Workflow for Docker and correct binary naming

Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-03-23 17:42:18 +03:00 · 2026-03-23 17:42:18 +03:00 · 24156b5067
parent a1dfa5b11d
commit 24156b5067
2 changed files with 87 additions and 161 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -26,6 +26,9 @@ jobs:
    name: GNU ${{ matrix.target }}
    runs-on: ubuntu-latest
    container:
      image: rust:slim-bookworm
    strategy:
      fail-fast: false
      matrix:
@ -47,8 +50,8 @@ jobs:
      - name: Install deps
        run: |
-          sudo apt-get update
+          apt-get update
-          sudo apt-get install -y \
+          apt-get install -y \
            build-essential \
            clang \
            lld \
@ -69,14 +72,10 @@ jobs:
          if [ "${{ matrix.target }}" = "aarch64-unknown-linux-gnu" ]; then
            export CC=aarch64-linux-gnu-gcc
            export CXX=aarch64-linux-gnu-g++
            export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc
            export CXX_aarch64_unknown_linux_gnu=aarch64-linux-gnu-g++
            export RUSTFLAGS="-C linker=aarch64-linux-gnu-gcc"
          else
            export CC=clang
            export CXX=clang++
            export CC_x86_64_unknown_linux_gnu=clang
            export CXX_x86_64_unknown_linux_gnu=clang++
            export RUSTFLAGS="-C linker=clang -C link-arg=-fuse-ld=lld"
          fi
@ -85,20 +84,19 @@ jobs:
      - name: Package
        run: |
          mkdir -p dist
-          BIN=target/${{ matrix.target }}/release/${{ env.BINARY_NAME }}
+          cp target/${{ matrix.target }}/release/${{ env.BINARY_NAME }} dist/telemt
          cp "$BIN" dist/${{ env.BINARY_NAME }}-${{ matrix.target }}
          cd dist
-          tar -czf ${{ matrix.asset }}.tar.gz ${{ env.BINARY_NAME }}-${{ matrix.target }}
+          tar -czf ${{ matrix.asset }}.tar.gz \
            --owner=0 --group=0 --numeric-owner \
            telemt
          sha256sum ${{ matrix.asset }}.tar.gz > ${{ matrix.asset }}.sha256
      - uses: actions/upload-artifact@v4
        with:
          name: ${{ matrix.asset }}
-          path: |
+          path: dist/*
            dist/${{ matrix.asset }}.tar.gz
            dist/${{ matrix.asset }}.sha256
 # ==========================
 # MUSL
@ -125,43 +123,7 @@ jobs:
      - name: Install deps
        run: |
          apt-get update
-          apt-get install -y \
+          apt-get install -y musl-tools pkg-config curl
            musl-tools \
            pkg-config \
            curl
      - uses: actions/cache@v4
        if: matrix.target == 'aarch64-unknown-linux-musl'
        with:
          path: ~/.musl-aarch64
          key: musl-toolchain-aarch64-v1
      - name: Install aarch64 musl toolchain
        if: matrix.target == 'aarch64-unknown-linux-musl'
        run: |
          set -e
          TOOLCHAIN_DIR="$HOME/.musl-aarch64"
          ARCHIVE="aarch64-linux-musl-cross.tgz"
          URL="https://github.com/telemt/telemt/releases/download/toolchains/$ARCHIVE"
          if [ -x "$TOOLCHAIN_DIR/bin/aarch64-linux-musl-gcc" ]; then
            echo "✅ MUSL toolchain already installed"
          else
            echo "⬇️ Downloading musl toolchain from Telemt GitHub Releases..."
            curl -fL \
              --retry 5 \
              --retry-delay 3 \
              --connect-timeout 10 \
              --max-time 120 \
              -o "$ARCHIVE" "$URL"
            mkdir -p "$TOOLCHAIN_DIR"
            tar -xzf "$ARCHIVE" --strip-components=1 -C "$TOOLCHAIN_DIR"
          fi
          echo "$TOOLCHAIN_DIR/bin" >> $GITHUB_PATH
      - name: Add rust target
        run: rustup target add ${{ matrix.target }}
@ -178,11 +140,9 @@ jobs:
        run: |
          if [ "${{ matrix.target }}" = "aarch64-unknown-linux-musl" ]; then
            export CC=aarch64-linux-musl-gcc
            export CC_aarch64_unknown_linux_musl=aarch64-linux-musl-gcc
            export RUSTFLAGS="-C target-feature=+crt-static -C linker=aarch64-linux-musl-gcc"
          else
            export CC=musl-gcc
            export CC_x86_64_unknown_linux_musl=musl-gcc
            export RUSTFLAGS="-C target-feature=+crt-static"
          fi
@ -191,69 +151,19 @@ jobs:
      - name: Package
        run: |
          mkdir -p dist
-          BIN=target/${{ matrix.target }}/release/${{ env.BINARY_NAME }}
+          cp target/${{ matrix.target }}/release/${{ env.BINARY_NAME }} dist/telemt
          cp "$BIN" dist/${{ env.BINARY_NAME }}-${{ matrix.target }}
          cd dist
-          tar -czf ${{ matrix.asset }}.tar.gz ${{ env.BINARY_NAME }}-${{ matrix.target }}
+          tar -czf ${{ matrix.asset }}.tar.gz \
            --owner=0 --group=0 --numeric-owner \
            telemt
          sha256sum ${{ matrix.asset }}.tar.gz > ${{ matrix.asset }}.sha256
      - uses: actions/upload-artifact@v4
        with:
          name: ${{ matrix.asset }}
-          path: |
+          path: dist/*
            dist/${{ matrix.asset }}.tar.gz
            dist/${{ matrix.asset }}.sha256
 # ==========================
 # Docker
 # ==========================
  docker:
    name: Docker
    runs-on: ubuntu-latest
    needs: [build-gnu, build-musl]
    continue-on-error: true
    steps:
      - uses: actions/checkout@v4
      - uses: actions/download-artifact@v4
        with:
          path: artifacts
      - name: Extract binaries
        run: |
          mkdir dist
          find artifacts -name "*.tar.gz" -exec tar -xzf {} -C dist \;
          cp dist/telemt-x86_64-unknown-linux-musl dist/telemt || true
      - uses: docker/setup-qemu-action@v3
      - uses: docker/setup-buildx-action@v3
      - name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Extract version
        id: vars
        run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
      - name: Build & Push
        uses: docker/build-push-action@v6
        with:
          context: .
          push: true
          platforms: linux/amd64,linux/arm64
          tags: |
            ghcr.io/${{ github.repository }}:${{ steps.vars.outputs.VERSION }}
            ghcr.io/${{ github.repository }}:latest
          build-args: |
            BINARY=dist/telemt
 # ==========================
 # Release
@ -271,7 +181,7 @@ jobs:
        with:
          path: artifacts
-      - name: Flatten artifacts
+      - name: Flatten
        run: |
          mkdir dist
          find artifacts -type f -exec cp {} dist/ \;
@ -281,5 +191,61 @@ jobs:
        with:
          files: dist/*
          generate_release_notes: true
-          draft: false
+          prerelease: ${{ contains(github.ref, '-') }}
-          prerelease: ${{ contains(github.ref, '-rc') || contains(github.ref, '-beta') || contains(github.ref, '-alpha') }}
+
 # ==========================
 # Docker (FROM RELEASE)
 # ==========================
  docker:
    name: Docker (from release)
    runs-on: ubuntu-latest
    needs: release
    permissions:
      contents: read
      packages: write
    steps:
      - uses: actions/checkout@v4
      - name: Install gh
        run: apt-get update && apt-get install -y gh
      - name: Extract version
        id: vars
        run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
      - name: Download binary
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          mkdir dist
          gh release download ${{ steps.vars.outputs.VERSION }} \
            --repo ${{ github.repository }} \
            --pattern "telemt-x86_64-linux-musl.tar.gz" \
            --dir dist
          tar -xzf dist/telemt-x86_64-linux-musl.tar.gz -C dist
          chmod +x dist/telemt
      - uses: docker/setup-qemu-action@v3
      - uses: docker/setup-buildx-action@v3
      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build & Push
        uses: docker/build-push-action@v6
        with:
          context: .
          push: true
          platforms: linux/amd64,linux/arm64
          tags: |
            ghcr.io/${{ github.repository }}:${{ steps.vars.outputs.VERSION }}
            ghcr.io/${{ github.repository }}:latest
          build-args: |
            BINARY=dist/telemt
--- a/60
+++ b/60
@ -1,29 +1,9 @@
 # syntax=docker/dockerfile:1
-# ==========================
+ARG BINARY
 # Stage 1: Build
 # ==========================
 FROM rust:1.88-slim-bookworm AS builder
 RUN apt-get update && apt-get install -y --no-install-recommends \
    pkg-config \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/*
 WORKDIR /build
 # Depcache
 COPY Cargo.toml Cargo.lock* ./
 RUN mkdir src && echo 'fn main() {}' > src/main.rs && \
    cargo build --release 2>/dev/null || true && \
    rm -rf src
 # Build
 COPY . .
 RUN cargo build --release && strip target/release/telemt
 # ==========================
-# Stage 2: Compress (strip + UPX)
+# Stage: minimal
 # ==========================
 FROM debian:12-slim AS minimal
@ -33,7 +13,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/* \
    \
    # install UPX from Telemt releases
    && curl -fL \
        --retry 5 \
        --retry-delay 3 \
@ -46,15 +25,15 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
    && chmod +x /usr/local/bin/upx \
    && rm -rf /tmp/upx*
-COPY --from=builder /build/target/release/telemt /telemt
+COPY ${BINARY} /telemt
 RUN strip /telemt || true
 RUN upx --best --lzma /telemt || true
 # ==========================
-# Stage 3: Debug base
+# Debug image
 # ==========================
-FROM debian:12-slim AS debug-base
+FROM debian:12-slim AS debug
 RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
@ -64,48 +43,29 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
    busybox \
    && rm -rf /var/lib/apt/lists/*
 # ==========================
 # Stage 4: Debug image
 # ==========================
 FROM debug-base AS debug
 WORKDIR /app
 COPY --from=minimal /telemt /app/telemt
 COPY config.toml /app/config.toml
-USER root
+EXPOSE 443 9090 9091
 EXPOSE 443
 EXPOSE 9090
 EXPOSE 9091
 ENTRYPOINT ["/app/telemt"]
 CMD ["config.toml"]
 # ==========================
-# Stage 5: Production (distroless)
+# Production (REAL distroless)
 # ==========================
-FROM gcr.io/distroless/base-debian12 AS prod
+FROM gcr.io/distroless/static-debian12 AS prod
 WORKDIR /app
 COPY --from=minimal /telemt /app/telemt
 COPY config.toml /app/config.toml
 # TLS + timezone + shell
 COPY --from=debug-base /etc/ssl/certs /etc/ssl/certs
 COPY --from=debug-base /usr/share/zoneinfo /usr/share/zoneinfo
 COPY --from=debug-base /bin/busybox /bin/busybox
 RUN ["/bin/busybox", "--install", "-s", "/bin"]
 # distroless user
 USER nonroot:nonroot
-EXPOSE 443
+EXPOSE 443 9090 9091
 EXPOSE 9090
 EXPOSE 9091
 ENTRYPOINT ["/app/telemt"]
-CMD ["config.toml"]
+CMD ["config.toml"]