From d40c5c87f95052ad1c395a6c3e08e1ea4a524899 Mon Sep 17 00:00:00 2001
From: Artem Torubarov <torubarov.a.a@gmail.com>
Date: Wed, 24 Apr 2024 15:07:02 +0200
Subject: [PATCH] kaniko platform

---
 .github/workflows/release.yml | 85 +++++++++++++++++++++++------------
 Dockerfile                    | 14 +++---
 2 files changed, 64 insertions(+), 35 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 948ad41..3e0a51b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,40 +12,67 @@ jobs:
   kaniko:
     strategy:
       matrix:
-        arch: [amd64, arm64]
-        service: [worker, proxy, agent]
+    #     arch: [amd64, arm64]
+        # service: [worker, proxy, agent]
+        service: [ proxy]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - name: docker build and push
-        uses: aevea/action-kaniko@v0.13.0
+    steps:
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Login to Docker Hub
+        uses: docker/login-action@v3
         with:
           registry: harbor.clyso.com
-          username: "${{ secrets.DOCKER_USER }}"
-          password: ${{ secrets.DOCKER_PASSWORD }}
-          image: chorus/${{ matrix.service }}-${{ matrix.arch }}
-          build_file: Dockerfile
-          tag: test2
-          # tag: ${{  github.ref_name }}
-          strip_tag_prefix: v
-          tag_with_latest: false
-          extra_args: "--custom-platform=linux/${{ matrix.arch }} --build-arg GIT_TAG=${{  github.ref_name }} --build-arg GIT_COMMIT=${{ github.sha }} --build-arg SERVICE=${{ matrix.service }} --build-arg GOARCH=${{ matrix.arch }}"
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: chorus/${{ matrix.service }}:test2
+          build-args:
+          - GIT_TAG=${{  github.ref_name }}
+          - GIT_COMMIT=${{ github.sha }} 
+          - SERVICE=${{ matrix.service }} 
+      # - uses: actions/checkout@v3
+      # - name: docker build and push
+      #   uses: aevea/action-kaniko@v0.13.0
+      #   with:
+      #     registry: harbor.clyso.com
+      #     username: "${{ secrets.DOCKER_USER }}"
+      #     password: ${{ secrets.DOCKER_PASSWORD }}
+      #     image: chorus/${{ matrix.service }}-${{ matrix.arch }}
+      #     build_file: Dockerfile
+      #     tag: test2
+      #     # tag: ${{  github.ref_name }}
+      #     strip_tag_prefix: v
+      #     tag_with_latest: false
+      #     extra_args: "--custom-platform=linux/${{ matrix.arch }} --build-arg GIT_TAG=${{  github.ref_name }} --build-arg GIT_COMMIT=${{ github.sha }} --build-arg SERVICE=${{ matrix.service }} --build-arg GOARCH=${{ matrix.arch }}"
   # upload docker manifest to support multi-arch images
-  manifest:
-    needs: kaniko
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        service: [worker, proxy, agent]
-    steps:
-    - name: Push manifest
-      uses: pixelfederation/gh-action-manifest-tool@v0.1.0 #check for latest tag
-      with:
-        username: "${{ secrets.DOCKER_USER }}"
-        password: ${{ secrets.DOCKER_PASSWORD }}
-        platforms: linux/amd64,linux/arm64
-        template: harbor.clyso.com/chorus/${{ matrix.service }}-ARCH:test2
-        target: harbor.clyso.com/chorus/${{ matrix.service }}:test2
+  # manifest:
+  #   needs: kaniko
+  #   runs-on: ubuntu-latest
+  #   strategy:
+  #     matrix:
+  #       service: [worker, proxy, agent]
+  #   steps:
+  #   - name: Push manifest
+  #     uses: pixelfederation/gh-action-manifest-tool@v0.1.0 #check for latest tag
+  #     with:
+  #       username: "${{ secrets.DOCKER_USER }}"
+  #       password: ${{ secrets.DOCKER_PASSWORD }}
+  #       platforms: linux/amd64,linux/arm64
+  #       template: harbor.clyso.com/chorus/${{ matrix.service }}-ARCH:test2
+  #       target: harbor.clyso.com/chorus/${{ matrix.service }}:test2
         # template: harbor.clyso.com/chorus/${{ matrix.service }}-ARCH:${{  github.ref_name }}
         # target: harbor.clyso.com/chorus/${{ matrix.service }}:${{  github.ref_name }}
     # - name: Tag latest
diff --git a/Dockerfile b/Dockerfile
index 72278d8..d4a1e2d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,5 @@
-FROM --platform=$BUILDPLATFORM golang:1.21 as builder
+FROM golang:1.21 as builder
+# FROM --platform=$BUILDPLATFORM golang:1.21 as builder
 ARG GIT_COMMIT='not set'
 ARG GIT_TAG=development
 ENV GIT_COMMIT=$GIT_COMMIT
@@ -15,17 +16,18 @@ COPY . .
 
 ARG GOOS=linux
 # amd64| arm64
-ARG GOARCH=amd64 
-ENV GOARCH=$GOARCH
+# ARG GOARCH=amd64 
 # worker|proxy|agent
 ARG SERVICE=worker
 
-RUN CGO_ENABLED=0 GO111MODULE=on GOOS=$GOOS GOARCH=$GOARCH go build -ldflags="-X 'main.version=$GIT_TAG' -X 'main.commit=$GIT_COMMIT'" -o chorus ./cmd/${SERVICE}
+RUN CGO_ENABLED=0 GO111MODULE=on GOOS=$GOOS GOARCH=${TARGETARCH} go build -ldflags="-X 'main.version=$GIT_TAG' -X 'main.commit=$GIT_COMMIT'" -o chorus ./cmd/${SERVICE}
 
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM --platform=$TARGETPLATFORM scratch
+FROM gcr.io/distroless/static:nonroot
+# FROM --platform=$TARGETPLATFORM gcr.io/distroless/static:nonroot
+USER nonroot:nonroot
 WORKDIR /bin
 
-COPY --from=builder /build/chorus chorus
+COPY --chown=nonroot:nonroot --from=builder /build/chorus chorus
 
 CMD ["chorus"]