Set the runner in version change

.github/workflows/build-trigger.yml

@@ -0,0 +1,61 @@
+name: 🍜 Build/publish go runners
+
+on:
+  push:
+    branches: ["cm_add_runner"]
+  workflow_dispatch: # build on demand
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  get-changed-files:
+    runs-on: ubuntu-latest
+    outputs:
+      version_files: ${{ steps.filter.outputs.version_files}}
+      version: ${{ steps.filter.outputs.version }}
+      dockerfile_files: ${{ steps.filter.outputs.dockerfile_files}}
+      dockerfile: ${{ steps.filter.outputs.dockerfile }}
+      go_files: ${{ steps.filter.outputs.go_files}}
+      go: ${{ steps.filter.outputs.go }}
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Get Changed Files
+        id: filter
+        uses: dorny/paths-filter@v3
+        with:
+          list-files: 'json'
+          base: 'main'
+          filters: |
+            version:
+              - '*VERSION'
+            dockerfile:
+              - 'Dockerfile'
+            go:
+              - '*.go'
+              - 'Makefile'
+              - '*.mod'
+
+      - name: Show Changed Files
+        run: |
+          echo "Files in dockerfile: ${{ steps.filter.outputs.dockerfile_files }}"
+          echo "Files for version: ${{ steps.filter.outputs.version_files }}"
+          echo "Files in go: ${{ steps.filter.outputs.go_files }}"
+          echo "dockerfile: ${{ steps.filter.outputs.dockerfile}}"
+          echo "version: ${{ steps.filter.outputs.version}}"
+          echo "go: ${{ steps.filter.outputs.go}}"
+
+  build-pun:
+    needs: [get-changed-files]
+    name: Pun
+    if: ${{ needs.get-changed-files.outputs.go == 'true' || needs.get-changed-files.outputs.dockerfile == 'true' }} || ${{ needs.get-changed-files.outputs.version == 'true' }}
+    uses: ./.github/workflows/build.yml
+    secrets: inherit
+    with:
+      runner: '["gcc", "dind", "2204"]'
+      runner-archs: '["amd64", "arm64"]'
+      dockerfiles: ${{ toJSON(fromJSON(needs.get-changed-files.outputs.dockerfile_files || '[]')) }}
+      version-tag: ${{ needs.get-changed-files.outputs.version == 'true' }}

.github/workflows/build.yml

@@ -0,0 +1,192 @@
+name: 🍜 Build/publish runners
+
+on:
+  workflow_call:
+    inputs:
+      runner:
+        type: string
+        default: '["go", "2204"]'
+      runner-archs:
+        type: string
+        default: '["amd64", "aarch64"]'
+      dockerfiles:
+        type: string
+        default: '["Dockerfile"]'
+      runner-arch-map:
+        type: string
+        default: '[{"amd64":"x86_64", "aarch64":"aarch64", "armv7l":"armv7l"}]'
+      registry:
+        type: string
+        default: 'harbor.nbfc.io'
+      version-tag:
+        type: boolean
+        default: false
+    secrets:
+      GIT_CLONE_PAT:
+        required: false
+      AWS_ACCESS_KEY:
+        required: false
+      AWS_SECRET_ACCESS_KEY:
+        required: false
+      harbor_user:
+        required: false
+      harbor_secret:
+        required: false
+
+jobs:
+  build-all:
+    runs-on: ${{ format('{0}-{1}', join(fromJSON(inputs.runner), '-'), matrix.arch) }}
+    #timeout-minutes: 600
+    permissions:
+      contents: write # for uploading the SBOM to the release
+      packages: write # for uploading the finished container
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      id-token: write # to complete the identity challenge with sigstore/fulcio when running outside of PRs
+    strategy:
+      matrix:
+        dockerfile: ["${{ fromJSON(inputs.dockerfiles) }}"]
+        arch: ["${{ fromJSON(inputs.runner-archs) }}"]
+    continue-on-error: true
+
+    env:
+      REGISTRY: ${{ inputs.registry }}
+      IMAGE_NAME: ${{ inputs.registry }}/${{ github.repository }}
+      ARCH: ${{ matrix.arch }}
+
+    steps:
+      - name: Checkout the repo
+        uses: actions/checkout@v4
+
+      - name: Set short SHA
+        run: echo "SHA_SHORT=${GITHUB_SHA::7}" >> $GITHUB_ENV
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log into registry ${{ env.REGISTRY }}
+        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.harbor_user }}
+          password: ${{ secrets.harbor_secret }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.IMAGE_NAME }}
+          tags: |
+            type=sha,prefix=${{ env.ARCH }}-
+
+      - name: Build and push ${{ matrix.dockerfile }}-${{ matrix.arch}}
+        id: build-and-push
+        uses: docker/build-push-action@master
+        with:
+          context: .
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          push: true
+          file: ${{ matrix.dockerfile }}
+          #build-contexts: |
+          # ${{ steps.base-image-calculator.outputs.base_image }}
+          provenance: false
+
+      - name: Get image digest
+        run: |
+          echo "IMAGE_DIGEST=$(docker inspect \
+          ${{ env.REGISTRY }}/${{ github.repository }}:${{ env.ARCH }}-${{ env.SHA_SHORT }} | \
+          jq -r '.[0].Id')" >> $GITHUB_ENV
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@main
+
+      - name: Sign the published Docker image
+        env:
+          COSIGN_EXPERIMENTAL: "true"
+          DIGEST: ${{steps.build-and-push.outputs.digest}}
+        run: |
+          cosign sign --yes ${{ env.REGISTRY }}/${{ github.repository }}@$DIGEST \
+          -a "repo=${{github.repository}}" \
+          -a "workflow=${{github.workflow}}" \
+          -a "ref=${{github.sha}}" \
+          -a "author=Nubificus LTD"
+
+  manifest:
+    needs: [build-all]
+    runs-on: gcc-dind-2204-amd64 # use the GitHub-hosted runner to build the image
+    permissions:
+      contents: write # for uploading the SBOM to the release
+      packages: write # for uploading the finished container
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      id-token: write # to complete the identity challenge with sigstore/fulcio when running outside of PRs
+    strategy:
+      matrix:
+        dockerfile: ["${{ fromJSON(inputs.dockerfiles) }}"] 
+    env:
+      REGISTRY: ${{ inputs.registry }}
+      #TAG: generic
+
+    steps:
+      - name: Checkout the repo
+        uses: actions/checkout@v4
+
+      - name: Set short SHA
+        run: echo "SHA_SHORT=${GITHUB_SHA::7}" >> $GITHUB_ENV
+
+      - name: Log into registry ${{ inputs.REGISTRY }}
+        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.harbor_user }}
+          password: ${{ secrets.harbor_secret }}
+
+      - name: Set Docker tag based on branch, PR or version
+        id: tag
+        run: |
+          if [[ ${{ inputs.version-tag }} == true ]]; then
+            echo "Version change detected. Using version: $( cat VERSION )."
+            echo "TAG=$( cat VERSION ) " >> $GITHUB_ENV
+          elif [[ "${GITHUB_REF##*/}" == "main" ]]; then
+            echo "TAG=staging" >> $GITHUB_ENV
+          else
+            SHORT_SHA=$(echo "${GITHUB_SHA}" | cut -c1-7)
+            echo "TAG=${SHORT_SHA}" >> $GITHUB_ENV
+          fi
+
+      - name: Process runner architectures and create docker manifest
+        id: create-manifest
+        run: |
+          runner_archs='${{ inputs.runner-archs }}'  # Using the input string array
+          amend_command=""
+
+          # Loop over the architectures and build the amend command
+          for arch in $(echo $runner_archs | jq -r '.[]'); do
+            amend_command+=" --amend ${{ env.REGISTRY }}/${{ github.repository }}:$arch-${{ env.SHA_SHORT }}"
+          done
+
+          echo "-------------------- Amend command constructed -------------------"
+          echo "$amend_command"
+
+          # Create the docker manifest with the amend command
+          docker manifest create ${{ env.REGISTRY }}/${{ github.repository }}:${{ env.TAG }} $amend_command
+
+          # Optionally push the manifest (comment out if not needed)
+          #          docker manifest push ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.dockerfile }}:${{ env.TAG }}
+          VAR=`docker manifest push ${{ env.REGISTRY }}/${{ github.repository }}:${{ env.TAG }} | tail -1`
+          echo "manifest_sha=$VAR" >> "$GITHUB_OUTPUT"
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@main
+
+      - name: Sign the published Docker image
+        env:
+          COSIGN_EXPERIMENTAL: "true"
+          DIGEST: ${{steps.create-manifest.outputs.manifest_sha }}
+        # run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
+        run: |
+          #cosign sign --yes harbor.nbfc.io/nubificus/${{ github.repository }}/${{ matrix.dockerfile }}:${{ env.ARCH }}-${{ env.SHA_SHORT }}@$DIGEST \
+          cosign sign --yes ${{ env.REGISTRY }}/${{ github.repository }}@$DIGEST \
+          -a "repo=${{github.repository}}" \
+          -a "workflow=${{github.workflow}}" \
+          -a "ref=${{github.sha}}" \
+          -a "author=Nubificus LTD"

Dockerfile

@@ -1,12 +1,12 @@
 FROM golang:1.22 AS builder
 
-COPY go.mod /pun/
-COPY go.sum /pun/
-COPY Makefile /pun/
-COPY main.go /pun/
+COPY . /pun
+
 WORKDIR /pun
 RUN make
 
 FROM scratch
-COPY --from=builder /pun/pun /bin/pun
+ARG TARGETARCH
+COPY --from=builder /pun/dist/pun_${TARGETARCH} /bin/pun
 ENTRYPOINT ["/bin/pun"]
+

Makefile

@@ -1,12 +1,34 @@
+COMMIT := $(shell git describe --dirty --long --always)
+VERSION := $(shell cat ./VERSION)
+VERSION := $(VERSION)-$(COMMIT)
+ARCH := $(shell dpkg --print-architecture)
 
-default: pun
+default: build ;
 
 prepare:
-	go mod tidy
-	go mod vendor
+	@go mod tidy
+	@mkdir -p dist
 
-pun: prepare
-	CGO_ENABLED=0 go build -o $@ --ldflags "-s -w"
+build: prepare
+	@GOOS=linux CGO_ENABLED=0 go build -ldflags "-s -w" -ldflags "-w" -ldflags "-linkmode 'external' -extldflags '-static'" \
+          -ldflags "-X main.version=${VERSION}" -o ./dist/pun_${ARCH} ./
+
+install:
+	@mv ./dist/pun_${ARCH} /usr/local/bin/pun
+
+uninstall:
+	@rm -f /usr/local/bin/pun
 
 clean:
-	rm -rf pun
+	@rm -fr ./dist/
+	@rm -f ./Tempfile
+
+build_aarch64: prepare
+	@GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -ldflags "-s -w" -ldflags "-w" -ldflags "-linkmode 'external' -extldflags '-static'" \
+          -ldflags "-X main.version=${VERSION}" -o ./dist/pun_aarch64 ./
+
+build_amd64: prepare
+	@GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags "-s -w" -ldflags "-w" -ldflags "-linkmode 'external' -extldflags '-static'" \
+          -ldflags "-X main.version=${VERSION}" -o ./dist/pun_amd64 ./
+
+all: build_aarch64 build_amd64

VERSION

@@ -0,0 +1 @@
+0.1.1