ -0,0 +1,34 @@
+ARG GOVERSION=1.22
+FROM golang:${GOVERSION}-alpine AS builder
+
+ARG GOARCH
+ARG GOOS
+
+RUN apk update && apk add --no-cache git bash curl jq make
+
+RUN go install github.com/nats-io/nats-server/[email protected]
+RUN go install github.com/nats-io/natscli/[email protected]
+RUN go install github.com/nats-io/nsc/[email protected]
+
+WORKDIR /usr/src/app
+
+COPY . .
+
+RUN make build && \
+    ln -s /usr/src/app/build/nats-iam-broker-${GOOS}-${GOARCH} /usr/local/bin/nats-iam-broker && \
+    ln -s /usr/src/app/build/test-client-${GOOS}-${GOARCH} /usr/local/bin/test-client
+
+# minimal container
+FROM alpine:3
+
+LABEL org.opencontainers.image.source="https://github.com/jr200/nats-iam-broker"
+LABEL org.opencontainers.image.description="nats-iam-broker runtime stage"
+
+RUN apk add --no-cache bash
+
+WORKDIR /usr/src/app
+
+COPY --from=builder /usr/local/bin/nats-iam-broker /usr/local/bin/nats-iam-broker
+COPY --from=builder /usr/local/bin/test-client /usr/local/bin/test-client
+
+ENTRYPOINT ["bash"]

docker/Dockerfile.example

@@ -0,0 +1,44 @@
+ARG GOVERSION=1.22
+FROM golang:${GOVERSION}-alpine AS builder
+
+ARG GOARCH
+ARG GOOS
+
+RUN apk update && apk add --no-cache git bash curl jq make
+
+RUN go install github.com/nats-io/nats-server/[email protected]
+RUN go install github.com/nats-io/natscli/[email protected]
+RUN go install github.com/nats-io/nsc/[email protected]
+
+WORKDIR /usr/src/app
+
+COPY . .
+
+RUN make build && \
+    ln -s /usr/src/app/build/nats-iam-broker-${GOOS}-${GOARCH} /usr/local/bin/nats-iam-broker && \
+    ln -s /usr/src/app/build/test-client-${GOOS}-${GOARCH} /usr/local/bin/test-client
+
+# minimal container
+FROM alpine:3
+
+
+LABEL org.opencontainers.image.source="https://github.com/jr200/nats-iam-broker"
+LABEL org.opencontainers.image.description="nats-iam-broker runtime stage"
+
+RUN apk add --no-cache bash curl jq && \
+    apk add --no-cache --update ca-certificates
+
+WORKDIR /usr/src/app
+
+COPY --from=builder /usr/local/bin/nats-iam-broker /usr/local/bin/nats-iam-broker
+COPY --from=builder /usr/local/bin/test-client /usr/local/bin/test-client
+
+# for example programs
+COPY --from=builder /go/bin/nsc /bin/nsc
+COPY --from=builder /go/bin/nats /bin/nats
+COPY --from=builder /go/bin/nats-server /bin/nats-server
+COPY --from=builder /usr/src/app/configs /usr/src/app/configs
+COPY --from=builder /usr/src/app/examples /usr/src/app/examples
+COPY --from=builder /usr/src/app/scripts /usr/src/app/scripts
+
+ENTRYPOINT ["bash"]

go.mod

@@ -4,35 +4,36 @@ go 1.22
 
 require (
 	github.com/coreos/go-oidc/v3 v3.11.0
+	github.com/go-playground/validator v9.31.0+incompatible
 	github.com/nats-io/jwt/v2 v2.5.8
-	github.com/nats-io/nats.go v1.36.0
+	github.com/nats-io/nats.go v1.37.0
 	github.com/nats-io/nkeys v0.4.7
 	github.com/rs/zerolog v1.33.0
 	go.uber.org/config v1.4.0
+	gopkg.in/yaml.v2 v2.4.0
 )
 
 require (
-	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.5 // indirect
 	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator v9.31.0+incompatible // indirect
 	github.com/go-playground/validator/v10 v10.22.0 // indirect
 	github.com/klauspost/compress v1.17.9 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
+	github.com/kr/text v0.2.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.25.0 // indirect
+	golang.org/x/crypto v0.26.0 // indirect
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
-	golang.org/x/net v0.27.0 // indirect
+	golang.org/x/net v0.28.0 // indirect
 	golang.org/x/oauth2 v0.22.0 // indirect
-	golang.org/x/sys v0.23.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
-	golang.org/x/tools v0.23.0 // indirect
+	golang.org/x/sys v0.24.0 // indirect
+	golang.org/x/text v0.17.0 // indirect
+	golang.org/x/tools v0.24.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 )

go.sum

@@ -8,6 +8,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
 github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
+github.com/gabriel-vasile/mimetype v1.4.5 h1:J7wGKdGu33ocBOhGy0z653k/lFKLFDPJMG8Gql0kxn4=
+github.com/gabriel-vasile/mimetype v1.4.5/go.mod h1:ibHel+/kbxn9x2407k1izTA1S81ku1z/DlgOW2QE0M4=
 github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
 github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
@@ -45,6 +47,8 @@ github.com/nats-io/jwt/v2 v2.5.8 h1:uvdSzwWiEGWGXf+0Q+70qv6AQdvcvxrv9hPM0RiPamE=
 github.com/nats-io/jwt/v2 v2.5.8/go.mod h1:ZdWS1nZa6WMZfFwwgpEaqBV8EPGVgOTDHN/wTbz0Y5A=
 github.com/nats-io/nats.go v1.36.0 h1:suEUPuWzTSse/XhESwqLxXGuj8vGRuPRoG7MoRN/qyU=
 github.com/nats-io/nats.go v1.36.0/go.mod h1:Ubdu4Nh9exXdSz0RVWRFBbRfrbSxOYd26oF0wkWclB8=
+github.com/nats-io/nats.go v1.37.0 h1:07rauXbVnnJvv1gfIyghFEo6lUcYRY0WXc3x7x0vUxE=
+github.com/nats-io/nats.go v1.37.0/go.mod h1:Ubdu4Nh9exXdSz0RVWRFBbRfrbSxOYd26oF0wkWclB8=
 github.com/nats-io/nkeys v0.4.7 h1:RwNJbbIdYCoClSDNY7QVKZlyb/wfT6ugvFCiKy6vDvI=
 github.com/nats-io/nkeys v0.4.7/go.mod h1:kqXRgRDPlGy7nGaEDMuYzmiJCIAAWDK0IMBtDmGD0nc=
 github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
@@ -77,6 +81,8 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
 golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
+golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
+golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug=
 golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
@@ -89,6 +95,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
 golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
+golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
+golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
 golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
 golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -101,10 +109,14 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
 golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
+golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
+golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
@@ -114,6 +126,8 @@ golang.org/x/tools v0.0.0-20191104232314-dc038396d1f0/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
 golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
+golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24=
+golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=