From a1f7e1be1994f1d61d26f5e6c4352aec82f093be Mon Sep 17 00:00:00 2001 From: dklimpel <5740567+dklimpel@users.noreply.github.com> Date: Sat, 11 May 2024 00:12:25 +0200 Subject: [PATCH 1/4] Add pipeline for build goss docker image --- .github/workflows/docker-goss.yaml | 93 ++++++++++++++++++++++++++++++ Dockerfile | 19 ++++++ 2 files changed, 112 insertions(+) create mode 100644 .github/workflows/docker-goss.yaml create mode 100644 Dockerfile diff --git a/.github/workflows/docker-goss.yaml b/.github/workflows/docker-goss.yaml new file mode 100644 index 000000000..c5dc6fd69 --- /dev/null +++ b/.github/workflows/docker-goss.yaml @@ -0,0 +1,93 @@ +name: Docker image for Goss + +on: + push: + branches: + - master + tags: + - "v*" + workflow_dispatch: + +env: + PLATFORMS: "linux/amd64,linux/arm64" + +jobs: + goss: + name: Build and push Docker image + runs-on: ubuntu-latest + permissions: + packages: write + contents: read + security-events: write # To upload Trivy sarif files + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/${{ github.repository_owner }}/goss + + - name: Get latest git tag + uses: actions-ecosystem/action-get-latest-tag@v1 + id: get-latest-tag + + - name: Set short git commit SHA + run: | + calculatedSha=$(git rev-parse --short ${{ github.sha }}) + echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV + + - name: Build master goss image + if: github.ref_name == 'master' + uses: docker/build-push-action@v5 + with: + build-args: | + GOSS_VERSION=${{ steps.get-latest-tag.outputs.tag }}-${{ github.ref_name }}+${{ env.COMMIT_SHORT_SHA }} + context: . + push: true + tags: | + ghcr.io/${{ github.repository_owner }}/goss:master + labels: ${{ steps.meta.outputs.labels }} + platforms: ${{ env.PLATFORMS }} + + - name: Build release goss image + if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') + uses: docker/build-push-action@v5 + with: + build-args: | + GOSS_VERSION=${{ github.ref_name }} + context: . + push: true + tags: | + ghcr.io/${{ github.repository_owner }}/goss:latest + ghcr.io/${{ github.repository_owner }}/goss:${{ github.ref_name }} + labels: ${{ steps.meta.outputs.labels }} + platforms: ${{ env.PLATFORMS }} + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ghcr.io/${{ github.repository_owner }}/goss:master + format: "sarif" + output: "trivy-results.sarif" + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: "trivy-results.sarif" diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..18438cd01 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,19 @@ +ARG GO_VERSION=1.21 + +FROM docker.io/golang:${GO_VERSION}-alpine AS base + +ARG GOSS_VERSION=v0.0.0 +WORKDIR /build + +RUN --mount=target=. \ + CGO_ENABLED=0 go build \ + -ldflags "-X main.version=${GOSS_VERSION} -s -w" \ + -o "/release/goss" \ + ./cmd/goss + +FROM alpine:3.19 + +COPY --from=base /release/* /usr/bin/ + +RUN mkdir /goss +VOLUME /goss From dd09ed291fd766c103d1f6212045dcf176e8eaad Mon Sep 17 00:00:00 2001 From: Dirk Klimpel <5740567+dklimpel@users.noreply.github.com> Date: Sat, 11 May 2024 19:12:05 +0200 Subject: [PATCH 2/4] use go version from project --- .github/workflows/docker-goss.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/docker-goss.yaml b/.github/workflows/docker-goss.yaml index c5dc6fd69..78e07bdcd 100644 --- a/.github/workflows/docker-goss.yaml +++ b/.github/workflows/docker-goss.yaml @@ -53,11 +53,15 @@ jobs: calculatedSha=$(git rev-parse --short ${{ github.sha }}) echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV + - name: Get the current version of Go from project. + run: echo "GO_VERSION_FROM_PROJECT=$(go mod edit -json | jq -r .Go)" >> $GITHUB_ENV + - name: Build master goss image if: github.ref_name == 'master' uses: docker/build-push-action@v5 with: build-args: | + GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }} GOSS_VERSION=${{ steps.get-latest-tag.outputs.tag }}-${{ github.ref_name }}+${{ env.COMMIT_SHORT_SHA }} context: . push: true @@ -71,6 +75,7 @@ jobs: uses: docker/build-push-action@v5 with: build-args: | + GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }} GOSS_VERSION=${{ github.ref_name }} context: . push: true From ec0e6082b4f674071e1dfc4fbe9335403e1b55e9 Mon Sep 17 00:00:00 2001 From: Dirk Klimpel <5740567+dklimpel@users.noreply.github.com> Date: Sat, 18 May 2024 12:44:39 +0200 Subject: [PATCH 3/4] adapt setting version to changed var from PR #892 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 18438cd01..93a143a3d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ WORKDIR /build RUN --mount=target=. \ CGO_ENABLED=0 go build \ - -ldflags "-X main.version=${GOSS_VERSION} -s -w" \ + -ldflags "-X github.com/goss-org/goss/util.Version=${GOSS_VERSION} -s -w" \ -o "/release/goss" \ ./cmd/goss From eb109d93f7480d57c9b19e66b70168aec62ee47f Mon Sep 17 00:00:00 2001 From: dklimpel <5740567+dklimpel@users.noreply.github.com> Date: Mon, 24 Jun 2024 13:59:15 +0200 Subject: [PATCH 4/4] add docs --- README.md | 4 ++++ docs/.pages | 1 + docs/container_image.md | 53 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 docs/container_image.md diff --git a/README.md b/README.md index 02ede20cb..c1788885c 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,10 @@ make build [Full Documentation](https://github.com/goss-org/goss/blob/e73553f9c3065ac297499dafb4f8abef6acb24ad/docs/manual.md) +## Using the container image + +[Using the Goss container image](docs/container_image.md) + ## Quick start diff --git a/docs/.pages b/docs/.pages index 67373453b..bed10fe4c 100644 --- a/docs/.pages +++ b/docs/.pages @@ -2,6 +2,7 @@ nav: - Home: index.md - installation.md - quickstart.md + - container_image.md - Command Reference: cli.md - The gossfile: gossfile.md - migrations.md diff --git a/docs/container_image.md b/docs/container_image.md new file mode 100644 index 000000000..ba12d30f7 --- /dev/null +++ b/docs/container_image.md @@ -0,0 +1,53 @@ +# Goss container image + +## Dockerfiles + +* [latest](https://github.com/goss-org/goss/blob/master/Dockerfile) + +## Using the base image + +This is a simple alpine image with Goss preinstalled on it. +Can be used as a base image for your projects to allow for easy health checking. + +### Mount example + +Create the container + +```sh +docker run --name goss ghcr.io/goss-org/goss goss +``` + +Create your container and mount goss + +```sh +docker run --rm -it --volumes-from goss --name weby nginx +``` + +Run goss inside your container + +```sh +docker exec weby /goss/goss autoadd nginx +``` + +### HEALTHCHECK example + +```dockerfile +FROM ghcr.io/goss-org/goss:latest + +COPY goss/ /goss/ +HEALTHCHECK --interval=1s --timeout=6s CMD goss -g /goss/goss.yaml validate + +# your stuff.. +``` + +### Startup delay example + +```dockerfile +FROM ghcr.io/goss-org/goss:latest + +COPY goss/ /goss/ + +# Alternatively, the -r option can be set +# using the GOSS_RETRY_TIMEOUT env variable +CMD goss -g /goss/goss.yaml validate -r 5m && exec real_comand.. +```