cloudnative-pg · sxd · Nov 19, 2024
@@ -0,0 +1,62 @@
+name: Barman Base Image
+on:
+  pull_request:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 0 * * 0"
+
+env:
+  IMAGE_NAME: "ghcr.io/cloudnative-pg/plugin-barman-cloud-base"
+  PLATFORMS: "linux/amd64,linux/arm64"
+
+permissions:
+  contents: write
+  packages: write
+  security-events: write
+
+jobs:
+  build:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: ${{ env.PLATFORMS }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the GitHub Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build Docker Image
+        uses: docker/build-push-action@v6
+        with:
+          platforms: ${{ env.PLATFORMS }}
+          context: .
+          file: ./containers/Dockerfile.barmanbase
+          push: true
+          tags: ${{ env.IMAGE_NAME }}:latest
+
+      - name: Run Snyk to check Docker image for vulnerabilities
+        uses: snyk/actions/docker@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: "${{ env.IMAGE_NAME }}:latest"
+          args: --severity-threshold=high --file=./containers/Dockerfile.barmanbase
+      -
+        name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: snyk.sarif
@@ -0,0 +1,6 @@
+FROM python:3.13-slim AS pythonbuilder
+RUN apt-get update && \
+    apt-get install -y postgresql-common build-essential && \
+    /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \
+    apt-get install -y libpq-dev && \
+    pip install barman[azure,cloud,google,snappy]==3.11.1 setuptools
@@ -30,16 +30,10 @@ COPY ../internal/ internal/
 RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build \
     CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/manager/main.go
 
-# Build barman-cloud
+# Use plug-barman-cloud-base to get the dependencies
 # pip will build everything inside /usr/ since this is the case
-# we should build and then copy every file into a destination that will
-# then copy into the distroless container
-FROM python:3.13-slim AS pythonbuilder
-RUN apt-get update && \
-    apt-get install -y postgresql-common build-essential && \
-    /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \
-    apt-get install -y libpq-dev && \
-    pip install barman[azure,cloud,google,snappy]==3.11.1 setuptools
+# Copy every file into a destination that will then copy into the distroless container
+FROM ghcr.io/cloudnative-pg/plugin-barman-cloud-base:latest AS pythonbuilder
 # Prepare a new /usr/ directory with the files we'll need in the final image
 RUN mkdir /new-usr/ && \
     cp -r --parents /usr/local/lib/ /usr/lib/*-linux-gnu/ /usr/local/bin/ \