vikingowl
dd16c15029
Extend the existing GoReleaser pipeline (linux/darwin/windows ×
amd64/arm64 archives + Gitea release) with multi-arch Docker images
published to ghcr.io/vikingowl91/gnoma.
- Two per-arch `dockers:` blocks build linux/amd64 + linux/arm64 via
buildx, copying the GoReleaser-built static binary into a distroless
base (gcr.io/distroless/static:nonroot — no shell, runs as UID 65532,
ships with CA certs so HTTPS provider calls work).
- `docker_manifests:` stitch them into multi-arch :{Version} and
:latest manifests.
- OCI labels populated (title, source, url, version, revision, created,
licenses).
- Dockerfile uses /workspace as cwd so `docker run -v "$PWD:/workspace"`
mirrors the local invocation model.
Prerequisite: build host needs `docker login ghcr.io` with a PAT
holding `write:packages` for the vikingowl91 namespace.
12 lines
350 B
Docker
12 lines
350 B
Docker
# Distroless static — minimal base with CA certs and a non-root user.
|
|
# GoReleaser builds the gnoma binary on the host (CGO_ENABLED=0) and copies
|
|
# it in, so this image has no Go toolchain or shell.
|
|
FROM gcr.io/distroless/static:nonroot
|
|
|
|
COPY gnoma /usr/local/bin/gnoma
|
|
|
|
USER nonroot:nonroot
|
|
WORKDIR /workspace
|
|
|
|
ENTRYPOINT ["/usr/local/bin/gnoma"]
|