diff --git a/.github/actions/release/action.yml b/.github/actions/release/action.yml index b240ad3..08dfff0 100644 --- a/.github/actions/release/action.yml +++ b/.github/actions/release/action.yml @@ -10,13 +10,13 @@ runs: using: "composite" steps: - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: 'go.mod' cache: true - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v6 + uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0 with: distribution: goreleaser version: latest diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ec6168d..7ae0eaa 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,16 +8,16 @@ jobs: name: Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: 'go.mod' cache: true - name: Run golangci-lint - uses: golangci/golangci-lint-action@v8 + uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 with: version: latest diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d5dff99..1ee3bf4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,14 +5,47 @@ on: tags: - 'v[0-9]*.[0-9]*.[0-9]*' +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + jobs: goreleaser: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - uses: ./.github/actions/release with: github_token: ${{ secrets.GITHUB_TOKEN }} + + build-image: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 + id: meta + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=semver,pattern={{version}} + type=raw,value=latest + + - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/tagpr.yml b/.github/workflows/tagpr.yml index 6c89b1a..3623596 100644 --- a/.github/workflows/tagpr.yml +++ b/.github/workflows/tagpr.yml @@ -16,14 +16,14 @@ jobs: steps: - name: Generate token id: generate_token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 with: app-id: ${{ secrets.PR_MAKER_APP_ID }} private-key: ${{ secrets.PR_MAKER_APP_PRIVATE_KEY }} - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ steps.generate_token.outputs.token }} - - uses: Songmu/tagpr@v1 + - uses: Songmu/tagpr@9d0f650553240dab1fa907eca27e3fd5b586e538 # v1.18.1 env: GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..f76bfbc --- /dev/null +++ b/Dockerfile @@ -0,0 +1,19 @@ +FROM golang:1.26 AS builder + +WORKDIR /app + +COPY go.mod go.sum ./ +RUN go mod download + +COPY . . +RUN CGO_ENABLED=0 go build -ldflags="-s -w" -trimpath -o plusplusbot . + +FROM gcr.io/distroless/static-debian12 + +LABEL org.opencontainers.image.source=https://github.com/pepabo/plusplusbot + +WORKDIR /app + +COPY --from=builder /app/plusplusbot . + +CMD ["./plusplusbot"]