Setup new CI/CD workflows (#365)

* CI/CD setup
* Setup for go-shiori
* Fix docker image
* Dockerfile adjustments

.dockerignore

@@ -0,0 +1,6 @@
+docs
+Dockerfile
+*.md
+.githooks
+.github
+.goreleaser.yaml

.github/workflows/_buildx.yml

@@ -0,0 +1,38 @@
+name: 'Build Docker'
+
+on: workflow_call
+jobs:
+  buildx:
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    name: Build Docker
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - uses: actions/download-artifact@v2
+        with:
+          name: dist
+      - name: Prep binaries
+        working-directory: .github/workflows/docker
+        run: |
+          mkdir binaries
+          cp -r ../../../shiori_linux_* binaries/
+          mv binaries/shiori_linux_arm_7 binaries/shiori_linux_arm
+          gzip -d -S binaries/.gz__  -r .
+          chmod 755 binaries/shiori_linux_*/shiori
+      - name: Buildx
+        working-directory: .github/workflows/docker
+        run: |
+          echo ${{ secrets.GITHUB_TOKEN }} | docker login -u go-shiori --password-stdin ghcr.io
+          REPO=ghcr.io/go-shiori/shiori
+          TAG=$(git describe --tags)
+          if [ -z "$(git tag --points-at HEAD)" ]
+          then
+            TAG2="dev"
+          else
+            TAG2="latest"
+          fi
+          docker buildx create --use --name builder
+          docker buildx build -f Dockerfile.ci --platform=linux/amd64,arm64,linux/arm/v7 --push --output=type=registry --tag $REPO:$TAG --tag $REPO:$TAG2 .

.github/workflows/_golangci-lint.yml

@@ -0,0 +1,34 @@
+name: 'golangci-lint'
+
+on: workflow_call
+
+permissions:
+  contents: read
+  pull-requests: read
+jobs:
+  golangci:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v2
+        with:
+          version: latest
+
+          # Optional: working directory, useful for monorepos
+          # working-directory: somedir
+
+          # Optional: golangci-lint command line arguments.
+          # args: --issues-exit-code=0
+
+          # Optional: show only new issues if it's a pull request. The default value is `false`.
+          only-new-issues: true
+
+          # Optional: if set to true then the action will use pre-installed Go.
+          # skip-go-installation: true
+
+          # Optional: if set to true then the action don't cache or restore ~/go/pkg.
+          # skip-pkg-cache: true
+
+          # Optional: if set to true then the action don't cache or restore ~/.cache/go-build.
+          # skip-build-cache: true

.github/workflows/_gorelease.yml

@@ -0,0 +1,31 @@
+name: 'Goreleaser'
+
+on: workflow_call
+
+permissions:
+  contents: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.17
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - uses: actions/upload-artifact@v2
+        with:
+          name: dist
+          path: ./dist/*

.github/workflows/_test.yml

@@ -0,0 +1,28 @@
+name: 'Unit Tests'
+
+on: workflow_call
+
+jobs:
+  test:
+    runs-on: ubuntu-latest    
+    strategy:
+      matrix:
+        go: [1.17]
+    name: Go ${{ matrix.go }} unit tests
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go }}
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg
+          key: golangci-lint.cache-{platform-arch}-{interval_number}-{go.mod_hash}
+          restore-keys: |
+            golangci-lint.cache-{interval_number}-
+            golangci-lint.cache-
+      - run: go test ./...
+      - run: CGO_ENABLED=0 go build -tags osusergo,netgo -ldflags="-s -w -X main.version=$(git describe --tags) -X main.date=$(date --iso-8601=seconds)"

.github/workflows/continuous-integration.yml

@@ -1,55 +0,0 @@
-name: CI
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
-
-jobs:
-  lint:
-    name: Lint
-    runs-on: ubuntu-latest
-    steps:
-      - name: Install Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: 1.17.x
-
-      - name: Check out code
-        uses: actions/checkout@v2
-
-      - name: Install golint
-        run: go get golang.org/x/lint/golint
-
-      - name: Lint Go source code
-        run: golint -set_exit_status ./...
-
-  test:
-    name: Unit tests
-    strategy:
-      matrix:
-        go-version: [1.17.x]
-        platform: [ubuntu-latest, macos-latest, windows-latest]
-    runs-on: ${{ matrix.platform }}
-    steps:
-      - name: Install Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ matrix.go-version }}
-
-      - name: Check out code
-        uses: actions/checkout@v2
-
-      - name: Fetch dependencies
-        run: |
-          go get -v -t -d ./...
-
-      - name: Run unit tests
-        run: go test ./...
-
-      # - name: Codecov
-      #   if: ${{ matrix.go-version == '1.14.x' && matrix.platform == 'ubuntu-latest' }}
-      #   uses: codecov/codecov-action@v1
-      #   with:
-      #     file: coverage.out

.github/workflows/docker/Dockerfile.ci

@@ -0,0 +1,11 @@
+FROM ghcr.io/ghcri/alpine:3.15
+ARG TARGETARCH
+LABEL org.opencontainers.image.source https://github.com/go-shiori/shiori
+COPY etc /etc
+COPY binaries/shiori_linux_$TARGETARCH/shiori /usr/bin/shiori
+USER shiori
+WORKDIR /shiori
+EXPOSE 8080
+ENV SHIORI_DIR=/shiori
+ENTRYPOINT ["/usr/bin/shiori"]
+CMD ["serve"]

.github/workflows/docker/etc/group

@@ -0,0 +1,2 @@
+root:x:0:root
+shiori:x:1000:shiori

.github/workflows/docker/etc/passwd

@@ -0,0 +1,2 @@
+root:x:0:0::/root:/bin/ash
+shiori:x:1000:1000::/shiori:/bin/ash

.github/workflows/pull_request.yml

@@ -0,0 +1,15 @@
+name: 'Pull Request'
+
+on:
+  pull_request:
+    branches: master
+
+concurrency:
+  group: ci-tests-${{ github.ref }}-1
+  cancel-in-progress: true
+
+jobs:
+  call-lint:
+    uses: ./.github/workflows/_golangci-lint.yml
+  call-test:
+    uses: ./.github/workflows/_test.yml

.github/workflows/push.yml

@@ -0,0 +1,21 @@
+name: 'Push'
+
+on:
+  push:
+    branches: master
+    tags: v*
+
+concurrency:
+  group: ci-tests-${{ github.ref }}-1
+  cancel-in-progress: true
+
+jobs:
+  call-lint:
+    uses: ./.github/workflows/_golangci-lint.yml
+  call-test:
+    uses: ./.github/workflows/_test.yml
+  call-gorelease:
+    uses: ./.github/workflows/_gorelease.yml
+  call-buildx:
+    needs: call-gorelease
+    uses: ./.github/workflows/_buildx.yml

.github/workflows/version_bump.yml

@@ -0,0 +1,33 @@
+name: 'Tag release'
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to bump to, example: v1.5.2'
+        required: true
+
+jobs:
+  tag-release:
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+          ref: master
+      - name: Tag release
+        run: |
+          git config user.email "go-shiori@users.noreply.github.com"
+          git config user.name "shiori"
+          git tag -a ${{ github.event.inputs.version }} -m "tag release ${{ github.event.inputs.version }}"
+          git push --follow-tags
+  call-gorelease:
+    needs: tag-release
+    uses: ./.github/workflows/_gorelease.yml
+  call-buildx:
+    needs: call-gorelease
+    uses: ./.github/workflows/_buildx.yml

.gitignore

@@ -10,3 +10,5 @@
 
 # Coverage data
 /coverage.out
+
+dist/

.goreleaser.yaml

@@ -0,0 +1,48 @@
+before:
+  hooks:
+    - go mod tidy
+builds:
+  - binary: shiori
+    env:
+      - CGO_ENABLED=0
+    tags:
+      - netgo
+      - osusergo
+    goos:
+      - linux
+      - windows
+      - darwin
+    goarch:
+      - amd64
+      - arm
+      - arm64
+    goarm:
+      - 7
+    ignore:
+      - goos: darwin
+        goarch: arm
+      - goos: windows
+        goarch: arm
+      - goos: windows
+        goarch: arm64
+archives:
+  - replacements:
+      darwin: Darwin
+      linux: Linux
+      windows: Windows
+      amd64: x86_64
+      arm64: aarch64
+
+checksum:
+  name_template: 'checksums.txt'
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
+
+release:
+  prerelease: auto

Dockerfile

@@ -1,15 +1,19 @@
 # build stage
 FROM ghcr.io/ghcri/golang:1.17-alpine3.15 AS builder
-RUN apk add --no-cache build-base
 WORKDIR /src
 COPY . .
-RUN go build
+RUN go build -ldflags '-s -w'
 
 # server image
-LABEL org.opencontainers.image.source https://github.com/go-shiori/shiori
+
 FROM ghcr.io/ghcri/alpine:3.15
-COPY --from=builder /src/shiori /usr/local/bin/
-ENV SHIORI_DIR /srv/shiori/
+LABEL org.opencontainers.image.source https://github.com/go-shiori/shiori
+COPY --from=builder /src/shiori /usr/bin/
+RUN addgroup -g 1000 shiori \
+ && adduser -D -h /shiori -g '' -G shiori -u 1000 shiori
+USER shiori
+WORKDIR /shiori
 EXPOSE 8080
-ENTRYPOINT ["/usr/local/bin/shiori"]
+ENV SHIORI_DIR /shiori/
+ENTRYPOINT ["/usr/bin/shiori"]
 CMD ["serve"]