Try publishing static binaries as distroless containers

Signed-off-by: Vasyl Gello <vasek.gello@gmail.com>
2025-04-27 13:45:07 +03:00 · 2024-07-25 10:17:05 +03:00 · 2024-07-25 10:17:05 +03:00 · 3be03c793f
commit 3be03c793f
parent b534d1205e
2 changed files with 36 additions and 6 deletions
--- a/.github/workflows/trunk.yml
+++ b/.github/workflows/trunk.yml
@ -10,6 +10,7 @@ concurrency:

 permissions:
  contents: write
+  packages: write

 jobs:
  build:
@ -19,12 +20,12 @@ jobs:
    name: Build Windows/Linux/MacOS/FreeBSD/Android
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
        with:
          go-version: "1.21"

@ -100,6 +101,7 @@ jobs:
          #
          echo "::group::yggstack-linux-i386-static"
          CGO_ENABLED=0 GOOS=linux GOARCH=386 ./build -s -o yggstack-linux-i386-static
+          CGO_ENABLED=0 GOOS=linux GOARCH=386 ./build -s -o yggstack-linux-386-static
          ldd yggstack-linux-i386-static || echo "OK"
          echo "::endgroup::"
          #
@ -143,13 +145,13 @@ jobs:
          ldd yggstack-linux-mips64le-static || echo "OK"
          echo "::endgroup::"
          #
-          echo "::group::yggstack-linux-ppc64"
-          CGO_ENABLED=0 GOOS=linux GOARCH=ppc64 ./build -s -o yggstack-linux-ppc64
+          echo "::group::yggstack-linux-ppc64-static"
+          CGO_ENABLED=0 GOOS=linux GOARCH=ppc64 ./build -s -o yggstack-linux-ppc64-static
          ldd yggstack-linux-ppc64-static || echo "OK"
          echo "::endgroup::"
          #
-          echo "::group::yggstack-linux-ppc64le"
-          CGO_ENABLED=0 GOOS=linux GOARCH=ppc64le ./build -s -o yggstack-linux-ppc64le
+          echo "::group::yggstack-linux-ppc64le-static"
+          CGO_ENABLED=0 GOOS=linux GOARCH=ppc64le ./build -s -o yggstack-linux-ppc64le-static
          ldd yggstack-linux-ppc64le-static || echo "OK"
          echo "::endgroup::"
          #
@ -260,3 +262,22 @@ jobs:
          gh release create trunk --prerelease yggstack-* || gh release upload trunk yggstack-* --clobber
        env:
          GH_TOKEN: ${{ github.token }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push yggstack container image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile.static
+          platforms: linux/386, linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/ppc64le, linux/riscv64, linux/s390x
+          push: true
+          tags: ghcr.io/yggdrasil-network/yggstack:trunk
--- a/Dockerfile.static
+++ b/Dockerfile.static
@ -0,0 +1,9 @@
+FROM --platform=linux/amd64 gcr.io/distroless/static
+
+ARG TARGETOS
+ARG TARGETARCH
+ARG TARGETVARIANT
+
+COPY --chown=0:0 --chmod=0755 yggstack-${TARGETOS}-${TARGETARCH}${TARGETVARIANT}-static /bin/yggstack
+
+ENTRYPOINT [ "/bin/yggstack" ]