diff options
author | Micah Anderson <micah@riseup.net> | 2024-02-05 21:35:23 -0500 |
---|---|---|
committer | micah <micah@torproject.org> | 2024-03-03 14:07:33 +0000 |
commit | 9175e86321bdb8f885063791c93b441a479b1308 (patch) | |
tree | e8f32e534d6a1c4a64fb1cf07d9041a8d6ebcb8e | |
parent | 7b47a7d94b1d61904808c0322a7e969a9e302b70 (diff) | |
download | snowflake-9175e86321bdb8f885063791c93b441a479b1308.tar.gz snowflake-9175e86321bdb8f885063791c93b441a479b1308.zip |
Automatically build container on release and push to our registry.
Now that Tor's gitlab has the container registry enabled, we can build a
snowflake container on release, and push the built container to the snowflake
registry.
This is accomplished without using privileged gitlab runners, via kaniko.
This would speed up snowflake updates for people running the docker
container. It would also mean that the 'docker-snowflake-proxy' project would no
longer need to exist.
Fixes docker-snowflake-proxy#10
Fixes docker-snowflake-proxy#13
-rw-r--r-- | .gitlab-ci.yml | 12 | ||||
-rw-r--r-- | Dockerfile | 18 |
2 files changed, 30 insertions, 0 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 52b53c7..24a4ac8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -274,3 +274,15 @@ release-job: - name: '${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.tar.gz' url: '${CI_PROJECT_URL}/-/jobs/${TAR_JOB_ID}/artifacts/file/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.tar.gz' +build-container: + stage: deploy + image: + name: gcr.io/kaniko-project/executor:v1.14.0-debug + entrypoint: [""] + script: + - /kaniko/executor + --context "${CI_PROJECT_DIR}" + --dockerfile "${CI_PROJECT_DIR}/Dockerfile" + --destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}" + rules: + - if: $CI_COMMIT_TAG diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..a2017e5 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,18 @@ +FROM docker.io/library/golang:1.21 AS build + +LABEL io.containers.autoupdate=registry +LABEL org.opencontainers.image.authors="anti-censorship-team@lists.torproject.org" + +ADD . /app + +WORKDIR /app/proxy +RUN go get +RUN CGO_ENABLED=0 go build -o proxy -ldflags '-extldflags "-static" -w -s' . + +FROM scratch + +COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=build /usr/share/zoneinfo /usr/share/zoneinfo +COPY --from=build /app/proxy/proxy /bin/proxy + +ENTRYPOINT [ "/bin/proxy" ] |