Dreaded_X/lldap-controller
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Dreaded_X:3dab7362399cc181d520f6bea9b2677492c41ab1
Branches Tags
Dreaded_X:master
...
compare: Dreaded_X:eaa96d1d5bc711d23b0c60e4d7a34432b343d305
Branches Tags
Dreaded_X:master

5 Commits
3dab736239 ... eaa96d1d5b

Author SHA1 Message Date
Dreaded_X
eaa96d1d5b
Add attestations to image
All checks were successful
Build and deploy / Build container and manifests (push) Successful in 7m27s
Details
2025-03-21 03:38:45 +01:00
Dreaded_X
847927364f
Add annotations instead of labels to image 2025-03-21 03:36:45 +01:00
Dreaded_X
1e278e592f
Set SOURCE_DATE_EPOCH during image build 2025-03-21 03:36:14 +01:00
Dreaded_X
85da15881e
Switched to nonroot distroless base and improved layer caching 2025-03-21 03:34:30 +01:00
Dreaded_X
21bb89a20f
Switch to hadolint for linting Dockerfile 2025-03-21 03:24:06 +01:00
3 changed files with 34 additions and 14 deletions
Show Stats Expand all files Collapse all files

15
.gitea/workflows/build.yaml
View File

@ -18,6 +18,9 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Get Git commit timestamps
run: echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
- name: Login to registry - name: Login to registry
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
@ -55,11 +58,13 @@ jobs:
with: with:
context: . context: .
load: true load: true
labels: ${{ steps.meta.outputs.labels }} annotations: ${{ steps.meta.outputs.annotations }}
env:
SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}
- name: Generate CRDs - name: Generate CRDs
run: | run: |
docker run --rm ${{ steps.build.outputs.imageid }} crdgen > ./manifests/crds.yaml docker run --rm ${{ steps.build.outputs.imageid }} /crdgen > ./manifests/crds.yaml
- name: Push container - name: Push container
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
@ -67,8 +72,12 @@ jobs:
with: with:
context: . context: .
push: true push: true
sbom: true
provenance: mode=max
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} annotations: ${{ steps.meta.outputs.annotations }}
env:
SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}
- name: Kustomize manifests - name: Kustomize manifests
run: | run: |

6
.pre-commit-config.yaml
View File

@ -56,7 +56,7 @@ repos:
files: (\.rs|Cargo.lock)$ files: (\.rs|Cargo.lock)$
pass_filenames: false pass_filenames: false
- repo: https://github.com/pryorda/dockerfilelint-precommit-hooks - repo: https://github.com/hadolint/hadolint
rev: v0.1.0 rev: v2.12.0
hooks: hooks:
- id: dockerfilelint - id: hadolint

27
Dockerfile
View File

@ -1,9 +1,20 @@
FROM rust:1.85 AS builder FROM rust:1.85 AS chef
WORKDIR /usr/src/lldap-controller ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
ADD . . RUN cargo install cargo-chef --locked --version 0.1.71
RUN cargo install --path . WORKDIR /app
FROM debian:bookworm-slim FROM chef AS planner
COPY --from=builder /usr/local/cargo/bin/lldap-controller /usr/local/bin/lldap-controller COPY . .
COPY --from=builder /usr/local/cargo/bin/crdgen /usr/local/bin/crdgen RUN cargo chef prepare --recipe-path recipe.json
CMD ["lldap-controller"]
FROM chef AS builder
COPY --from=planner /app/recipe.json recipe.json
RUN cargo chef cook --release --recipe-path recipe.json
COPY . .
RUN cargo build --release
FROM gcr.io/distroless/cc-debian12:nonroot AS runtime
COPY --from=builder /app/target/release/lldap-controller /lldap-controller
COPY --from=builder /app/target/release/crdgen /crdgen
CMD ["/lldap-controller"]