build and run inside docker containers

rgl · Jan 7, 2024 · 80c9bc5 · 80c9bc5
1 parent ee8b40f
commit 80c9bc5
Show file tree

Hide file tree

Showing 6 changed files with 54 additions and 36 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,7 @@
+*
+!package.json
+!bun.lockb
+!*.cjs
+!*.js
+!amt-setupbin-img/*.go
+!amt-setupbin-img/go.*
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -7,19 +7,7 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-      - uses: oven-sh/setup-bun@v1
-        with:
-          bun-version: '1.0.21'
-      - name: Install dependencies
-        run: bun install --frozen-lockfile
       - name: Build
-        run: bun build . --target bun --minify --outfile dist/amt-setupbin.js
+        run: docker build -t amt-setupbin .
       - name: Test
         run: ./create-provisioning-certificate.sh
-      - name: Upload artifacts
-        if: success() || failure()
-        uses: actions/upload-artifact@v4
-        with:
-          name: artifacts
-          path: |
-            dist/*
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,29 @@
+# syntax=docker/dockerfile:1.6
+
+FROM oven/bun:1.0 as build
+WORKDIR /app
+COPY package.json bun.lockb ./
+RUN bun install --frozen-lockfile
+COPY *.cjs *.js ./
+# NB this is not using --minify --sourcemap=inline beause it makes stack traces
+#    hard to read, as they show the minified version source code.
+RUN bun \
+        build \
+        . \
+        --production \
+        --compile \
+        --target=bun \
+        --outfile=amt-setupbin
+
+FROM golang:1.21-bookworm as img-build
+WORKDIR /app
+COPY amt-setupbin-img/go.* ./
+RUN go mod download
+COPY amt-setupbin-img/*.go ./
+RUN CGO_ENABLED=0 go build -ldflags="-s"
+
+# NB we use the bookworm-slim (instead of scratch) image so we can enter the container to execute bash etc.
+FROM debian:12-slim
+COPY --from=build /app/amt-setupbin /usr/local/bin/
+COPY --from=img-build /app/amt-setupbin-img /usr/local/bin/
+ENTRYPOINT ["amt-setupbin"]
diff --git a/README.md b/README.md
@@ -13,8 +13,6 @@ This creates:
 
 # Usage
 
-Install [`bun`](https://bun.sh).
-
 Install `openssl`.
 
 Install `docker` and `docker compose`.

diff --git a/amt-setupbin-img/Dockerfile b/amt-setupbin-img/Dockerfile
diff --git a/create-provisioning-certificate.sh b/create-provisioning-certificate.sh
@@ -1,3 +1,6 @@
+#!/bin/bash
+set -euo pipefail
+
 amt_domain='amt.test'
 amt_domain_pfx_password='HeyH0Password!'
 amt_device_current_password='admin'
@@ -77,23 +80,28 @@ amt_ca_certificate_hash="$(
 # go back to the original directory.
 popd >/dev/null
 
+# build the binaries.
+docker build -t amt-setupbin .
+
 # Create the AMT configuration file.
-bun . \
+docker run --rm \
+  -i \
+  -u "$(id -u):$(id -g)" \
+  -v "$PWD/amt-ca:/host:rw" \
+  -w /host \
+  amt-setupbin \
   --debug \
   --current-password "$amt_device_current_password" \
   --new-password "$amt_device_new_password" \
   --pki-dns-suffix "$amt_domain" \
-  --certificate "$amt_ca_certificate_hash AMT CA" \
-  --path amt-ca/Setup.bin
+  --certificate "$amt_ca_certificate_hash AMT CA"
 
 # create a disk image with the AMT configuration file.
-pushd amt-setupbin-img >/dev/null
-rm -f ../amt-ca/Setup.bin.img
-docker build -t amt-setupbin-img .
+rm -f amt-ca/Setup.bin.img
 docker run --rm \
   -i \
   -u "$(id -u):$(id -g)" \
-  -v "$PWD/../amt-ca:/host:rw" \
+  -v "$PWD/amt-ca:/host:rw" \
   -w /host \
-  amt-setupbin-img
-popd >/dev/null
+  --entrypoint amt-setupbin-img \
+  amt-setupbin
-Original file line number
+Diff line change
@@ Expand Up / @@ -13,8 +13,6 @@ This creates: @@
     # Usage
-    Install [`bun`](https://bun.sh).
     Install `openssl`.
     Install `docker` and `docker compose`.
@@ Expand Down @@