✨ Add sigma builder to image (#201)

go-sigma · Oct 8, 2023 · db1843f · db1843f
1 parent 36ac77a
commit db1843f
Show file tree

Hide file tree

Showing 6 changed files with 40 additions and 75 deletions.
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
@@ -26,7 +26,8 @@ jobs:
           sudo service docker restart
           echo $DOCKER_HOST
 
-          make docker-build
+          docker buildx create --use
+          docker buildx build -f build/Dockerfile --platform linux/amd64 --progress plain --output type=docker,dest=- -t sigma:latest . | docker load
       - name: Run sigma
         run: |
           docker run --name sigma -v /var/run/docker.sock:/var/run/docker.sock -d -p 3000:3000 sigma:latest

diff --git a/Makefile b/Makefile
@@ -1,26 +1,26 @@
-GOCMD            = go
-GOTEST           = $(GOCMD) test
-GOVET            = $(GOCMD) vet
-BINARY_NAME      = sigma
-VERSION         ?= 0.0.0
-SERVICE_PORT    ?= 3000
-DOCKER_REGISTRY ?= #if set it should finished by /
-EXPORT_RESULT   ?= false # for CI please set EXPORT_RESULT to true
-
-MIGRATION_NAME  ?=
-
-SHELL           := /bin/bash
-
-GREEN           := $(shell tput -Txterm setaf 2)
-YELLOW          := $(shell tput -Txterm setaf 3)
-WHITE           := $(shell tput -Txterm setaf 7)
-CYAN            := $(shell tput -Txterm setaf 6)
-RESET           := $(shell tput -Txterm sgr0)
-
-GOLDFLAGS       += -X github.com/go-sigma/sigma/cmd.version=$(shell git describe --tags --dirty --always)
-GOLDFLAGS       += -X github.com/go-sigma/sigma/cmd.buildDate=$(shell date -u '+%Y-%m-%dT%H:%M:%SZ')
-GOLDFLAGS       += -X github.com/go-sigma/sigma/cmd.gitHash=$(shell git rev-parse --short HEAD)
-GOFLAGS          = -ldflags '-s -w $(GOLDFLAGS)'
+GOCMD             = go
+GOTEST            = $(GOCMD) test
+GOVET             = $(GOCMD) vet
+BINARY_NAME       = sigma
+VERSION          ?= 0.0.0
+SERVICE_PORT     ?= 3000
+DOCKER_REGISTRY  ?= docker.io/tosone
+DOCKER_PLATFORMS ?= linux/amd64,linux/arm64
+
+MIGRATION_NAME   ?=
+
+SHELL            := /bin/bash
+
+GREEN            := $(shell tput -Txterm setaf 2)
+YELLOW           := $(shell tput -Txterm setaf 3)
+WHITE            := $(shell tput -Txterm setaf 7)
+CYAN             := $(shell tput -Txterm setaf 6)
+RESET            := $(shell tput -Txterm sgr0)
+
+GOLDFLAGS        += -X github.com/go-sigma/sigma/cmd.version=$(shell git describe --tags --dirty --always)
+GOLDFLAGS        += -X github.com/go-sigma/sigma/cmd.buildDate=$(shell date -u '+%Y-%m-%dT%H:%M:%SZ')
+GOLDFLAGS        += -X github.com/go-sigma/sigma/cmd.gitHash=$(shell git rev-parse --short HEAD)
+GOFLAGS           = -ldflags '-s -w $(GOLDFLAGS)'
 
 .PHONY: all test build vendor
 
@@ -48,27 +48,6 @@ clean: ## Remove build related file
 vendor: ## Copy of all packages needed to support builds and tests in the vendor directory
 	@$(GOCMD) mod tidy && $(GOCMD) mod vendor
 
-watch: ## Run the code with cosmtrek/air to have automatic reload on changes
-	$(eval PACKAGE_NAME=$(shell head -n 1 go.mod | cut -d ' ' -f2))
-	docker run -it --rm -w /go/src/$(PACKAGE_NAME) -v $(shell pwd):/go/src/$(PACKAGE_NAME) -p $(SERVICE_PORT):$(SERVICE_PORT) cosmtrek/air
-
-## Test:
-test: ## Run the tests of the project
-ifeq ($(EXPORT_RESULT), true)
-	GO111MODULE=off go get -u github.com/jstemmer/go-junit-report
-	$(eval OUTPUT_OPTIONS = | tee /dev/tty | go-junit-report -set-exit-code > junit-report.xml)
-endif
-	$(GOTEST) -v -race ./... $(OUTPUT_OPTIONS)
-
-coverage: ## Run the tests of the project and export the coverage
-	$(GOTEST) -cover -covermode=count -coverprofile=profile.cov ./...
-	$(GOCMD) tool cover -func profile.cov
-ifeq ($(EXPORT_RESULT), true)
-	GO111MODULE=off go get -u github.com/AlekSi/gocov-xml
-	GO111MODULE=off go get -u github.com/axw/gocov/gocov
-	gocov convert profile.cov | gocov-xml > coverage.xml
-endif
-
 ## Lint:
 lint: lint-go lint-dockerfile lint-yaml ## Run all available linters
 
@@ -94,23 +73,16 @@ endif
 
 ## Docker:
 docker-build: ## Use the dockerfile to build the container
-	docker build -f build/Dockerfile --rm --tag $(BINARY_NAME) .
+	docker buildx build -f build/Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=image,name=$(DOCKER_REGISTRY)/$(BINARY_NAME):latest,push=true .
 
 docker-build-local: build-linux ## Build the container with the local binary
-	docker build -f build/Dockerfile.local --rm --tag $(BINARY_NAME) .
+	docker buildx build -f build/Dockerfile.local --platform $(DOCKER_PLATFORMS) --progress plain --output type=image,name=$(DOCKER_REGISTRY)/$(BINARY_NAME):latest,push=true .
 
 docker-build-builder: ## Build the dev container
-	docker build -f build/Dockerfile.builder --rm --tag $(BINARY_NAME)-builder .
+	docker buildx build -f build/Dockerfile.builder --platform $(DOCKER_PLATFORMS) --progress plain --output type=image,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-builder:latest,push=true .
 
 docker-build-builder-local: build-builder-linux # Build sigma builder image
-	docker build -f build/Dockerfile.builder.local --rm --tag $(BINARY_NAME)-builder .
-
-docker-release: ## Release the container with tag latest and version
-	docker tag $(BINARY_NAME) $(DOCKER_REGISTRY)$(BINARY_NAME):latest
-	docker tag $(BINARY_NAME) $(DOCKER_REGISTRY)$(BINARY_NAME):$(VERSION)
-	# Push the docker images
-	docker push $(DOCKER_REGISTRY)$(BINARY_NAME):latest
-	docker push $(DOCKER_REGISTRY)$(BINARY_NAME):$(VERSION)
+	docker buildx build -f build/Dockerfile.builder.local --platform $(DOCKER_PLATFORMS) --progress plain --output type=image,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-builder:latest,push=true .
 
 ## Format:
 format: sql-format

diff --git a/build/Dockerfile b/build/Dockerfile
@@ -15,7 +15,7 @@ RUN set -eux && yarn install --frozen-lockfile && yarn build
 FROM alpine:${ALPINE_VERSION} as syft
 
 ARG SYFT_VERSION=0.88.0
-ARG TARGETARCH=amd64
+ARG TARGETARCH
 
 RUN set -eux && \
   apk add --no-cache wget && \
@@ -28,7 +28,7 @@ FROM alpine:${ALPINE_VERSION} as trivy
 
 ARG TRIVY_VERSION=0.44.1
 ARG ORAS_VERSION=1.0.0
-ARG TARGETARCH=amd64
+ARG TARGETARCH
 
 RUN set -eux && \
   apk add --no-cache wget && \
@@ -61,7 +61,7 @@ COPY --from=web-builder /web/dist /go/src/github.com/go-sigma/sigma/web/dist
 
 WORKDIR /go/src/github.com/go-sigma/sigma
 
-RUN make build
+RUN --mount=type=cache,target=/root/.cache/go-build make all
 
 FROM alpine:${ALPINE_VERSION}
 
@@ -70,5 +70,6 @@ COPY --from=trivy /usr/local/bin/trivy /usr/local/bin/trivy
 COPY --from=trivy /opt/trivy/trivy.db /opt/trivy/db/trivy.db
 COPY ./conf/config.yaml /etc/sigma/config.yaml
 COPY --from=builder /go/src/github.com/go-sigma/sigma/bin/sigma /usr/local/bin/sigma
+COPY --from=builder /go/src/github.com/go-sigma/sigma/bin/sigma-builder /usr/local/bin/sigma-builder
 
 CMD ["sigma", "server"]
diff --git a/build/Dockerfile.builder b/build/Dockerfile.builder
@@ -7,7 +7,6 @@ COPY . /go/src/github.com/go-sigma/sigma
 WORKDIR /go/src/github.com/go-sigma/sigma
 
 RUN set -eux && \
-  sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories && \
   apk add --no-cache make bash ncurses build-base git git-lfs
 
 RUN make build-builder
@@ -16,7 +15,6 @@ FROM moby/buildkit:v0.12.2-rootless
 
 USER root
 RUN set -eux && \
-  sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories && \
   apk add --no-cache git-lfs && \
   mkdir -p /code/ && \
   chown -R 1000:1000 /opt/ && \

diff --git a/build/Dockerfile.debian b/build/Dockerfile.debian
@@ -16,7 +16,7 @@ RUN set -eux && yarn install --frozen-lockfile && yarn build
 FROM alpine:${ALPINE_VERSION} as syft
 
 ARG SYFT_VERSION=0.88.0
-ARG TARGETARCH=amd64
+ARG TARGETARCH
 
 RUN set -eux && \
   apk add --no-cache wget && \
@@ -29,7 +29,7 @@ FROM alpine:${ALPINE_VERSION} as trivy
 
 ARG TRIVY_VERSION=0.44.1
 ARG ORAS_VERSION=1.0.0
-ARG TARGETARCH=amd64
+ARG TARGETARCH
 
 RUN set -eux && \
   apk add --no-cache wget && \
@@ -67,12 +67,10 @@ COPY --from=web-builder /web/dist /go/src/github.com/go-sigma/sigma/web/dist
 
 WORKDIR /go/src/github.com/go-sigma/sigma
 
-RUN make build
+RUN --mount=type=cache,target=/root/.cache/go-build make all
 
 FROM debian:${DEBIAN_VERSION}
 
-ARG TARGETARCH=amd64
-
 RUN set -eux && \
   apt-get update && \
 	apt-get install -y --no-install-recommends \
@@ -89,5 +87,6 @@ COPY --from=trivy /usr/local/bin/trivy /usr/local/bin/trivy
 COPY --from=trivy /opt/trivy/trivy.db /opt/trivy/db/trivy.db
 COPY ./conf/config.yaml /etc/sigma/config.yaml
 COPY --from=builder /go/src/github.com/go-sigma/sigma/bin/sigma /usr/local/bin/sigma
+COPY --from=builder /go/src/github.com/go-sigma/sigma/bin/sigma-builder /usr/local/bin/sigma-builder
 
 CMD ["sigma", "server"]
diff --git a/build/Dockerfile.local b/build/Dockerfile.local
@@ -3,7 +3,7 @@ ARG ALPINE_VERSION=3.18
 FROM alpine:${ALPINE_VERSION} as syft
 
 ARG SYFT_VERSION=0.88.0
-ARG TARGETARCH=amd64
+ARG TARGETARCH
 
 RUN set -eux && \
   apk add --no-cache wget && \
@@ -16,7 +16,7 @@ FROM alpine:${ALPINE_VERSION} as trivy
 
 ARG TRIVY_VERSION=0.44.1
 ARG ORAS_VERSION=1.0.0
-ARG TARGETARCH=amd64
+ARG TARGETARCH
 
 RUN set -eux && \
   apk add --no-cache wget && \
@@ -41,18 +41,12 @@ RUN set -eux && \
 
 FROM alpine:${ALPINE_VERSION}
 
-RUN set -eux && \
-  apk add --no-cache redis yq
-
 COPY --from=syft /usr/local/bin/syft /usr/local/bin/syft
 COPY --from=trivy /usr/local/bin/trivy /usr/local/bin/trivy
 COPY --from=trivy /opt/trivy/trivy.db /opt/trivy/db/trivy.db
 COPY --from=trivy /opt/trivy/metadata.json /opt/trivy/db/metadata.json
-COPY ./conf/redis.conf /etc/sigma/redis.conf
 COPY ./conf/config.yaml /etc/sigma/config.yaml
-COPY ./build/entrypoint.sh /entrypoint.sh
 COPY ./bin/sigma /usr/local/bin/sigma
-
-ENTRYPOINT ["/entrypoint.sh"]
+COPY ./bin/sigma-builder /usr/local/bin/sigma-builder
 
 CMD ["sigma", "server"]