Skip to content

Commit b8e3f7a

Browse files
11notes11notes
committed
refactor: follow standard distroless flow and libraries used
1 parent caf8272 commit b8e3f7a

13 files changed

+564
-410
lines changed

.github/workflows/docker.yml

Lines changed: 2 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -287,21 +287,8 @@ jobs:
287287
288288
289289
# RELEASE
290-
- name: github / release / log
291-
continue-on-error: true
292-
id: git-log
293-
run: |
294-
LOCAL_LAST_TAG=$(git describe --abbrev=0 --tags `git rev-list --tags --skip=1 --max-count=1`)
295-
echo "using last tag: ${LOCAL_LAST_TAG}"
296-
LOCAL_COMMITS=$(git log ${LOCAL_LAST_TAG}..HEAD --oneline)
297-
298-
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
299-
echo "commits<<${EOF}" >> ${GITHUB_OUTPUT}
300-
echo "${LOCAL_COMMITS}" >> ${GITHUB_OUTPUT}
301-
echo "${EOF}" >> ${GITHUB_OUTPUT}
302-
303290
- name: github / release / markdown
304-
if: env.WORKFLOW_CREATE_RELEASE == 'true' && steps.git-log.outcome == 'success'
291+
if: env.WORKFLOW_CREATE_RELEASE == 'true'
305292
id: git-release
306293
uses: 11notes/action-docker-release@v1
307294
# WHY IS THIS ACTION NOT SHA256 PINNED? SECURITY MUCH?!?!?!
@@ -310,8 +297,6 @@ jobs:
310297
# in the repo. This code is not modified and can't be modified by this action.
311298
# It does create the markdown for the release, which could be abused, but to what
312299
# extend? Adding a link to a malicious repo?
313-
with:
314-
git_log: ${{ steps.git-log.outputs.commits }}
315300

316301
- name: github / release / create
317302
if: env.WORKFLOW_CREATE_RELEASE == 'true' && steps.git-release.outcome == 'success'
@@ -419,7 +404,7 @@ jobs:
419404
if [ -f LICENSE ]; then
420405
git add LICENSE
421406
fi
422-
git commit -m "github-actions[bot]: update README.md"
407+
git commit -m "auto update README.md"
423408
git push origin HEAD:master
424409
425410

cmd-socket.dockerfile

Lines changed: 50 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -1,50 +1,62 @@
1-
ARG APP_UID=1000
2-
ARG APP_GID=1000
3-
4-
# :: Util
5-
FROM 11notes/util AS util
6-
7-
# :: Header
8-
FROM golang:1.24-alpine AS build
9-
ARG APP_ROOT
10-
ARG APP_NO_CACHE
11-
ENV BUILD_ROOT=/go/go-cmd-socket
12-
ENV BUILD_BIN=${BUILD_ROOT}/cmd-socket
13-
ENV CGO_ENABLED=0
14-
USER root
15-
16-
COPY --from=util /usr/local/bin/ /usr/local/bin
1+
# ╔═════════════════════════════════════════════════════╗
2+
# ║ SETUP ║
3+
# ╚═════════════════════════════════════════════════════╝
4+
# GLOBAL
5+
ARG APP_UID=1000 \
6+
APP_GID=1000 \
7+
BUILD_SRC=https://github.com/11notes/go-cmd-socket.git \
8+
BUILD_ROOT=/go/go-cmd-socket
9+
ARG BUILD_BIN=${BUILD_ROOT}/cmd-socket
10+
11+
12+
# ╔═════════════════════════════════════════════════════╗
13+
# ║ BUILD ║
14+
# ╚═════════════════════════════════════════════════════╝
15+
# :: CMD-SOCKET
16+
FROM 11notes/go:1.24 AS build
17+
ARG APP_VERSION \
18+
BUILD_SRC \
19+
BUILD_ROOT \
20+
BUILD_BIN
1721

1822
RUN set -ex; \
19-
apk --update add \
20-
build-base \
21-
upx \
22-
git; \
23-
git clone https://github.com/11notes/go-cmd-socket.git;
24-
25-
RUN set -ex; \
26-
eleven printenv;
23+
git clone ${BUILD_SRC};
2724

2825
RUN set -ex; \
2926
cd ${BUILD_ROOT}; \
30-
mkdir -p ${APP_ROOT}/usr/local/bin; \
3127
mkdir -p ${APP_ROOT}/run/cmd; \
32-
go mod tidy; \
33-
go build -ldflags="-extldflags=-static" -o ${BUILD_BIN} main.go;
28+
eleven go build ${BUILD_BIN} main.go; \
29+
eleven distroless ${BUILD_BIN};
3430

35-
RUN set -ex; \
36-
eleven checkStatic ${BUILD_BIN}; \
37-
eleven strip ${BUILD_BIN}; \
38-
mkdir -p ${APP_ROOT}/usr/local/bin; \
39-
cp ${BUILD_BIN} ${APP_ROOT}/usr/local/bin;
4031

41-
# :: Distroless
32+
# ╔═════════════════════════════════════════════════════╗
33+
# ║ IMAGE ║
34+
# ╚═════════════════════════════════════════════════════╝
35+
# :: HEADER
4236
FROM scratch
43-
ARG APP_ROOT
44-
ARG APP_UID
45-
ARG APP_GID
46-
COPY --from=build --chown=${APP_UID}:${APP_GID} ${APP_ROOT}/ /
4737

48-
# :: Start
38+
# :: default arguments
39+
ARG TARGETPLATFORM \
40+
TARGETOS \
41+
TARGETARCH \
42+
TARGETVARIANT \
43+
APP_IMAGE \
44+
APP_NAME \
45+
APP_VERSION \
46+
APP_ROOT \
47+
APP_UID \
48+
APP_GID \
49+
APP_NO_CACHE
50+
51+
# :: default environment
52+
ENV APP_IMAGE=${APP_IMAGE} \
53+
APP_NAME=${APP_NAME} \
54+
APP_VERSION=${APP_VERSION} \
55+
APP_ROOT=${APP_ROOT}
56+
57+
# :: multi-stage
58+
COPY --from=build ${APP_ROOT}/ /
59+
60+
# :: EXECUTE
4961
USER ${APP_UID}:${APP_GID}
5062
ENTRYPOINT ["/usr/local/bin/cmd-socket"]

curl.dockerfile

Lines changed: 61 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,31 @@
1-
ARG APP_UID=1000
2-
ARG APP_GID=1000
1+
# ╔═════════════════════════════════════════════════════╗
2+
# ║ SETUP ║
3+
# ╚═════════════════════════════════════════════════════╝
4+
# GLOBAL
5+
ARG APP_UID=1000 \
6+
APP_GID=1000 \
7+
APP_VERSION=8.15.0
8+
ARG BUILD_SRC=https://curl.se/download/curl-${APP_VERSION}.tar.gz \
9+
BUILD_ROOT=/curl-${APP_VERSION} \
10+
BUILD_BIN=/curl-${APP_VERSION}/src/curl
11+
12+
# :: FOREIGN IMAGES
13+
FROM 11notes/distroless AS distroless
14+
FROM 11notes/util:bin AS util-bin
315

4-
# :: Util
5-
FROM 11notes/util AS util
616

7-
# :: Header
17+
# ╔═════════════════════════════════════════════════════╗
18+
# ║ BUILD ║
19+
# ╚═════════════════════════════════════════════════════╝
20+
# :: CURL
821
FROM alpine AS build
9-
ARG TARGETARCH
10-
ARG APP_ROOT
11-
ARG APP_VERSION
12-
ENV BUILD_ROOT=/curl-${APP_VERSION}
13-
ENV BUILD_BIN=/curl-${APP_VERSION}/src/curl
22+
COPY --from=util-bin / /
23+
ARG APP_VERSION \
24+
BUILD_SRC \
25+
BUILD_ROOT \
26+
BUILD_BIN
27+
1428
ENV CC=clang
15-
USER root
16-
COPY --from=util /usr/local/bin/ /usr/local/bin
1729

1830
# :: Build
1931
RUN set -ex; \
@@ -29,12 +41,12 @@ ARG APP_GID=1000
2941
openssl-libs-static \
3042
zlib-static \
3143
tar \
32-
upx \
33-
wget;
44+
wget \
45+
pv;
3446

3547
RUN set -ex; \
36-
wget https://curl.se/download/curl-${APP_VERSION}.tar.gz; \
37-
tar xzf curl-${APP_VERSION}.tar.gz;
48+
wget -q --show-progress --progress=bar:force ${BUILD_SRC}; \
49+
pv curl-${APP_VERSION}.tar.gz | tar xz;
3850

3951
RUN set -ex; \
4052
cd ${BUILD_ROOT}; \
@@ -49,23 +61,42 @@ ARG APP_GID=1000
4961
--disable-docs \
5062
--disable-manual \
5163
--without-libpsl; \
52-
make -s -j $(nproc) V=1 LDFLAGS="-static -all-static";
64+
make -s -j $(nproc) V=1 LDFLAGS="-static -all-static" 2>&1 > /dev/null;
5365

5466
RUN set -ex; \
55-
eleven checkStatic ${BUILD_BIN}; \
56-
eleven strip ${BUILD_BIN}; \
57-
mkdir -p ${APP_ROOT}/usr/local/bin; \
58-
cp ${BUILD_BIN} ${APP_ROOT}/usr/local/bin;
67+
eleven distroless ${BUILD_BIN};
5968

60-
# :: Distroless
61-
FROM 11notes/distroless AS distroless
69+
70+
# ╔═════════════════════════════════════════════════════╗
71+
# ║ IMAGE ║
72+
# ╚═════════════════════════════════════════════════════╝
73+
# :: HEADER
6274
FROM scratch
63-
ARG APP_ROOT
64-
ARG APP_UID
65-
ARG APP_GID
66-
COPY --from=distroless --chown=${APP_UID}:${APP_GID} / /
67-
COPY --from=build --chown=${APP_UID}:${APP_GID} ${APP_ROOT}/ /
6875

69-
# :: Start
76+
# :: default arguments
77+
ARG TARGETPLATFORM \
78+
TARGETOS \
79+
TARGETARCH \
80+
TARGETVARIANT \
81+
APP_IMAGE \
82+
APP_NAME \
83+
APP_VERSION \
84+
APP_ROOT \
85+
APP_UID \
86+
APP_GID \
87+
APP_NO_CACHE
88+
89+
# :: default environment
90+
ENV APP_IMAGE=${APP_IMAGE} \
91+
APP_NAME=${APP_NAME} \
92+
APP_VERSION=${APP_VERSION} \
93+
APP_ROOT=${APP_ROOT}
94+
95+
# :: multi-stage
96+
COPY --from=distroless / /
97+
COPY --from=build ${APP_ROOT}/ /
98+
99+
# :: EXECUTE
70100
USER ${APP_UID}:${APP_GID}
71-
ENTRYPOINT ["/usr/local/bin/curl"]
101+
ENTRYPOINT ["/usr/local/bin/curl"]
102+
CMD ["--version"]

dnslookup.dockerfile

Lines changed: 62 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -1,46 +1,73 @@
1-
ARG APP_UID=1000
2-
ARG APP_GID=1000
3-
4-
# :: Util
5-
FROM 11notes/util AS util
6-
7-
# :: Header
8-
FROM golang:1.24-alpine AS distroless
9-
ARG APP_ROOT
10-
ARG APP_VERSION
11-
ENV BUILD_ROOT=/go/dnslookup
12-
ENV BUILD_BIN=${BUILD_ROOT}/dnslookup
13-
ENV CGO_ENABLED=0
14-
COPY --from=util /usr/local/bin/ /usr/local/bin
15-
USER root
16-
17-
# :: Build
1+
# ╔═════════════════════════════════════════════════════╗
2+
# ║ SETUP ║
3+
# ╚═════════════════════════════════════════════════════╝
4+
# GLOBAL
5+
ARG APP_UID=1000 \
6+
APP_GID=1000 \
7+
BUILD_SRC=https://github.com/ameshkov/dnslookup.git \
8+
BUILD_ROOT=/go/dnslookup
9+
ARG BUILD_BIN=${BUILD_ROOT}/dnslookup
10+
11+
# :: FOREIGN IMAGES
12+
FROM 11notes/distroless AS distroless
13+
14+
15+
# ╔═════════════════════════════════════════════════════╗
16+
# ║ BUILD ║
17+
# ╚═════════════════════════════════════════════════════╝
18+
# :: DNSLOOKUP
19+
FROM 11notes/go:1.24 AS build
20+
ARG APP_VERSION \
21+
BUILD_SRC \
22+
BUILD_ROOT \
23+
BUILD_BIN
24+
25+
RUN set -ex; \
26+
git clone ${BUILD_SRC} -b v${APP_VERSION};
27+
1828
RUN set -ex; \
19-
apk --update --no-cache add \
20-
build-base \
21-
upx \
22-
git; \
23-
git clone https://github.com/ameshkov/dnslookup.git -b v${APP_VERSION}; \
2429
cd ${BUILD_ROOT}; \
2530
eleven patchGoMod go.mod "golang.org/x/crypto|v0.31.0|CVE-2024-45337"; \
2631
eleven patchGoMod go.mod "github.com/quic-go/quic-go|v0.48.2|CVE-2024-53259"; \
2732
eleven patchGoMod go.mod "golang.org/x/net|v0.36.0|CVE-2025-22870"; \
28-
go mod tidy; \
29-
go build -ldflags="-extldflags=-static";
33+
go mod tidy;
3034

3135
RUN set -ex; \
32-
eleven checkStatic ${BUILD_BIN}; \
33-
eleven strip ${BUILD_BIN}; \
34-
mkdir -p ${APP_ROOT}/usr/local/bin; \
35-
cp ${BUILD_BIN} ${APP_ROOT}/usr/local/bin;
36+
cd ${BUILD_ROOT}; \
37+
eleven go build ${BUILD_BIN} main.go; \
38+
eleven distroless ${BUILD_BIN};
3639

37-
# :: Distroless
40+
41+
# ╔═════════════════════════════════════════════════════╗
42+
# ║ IMAGE ║
43+
# ╚═════════════════════════════════════════════════════╝
44+
# :: HEADER
3845
FROM scratch
39-
ARG APP_ROOT
40-
ARG APP_UID
41-
ARG APP_GID
42-
COPY --from=distroless ${APP_ROOT}/ /
4346

44-
# :: Start
47+
# :: default arguments
48+
ARG TARGETPLATFORM \
49+
TARGETOS \
50+
TARGETARCH \
51+
TARGETVARIANT \
52+
APP_IMAGE \
53+
APP_NAME \
54+
APP_VERSION \
55+
APP_ROOT \
56+
APP_UID \
57+
APP_GID \
58+
APP_NO_CACHE
59+
60+
# :: default environment
61+
ENV APP_IMAGE=${APP_IMAGE} \
62+
APP_NAME=${APP_NAME} \
63+
APP_VERSION=${APP_VERSION} \
64+
APP_ROOT=${APP_ROOT}
65+
66+
# :: multi-stage
67+
COPY --from=distroless / /
68+
COPY --from=build ${APP_ROOT}/ /
69+
70+
# :: EXECUTE
4571
USER ${APP_UID}:${APP_GID}
46-
ENTRYPOINT ["/usr/local/bin/dnslookup"]
72+
ENTRYPOINT ["/usr/local/bin/dnslookup"]
73+
CMD ["--version"]

0 commit comments

Comments
 (0)