Push docker image to GitHub packages

jgautheron · Oct 19, 2023 · a7ef213 · a7ef213
1 parent c44a034
commit a7ef213
Show file tree

Hide file tree

Showing 7 changed files with 62 additions and 178 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -13,17 +13,22 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
       - uses: actions-rs/toolchain@v1
         with:
           toolchain: stable
           override: true
           components: clippy, rustfmt
+
       - name: Check format
         run: cargo fmt --all -- --check
+
       - name: Check with clippy
         run: cargo clippy --all
+
       - name: Build
         run: cargo build --all --verbose
+
       - name: Run tests
         run: cargo test --all --verbose
diff --git a/.github/workflows/code-coverage.yml b/.github/workflows/code-coverage.yml
@@ -9,24 +9,29 @@ jobs:
   cover:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
+
       - uses: actions-rs/toolchain@v1
         with:
           toolchain: stable
           override: true
+
       - name: Install libsqlite3-dev
         run: |
           sudo apt-get update
           sudo apt-get install -y libsqlite3-dev
+
       - name: Run cargo-tarpaulin
         uses: actions-rs/[email protected]
         with:
-          version: '0.14.3'
+          version: "0.14.3"
           args: --out Xml --all
-      - name: Upload to codecov.io
-        uses: codecov/[email protected]
-        with:
-          token: ${{secrets.CODECOV_TOKEN}}
+
+      # - name: Upload to codecov.io
+      #   uses: codecov/[email protected]
+      #   with:
+      #     token: ${{secrets.CODECOV_TOKEN}}
+
       - name: Archive code coverage results
         uses: actions/upload-artifact@v1
         with:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -2,124 +2,52 @@ name: Release
 
 on:
   push:
-    branches:
-      - release
+    tags:
+      - v*
+  workflow_dispatch:
 
 jobs:
   graphgate-docker:
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      # matrix:
+      #   images:
+      #     - platform: linux/amd64
+      #       dockerfile: ./Dockerfile
+      #       target: x86_64-unknown-linux-musl
+      #     - platform: linux/arm64
+      #       dockerfile: ./Dockerfile
+      #       target: aarch64-unknown-linux-musl
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
       - name: Get version
         run: echo PACKAGE_VERSION=$(sed -nE 's/^\s*version = "(.*?)"/\1/p' Cargo.toml) >> $GITHUB_ENV
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKER_USER }}
-          password: ${{ secrets.DOCKER_TOKEN }}
-      - name: Build and push
-        uses: docker/build-push-action@v5
-        with:
-          push: true
-          context: .
-          tags: |
-            scott829/graphgate:${{ env.PACKAGE_VERSION }}
-            scott829/graphgate:latest
-      -
-        name: Image digest
-        run: echo ${{ steps.docker_build.outputs.digest }}
 
-  examples-docker:
-    runs-on: ubuntu-latest
-    needs: graphgate-docker
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKER_USER }}
-          password: ${{ secrets.DOCKER_TOKEN }}
-      - name: Build and push ${{ matrix.package.name }}
-        uses: docker/build-push-action@v5
-        with:
-          push: true
-          context: .
-          file: Dockerfile-examples
-          tags: scott829/graphgate-examples:latest
-      - name: Deploy to Kubernetes
-        uses: WyriHaximus/github-action-helm3@v3
-        with:
-          kubeconfig: '${{ secrets.K8S_CONFIG }}'
-          exec: |
-            helm uninstall -n graphgate graphgate
-            helm upgrade --create-namespace -i -n graphgate graphgate examples/helm
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
 
-  standalone-demo-docker:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Login to DockerHub
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
-          username: ${{ secrets.DOCKER_USER }}
-          password: ${{ secrets.DOCKER_TOKEN }}
-      - name: Build and push ${{ matrix.package.name }}
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
         uses: docker/build-push-action@v5
         with:
-          push: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
           context: .
-          file: Dockerfile-standalone-demo
-          tags: scott829/graphgate-standalone-demo:latest
-
-  publish:
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      max-parallel: 1
-      matrix:
-        package:
-          - name: graphgate-schema
-            registryName: graphgate-schema
-            path: crates/schema
-          - name: graphgate-validation
-            registryName: graphgate-validation
-            path: crates/validation
-          - name: graphgate-planner
-            registryName: graphgate-planner
-            path: crates/planner
-          - name: graphgate-handler
-            registryName: graphgate-handler
-            path: crates/handler
-          - name: graphgate
-            registryName: graphgate
-            path: .
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: get version
-        working-directory: ${{ matrix.package.path }}
-        run: echo PACKAGE_VERSION=$(sed -nE 's/^\s*version = "(.*?)"/\1/p' Cargo.toml) >> $GITHUB_ENV
-      - name: check published version
-        run: echo PUBLISHED_VERSION=$(cargo search ${{ matrix.package.registryName }} --limit 1 | sed -nE 's/^[^"]*"//; s/".*//1p' -) >> $GITHUB_ENV
-      - name: cargo login
-        if: env.PACKAGE_VERSION != env.PUBLISHED_VERSION
-        run: cargo login ${{ secrets.CRATES_TOKEN }}
-      - name: cargo package
-        if: env.PACKAGE_VERSION != env.PUBLISHED_VERSION
-        working-directory: ${{ matrix.package.path }}
-        run: |
-          cargo package
-          echo "We will publish:" $PACKAGE_VERSION
-          echo "This is current latest:" $PUBLISHED_VERSION
-      - name: Publish ${{ matrix.package.name }}
-        if: env.PACKAGE_VERSION != env.PUBLISHED_VERSION
-        working-directory: ${{ matrix.package.path }}
-        run: |
-          echo "# Cargo Publish"
-          cargo publish --no-verify
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository }}/graphgate:${{ env.PACKAGE_VERSION }}
+            ghcr.io/${{ github.repository }}/graphgate:latest
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -30,9 +30,6 @@ tracing-subscriber = { version = "0.3.6", features = ["env-filter"] }
 value.workspace = true
 warp.workspace = true
 
-[target.x86_64-unknown-linux-musl.dependencies.jemallocator]
-version = "0.5.4"
-
 [dev-dependencies]
 async-graphql.workspace = true
 async-graphql-warp.workspace = true

diff --git a/Dockerfile b/Dockerfile
@@ -1,44 +1,23 @@
-###
-# Builder
-###
-FROM rust:latest as builder
+FROM rust:alpine as builder
 
-RUN rustup target add x86_64-unknown-linux-musl
-RUN apt update && apt install -y musl-tools musl-dev
-RUN update-ca-certificates
+ARG TARGETPLATFORM
 
-ENV USER=graphgate
-ENV UID=10001
-
-
-RUN adduser \
-    --disabled-password \
-    --gecos "" \
-    --home "/nonexistent" \
-    --shell "/sbin/nologin" \
-    --no-create-home \
-    --uid "${UID}" \
-    "${USER}"
+RUN apk add --no-cache ca-certificates musl-dev openssl-dev openssl-libs-static \
+    && update-ca-certificates
 
 WORKDIR /graphgate
-
 COPY ./ .
 
-RUN cargo build --target x86_64-unknown-linux-musl --release
-
-###
-# Final Image
-###
+RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then ARCHITECTURE=x86_64; elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then ARCHITECTURE=aarch64; fi \
+    && rustup target add ${ARCHITECTURE}-unknown-linux-musl \
+    && cargo build --target ${ARCHITECTURE}-unknown-linux-musl --release \
+    && mv target/${ARCHITECTURE}-unknown-linux-musl/release/graphgate target/graphgate
 
 FROM scratch
-
-COPY --from=builder /etc/passwd /etc/passwd
-COPY --from=builder /etc/group /etc/group
-
 WORKDIR /graphgate
 
-COPY --from=builder /graphgate/target/x86_64-unknown-linux-musl/release/graphgate ./
-
-USER graphgate:graphgate
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=builder /graphgate/target/graphgate ./
 
+USER 1000
 ENTRYPOINT [ "/graphgate/graphgate" ]
diff --git a/src/main.rs b/src/main.rs
@@ -28,15 +28,6 @@ use tracing_subscriber::{fmt, layer::SubscriberExt, util::SubscriberInitExt, Env
 use value::ConstValue;
 use warp::{http::Response as HttpResponse, hyper::StatusCode, Filter, Rejection, Reply};
 
-// Use Jemalloc only for musl-64 bits platforms
-#[cfg(all(
-    target_arch = "x86_64",
-    target_env = "musl",
-    target_pointer_width = "64"
-))]
-#[global_allocator]
-static ALLOC: jemallocator::Jemalloc = jemallocator::Jemalloc;
-
 fn init_tracing() {
     tracing_subscriber::registry()
         .with(fmt::layer().compact().with_target(false))