build: fix binary releaser

for docker, also fix ci in release & generate-pgo workflows

build(make): seperate PGO subcommand

Signed-off-by: Dwi Siswanto <[email protected]>

build(docker): use PGO from the ARG

Signed-off-by: Dwi Siswanto <[email protected]>

build: use project name field

and packaging the docker thru goreleaser

Signed-off-by: Dwi Siswanto <[email protected]>

ci(generate-pgo): artifact PGO file

Signed-off-by: Dwi Siswanto <[email protected]>

ci(release): refactor release workflow

ci(release-publish): remove docker packaging job

also download the PGO file artifact, if doesn't
exists, make it

Signed-off-by: Dwi Siswanto <[email protected]>

ci: rename release-publish workflow

Signed-off-by: Dwi Siswanto <[email protected]>

ci(release): rm job input && cond expr

Signed-off-by: Dwi Siswanto <[email protected]>

ci(release): rm tag input && add if ref type is tag

Signed-off-by: Dwi Siswanto <[email protected]>

ci(release): seperate is-tag as a job

Signed-off-by: Dwi Siswanto <[email protected]>

revert: "ci(release): rm tag input && add if ref type is tag"

Signed-off-by: Dwi Siswanto <[email protected]>

ci(release): update tag input desc

Signed-off-by: Dwi Siswanto <[email protected]>

ci(release): fix build PGO file expr

Signed-off-by: Dwi Siswanto <[email protected]>

ci(release): build PGO file on failure only

ci(release): update build PGO file script

Signed-off-by: Dwi Siswanto <[email protected]>

ci(release): build PGO file on failure only

Signed-off-by: Dwi Siswanto <[email protected]>

ci(generate-pgo): make pgo

Signed-off-by: Dwi Siswanto <[email protected]>

ci(release): `continue-on-error` while `download-artifact`

Signed-off-by: Dwi Siswanto <[email protected]>

build: fix seq & key indents in goreleaser config

Signed-off-by: Dwi Siswanto <[email protected]>

ci(release): make PGO with POSIX-comp script

coz we are on container

Signed-off-by: Dwi Siswanto <[email protected]>

ci(release): copy the PGO instead of download artifact

Signed-off-by: Dwi Siswanto <[email protected]>

build(docker): fix COPY cmd

Signed-off-by: Dwi Siswanto <[email protected]>

ci(generate-pgo): copying PGO b4 upload as artifact

Signed-off-by: Dwi Siswanto <[email protected]>

ci(release): download PGO (artifact) and fallback

copy from PGO branch

Signed-off-by: Dwi Siswanto <[email protected]>

ci(release): add `continue-on-error` while `download-artifact`

Signed-off-by: Dwi Siswanto <[email protected]>

build(docker): fix COPY cmd

Signed-off-by: Dwi Siswanto <[email protected]>

build(docker): set USER & GROUP and add labels

Signed-off-by: Dwi Siswanto <[email protected]>

chore(dockerignore): add out & test exts

Signed-off-by: Dwi Siswanto <[email protected]>

build: using dedicated dockerfile

Signed-off-by: Dwi Siswanto <[email protected]>

.dockerignore

@@ -3,4 +3,8 @@
 **/.github
 **/Dockerfile
 **/.dockerignore
-**/demo
+**/demo
+**/*.out
+**/*.test
+**/bin
+**/dist

.github/workflows/generate-pgo.yaml

@@ -14,22 +14,36 @@ env:
   PGO_BRANCH: "pgo"
 
 jobs:
-  tests:
+  generate-pgo:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
+
       - uses: actions/setup-go@v5
         with:
-          go-version: 'stable'
+          go-version-file: 'go.mod'
           cache-dependency-path: '**/go.sum'
-      - run: make pprof && cp ${{ env.PGO_FILE }} /tmp/
+
+      - run: make pgo && cp ${{ env.PGO_FILE }} /tmp/
+
       - uses: actions/checkout@v3
         with:
           ref: ${{ env.PGO_BRANCH }}
-      - run: git rm --cached ${{ env.PGO_FILE }}
-      - if: ${{ success() || failure() }}
-        run: |
+
+      - run: |
+          git rm --cached ${{ env.PGO_FILE }}
           cp /tmp/${{ env.PGO_FILE }} .
+
+      - uses: actions/upload-artifact@v4
+        if: (success() || failure())
+        with:
+          name: pgo
+          path: ${{ env.PGO_FILE }}
+          retention-days: 90
+          overwrite: true
+
+      - name: pushing PGO file
+        run: |
           git config --local user.email "[email protected]"
           git config --local user.name "ghost"
           git add ${{ env.PGO_FILE }}

.github/workflows/release.yaml

@@ -0,0 +1,55 @@
+name: Release
+
+on:
+  push:
+    tags: ["v*.*.**"]
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Target tag to release"
+        required: true
+        type: string
+
+env:
+  PGO_FILE: "default.pgo"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/goreleaser/goreleaser-cross:latest
+    steps:
+      - uses: actions/download-artifact@v4
+        id: artifact
+        with:
+          name: pgo
+        continue-on-error: true
+
+      - uses: actions/checkout@v3
+        if: steps.artifact.outcome != 'success'
+        with:
+          ref: pgo
+
+      - run: cp ${{ env.PGO_FILE }} /tmp
+        if: steps.artifact.outcome != 'success'
+
+      - uses: actions/checkout@v3
+        with:
+          ref: "${{ inputs.tag || github.ref_name }}"
+
+      - run: cp /tmp/${{ env.PGO_FILE }} .
+        if: steps.artifact.outcome != 'success'
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+          cache-dependency-path: '**/go.sum'
+
+      - name: Build PGO file
+        run: '[ -f "${{ env.PGO_FILE }}" ] || make pgo'
+
+      - run: git config --global --add safe.directory "$(pwd)"
+
+      - run: goreleaser release --clean
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.goreleaser.yaml

@@ -1,5 +1,6 @@
 env:
   - CGO_ENABLED=1
+  - PGO_FILE=default.pgo
 
 before:
   hooks:
@@ -9,9 +10,9 @@ release:
   prerelease: auto
 
 builds:
-  - id: teler-proxy_darwin-amd64
-    binary: teler-proxy
-    main: ./cmd/teler-proxy
+  - id: "{{ .ProjectName }}_darwin-amd64"
+    binary: "{{ .ProjectName }}"
+    main: ./cmd/{{ .ProjectName }}
     goarch:
       - amd64
     goos:
@@ -21,13 +22,13 @@ builds:
       - CXX=o64-clang++
     flags:
       - -trimpath
-      - -pgo=default.pgo
+      - -pgo={{ .Env.PGO_FILE }}
     ldflags:
-      - -s -w -X github.com/kitabisa/teler-proxy/common.Version={{ .Version }}
+      - -s -w -X github.com/kitabisa/{{ .ProjectName }}/common.Version={{ .Version }}
 
-  - id: teler-proxy_darwin-arm64
-    binary: teler-proxy
-    main: ./cmd/teler-proxy
+  - id: "{{ .ProjectName }}_darwin-arm64"
+    binary: "{{ .ProjectName }}"
+    main: ./cmd/{{ .ProjectName }}
     goarch:
       - arm64
     goos:
@@ -37,13 +38,13 @@ builds:
       - CXX=oa64-clang++
     flags:
       - -trimpath
-      - -pgo=default.pgo
+      - -pgo={{ .Env.PGO_FILE }}
     ldflags:
-      - -s -w -X github.com/kitabisa/teler-proxy/common.Version={{ .Version }}
+      - -s -w -X github.com/kitabisa/{{ .ProjectName }}/common.Version={{ .Version }}
 
-  - id: teler-proxy_linux-amd64
-    binary: teler-proxy
-    main: ./cmd/teler-proxy
+  - id: "{{ .ProjectName }}_linux-amd64"
+    binary: "{{ .ProjectName }}"
+    main: ./cmd/{{ .ProjectName }}
     env:
       - CC=x86_64-linux-gnu-gcc
       - CXX=x86_64-linux-gnu-g++
@@ -53,13 +54,13 @@ builds:
       - linux
     flags:
       - -trimpath
-      - -pgo=default.pgo
+      - -pgo={{ .Env.PGO_FILE }}
     ldflags:
-      - -s -w -X github.com/kitabisa/teler-proxy/common.Version={{ .Version }}
+      - -s -w -X github.com/kitabisa/{{ .ProjectName }}/common.Version={{ .Version }}
 
-  - id: teler-proxy_linux-arm64
-    binary: teler-proxy
-    main: ./cmd/teler-proxy
+  - id: "{{ .ProjectName }}_linux-arm64"
+    binary: "{{ .ProjectName }}"
+    main: ./cmd/{{ .ProjectName }}
     goarch:
       - arm64
     goos:
@@ -69,13 +70,13 @@ builds:
       - CXX=aarch64-linux-gnu-g++
     flags:
       - -trimpath
-      - -pgo=default.pgo
+      - -pgo={{ .Env.PGO_FILE }}
     ldflags:
-      - -s -w -X github.com/kitabisa/teler-proxy/common.Version={{ .Version }}
+      - -s -w -X github.com/kitabisa/{{ .ProjectName }}/common.Version={{ .Version }}
 
-  - id: teler-proxy_windows-amd64
-    binary: teler-proxy
-    main: ./cmd/teler-proxy
+  - id: "{{ .ProjectName }}_windows-amd64"
+    binary: "{{ .ProjectName }}"
+    main: ./cmd/{{ .ProjectName }}
     goarch:
       - amd64
     goos:
@@ -85,27 +86,20 @@ builds:
       - CXX=x86_64-w64-mingw32-g++
     flags:
       - -trimpath
-      - -pgo=default.pgo
+      - -pgo={{ .Env.PGO_FILE }}
       - -buildmode=exe
     ldflags:
-      - -s -w -X github.com/kitabisa/teler-proxy/common.Version={{ .Version }}
-
-universal_binaries:
-  - id: teler-proxy_darwin-universal
-    ids:
-      - teler-proxy_darwin-amd64
-      - teler-proxy_darwin-arm64
-    replace: true
-    name_template: "teler-proxy"
+      - -s -w -X github.com/kitabisa/{{ .ProjectName }}/common.Version={{ .Version }}
 
 archives:
   - id: build
     builds:
-      - teler-proxy_darwin-universal
-      - teler-proxy_linux-amd64
-      - teler-proxy_linux-arm64
-      - teler-proxy_windows-amd64
-    name_template: "teler-proxy_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+      - "{{ .ProjectName }}_darwin-amd64"
+      - "{{ .ProjectName }}_darwin-arm64"
+      - "{{ .ProjectName }}_linux-amd64"
+      - "{{ .ProjectName }}_linux-arm64"
+      - "{{ .ProjectName }}_windows-amd64"
+    name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
     wrap_in_directory: false
     files:
       - "LICENSE*"
@@ -119,4 +113,24 @@ checksum:
 snapshot:
   name_template: "{{ incpatch .Version }}-next"
 changelog:
-  sort: asc
+  sort: asc
+
+dockers:
+  - image_templates:
+      - "ghcr.io/kitabisa/{{ .ProjectName }}:{{ .Tag }}"
+      - "ghcr.io/kitabisa/{{ .ProjectName }}:v{{ .Major }}.{{ .Minor }}"
+      - "ghcr.io/kitabisa/{{ .ProjectName }}:v{{ .Major }}"
+      - "ghcr.io/kitabisa/{{ .ProjectName }}:latest"
+    dockerfile: Dockerfile.goreleaser
+    use: docker
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.authors=\"Dwi Siswanto <[email protected]>\""
+      - "--label=org.opencontainers.image.created={{ .Date }}"
+      - "--label=org.opencontainers.image.description=\"teler Proxy enabling seamless integration with teler WAF to protect locally running web service against a variety of web-based attacks\""
+      - "--label=org.opencontainers.image.licenses=Apache-2.0"
+      - "--label=org.opencontainers.image.ref.name={{ .Tag }}"
+      - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
+      - "--label=org.opencontainers.image.title={{ .ProjectName }}"
+      - "--label=org.opencontainers.image.url=https://github.com/kitabisa/{{ .ProjectName }}"
+      - "--label=org.opencontainers.image.version={{ .Version }}"

Dockerfile

@@ -1,27 +1,43 @@
-FROM golang:alpine AS build
+FROM golang:alpine
 
 ARG VERSION="docker"
 ARG LDFLAGS="-s -w -X github.com/kitabisa/teler-proxy/common.Version=${VERSION}"
 ARG PGO_FILE="default.pgo"
 
-LABEL description="teler Proxy enabling seamless integration with teler WAF to protect locally running web service against a variety of web-based attacks"
-LABEL repository="https://github.com/kitabisa/teler-proxy"
-LABEL maintainer="dwisiswant0"
+LABEL org.opencontainers.image.authors="Dwi Siswanto <[email protected]>"
+LABEL org.opencontainers.image.description="teler Proxy enabling seamless integration with teler WAF to protect locally running web service against a variety of web-based attacks"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.ref.name="${VERSION}"
+LABEL org.opencontainers.image.title="teler-proxy"
+LABEL org.opencontainers.image.url="https://github.com/kitabisa/teler-proxy"
+LABEL org.opencontainers.image.version="${VERSION}"
 
 WORKDIR /app
-COPY ["go.mod", "."]
-COPY ["${PGO_FILE}", "./default.pgo"]
+
+COPY ["go.mod", "${PGO_FILE}", "./"]
 RUN go mod download
 
+COPY . .
+
+ENV CGO_ENABLED=1
+
 RUN apk add build-base
+RUN go build \
+		-pgo "${PGO_FILE}" \
+		-ldflags "${LDFLAGS}" \
+		-o /bin/teler-proxy \
+		-v ./cmd/teler-proxy
 
-COPY . .
-RUN CGO_ENABLED="1" go build \
-	-pgo "default.pgo" -ldflags "${LDFLAGS}" \
-	-o ./bin/teler-proxy ./cmd/teler-proxy
+RUN addgroup \
+		-g "2000" \
+		teler-proxy && \
+	adduser \
+		-g "teler-proxy" \
+		-G "teler-proxy" \
+		-u "1000" \
+		-h "/app" \
+		-D teler-proxy
 
-FROM alpine:latest
+USER teler-proxy:teler-proxy
 
-COPY --from=build /app/bin/teler-proxy /bin/teler-proxy
-ENV HOME /
 ENTRYPOINT ["/bin/teler-proxy"]

Dockerfile.goreleaser

@@ -0,0 +1,5 @@
+FROM scratch
+
+COPY teler-proxy /teler-proxy
+
+ENTRYPOINT ["/teler-proxy"]