Bearer · didroe · Apr 20, 2023 · Apr 18, 2023 · Apr 18, 2023 · Apr 19, 2023
diff --git a/.github/actions/linux-build/Dockerfile b/.github/actions/linux-build/Dockerfile
@@ -0,0 +1,29 @@
+FROM ubuntu:18.04
+
+RUN apt-get update && \
+    apt-get install -y ca-certificates gcc-multilib g++-multilib software-properties-common wget && \
+    \
+    add-apt-repository ppa:git-core/ppa && \
+    \
+    install -m 0755 -d /etc/apt/keyrings && \
+    (wget --output-document=- https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg) && \
+    chmod a+r /etc/apt/keyrings/docker.gpg && \
+    ( \
+      echo \
+        "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+        "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" \
+        > /etc/apt/sources.list.d/docker.list \
+    ) && \
+    \
+    apt-get update && \
+    apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin git && \
+    \
+    wget --output-document=/tmp/go.tar.gz https://go.dev/dl/go1.19.8.linux-amd64.tar.gz && \
+    tar --extract --gunzip --file=/tmp/go.tar.gz --directory=/usr/local && \
+    ln -s /usr/local/go/bin/go /usr/local/bin/ && \
+    \
+    wget --output-document=/tmp/goreleaser.deb https://github.com/goreleaser/goreleaser-pro/releases/download/v1.17.2-pro/goreleaser-pro_1.17.2.pro_amd64.deb && \
+    dpkg --install /tmp/goreleaser.deb
+
+COPY entrypoint.sh /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/.github/actions/linux-build/entrypoint.sh b/.github/actions/linux-build/entrypoint.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -eu -o pipefail
+
+echo "$DOCKER_PASSWORD" | docker login --username "$DOCKER_USERNAME" --password-stdin
+
+git config --global --add safe.directory '*'
+
+exec goreleaser "$@"
diff --git a/.github/workflows/canary.yml b/.github/workflows/canary.yml
@@ -38,50 +38,28 @@ jobs:
           fetch-depth: 0
           ref: ${{ needs.tag.outputs.ref }}
       - run: git fetch --force --tags
-      - name: Set up Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: 1.19
-      - name: Install dependencies
-        run: sudo apt-get update && sudo apt-get install -y gcc-multilib g++-multilib
-
-      # - name: Install cross-compiler for linux/arm64
-      #   run: sudo apt-get -y install gcc-aarch64-linux-gnu
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Show available Docker Buildx platforms
-        run: echo ${{ steps.buildx.outputs.platforms }}
 
       - shell: bash
         run: |
           echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+
       - id: cache
         uses: actions/cache@v3
         with:
           path: dist/linux
           key: linux-${{ env.sha_short }}-canary
-      - name: Login to docker.io registry
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - uses: goreleaser/goreleaser-action@v4
+
+      - uses: ./.github/actions/linux-build
         if: steps.cache.outputs.cache-hit != 'true' # do not run if cache hit
         name: Run GoReleaser
         with:
-          distribution: goreleaser-pro
-          version: latest
           args: release --clean --split -f ./.goreleaser/canary.yaml
         env:
           GOOS: linux
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
+          DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
 
   build-darwin:
     needs: [tag]

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -37,56 +37,28 @@ jobs:
           fetch-depth: 0
           ref: ${{ needs.tag.outputs.ref }}
       - run: git fetch --force --tags
-      - name: Set up Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: 1.19
-      - name: Install dependencies
-        run: sudo apt-get update && sudo apt-get install -y gcc-multilib g++-multilib
-
-      # - name: Install cross-compiler for linux/arm64
-      #   run: sudo apt-get -y install gcc-aarch64-linux-gnu
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Show available Docker Buildx platforms
-        run: echo ${{ steps.buildx.outputs.platforms }}
 
       - shell: bash
         run: |
           echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+
       - id: cache
         uses: actions/cache@v3
         with:
           path: dist/linux
           key: linux-${{ env.sha_short }}
-      - name: Login to docker.io registry
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Login to ghcr.io registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ env.GH_USER }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - uses: goreleaser/goreleaser-action@v4
+
+      - uses: ./.github/actions/linux-build
         if: steps.cache.outputs.cache-hit != 'true' # do not run if cache hit
         name: Run GoReleaser
         with:
-          distribution: goreleaser-pro
-          version: latest
           args: release --clean --split
         env:
           GOOS: linux
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
+          DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
 
   build-darwin:
     needs: [tag]

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -36,15 +36,15 @@ dockers:
       - "docker.io/bearer/bearer:{{ .Tag }}-amd64"
       - "docker.io/bearer/bearer:{{ .Tag }}"
       - "docker.io/bearer/bearer:{{ .Version }}-amd64"
-      - "docker.io/bearer/bearer:{{ .Version }}"      
+      - "docker.io/bearer/bearer:{{ .Version }}"
       - "docker.io/bearer/bearer:latest-amd64"
-      - "docker.io/bearer/bearer:latest"      
+      - "docker.io/bearer/bearer:latest"
       - "ghcr.io/bearer/bearer:{{ .Tag }}-amd64"
-      - "ghcr.io/bearer/bearer:{{ .Tag }}"      
+      - "ghcr.io/bearer/bearer:{{ .Tag }}"
       - "ghcr.io/bearer/bearer:{{ .Version }}-amd64"
-      - "ghcr.io/bearer/bearer:{{ .Version }}"     
+      - "ghcr.io/bearer/bearer:{{ .Version }}"
       - "ghcr.io/bearer/bearer:latest-amd64"
-      - "ghcr.io/bearer/bearer:latest"      
+      - "ghcr.io/bearer/bearer:latest"
     use: buildx
     goos: linux
     goarch: amd64
@@ -70,21 +70,6 @@ announce:
 
       {{ .ReleaseNotes }}
 
-nfpms:
-  -
-    formats:
-      - deb
-      - rpm
-      - archlinux
-    vendor: Bearer
-    homepage: "https://bearer.com"
-    maintainer: "Bearer <[email protected]>"
-    description: "A data-first security scanner that finds risks and vulnerabilities in your code so you can protect sensitive data (PHI, PD, PII)."
-    license: "Elastic License 2.0"
-    file_name_template: "{{.ProjectName}}_{{.Version}}_{{.Os}}-{{.Arch}}"
-    dependencies:
-      - git
-
 furies:
   -
     account: bearer

diff --git a/.goreleaser/canary.yaml b/.goreleaser/canary.yaml
@@ -29,4 +29,4 @@ dockers:
       - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
       - "--label=org.opencontainers.image.url=https://bearer.com"
       - "--label=org.opencontainers.image.documentation=https://docs.bearer.com"
-      - "--platform=linux/amd64"
+      - "--platform=linux/amd64"
diff --git a/.goreleaser/common.yaml b/.goreleaser/common.yaml
@@ -44,19 +44,20 @@ builds:
           EOF
           '
         - "gon -log-level DEBUG 'dist/darwin/darwin_{{.Target}}/gon.hcl'"
+
   - id: linux
     main: ./cmd/bearer
     binary: bearer
     env:
       - CGO_ENABLED=1
+      - CGO_CFLAGS=-std=c99 -D_GNU_SOURCE
     goos:
       - linux
     goarch:
       - 386
       - amd64
     ldflags:
-      - -s -w
-      - -extldflags "-static"
+      - -w
       - -X "github.com/bearer/bearer/cmd/bearer/build.Version={{.Version}}"
       - -X "github.com/bearer/bearer/cmd/bearer/build.CommitSHA={{.Commit}}"
 
@@ -70,3 +71,18 @@ changelog:
       - "^docs:"
       - "^test:"
       - "^ci:"
+
+nfpms:
+  -
+    formats:
+      - deb
+      - rpm
+      - archlinux
+    vendor: Bearer
+    homepage: "https://bearer.com"
+    maintainer: "Bearer <[email protected]>"
+    description: "A data-first security scanner that finds risks and vulnerabilities in your code so you can protect sensitive data (PHI, PD, PII)."
+    license: "Elastic License 2.0"
+    file_name_template: "{{.ProjectName}}_{{.Version}}_{{.Os}}-{{.Arch}}"
+    dependencies:
+      - git
diff --git a/Dockerfile b/Dockerfile
@@ -2,7 +2,7 @@ FROM alpine:latest
 
 RUN apk update
 RUN apk upgrade
-RUN apk add --no-cache git
+RUN apk add --no-cache git libc6-compat libgcc libstdc++
 
 COPY bearer /usr/local/bin/
 
@@ -11,4 +11,4 @@ USER runuser
 
 RUN git config --global --add safe.directory '*'
 
-ENTRYPOINT ["bearer"]
+ENTRYPOINT ["bearer"]