From 7176572106b51302e58401fbadae54a480e3ba95 Mon Sep 17 00:00:00 2001 From: Erik Frey Date: Fri, 24 Oct 2025 10:42:51 +0100 Subject: [PATCH 1/6] Create docker-build.yaml --- .github/workflows/docker-build.yaml | 39 +++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/docker-build.yaml diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml new file mode 100644 index 0000000000000..0ce5a8986849d --- /dev/null +++ b/.github/workflows/docker-build.yaml @@ -0,0 +1,39 @@ +name: docker-build +on: + pull_request: {} + push: + branches: + - "elx-vault-main" + +env: + IMAGE_NAME: elx-vault + +jobs: + push: + runs-on: self-hosted + permissions: + packages: write + contents: read + + steps: + - uses: actions/checkout@v5 + - name: Build image + run: docker build . --file Dockerfile --tag $IMAGE_NAME --label "runnumber=${GITHUB_RUN_ID}" + - name: Log in to registry + run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin + + - name: Push image + run: | + IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME + + IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') + + VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') + + [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') + + [ "$VERSION" == "main" ] && VERSION=latest + echo IMAGE_ID=$IMAGE_ID + echo VERSION=$VERSION + docker tag $IMAGE_NAME $IMAGE_ID:$VERSION + docker push $IMAGE_ID:$VERSION From bc97338f3fdc8eb0e90e536423683ef96f027df3 Mon Sep 17 00:00:00 2001 From: Erik Frey Date: Fri, 24 Oct 2025 11:20:47 +0100 Subject: [PATCH 2/6] Change from minio's own image to build from golang:1.24-alpine --- .github/workflows/docker-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml index 0ce5a8986849d..5779c418782b8 100644 --- a/.github/workflows/docker-build.yaml +++ b/.github/workflows/docker-build.yaml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v5 - name: Build image - run: docker build . --file Dockerfile --tag $IMAGE_NAME --label "runnumber=${GITHUB_RUN_ID}" + run: docker build . --file Dockerfile.release --tag $IMAGE_NAME --label "runnumber=${GITHUB_RUN_ID}" - name: Log in to registry run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin From 196e69fa991ed3302e7a720f8913c85b2de7f36d Mon Sep 17 00:00:00 2001 From: Erik Frey Date: Fri, 24 Oct 2025 13:42:09 +0100 Subject: [PATCH 3/6] Remove deprecated download of minio binary and minisign --- Dockerfile.release | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/Dockerfile.release b/Dockerfile.release index b2d05283850f8..824691ebd27a4 100644 --- a/Dockerfile.release +++ b/Dockerfile.release @@ -1,8 +1,6 @@ FROM golang:1.24-alpine AS build -ARG TARGETARCH -ARG RELEASE - +ENV TARGETARCH=linux-amd64 ENV GOPATH=/go ENV CGO_ENABLED=0 @@ -14,12 +12,6 @@ RUN apk add -U --no-cache ca-certificates && \ apk add -U --no-cache bash && \ go install aead.dev/minisign/cmd/minisign@v0.2.1 -# Download minio binary and signature files -RUN curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE} -o /go/bin/minio && \ - curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.minisig -o /go/bin/minio.minisig && \ - curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.sha256sum -o /go/bin/minio.sha256sum && \ - chmod +x /go/bin/minio - # Download mc binary and signature files RUN curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc -o /go/bin/mc && \ curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.minisig -o /go/bin/mc.minisig && \ @@ -27,8 +19,7 @@ RUN curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc -o /go chmod +x /go/bin/mc # Verify binary signature using public key "RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGavRUN" -RUN minisign -Vqm /go/bin/minio -x /go/bin/minio.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav && \ - minisign -Vqm /go/bin/mc -x /go/bin/mc.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav +RUN minisign -Vqm /go/bin/mc -x /go/bin/mc.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav COPY dockerscripts/download-static-curl.sh /build/download-static-curl RUN chmod +x /build/download-static-curl && \ From 7ac824a734a176e89f8d9f57feefe3e7550c20f4 Mon Sep 17 00:00:00 2001 From: Erik Frey Date: Fri, 24 Oct 2025 13:46:54 +0100 Subject: [PATCH 4/6] Remove minisign of mc client --- Dockerfile.release | 3 --- 1 file changed, 3 deletions(-) diff --git a/Dockerfile.release b/Dockerfile.release index 824691ebd27a4..feafa84425aee 100644 --- a/Dockerfile.release +++ b/Dockerfile.release @@ -18,9 +18,6 @@ RUN curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc -o /go curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.sha256sum -o /go/bin/mc.sha256sum && \ chmod +x /go/bin/mc -# Verify binary signature using public key "RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGavRUN" -RUN minisign -Vqm /go/bin/mc -x /go/bin/mc.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav - COPY dockerscripts/download-static-curl.sh /build/download-static-curl RUN chmod +x /build/download-static-curl && \ /build/download-static-curl From d6fa45d738343f75c0bb52234070c99c2446e527 Mon Sep 17 00:00:00 2001 From: Erik Frey Date: Fri, 24 Oct 2025 13:59:38 +0100 Subject: [PATCH 5/6] Removed unncessary linux to environment variable --- Dockerfile.release | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.release b/Dockerfile.release index feafa84425aee..0f47d56e3006a 100644 --- a/Dockerfile.release +++ b/Dockerfile.release @@ -1,6 +1,6 @@ FROM golang:1.24-alpine AS build -ENV TARGETARCH=linux-amd64 +ENV TARGETARCH=amd64 ENV GOPATH=/go ENV CGO_ENABLED=0 From 63816065d873a611314889009e317c33befc96a6 Mon Sep 17 00:00:00 2001 From: Erik Frey Date: Fri, 24 Oct 2025 14:03:22 +0100 Subject: [PATCH 6/6] Re-added minio client for buildflow test --- Dockerfile.release | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Dockerfile.release b/Dockerfile.release index 0f47d56e3006a..af1fe63cff450 100644 --- a/Dockerfile.release +++ b/Dockerfile.release @@ -12,6 +12,11 @@ RUN apk add -U --no-cache ca-certificates && \ apk add -U --no-cache bash && \ go install aead.dev/minisign/cmd/minisign@v0.2.1 +RUN curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE} -o /go/bin/minio && \ + curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.minisig -o /go/bin/minio.minisig && \ + curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.sha256sum -o /go/bin/minio.sha256sum && \ + chmod +x /go/bin/minio + # Download mc binary and signature files RUN curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc -o /go/bin/mc && \ curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.minisig -o /go/bin/mc.minisig && \