feat: add dockerfile and build ci

.github/workflows/ci.yaml

@@ -0,0 +1,49 @@
+name: Continuous Integration
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - v*
+  pull_request:
+    branches:
+      - main
+
+env:
+  GO_VERSION: "1.20"
+
+jobs:
+  build-and-push:
+    name: Build & Push
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to GHCR
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get Build timestamp and branch name
+        run: |
+          echo "BUILD_TIMESTAMP=$(date +'%s')" >> $GITHUB_ENV
+          echo "VERSION=$( echo ${{ github.head_ref || github.ref_name }} | tr '/' '-' )" >> $GITHUB_ENV
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          push: true
+          build-args: |
+            VERSION=${{ env.VERSION }}
+            BUILD_TIMESTAMP=${{ env.BUILD_TIMESTAMP }}
+            COMMIT_HASH=${{ github.sha }}
+          tags: |
+            ghcr.io/${{ github.repository }}:${{ env.VERSION }}
+            ghcr.io/${{ github.repository }}:${{ github.sha }}

Dockerfile

@@ -0,0 +1,71 @@
+# Build the guacamole binary
+FROM docker.io/library/golang:1.20.7@sha256:bc5f0b5e43282627279fe5262ae275fecb3d2eae3b33977a7fd200c7a760d6f1 as builder
+ARG TARGETOS
+ARG TARGETARCH
+ARG PACKAGE=github.com/padok-team/guacamole
+ARG VERSION
+ARG COMMIT_HASH
+ARG BUILD_TIMESTAMP
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY checks/ checks/
+COPY cmd/ cmd/
+COPY data/ data/
+COPY helpers/ helpers/
+COPY internal/ internal/
+COPY main.go main.go
+
+# Build
+# the GOARCH has not a default value to allow the binary be built according to the host where the command
+# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
+# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
+# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a \
+  -ldflags="\
+  -X ${PACKAGE}/internal/version.Version=${VERSION} \
+  -X ${PACKAGE}/internal/version.CommitHash=${COMMIT_HASH} \
+  -X ${PACKAGE}/internal/version.BuildTimestamp=${BUILD_TIMESTAMP}" \
+  -o bin/guacamole main.go
+
+FROM docker.io/library/alpine:3.18.2@sha256:82d1e9d7ed48a7523bdebc18cf6290bdb97b82302a8a9c27d4fe885949ea94d1
+
+WORKDIR /home/guacamole
+
+# Install required packages
+# RUN apk add --update --no-cache git bash openssh
+
+ENV UID=65532
+ENV GID=65532
+ENV USER=guacamole
+ENV GROUP=guacamole
+
+# Create a non-root user to run the app
+RUN addgroup \
+  -g $GID \
+  $GROUP && \
+  adduser \
+  --disabled-password \
+  --no-create-home \
+  --home $(pwd) \
+  --uid $UID \
+  --ingroup $GROUP \
+  $USER
+
+# Copy the binary to the production image from the builder stage
+COPY --from=builder /workspace/bin/guacamole /usr/local/bin/guacamole
+
+RUN chmod +x /usr/local/bin/guacamole
+
+# Use an unprivileged user
+USER 65532:65532
+
+# Run guacamole on container startup
+ENTRYPOINT ["guacamole"]