Automatically build container on release and push to our registry.

Now that Tor's gitlab has the container registry enabled, we can build a
snowflake container on release, and push the built container to the snowflake
registry.

This is accomplished without using privileged gitlab runners, via kaniko.

This would speed up snowflake updates for people running the docker
container. It would also mean that the 'docker-snowflake-proxy' project would no
longer need to exist.

Fixes docker-snowflake-proxy#10
Fixes docker-snowflake-proxy#13

2 files changed, 30 insertions, 0 deletions

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 52b53c7..24a4ac8 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -274,3 +274,15 @@ release-job:
         - name: '${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.tar.gz'
           url: '${CI_PROJECT_URL}/-/jobs/${TAR_JOB_ID}/artifacts/file/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.tar.gz'
  
+build-container:
+  stage: deploy
+  image:
+    name: gcr.io/kaniko-project/executor:v1.14.0-debug
+    entrypoint: [""]
+  script:
+    - /kaniko/executor
+      --context "${CI_PROJECT_DIR}"
+      --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
+      --destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}"
+  rules:
+    - if: $CI_COMMIT_TAG
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..a2017e5
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,18 @@
+FROM docker.io/library/golang:1.21 AS build
+
+LABEL io.containers.autoupdate=registry
+LABEL org.opencontainers.image.authors="anti-censorship-team@lists.torproject.org"
+
+ADD . /app
+
+WORKDIR /app/proxy
+RUN go get
+RUN CGO_ENABLED=0 go build -o proxy -ldflags '-extldflags "-static" -w -s'  .
+
+FROM scratch
+
+COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=build /usr/share/zoneinfo /usr/share/zoneinfo
+COPY --from=build /app/proxy/proxy /bin/proxy
+
+ENTRYPOINT [ "/bin/proxy" ]