Modify Actions pipeline to push docker containers

.github/workflows/rust.yml

@@ -40,7 +40,7 @@ jobs:
         id: get_latest_tag
         run: |
           tag=$(git describe --tags)
-          echo "::set-output name=version::$tag"
+          echo "version=$tag" >> $GITHUB_OUTPUT
 
   format:
     name: Check Formatting
@@ -111,8 +111,10 @@ jobs:
       target: x86_64-unknown-linux-gnu
       BUILD_VERSION: ${{ needs.get_version.outputs.version }}
     steps:
-      - name: Checkout sources
+      - name: Checkout code
         uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Otherwise the code that retrieves the git version doesn't work
       - name: Install Rust toolchain
         uses: actions-rs/toolchain@v1
         with:
@@ -140,7 +142,10 @@ jobs:
       target: x86_64-unknown-linux-musl
       BUILD_VERSION: ${{ needs.get_version.outputs.version }}
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Otherwise the code that retrieves the git version doesn't work
       - name: Install Rust toolchain
         uses: actions-rs/toolchain@v1
         with:
@@ -168,7 +173,10 @@ jobs:
       trget: x86_64-pc-windows-msvc
       BUILD_VERSION: ${{ needs.get_version.outputs.version }}
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Otherwise the code that retrieves the git version doesn't work
       - name: Install Rust toolchain
         uses: actions-rs/toolchain@v1
         with:
@@ -194,7 +202,10 @@ jobs:
       target: x86_64-apple-darwin
       BUILD_VERSION: ${{ needs.get_version.outputs.version }}
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Otherwise the code that retrieves the git version doesn't work
       - name: Install Rust toolchain
         uses: actions-rs/toolchain@v1
         with:
@@ -220,7 +231,10 @@ jobs:
       target: aarch64-apple-darwin
       BUILD_VERSION: ${{ needs.get_version.outputs.version }}
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Otherwise the code that retrieves the git version doesn't work
       - name: Install Rust toolchain
         uses: actions-rs/toolchain@v1
         with:
@@ -291,3 +305,83 @@ jobs:
           asset_path: ${{ env.file_dir }}/${{ env.file_name }}.md5
           asset_name: ${{ env.file_name }}.md5
           asset_content_type: text/plain
+
+  build-docker-images:
+    if: ${{ github.event_name == 'release' }}  # Testing if: ${{ github.ref == 'refs/heads/hannes/docker-actions' }}
+    runs-on: ubuntu-latest
+    needs:
+      - build-linux-musl
+      - get_version
+    env:
+      BUILD_VERSION: ${{ needs.get_version.outputs.version }}
+    name: Build docker images
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Download linux musl
+        uses: actions/download-artifact@v2
+        with:
+          name: unftp_x86_64-unknown-linux-musl
+          path: ./x86_64-unknown-linux-musl
+
+      - name: Change file permission
+        run: chmod +x ./x86_64-unknown-linux-musl/unftp_x86_64-unknown-linux-musl
+
+      - name: Build Docker image
+        run: docker build -t bolcom/unftp:${{ env.BUILD_VERSION }}-scratch -f packaging/docker/scratch.Dockerfile.ci . 
+
+      - name: Save Docker image as tar
+        run: docker save -o docker-image-scratch.tar bolcom/unftp:${{ env.BUILD_VERSION }}-scratch
+
+      - name: Upload scratch tar image
+        uses: actions/upload-artifact@v2
+        with:
+          name: docker-image-scratch
+          path: docker-image-scratch.tar
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build and push scratch image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./packaging/docker/scratch.Dockerfile.ci
+          push: true
+          tags: bolcom/unftp:${{ env.BUILD_VERSION }}-scratch
+
+      - name: Build and push alpine image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./packaging/docker/alpine.Dockerfile.ci
+          push: true
+          tags: bolcom/unftp:${{ env.BUILD_VERSION }}-alpine
+
+      - name: Build and push alpine-istio image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./packaging/docker/alpine-istio.Dockerfile.ci
+          push: true
+          tags: bolcom/unftp:${{ env.BUILD_VERSION }}-alpine-istio
+
+      - name: Build and push alpine-debug image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./packaging/docker/alpine-debug.Dockerfile.ci
+          push: true
+          tags: bolcom/unftp:${{ env.BUILD_VERSION }}-alpine-debug
+
+      - name: Build and push Scratch image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./packaging/docker/alpine-istio-debug.Dockerfile.ci
+          push: true
+          tags: bolcom/unftp:${{ env.BUILD_VERSION }}-alpine-istio-debug

build.rs

@@ -2,9 +2,13 @@ use std::env;
 use std::process::Command;
 
 fn main() {
-    let version = match Command::new("git").args(["describe", "--tags"]).output() {
-        Ok(output) => String::from_utf8(output.stdout).unwrap(),
-        Err(_) => env::var("BUILD_VERSION").unwrap_or_else(|_| ">unknown<".to_string()),
+    let version = match env::var("BUILD_VERSION") {
+        Ok(v) => v,
+        _ => Command::new("git")
+            .args(["describe", "--tags"])
+            .output()
+            .map(|o| String::from_utf8(o.stdout).unwrap())
+            .unwrap_or_else(|_| ">unknown<".to_string()),
     };
     println!("cargo:rustc-env=BUILD_VERSION={}", version);
 

packaging/docker/alpine-debug.Dockerfile.ci

@@ -0,0 +1,17 @@
+FROM rust:1.70.0-slim AS builder
+
+FROM alpine:3.17
+
+# for devel only
+RUN apk add --repository http://dl-cdn.alpinelinux.org/alpine/v3.17/main fuse lftp curl
+RUN apk add --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing curlftpfs
+
+# we could also RUN 'apk add ca-certificates', but we prefer to be consistent with the -minimal image
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+
+# no security measures, run as root
+USER root
+RUN mkdir /unftp
+COPY --chmod=755 ./x86_64-unknown-linux-musl/unftp_x86_64-unknown-linux-musl /unftp/unftp
+WORKDIR /unftp
+CMD ["/unftp/unftp", "-vv"]

packaging/docker/alpine-istio-debug.Dockerfile.ci

@@ -0,0 +1,18 @@
+FROM rust:1.70.0-slim AS builder
+
+FROM alpine:3.17
+
+# for devel only
+RUN apk add --repository http://dl-cdn.alpinelinux.org/alpine/v3.17/main fuse lftp curl
+RUN apk add --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing curlftpfs
+
+# we could also RUN 'apk add ca-certificates', but we prefer to be consistent with the -minimal image
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=redboxoss/scuttle:latest /scuttle /bin/scuttle
+
+# no security measures, run as root
+USER root
+RUN mkdir /unftp
+COPY --chmod=755 ./x86_64-unknown-linux-musl/unftp_x86_64-unknown-linux-musl /unftp/unftp
+WORKDIR /unftp
+CMD ["scuttle", "/unftp/unftp", "-vv"]

packaging/docker/alpine-istio.Dockerfile.ci

@@ -0,0 +1,18 @@
+FROM rust:1.70.0-slim AS builder
+
+FROM alpine:latest
+
+# we could also RUN 'apk add ca-certificates', but we prefer to be consistent with the -minimal image
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=redboxoss/scuttle:latest /scuttle /bin/scuttle
+# run as user for security
+RUN mkdir /unftp && mkdir -p /srv
+RUN addgroup -g 1010 unftp \
+    && adduser -D -s /bin/sh -u 1010 -G unftp unftp \
+    && chown -R unftp:unftp /unftp /srv
+COPY --chown=unftp:unftp --chmod=755 ./x86_64-unknown-linux-musl/unftp_x86_64-unknown-linux-musl /unftp/unftp
+
+VOLUME /srv
+WORKDIR /unftp
+USER unftp
+CMD ["scuttle", "/unftp/unftp", "-vv"]

packaging/docker/alpine.Dockerfile.ci

@@ -0,0 +1,18 @@
+FROM rust:1.70.0-slim AS builder
+
+FROM alpine:latest
+
+# we could also RUN 'apk add ca-certificates', but we prefer to be consistent with the -minimal image
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+
+# run as user for security
+RUN mkdir /unftp && mkdir -p /srv
+RUN addgroup -g 1010 unftp \
+    && adduser -D -s /bin/sh -u 1010 -G unftp unftp \
+    && chown -R unftp:unftp /unftp /srv
+COPY --chown=unftp:unftp --chmod=755 ./x86_64-unknown-linux-musl/unftp_x86_64-unknown-linux-musl /unftp/unftp
+
+VOLUME /srv
+WORKDIR /unftp
+USER unftp
+CMD ["/unftp/unftp", "-vv"]

packaging/docker/scratch.Dockerfile.ci

@@ -0,0 +1,11 @@
+FROM rust:1.70.0-slim AS builder
+
+FROM scratch
+
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --chown=1010:1010 --from=builder /srv /srv
+COPY --chown=1010:1010 ./x86_64-unknown-linux-musl/unftp_x86_64-unknown-linux-musl /unftp
+
+VOLUME /srv
+USER 1010
+CMD ["/unftp", "-vv"]