diff --git a/.dockerignore b/.dockerignore index 57b1491..c6fd4fd 100644 --- a/.dockerignore +++ b/.dockerignore @@ -3,4 +3,8 @@ **/.github **/Dockerfile **/.dockerignore -**/demo \ No newline at end of file +**/demo +**/*.out +**/*.test +**/bin +**/dist \ No newline at end of file diff --git a/.github/workflows/generate-pgo.yaml b/.github/workflows/generate-pgo.yaml index cff9aa4..27a9cab 100644 --- a/.github/workflows/generate-pgo.yaml +++ b/.github/workflows/generate-pgo.yaml @@ -14,22 +14,36 @@ env: PGO_BRANCH: "pgo" jobs: - tests: + generate-pgo: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - uses: actions/setup-go@v5 with: - go-version: 'stable' + go-version-file: 'go.mod' cache-dependency-path: '**/go.sum' - - run: make pprof && cp ${{ env.PGO_FILE }} /tmp/ + + - run: make pgo && cp ${{ env.PGO_FILE }} /tmp/ + - uses: actions/checkout@v3 with: ref: ${{ env.PGO_BRANCH }} - - run: git rm --cached ${{ env.PGO_FILE }} - - if: ${{ success() || failure() }} - run: | + + - run: | + git rm --cached ${{ env.PGO_FILE }} cp /tmp/${{ env.PGO_FILE }} . + + - uses: actions/upload-artifact@v4 + if: (success() || failure()) + with: + name: pgo + path: ${{ env.PGO_FILE }} + retention-days: 90 + overwrite: true + + - name: pushing PGO file + run: | git config --local user.email "ghost@users.noreply.github.com" git config --local user.name "ghost" git add ${{ env.PGO_FILE }} diff --git a/.github/workflows/release-publish.yaml b/.github/workflows/release-publish.yaml deleted file mode 100644 index a0d9537..0000000 --- a/.github/workflows/release-publish.yaml +++ /dev/null @@ -1,63 +0,0 @@ -name: Release & Publish - -on: - push: - tags: ["v*.*.**"] - workflow_dispatch: - inputs: - tag: - description: "Target tag to release/publish" - required: true - type: string - job: - description: "Choose job to run" - required: true - default: 'both' - type: choice - options: - - both - - release - - publish - -jobs: - release: - name: goreleaser-cross - runs-on: ubuntu-latest - container: - image: ghcr.io/goreleaser/goreleaser-cross:latest - if: ${{ github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && (inputs.job == 'release' || inputs.job == 'both')) }} - steps: - - uses: actions/checkout@master - with: - ref: "${{ inputs.tag || github.ref_name }}" - - - uses: actions/setup-go@v5 - with: - go-version: 'stable' - - - run: git config --global --add safe.directory "$(pwd)" - - - run: goreleaser release - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - - publish: - name: publish images - runs-on: ubuntu-latest - if: ${{ github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && (inputs.job == 'publish' || inputs.job == 'both')) }} - steps: - - uses: actions/checkout@master - with: - ref: "${{ inputs.tag || github.ref_name }}" - - - uses: docker/login-action@v3.1.0 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - uses: docker/build-push-action@v5.3.0 - with: - push: true - build-args: "VERSION=${{ inputs.tag || github.ref_name }}" - tags: "ghcr.io/${{ github.repository }}:latest,ghcr.io/${{ github.repository }}:${{ inputs.tag || github.ref_name }}" \ No newline at end of file diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..7714ddc --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,55 @@ +name: Release + +on: + push: + tags: ["v*.*.**"] + workflow_dispatch: + inputs: + tag: + description: "Target tag to release" + required: true + type: string + +env: + PGO_FILE: "default.pgo" + +jobs: + release: + runs-on: ubuntu-latest + container: + image: ghcr.io/goreleaser/goreleaser-cross:latest + steps: + - uses: actions/download-artifact@v4 + id: artifact + with: + name: pgo + continue-on-error: true + + - uses: actions/checkout@v3 + if: steps.artifact.outcome != 'success' + with: + ref: pgo + + - run: cp ${{ env.PGO_FILE }} /tmp + if: steps.artifact.outcome != 'success' + + - uses: actions/checkout@v3 + with: + ref: "${{ inputs.tag || github.ref_name }}" + + - run: cp /tmp/${{ env.PGO_FILE }} . + if: steps.artifact.outcome != 'success' + + - uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + cache-dependency-path: '**/go.sum' + + - name: Build PGO file + run: '[ -f "${{ env.PGO_FILE }}" ] || make pgo' + + - run: git config --global --add safe.directory "$(pwd)" + + - run: goreleaser release --clean + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 6b9881e..556d984 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -1,5 +1,6 @@ env: - CGO_ENABLED=1 + - PGO_FILE=default.pgo before: hooks: @@ -9,9 +10,9 @@ release: prerelease: auto builds: - - id: teler-proxy_darwin-amd64 - binary: teler-proxy - main: ./cmd/teler-proxy + - id: "{{ .ProjectName }}_darwin-amd64" + binary: "{{ .ProjectName }}" + main: ./cmd/{{ .ProjectName }} goarch: - amd64 goos: @@ -21,13 +22,13 @@ builds: - CXX=o64-clang++ flags: - -trimpath - - -pgo=default.pgo + - -pgo={{ .Env.PGO_FILE }} ldflags: - - -s -w -X github.com/kitabisa/teler-proxy/common.Version={{ .Version }} + - -s -w -X github.com/kitabisa/{{ .ProjectName }}/common.Version={{ .Version }} - - id: teler-proxy_darwin-arm64 - binary: teler-proxy - main: ./cmd/teler-proxy + - id: "{{ .ProjectName }}_darwin-arm64" + binary: "{{ .ProjectName }}" + main: ./cmd/{{ .ProjectName }} goarch: - arm64 goos: @@ -37,13 +38,13 @@ builds: - CXX=oa64-clang++ flags: - -trimpath - - -pgo=default.pgo + - -pgo={{ .Env.PGO_FILE }} ldflags: - - -s -w -X github.com/kitabisa/teler-proxy/common.Version={{ .Version }} + - -s -w -X github.com/kitabisa/{{ .ProjectName }}/common.Version={{ .Version }} - - id: teler-proxy_linux-amd64 - binary: teler-proxy - main: ./cmd/teler-proxy + - id: "{{ .ProjectName }}_linux-amd64" + binary: "{{ .ProjectName }}" + main: ./cmd/{{ .ProjectName }} env: - CC=x86_64-linux-gnu-gcc - CXX=x86_64-linux-gnu-g++ @@ -53,13 +54,13 @@ builds: - linux flags: - -trimpath - - -pgo=default.pgo + - -pgo={{ .Env.PGO_FILE }} ldflags: - - -s -w -X github.com/kitabisa/teler-proxy/common.Version={{ .Version }} + - -s -w -X github.com/kitabisa/{{ .ProjectName }}/common.Version={{ .Version }} - - id: teler-proxy_linux-arm64 - binary: teler-proxy - main: ./cmd/teler-proxy + - id: "{{ .ProjectName }}_linux-arm64" + binary: "{{ .ProjectName }}" + main: ./cmd/{{ .ProjectName }} goarch: - arm64 goos: @@ -69,13 +70,13 @@ builds: - CXX=aarch64-linux-gnu-g++ flags: - -trimpath - - -pgo=default.pgo + - -pgo={{ .Env.PGO_FILE }} ldflags: - - -s -w -X github.com/kitabisa/teler-proxy/common.Version={{ .Version }} + - -s -w -X github.com/kitabisa/{{ .ProjectName }}/common.Version={{ .Version }} - - id: teler-proxy_windows-amd64 - binary: teler-proxy - main: ./cmd/teler-proxy + - id: "{{ .ProjectName }}_windows-amd64" + binary: "{{ .ProjectName }}" + main: ./cmd/{{ .ProjectName }} goarch: - amd64 goos: @@ -85,27 +86,20 @@ builds: - CXX=x86_64-w64-mingw32-g++ flags: - -trimpath - - -pgo=default.pgo + - -pgo={{ .Env.PGO_FILE }} - -buildmode=exe ldflags: - - -s -w -X github.com/kitabisa/teler-proxy/common.Version={{ .Version }} - -universal_binaries: - - id: teler-proxy_darwin-universal - ids: - - teler-proxy_darwin-amd64 - - teler-proxy_darwin-arm64 - replace: true - name_template: "teler-proxy" + - -s -w -X github.com/kitabisa/{{ .ProjectName }}/common.Version={{ .Version }} archives: - id: build builds: - - teler-proxy_darwin-universal - - teler-proxy_linux-amd64 - - teler-proxy_linux-arm64 - - teler-proxy_windows-amd64 - name_template: "teler-proxy_{{ .Version }}_{{ .Os }}_{{ .Arch }}" + - "{{ .ProjectName }}_darwin-amd64" + - "{{ .ProjectName }}_darwin-arm64" + - "{{ .ProjectName }}_linux-amd64" + - "{{ .ProjectName }}_linux-arm64" + - "{{ .ProjectName }}_windows-amd64" + name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}" wrap_in_directory: false files: - "LICENSE*" @@ -119,4 +113,24 @@ checksum: snapshot: name_template: "{{ incpatch .Version }}-next" changelog: - sort: asc \ No newline at end of file + sort: asc + +dockers: + - image_templates: + - "ghcr.io/kitabisa/{{ .ProjectName }}:{{ .Tag }}" + - "ghcr.io/kitabisa/{{ .ProjectName }}:v{{ .Major }}.{{ .Minor }}" + - "ghcr.io/kitabisa/{{ .ProjectName }}:v{{ .Major }}" + - "ghcr.io/kitabisa/{{ .ProjectName }}:latest" + dockerfile: Dockerfile.goreleaser + use: docker + build_flag_templates: + - "--pull" + - "--label=org.opencontainers.image.authors=\"Dwi Siswanto \"" + - "--label=org.opencontainers.image.created={{ .Date }}" + - "--label=org.opencontainers.image.description=\"teler Proxy enabling seamless integration with teler WAF to protect locally running web service against a variety of web-based attacks\"" + - "--label=org.opencontainers.image.licenses=Apache-2.0" + - "--label=org.opencontainers.image.ref.name={{ .Tag }}" + - "--label=org.opencontainers.image.revision={{ .FullCommit }}" + - "--label=org.opencontainers.image.title={{ .ProjectName }}" + - "--label=org.opencontainers.image.url=https://github.com/kitabisa/{{ .ProjectName }}" + - "--label=org.opencontainers.image.version={{ .Version }}" \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index c0f4345..fe33bde 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,27 +1,43 @@ -FROM golang:alpine AS build +FROM golang:alpine ARG VERSION="docker" ARG LDFLAGS="-s -w -X github.com/kitabisa/teler-proxy/common.Version=${VERSION}" ARG PGO_FILE="default.pgo" -LABEL description="teler Proxy enabling seamless integration with teler WAF to protect locally running web service against a variety of web-based attacks" -LABEL repository="https://github.com/kitabisa/teler-proxy" -LABEL maintainer="dwisiswant0" +LABEL org.opencontainers.image.authors="Dwi Siswanto " +LABEL org.opencontainers.image.description="teler Proxy enabling seamless integration with teler WAF to protect locally running web service against a variety of web-based attacks" +LABEL org.opencontainers.image.licenses="Apache-2.0" +LABEL org.opencontainers.image.ref.name="${VERSION}" +LABEL org.opencontainers.image.title="teler-proxy" +LABEL org.opencontainers.image.url="https://github.com/kitabisa/teler-proxy" +LABEL org.opencontainers.image.version="${VERSION}" WORKDIR /app -COPY ["go.mod", "."] -COPY ["${PGO_FILE}", "./default.pgo"] + +COPY ["go.mod", "${PGO_FILE}", "./"] RUN go mod download +COPY . . + +ENV CGO_ENABLED=1 + RUN apk add build-base +RUN go build \ + -pgo "${PGO_FILE}" \ + -ldflags "${LDFLAGS}" \ + -o /bin/teler-proxy \ + -v ./cmd/teler-proxy -COPY . . -RUN CGO_ENABLED="1" go build \ - -pgo "default.pgo" -ldflags "${LDFLAGS}" \ - -o ./bin/teler-proxy ./cmd/teler-proxy +RUN addgroup \ + -g "2000" \ + teler-proxy && \ + adduser \ + -g "teler-proxy" \ + -G "teler-proxy" \ + -u "1000" \ + -h "/app" \ + -D teler-proxy -FROM alpine:latest +USER teler-proxy:teler-proxy -COPY --from=build /app/bin/teler-proxy /bin/teler-proxy -ENV HOME / ENTRYPOINT ["/bin/teler-proxy"] diff --git a/Dockerfile.goreleaser b/Dockerfile.goreleaser new file mode 100644 index 0000000..e8693ea --- /dev/null +++ b/Dockerfile.goreleaser @@ -0,0 +1,5 @@ +FROM scratch + +COPY teler-proxy /teler-proxy + +ENTRYPOINT ["/teler-proxy"] \ No newline at end of file diff --git a/Makefile b/Makefile index 189d702..be3e5fe 100644 --- a/Makefile +++ b/Makefile @@ -23,7 +23,9 @@ cover: pprof: ARGS := -cpuprofile=cpu.out -memprofile=mem.out -benchtime 30s pprof: bench -pprof: + +pgo: pprof +pgo: cp cpu.out default.pgo test: