From 9175e86321bdb8f885063791c93b441a479b1308 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Mon, 5 Feb 2024 21:35:23 -0500 Subject: [PATCH] Automatically build container on release and push to our registry. Now that Tor's gitlab has the container registry enabled, we can build a snowflake container on release, and push the built container to the snowflake registry. This is accomplished without using privileged gitlab runners, via kaniko. This would speed up snowflake updates for people running the docker container. It would also mean that the 'docker-snowflake-proxy' project would no longer need to exist. Fixes docker-snowflake-proxy#10 Fixes docker-snowflake-proxy#13 --- .gitlab-ci.yml | 12 ++++++++++++ Dockerfile | 18 ++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 Dockerfile diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 52b53c7..24a4ac8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -274,3 +274,15 @@ release-job: - name: '${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.tar.gz' url: '${CI_PROJECT_URL}/-/jobs/${TAR_JOB_ID}/artifacts/file/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.tar.gz' +build-container: + stage: deploy + image: + name: gcr.io/kaniko-project/executor:v1.14.0-debug + entrypoint: [""] + script: + - /kaniko/executor + --context "${CI_PROJECT_DIR}" + --dockerfile "${CI_PROJECT_DIR}/Dockerfile" + --destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}" + rules: + - if: $CI_COMMIT_TAG diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..a2017e5 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,18 @@ +FROM docker.io/library/golang:1.21 AS build + +LABEL io.containers.autoupdate=registry +LABEL org.opencontainers.image.authors="anti-censorship-team@lists.torproject.org" + +ADD . /app + +WORKDIR /app/proxy +RUN go get +RUN CGO_ENABLED=0 go build -o proxy -ldflags '-extldflags "-static" -w -s' . + +FROM scratch + +COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=build /usr/share/zoneinfo /usr/share/zoneinfo +COPY --from=build /app/proxy/proxy /bin/proxy + +ENTRYPOINT [ "/bin/proxy" ]