set a non-root user for containers (#2496)

* change root user in dockerfile * build container on push/pr * grab docker build params from env * consolidate container build * rm unused container build workflow/script * cleanup ci * set user for earthly container build * rm ci docker build for develop branch * checkout full repo for docker builds * read earthly push from env * cleanup ci * rm unsupported option for actions/checkout@v3 * check dockerfile in ci * add dockerfile build to earthfile * authenticate to GH only on schedule builds * accurate name for dev container builder script * add note to the dockerfile about earthfile * document dev build process more clearly
2023-01-04 23:15:12 +01:00
parent e748d8f765
commit 2c6fd67276
10 changed files with 134 additions and 121 deletions
--- a/build/develop/container.sh
+++ b/build/develop/container.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+set -e
+
+# Development container builder
+#
+# Must authenticate first: https://docs.github.com/en/packages/using-github-packages-with-your-projects-ecosystem/configuring-docker-for-use-with-github-packages#authenticating-to-github-packages
+# env vars: 
+#   $EARTHLY_BUILD_BRANCH: git branch to checkout
+#   $EARTHLY_BUILD_TAG: tag for container image
+
+
+EARTHLY_IMAGE_NAME="owncast"
+BUILD_TAG=${EARTHLY_BUILD_TAG:-webv2}
+DATE=$(date +"%Y%m%d")
+VERSION="${DATE}-${BUILD_TAG}"
+
+
+echo "Building container image ${EARTHLY_IMAGE_NAME}:${BUILD_TAG} ..."
+
+# Change to the root directory of the repository
+cd "$(git rev-parse --show-toplevel)" || exit
+if [ -n "${EARTHLY_BUILD_BRANCH}" ]; then
+    git checkout "${EARTHLY_BUILD_BRANCH}" || exit
+fi
+
+earthly --ci +docker-all --image="ghcr.io/owncast/${EARTHLY_IMAGE_NAME}" --tag="${BUILD_TAG}" --version="${VERSION}"
+earthly --ci +dockerfile
--- a/build/release/docker-nightly.sh
+++ b/build/release/docker-nightly.sh
@@ -1,14 +0,0 @@
-#!/bin/sh
-
-# Docker build
-# Must authenticate first: https://docs.github.com/en/packages/using-github-packages-with-your-projects-ecosystem/configuring-docker-for-use-with-github-packages#authenticating-to-github-packages
-DOCKER_IMAGE="owncast"
-DATE=$(date +"%Y%m%d")
-VERSION="${DATE}-nightly"
-
-echo "Building Docker image ${DOCKER_IMAGE}..."
-
-# Change to the root directory of the repository
-cd "$(git rev-parse --show-toplevel)" || exit
-
-earthly --ci --push +docker-all --image="ghcr.io/owncast/${DOCKER_IMAGE}" --tag=nightly --version="${VERSION}"
--- a/build/release/docker-webv2.sh
+++ b/build/release/docker-webv2.sh
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-# Docker build
-# Must authenticate first: https://docs.github.com/en/packages/using-github-packages-with-your-projects-ecosystem/configuring-docker-for-use-with-github-packages#authenticating-to-github-packages
-DOCKER_IMAGE="owncast"
-DATE=$(date +"%Y%m%d")
-TAG="webv2"
-VERSION="${DATE}-${TAG}"
-echo "Building Docker image ${DOCKER_IMAGE}..."
-
-# Change to the root directory of the repository
-cd "$(git rev-parse --show-toplevel)" || exit
-git checkout webv2
-
-earthly --ci --push +docker-all --image="ghcr.io/owncast/${DOCKER_IMAGE}" --tag="${TAG}" --version="${VERSION}"