Skip to content

Commit

Permalink
ci: fix dockerfile perms and add test
Browse files Browse the repository at this point in the history
  • Loading branch information
TheButlah committed Oct 6, 2024
1 parent ab55440 commit e1ff72f
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 8 deletions.
6 changes: 6 additions & 0 deletions .github/workflows/container.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,14 @@ jobs:
containerfiles: |
./identity-server/Dockerfile
- name: Test container works
run: |
set -Eeuxo pipefail
version="$(podman run --rm "${{ steps.build-image.outputs.image-with-tag }}" --version)"
echo "version: ${verson}"
- name: Get registry url
run: |
set -Eeuxo pipefail
# Container registries don't support upper case letters
CI_REGISTRY_URL="ghcr.io/${GITHUB_REPOSITORY_OWNER@L}"
echo "CI_REGISTRY_URL=${CI_REGISTRY_URL}" >> "${GITHUB_ENV}"
Expand Down
6 changes: 0 additions & 6 deletions .github/workflows/rust.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,6 @@ jobs:
- uses: actions/[email protected]
- name: Cache cargo dependencies
uses: Swatinem/[email protected]
with:
save-if: ${{ env.CI_IS_DEFAULT_BRANCH }}

- name: Clippy lints
run: cargo clippy --profile artifact-dev --all --all-features --all-targets --no-deps -- -D warnings
Expand All @@ -44,8 +42,6 @@ jobs:
- uses: actions/[email protected]
- name: Cache cargo dependencies
uses: Swatinem/[email protected]
with:
save-if: ${{ env.CI_IS_DEFAULT_BRANCH }}

- name: Test
run: cargo test --profile artifact-dev --all --all-features --all-targets
Expand Down Expand Up @@ -84,8 +80,6 @@ jobs:
version: 0.13.0
- name: Cache cargo dependencies
uses: Swatinem/[email protected]
with:
save-if: ${{ env.CI_IS_DEFAULT_BRANCH }}

- name: Install cargo-zigbuild
run: cargo install --locked [email protected]
Expand Down
5 changes: 3 additions & 2 deletions identity-server/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,21 +1,22 @@
# We use linux/amd64 because we don't actually care which arch yet.
FROM --platform=linux/amd64 gcr.io/distroless/static-debian12:nonroot@sha256:69830f29ed7545c762777507426a412f97dad3d8d32bae3e74ad3fb6160917ea AS distroless
COPY artifacts/identity-server-linux-aarch64 /artifacts/linux/arm64/identity-server
COPY artifacts/identity-server-windows-x86_64.exe /artifacts/windows/amd64/identity-server
COPY artifacts/identity-server-linux-x86_64 /artifacts/linux/amd64/identity-server
COPY artifacts/identity-server-windows-x86_64.exe /artifacts/windows/amd64/identity-server

FROM scratch
ARG TARGETPLATFORM

COPY --from=distroless /etc/passwd /etc/passwd
COPY --from=distroless /etc/group /etc/group
USER nonroot
ENV USER=nonroot

ENV XDG_CACHE_HOME=/home/nonroot/.cache
VOLUME ["/home/nonroot/.cache"]

# Bring in the actual binary we will run
COPY --from=distroless /artifacts/$TARGETPLATFORM/identity-server /opt/identity-server
COPY --from=distroless --chmod=544 --chown=nonroot:nonroot /artifacts/$TARGETPLATFORM/identity-server /opt/identity-server
ENTRYPOINT ["/opt/identity-server"]
VOLUME ["/var/db"]
WORKDIR ["/var/db"]
Expand Down
1 change: 1 addition & 0 deletions identity-server/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ use identity_server::{
const GOOGLE_CLIENT_ID_DOCS_URL: &str = "https://developers.google.com/identity/gsi/web/guides/get-google-api-clientid#get_your_google_api_client_id";

#[derive(clap::Parser, Debug)]
#[clap(version)]
struct Cli {
#[clap(long, env)]
config: PathBuf,
Expand Down

0 comments on commit e1ff72f

Please sign in to comment.