Update docker (#6)

* Add github action

* Update base image, add user to runtime

* Update kubernetes manifest example

.github/workflows/docker-build.yaml

@@ -0,0 +1,20 @@
+name: docker-build
+
+on:
+  pull_request:
+    branches:
+      - 'master'
+
+jobs:
+  steam-gameserver-token-api:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: steam-gameserver-token-api
+        uses: docker/build-push-action@v1
+        with:
+          push: false
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+          repository: npflan/steam-gameserver-token-api
+          tags: latest

.github/workflows/docker-push.yaml

@@ -0,0 +1,18 @@
+name: docker-push
+
+on:
+  release:
+    types: [released]
+
+jobs:
+  steam-gameserver-token-api:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: steam-gameserver-token-api
+        uses: docker/build-push-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+          repository: npflan/steam-gameserver-token-api
+          tags: latest,${{ github.event.release.tag_name }}

Dockerfile

@@ -1,16 +1,18 @@
-FROM golang:1.11.0 AS base
+FROM golang:1.17.1-alpine AS builder
 RUN mkdir -p /go/src/github.com/npflan/steam-gameserver-token-api
 WORKDIR /go/src/github.com/npflan/steam-gameserver-token-api
 COPY . .
-RUN apt -y update && apt -y install musl-tools ca-certificates
 RUN go get -d . && \
-    CC=$(which musl-gcc) go build --ldflags '-w -linkmode external -extldflags "-static"' .
+    CGO_ENABLED=0 GOOS=linux go build -a -o steam-gameserver-token-api .
 
-FROM alpine:3.7
+FROM alpine:3.14
 RUN addgroup -g 1000 -S go && \
-    adduser -u 1000 -S username -G go && \
+    adduser -u 1000 -S web -G go && \
     apk add --no-cache ca-certificates tzdata
-WORKDIR /home/go
-COPY --from=base /go/src/github.com/npflan/steam-gameserver-token-api/steam-gameserver-token-api /home/go
-EXPOSE 80
+WORKDIR /home/web
+COPY --from=builder /go/src/github.com/npflan/steam-gameserver-token-api/steam-gameserver-token-api /home/web
+EXPOSE 8000
+
+USER web
+
 CMD ["./steam-gameserver-token-api"]

go.mod

@@ -2,7 +2,4 @@ module github.com/npflan/steam-gameserver-token-api
 
 go 1.13
 
-require (
-	github.com/gorilla/context v1.1.1 // indirect
-	github.com/gorilla/mux v1.6.2
-)
+require github.com/gorilla/mux v1.8.0

go.sum

@@ -1,4 +1,2 @@
-github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
-github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
-github.com/gorilla/mux v1.6.2 h1:Pgr17XVTNXAk3q/r4CpKzC5xBM/qW1uVLV+IhRZpIIk=
-github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
+github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=

manifest.yaml → manifests/kubernetes-example.yaml

@@ -1,5 +1,5 @@
 kind: Deployment
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 metadata:
   name: steam-gameserver-token-api
 spec:
@@ -9,17 +9,22 @@ spec:
       labels:
         app: steam-gameserver-token-api
     spec:
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
       containers:
       - name: steam-gameserver-token-api
         image: npflan/steam-gameserver-token-api:1.0.0
         imagePullPolicy: Always
         ports:
-        - containerPort: 80
+        - containerPort: 8000
         env:
           - name: STEAM_WEB_API_KEY
             value: ""
           - name: STEAM_WEB_API_BIND_ADDRESS
-            value: ":80"
+            value: ":8000"
         resources:
           requests:
             memory: "250Mi"
@@ -41,4 +46,4 @@ spec:
   ports:
     - protocol: TCP
       port: 80
-      targetPort: 80
+      targetPort: 8000