From b2b7183a8fe189f9ffd7d4c42f8081090f76ba2d Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Sat, 19 Jul 2025 04:57:42 +0000 Subject: [PATCH 1/5] chore: set up docker buildx bake Closes #417 Closes #584 Closes #658 Closes #630 Signed-off-by: Xe Iaso --- .dockerignore | 25 +++++++++++++++ .github/workflows/docker-pr.yml | 57 ++++++++------------------------- .github/workflows/docker.yml | 56 ++++++-------------------------- docker-bake.hcl | 33 +++++++++++++++++++ docker/anubis.Dockerfile | 54 +++++++++++++++++++++++++++++++ 5 files changed, 135 insertions(+), 90 deletions(-) create mode 100644 .dockerignore create mode 100644 docker-bake.hcl create mode 100644 docker/anubis.Dockerfile diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..24189948 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,25 @@ +.env +*.deb +*.rpm + +# Additional package locks +pnpm-lock.yaml +yarn.lock + +# Go binaries and test artifacts +main +*.test + +node_modules + +# MacOS +.DS_store + +# Intellij +.idea + +# how does this get here +doc/VERSION + +web/static/js/* +!web/static/js/.gitignore \ No newline at end of file diff --git a/.github/workflows/docker-pr.yml b/.github/workflows/docker-pr.yml index 12fc6512..758d8086 100644 --- a/.github/workflows/docker-pr.yml +++ b/.github/workflows/docker-pr.yml @@ -2,7 +2,7 @@ name: Docker image builds (pull requests) on: pull_request: - branches: [ "main" ] + branches: ["main"] env: DOCKER_METADATA_SET_OUTPUT_ENV: "true" @@ -11,7 +11,7 @@ permissions: contents: read jobs: - build: + buildx-bake: runs-on: ubuntu-24.04 steps: - name: Checkout code @@ -21,48 +21,17 @@ jobs: fetch-depth: 0 persist-credentials: false - - name: Set up Homebrew - uses: Homebrew/actions/setup-homebrew@main - - - name: Setup Homebrew cellar cache - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 - with: - path: | - /home/linuxbrew/.linuxbrew/Cellar - /home/linuxbrew/.linuxbrew/bin - /home/linuxbrew/.linuxbrew/etc - /home/linuxbrew/.linuxbrew/include - /home/linuxbrew/.linuxbrew/lib - /home/linuxbrew/.linuxbrew/opt - /home/linuxbrew/.linuxbrew/sbin - /home/linuxbrew/.linuxbrew/share - /home/linuxbrew/.linuxbrew/var - key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }} - restore-keys: | - ${{ runner.os }}-go-homebrew-cellar- - - - name: Install Brew dependencies - run: | - brew bundle - - - name: Docker meta - id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 - with: - images: ghcr.io/${{ github.repository }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Build and push id: build - run: | - npm ci - npm run container - env: - PULL_REQUEST_ID: ${{ github.event.number }} - DOCKER_REPO: ghcr.io/${{ github.repository }} - SLOG_LEVEL: debug - - - run: | - echo "Test this with:" - echo "docker pull ${DOCKER_IMAGE}" - env: - DOCKER_IMAGE: ${{ steps.build.outputs.docker_image }} + uses: docker/bake-action@76f9fa3a758507623da19f6092dc4089a7e61592 # v6.6.0 + with: + source: . + push: true + sbom: true + cache-from: type=gha + cache-to: type=gha,mode=max + set: | + anubis.tags=ttl.sh/techaro/pr-${{ github.event.number }}/anubis:24h diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 7e8db319..d563531c 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -17,7 +17,7 @@ permissions: pull-requests: write jobs: - build: + buildx-bake: runs-on: ubuntu-24.04 steps: - name: Checkout code @@ -27,33 +27,8 @@ jobs: fetch-depth: 0 persist-credentials: false - - name: Set lowercase image name - run: | - echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV - - - name: Set up Homebrew - uses: Homebrew/actions/setup-homebrew@main - - - name: Setup Homebrew cellar cache - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 - with: - path: | - /home/linuxbrew/.linuxbrew/Cellar - /home/linuxbrew/.linuxbrew/bin - /home/linuxbrew/.linuxbrew/etc - /home/linuxbrew/.linuxbrew/include - /home/linuxbrew/.linuxbrew/lib - /home/linuxbrew/.linuxbrew/opt - /home/linuxbrew/.linuxbrew/sbin - /home/linuxbrew/.linuxbrew/share - /home/linuxbrew/.linuxbrew/var - key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }} - restore-keys: | - ${{ runner.os }}-go-homebrew-cellar- - - - name: Install Brew dependencies - run: | - brew bundle + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Log into registry uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 @@ -62,24 +37,13 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Docker meta - id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 - with: - images: ${{ env.IMAGE }} - - name: Build and push id: build - run: | - npm ci - npm run container - env: - DOCKER_REPO: ${{ env.IMAGE }} - SLOG_LEVEL: debug - - - name: Generate artifact attestation - uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0 + uses: docker/bake-action@76f9fa3a758507623da19f6092dc4089a7e61592 # v6.6.0 with: - subject-name: ${{ env.IMAGE }} - subject-digest: ${{ steps.build.outputs.digest }} - push-to-registry: true + source: . + push: true + sbom: true + cache-from: type=gha + cache-to: type=gha,mode=max + set: "" diff --git a/docker-bake.hcl b/docker-bake.hcl new file mode 100644 index 00000000..e5f8cb1d --- /dev/null +++ b/docker-bake.hcl @@ -0,0 +1,33 @@ +variable "ALPINE_VERSION" { default = "3.22" } +variable "GITHUB_SHA" { default = "devel" } +variable "VERSION" { default = "devel-docker" } + +group "default" { + targets = [ + "anubis", + ] +} + +target "anubis" { + args = { + ALPINE_VERSION = "3.22" + VERSION = "${VERSION}" + } + context = "." + dockerfile = "./docker/anubis.Dockerfile" + platforms = [ + "linux/386", + "linux/amd64", + "linux/arm64", + "linux/arm/v7", + "linux/ppc64le", + "linux/riscv64", + ] + pull = true + sbom = true + provenance = true + tags = [ + "ghcr.io/techarohq/anubis:${VERSION}", + "ghcr.io/techarohq/anubis:main" + ] +} \ No newline at end of file diff --git a/docker/anubis.Dockerfile b/docker/anubis.Dockerfile new file mode 100644 index 00000000..e788b111 --- /dev/null +++ b/docker/anubis.Dockerfile @@ -0,0 +1,54 @@ +ARG ALPINE_VERSION=edge +FROM --platform=${BUILDPLATFORM} alpine:${ALPINE_VERSION} AS build + +RUN apk -U add go nodejs git build-base git npm bash zstd brotli gzip + +WORKDIR /app + +COPY go.mod go.sum ./ +RUN \ + --mount=type=cache,target=/root/.cache \ + --mount=type=cache,target=/root/go \ + go mod download + +COPY package.json package-lock.json ./ +RUN \ + --mount=type=cache,target=/app/node_modules \ + npm ci + +COPY . . +RUN \ + --mount=type=cache,target=/root/.cache \ + --mount=type=cache,target=/root/go \ + --mount=type=cache,target=/app/node_modules \ + npm run assets + +ARG TARGETOS +ARG TARGETARCH +ARG VERSION=devel-docker + +RUN \ + --mount=type=cache,target=/root/.cache \ + --mount=type=cache,target=/root/go \ + --mount=type=cache,target=/app/node_modules \ + GOOS=${TARGETOS} \ + GOARCH=${TARGETARCH} \ + CGO_ENABLED=0 \ + GOARM=7 \ + go build \ + -gcflags "all=-N -l" \ + -o /app/bin/anubis \ + -ldflags "-s -w -extldflags -static -X github.com/TecharoHQ/anubis.Version=${VERSION}" \ + ./cmd/anubis + +FROM alpine:${ALPINE_VERSION} AS run +WORKDIR /app + +RUN apk -U add ca-certificates mailcap + +COPY --from=build /app/bin/anubis /app/bin/anubis + +CMD ["/app/bin/anubis"] +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "/app/bin/anubis", "--healthcheck" ] + +LABEL org.opencontainers.image.source="https://github.com/TecharoHQ/anubis" \ No newline at end of file From ca36cb091e9dee91adcaf1e2383144bca6b8c3c5 Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Sat, 19 Jul 2025 05:03:43 +0000 Subject: [PATCH 2/5] docs(CHANGELOG): update for buildx bake Signed-off-by: Xe Iaso --- docs/docs/CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md index 612cb6cc..c589cac1 100644 --- a/docs/docs/CHANGELOG.md +++ b/docs/docs/CHANGELOG.md @@ -68,8 +68,14 @@ Thanks to [@taviso](https://github.com/taviso) for reporting this issue. ### Breaking changes +We try to introduce breaking changes as much as possible, but these are the changes that may be relevant for you as an administrator: + - The "slow" frontend solver has been removed in order to reduce maintenance burden. Any existing uses of it will still work, but issue a warning upon startup asking administrators to upgrade to the "fast" frontend solver. +#### Docker image build process has been changed + +Previously Docker images were built with [ko](https://ko.build/), which put the Anubis binary at `/ko-app/anubis`. [#862](https://github.com/TecharoHQ/anubis/pull/862) changes this to build with [docker buildx bake](https://docs.docker.com/reference/cli/docker/buildx/bake/) instead. If this causes you problems, please [file an issue](https://github.com/TecharoHQ/anubis/issues/new). + ## v1.21.3: Minfilia Warde - Echo 3 ### Added From b0757a8b0e52b7bfab3e5e1bbbe777b27be030b6 Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Sat, 19 Jul 2025 05:04:21 +0000 Subject: [PATCH 3/5] Update metadata check-spelling run (pull_request) for Xe/docker-buildx-bake2 Signed-off-by: check-spelling-bot on-behalf-of: @check-spelling --- .github/actions/spelling/expect.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index 5cb07385..eadfd292 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -6,6 +6,7 @@ amazonbot anthro anubis anubistest +apk Applebot archlinux asnc @@ -113,6 +114,7 @@ fsys fullchain gaissmai Galvus +gcflags geoip geoipchecker gha @@ -267,6 +269,7 @@ runtimedirectory Ryzen sas sasl +sbom searchbot searx sebest From c81c21478a938fcab4553efc1cb2785fc5586ab7 Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Fri, 29 Aug 2025 20:19:58 +0000 Subject: [PATCH 4/5] test: use docker buildx bake Signed-off-by: Xe Iaso --- test/git-clone/docker-compose.yaml | 2 +- test/git-clone/test.sh | 4 +--- test/git-push/test.sh | 5 ++--- test/healthcheck/test.sh | 5 ++--- test/lib/lib.sh | 11 +---------- 5 files changed, 7 insertions(+), 20 deletions(-) diff --git a/test/git-clone/docker-compose.yaml b/test/git-clone/docker-compose.yaml index 554bbe48..88558a33 100644 --- a/test/git-clone/docker-compose.yaml +++ b/test/git-clone/docker-compose.yaml @@ -10,7 +10,7 @@ services: - ./var/repos:/srv/git anubis: - image: ko.local/anubis + image: ghcr.io/techarohq/anubis:devel-docker environment: BIND: ":8005" TARGET: http://cgit:80 diff --git a/test/git-clone/test.sh b/test/git-clone/test.sh index 94ad6638..26fcb647 100755 --- a/test/git-clone/test.sh +++ b/test/git-clone/test.sh @@ -9,9 +9,7 @@ set -u ( cd ../.. && \ - npm ci && \ - npm run assets \ - ko build --platform=all --base-import-paths --tags="latest" --image-user=1000 --image-annotation="" --image-label="" ./cmd/anubis -L + docker buildx bake ) rm -rf ./var/repos ./var/clones diff --git a/test/git-push/test.sh b/test/git-push/test.sh index 35ed9fe3..ef15328a 100755 --- a/test/git-push/test.sh +++ b/test/git-push/test.sh @@ -9,11 +9,10 @@ set -u ( cd ../.. && \ - npm ci && \ - npm run assets \ - ko build --platform=all --base-import-paths --tags="latest" --image-user=1000 --image-annotation="" --image-label="" ./cmd/anubis -L + docker buildx bake ) + rm -rf ./var/repos ./var/foo mkdir -p ./var/repos diff --git a/test/healthcheck/test.sh b/test/healthcheck/test.sh index 33f0a19b..b3a30258 100755 --- a/test/healthcheck/test.sh +++ b/test/healthcheck/test.sh @@ -9,11 +9,10 @@ set -u ( cd ../.. && \ - npm ci && \ - npm run assets \ - ko build --platform=all --base-import-paths --tags="latest" --image-user=1000 --image-annotation="" --image-label="" ./cmd/anubis -L + docker buildx bake ) + docker compose up -d attempt=1 diff --git a/test/lib/lib.sh b/test/lib/lib.sh index 2fc0b11b..6026f84f 100644 --- a/test/lib/lib.sh +++ b/test/lib/lib.sh @@ -17,16 +17,7 @@ function build_anubis_ko() { cd $REPO_ROOT && npm ci && npm run assets ) ( - cd $REPO_ROOT && - VERSION=devel ko build \ - --platform=all \ - --base-import-paths \ - --tags="latest" \ - --image-user=1000 \ - --image-annotation="" \ - --image-label="" \ - ./cmd/anubis \ - --local + cd $REPO_ROOT && docker buildx bake ) } From 492d9b374e4740c60c91ffd87b0e784ef5d8967c Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Fri, 29 Aug 2025 20:39:38 +0000 Subject: [PATCH 5/5] ci(docker): set version based on git metadata Signed-off-by: Xe Iaso --- .github/workflows/docker.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index d563531c..b6c6d7b6 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -37,6 +37,10 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Set version + run: | + echo "VERSION=$(git describe --tags --always --dirty) >> $GITHUB_ENV + - name: Build and push id: build uses: docker/bake-action@76f9fa3a758507623da19f6092dc4089a7e61592 # v6.6.0 @@ -46,4 +50,3 @@ jobs: sbom: true cache-from: type=gha cache-to: type=gha,mode=max - set: ""