feat(Docker): build image for ghcr

.github/pull_request_template.md

@@ -1,7 +1,16 @@
-# Split Synchronizer
+### JIRA
 
-## What did you accomplish?
+[](https://mailgun.atlassian.net/browse/)
 
-## How do we test the changes introduced in this PR?
+### Features
 
-## Extra Notes
+- Include a list of significant changes included in this pull request
+
+### Testing
+
+Description of tested feature
+
+- Steps:
+  - Step one
+  - Step two
+  - ...

.github/workflows/docker.yml

@@ -1,4 +1,4 @@
-name: docker
+name: Build proxy docker image
 
 on:
   push:
@@ -16,82 +16,46 @@ jobs:
   docker:
     name: Build Docker image
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        app:
-          - synchronizer
-          - proxy
-        fips_mode:
-          - enabled
-          - disabled
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-
-      - name: Setup QEMU
-        uses: docker/setup-qemu-action@v3
-        with:
-          platforms: amd64,arm64
-
+      # Create a build container which buildx will u
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-
-      - name: Login to Artifactory
-        if: ${{ github.event_name == 'push' }}
-        uses: docker/login-action@v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
         with:
-          registry: splitio-docker.jfrog.io
-          username: ${{ secrets.ARTIFACTORY_DOCKER_USER }}
-          password: ${{ secrets.ARTIFACTORY_DOCKER_PASS }}
-
-      - name: Get version
-        run: echo "VERSION=$(awk '/^const Version/{gsub(/"/, "", $4); print $4}' splitio/version.go)" >> $GITHUB_ENV
-
-      - name: Docker Build and Push
-        uses: docker/build-push-action@v5
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.CI_PAT }}
+      - name: Setup Docker layer Cache
+        uses: actions/cache@v3
         with:
-          context: .
-          file: docker/Dockerfile.${{ matrix.app }}
-          push: ${{ github.event_name == 'push' }}
-          platforms: linux/amd64,linux/arm64
-          tags: splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}}:${{ env.VERSION }},splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || '' }}:latest
-          build-args: |
-            FIPS_MODE=${{ matrix.fips_mode }}
-
-  lacework:
-    name: Scan Docker image
-    if: ${{ github.event_name == 'pull_request' }}
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        app:
-          - synchronizer
-          - proxy
-        fips_mode:
-          - enabled
-          - disabled
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Get version
-        run: echo "VERSION=$(awk '/^const Version/{gsub(/"/, "", $4); print $4}' splitio/version.go)" >> $GITHUB_ENV
-
-      - name: Docker Build and Push
-        uses: docker/build-push-action@v5
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-docker-${{ github.event.number }}
+          restore-keys:
+            ${{ runner.os }}-docker-
+            # Start dependent services in containers, NOTE: Some services might not
+      # have external dependencies so this action might need to be removed.
+      - name: Docker Compose
+        run: docker compose up -d --wait --quiet-pull
+      # Automagically extract useful information from the current github context and creates
+      # a set of labels for use by build-push-action to be attached to the final image.
+      - name: Extract Metadata for Docker
+        uses: docker/metadata-action@v4
         with:
-          context: .
-          file: docker/Dockerfile.${{ matrix.app }}
-          push: false
-          tags: splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}}:${{ env.VERSION }}
-          build-args: |
-            FIPS_MODE=${{ matrix.fips_mode }}
-
-      - name: Scan container using Lacework
-        uses: lacework/[email protected]
+          images: ${{ github.repository }}
+        id: meta
+      - name: Build and push
+        uses: docker/build-push-action@v2
         with:
-          LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }}
-          LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }}
-          IMAGE_NAME: splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}}
-          IMAGE_TAG: ${{ env.VERSION }}
-          SAVE_RESULTS_IN_LACEWORK: true
+          context: .
+          file: docker/Dockerfile.proxy
+          tags: ghcr.io/${{ github.repository }}:PR${{ github.event.number }}
+          # We use local cache type, so we can clean up the cache
+          # https://github.com/docker/build-push-action/blob/master/docs/advanced/cache.md#local-cache
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new
+          ssh: default=/tmp/ssh_agent.sock
+          labels: ${{ steps.meta.outputs.labels }}
+          push: true

.github/workflows/test.yml

@@ -23,29 +23,10 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version: '^1.13.1'
+          go-version: "^1.13.1"
 
       - name: Get version
         run: echo "VERSION=$(awk '/^const Version/{gsub(/"/, "", $4); print $4}' splitio/version.go)" >> $GITHUB_ENV
 
       - name: Run test
         run: make test_coverage
-
-      - name: Create build folder
-        run: mkdir -p build
-
-      - name: Build assets
-        run: make release_assets
-
-      - name: SonarQube Scan (Pull Request)
-        uses: SonarSource/sonarcloud-github-action@v2
-        env:
-          SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
-        with:
-          projectBaseDir: .
-          args: >
-            -Dsonar.host.url=${{ secrets.SONARQUBE_HOST }}
-            -Dsonar.projectVersion=${{ env.VERSION }}
-            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
-            -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }}
-            -Dsonar.pullrequest.base=${{ github.event.pull_request.base.ref }}

docker/Dockerfile.proxy

@@ -1,8 +1,7 @@
 # Build stage
-FROM golang:1.22.5-bookworm AS builder
+FROM ghcr.io/mailgun/gobuild:latest AS deps
 
 ARG EXTRA_BUILD_ARGS
-ARG FIPS_MODE
 
 RUN apt update -y
 RUN apt install -y build-essential ca-certificates python3 git
@@ -11,13 +10,23 @@ WORKDIR /code
 
 COPY . .
 
-RUN bash -c 'if [[ "${FIPS_MODE}" = "enabled" ]]; \
-    then echo "building in fips mode"; make clean split-proxy-fips entrypoints EXTRA_BUILD_ARGS="${EXTRA_BUILD_ARGS}"; mv split-proxy-fips split-proxy; \
-    else echo "building in standard mode"; make clean split-proxy entrypoints EXTRA_BUILD_ARGS="${EXTRA_BUILD_ARGS}"; \
-    fi'
+RUN bash -c 'make clean split-proxy entrypoints EXTRA_BUILD_ARGS="${EXTRA_BUILD_ARGS}"'
+
+FROM deps as check
+RUN --mount=type=bind,target=/go/src,rw \
+    go fmt ./... && \
+    go vet ./... 
+
+# Build cmds
+FROM check as build
+RUN --mount=type=bind,target=/go/src,rw \
+    go version && \
+    CGO_ENABLED=0 go install -a -v ./...
 
 # Runner stage
-FROM debian:12.6 AS runner
+# Build docker image, leaving behind everything we don’t want in the final image.
+FROM ghcr.io/mailgun/gobase:latest
+COPY --from=build /go/bin/* /go/bin/
 
 RUN apt update -y
 RUN apt install -y bash ca-certificates
@@ -33,11 +42,10 @@ RUN adduser \
 
 COPY docker/functions.sh .
 
-COPY --from=builder /code/split-proxy /usr/bin/
-COPY --from=builder /code/entrypoint.proxy.sh .
+COPY --from=build /code/split-proxy /usr/bin/
+COPY --from=build /code/entrypoint.proxy.sh .
 
 EXPOSE 3000 3010
 
 USER 'split-proxy'
 
-ENTRYPOINT ["bash", "entrypoint.proxy.sh"]