ci: initial files

.github/workflows/ci.yml

@@ -0,0 +1,27 @@
+name: CI
+env:
+  DOCKER_BUILDKIT: 1
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Docker Login
+        env:
+          DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
+        run: |
+          echo "${DOCKER_PASSWORD}" | docker login --username "${DOCKER_USERNAME}" --password-stdin
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}

.goreleaser.yml

@@ -0,0 +1,7 @@
+dockers:
+  - goos: linux
+    goarch: amd64
+    image_templates:
+      - "ii64/obs-access-signer:latest"
+      - "ii64/obs-access-signer:v{{ .Version }}"
+    skip_push: auto

Dockerfile

@@ -6,13 +6,15 @@ COPY . /build
 RUN apk add --no-cache \
     make
 
-RUN --mount=type=cache,mode=0755,target=/go/pkg/mod make dep
+RUN make dep
 RUN make build
 
 
-FROM gcr.io/distroless/static-debian11
+FROM scratch
 
 WORKDIR /app
+
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=builder /build/obs-access-signer /app/obs-access-signer
 
 ENTRYPOINT [ "/app/obs-access-signer" ]

Makefile

@@ -2,8 +2,6 @@ all: build
 
 export DOCKER_BUILDKIT=1
 
-IMAGE := obs-access-signer:dev
-
 # use zig cc/c++ to statically link deps
 TARGET_TRIPLE := x86_64-linux
 
@@ -14,11 +12,9 @@ CXXFLAGS += -target $(TARGET_TRIPLE)
 GOFLAGS ?=
 GOFLAGS += -x -trimpath
 
+.PHONY: dep
 dep:
 	go mod download
 
 build:
-	CGO_ENABLED=0 CC="zig cc $(CFLAGS)" CXX="zig c++ $(CXXFLAGS)" go build $(GOFLAGS) .
+	CGO_ENABLED=0 CC="zig cc $(CFLAGS)" CXX="zig c++ $(CXXFLAGS)" go build $(GOFLAGS) .
-
-build.docker:
-	"docker" build --progress=plain -t $(IMAGE) .

README.md

@@ -4,12 +4,11 @@ S3 Object Storage access signer.
 
 Run `obs-access-signer` behind a gateway/cache proxy is preferred as the response is static.
 
-There's an example of using it with Varnish Cache, you can see [here](docker/docker-compose.yaml).
+There's an example of using it with Varnish Cache, which you can see [here](docker/docker-compose.yaml).
 
 ## Why?
 
-Some S3-compatible gateway might not support ACL endpoints but they are support presigned access. Currently, the behavior of `obs-access-signer` is similar to `public-read` ACL where clients can access objects anonymously and redirect them (permanently) to presigned url with `Expires` set to the max signed value of `int64` which has roughly 250yrs lifetime since unix time started.
+Some S3-compatible gateways might not support ACL endpoints but they support presigned access. Currently, the behavior of `obs-access-signer` is similar to `public-read` ACL where clients can access objects anonymously and redirect them (permanently) to presigned URL with `Expires` set to the max signed value of `int64` which has roughly 250yrs lifetime since UNIX time started.
-
 
 ## License