mirror of https://github.com/telemt/telemt.git
Compare commits
1 Commits
a56f705dd5
...
020dd5c899
| Author | SHA1 | Date |
|---|---|---|
David Osipov
|
020dd5c899 |
|
|
@ -123,43 +123,7 @@ jobs:
|
||||||
- name: Install deps
|
- name: Install deps
|
||||||
run: |
|
run: |
|
||||||
apt-get update
|
apt-get update
|
||||||
apt-get install -y \
|
apt-get install -y musl-tools pkg-config curl
|
||||||
musl-tools \
|
|
||||||
pkg-config \
|
|
||||||
curl
|
|
||||||
|
|
||||||
- uses: actions/cache@v4
|
|
||||||
if: matrix.target == 'aarch64-unknown-linux-musl'
|
|
||||||
with:
|
|
||||||
path: ~/.musl-aarch64
|
|
||||||
key: musl-toolchain-aarch64-v1
|
|
||||||
|
|
||||||
- name: Install aarch64 musl toolchain
|
|
||||||
if: matrix.target == 'aarch64-unknown-linux-musl'
|
|
||||||
run: |
|
|
||||||
set -e
|
|
||||||
|
|
||||||
TOOLCHAIN_DIR="$HOME/.musl-aarch64"
|
|
||||||
ARCHIVE="aarch64-linux-musl-cross.tgz"
|
|
||||||
URL="https://github.com/telemt/telemt/releases/download/toolchains/$ARCHIVE"
|
|
||||||
|
|
||||||
if [ -x "$TOOLCHAIN_DIR/bin/aarch64-linux-musl-gcc" ]; then
|
|
||||||
echo "✅ MUSL toolchain cached"
|
|
||||||
else
|
|
||||||
echo "⬇️ Downloading MUSL toolchain..."
|
|
||||||
|
|
||||||
curl -fL \
|
|
||||||
--retry 5 \
|
|
||||||
--retry-delay 3 \
|
|
||||||
--connect-timeout 10 \
|
|
||||||
--max-time 120 \
|
|
||||||
-o "$ARCHIVE" "$URL"
|
|
||||||
|
|
||||||
mkdir -p "$TOOLCHAIN_DIR"
|
|
||||||
tar -xzf "$ARCHIVE" --strip-components=1 -C "$TOOLCHAIN_DIR"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "$TOOLCHAIN_DIR/bin" >> $GITHUB_PATH
|
|
||||||
|
|
||||||
- name: Add rust target
|
- name: Add rust target
|
||||||
run: rustup target add ${{ matrix.target }}
|
run: rustup target add ${{ matrix.target }}
|
||||||
|
|
@ -176,11 +140,9 @@ jobs:
|
||||||
run: |
|
run: |
|
||||||
if [ "${{ matrix.target }}" = "aarch64-unknown-linux-musl" ]; then
|
if [ "${{ matrix.target }}" = "aarch64-unknown-linux-musl" ]; then
|
||||||
export CC=aarch64-linux-musl-gcc
|
export CC=aarch64-linux-musl-gcc
|
||||||
export CC_aarch64_unknown_linux_musl=aarch64-linux-musl-gcc
|
|
||||||
export RUSTFLAGS="-C target-feature=+crt-static -C linker=aarch64-linux-musl-gcc"
|
export RUSTFLAGS="-C target-feature=+crt-static -C linker=aarch64-linux-musl-gcc"
|
||||||
else
|
else
|
||||||
export CC=musl-gcc
|
export CC=musl-gcc
|
||||||
export CC_x86_64_unknown_linux_musl=musl-gcc
|
|
||||||
export RUSTFLAGS="-C target-feature=+crt-static"
|
export RUSTFLAGS="-C target-feature=+crt-static"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
@ -232,12 +194,12 @@ jobs:
|
||||||
prerelease: ${{ contains(github.ref, '-') }}
|
prerelease: ${{ contains(github.ref, '-') }}
|
||||||
|
|
||||||
# ==========================
|
# ==========================
|
||||||
# Docker
|
# Docker (FROM RELEASE)
|
||||||
# ==========================
|
# ==========================
|
||||||
docker:
|
docker:
|
||||||
name: Docker
|
name: Docker (from release)
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
needs: [build-gnu, build-musl]
|
needs: release
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
|
|
@ -246,19 +208,26 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
|
|
||||||
- uses: actions/download-artifact@v4
|
- name: Install gh
|
||||||
with:
|
run: apt-get update && apt-get install -y gh
|
||||||
path: dist
|
|
||||||
|
|
||||||
- name: Extract binaries
|
- name: Extract version
|
||||||
|
id: vars
|
||||||
|
run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- name: Download binary
|
||||||
|
env:
|
||||||
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
run: |
|
run: |
|
||||||
mkdir bin
|
mkdir dist
|
||||||
|
|
||||||
tar -xzf dist/telemt-x86_64-linux-musl/telemt-x86_64-linux-musl.tar.gz -C bin
|
gh release download ${{ steps.vars.outputs.VERSION }} \
|
||||||
mv bin/telemt bin/telemt-amd64
|
--repo ${{ github.repository }} \
|
||||||
|
--pattern "telemt-x86_64-linux-musl.tar.gz" \
|
||||||
|
--dir dist
|
||||||
|
|
||||||
tar -xzf dist/telemt-aarch64-linux-musl/telemt-aarch64-linux-musl.tar.gz -C bin
|
tar -xzf dist/telemt-x86_64-linux-musl.tar.gz -C dist
|
||||||
mv bin/telemt bin/telemt-arm64
|
chmod +x dist/telemt
|
||||||
|
|
||||||
- uses: docker/setup-qemu-action@v3
|
- uses: docker/setup-qemu-action@v3
|
||||||
- uses: docker/setup-buildx-action@v3
|
- uses: docker/setup-buildx-action@v3
|
||||||
|
|
@ -269,11 +238,7 @@ jobs:
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Extract version
|
- name: Build & Push
|
||||||
id: vars
|
|
||||||
run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
|
|
||||||
|
|
||||||
- name: Build & Push (multi-arch)
|
|
||||||
uses: docker/build-push-action@v6
|
uses: docker/build-push-action@v6
|
||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
|
|
@ -283,5 +248,4 @@ jobs:
|
||||||
ghcr.io/${{ github.repository }}:${{ steps.vars.outputs.VERSION }}
|
ghcr.io/${{ github.repository }}:${{ steps.vars.outputs.VERSION }}
|
||||||
ghcr.io/${{ github.repository }}:latest
|
ghcr.io/${{ github.repository }}:latest
|
||||||
build-args: |
|
build-args: |
|
||||||
BINARY_AMD64=bin/telemt-amd64
|
BINARY=dist/telemt
|
||||||
BINARY_ARM64=bin/telemt-arm64
|
|
||||||
|
|
@ -83,6 +83,4 @@ name = "crypto_bench"
|
||||||
harness = false
|
harness = false
|
||||||
|
|
||||||
[profile.release]
|
[profile.release]
|
||||||
lto = "fat"
|
lto = "thin"
|
||||||
codegen-units = 1
|
|
||||||
|
|
||||||
|
|
|
||||||
71
Dockerfile
71
Dockerfile
|
|
@ -1,78 +1,47 @@
|
||||||
# syntax=docker/dockerfile:1
|
# syntax=docker/dockerfile:1
|
||||||
|
|
||||||
ARG TARGETARCH
|
ARG BINARY
|
||||||
ARG BINARY_AMD64
|
|
||||||
ARG BINARY_ARM64
|
|
||||||
|
|
||||||
# ==========================
|
# ==========================
|
||||||
# Minimal Image
|
# Stage: minimal
|
||||||
# ==========================
|
# ==========================
|
||||||
FROM debian:12-slim AS minimal
|
FROM debian:12-slim AS minimal
|
||||||
|
|
||||||
ARG TARGETARCH
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||||
ARG BINARY_AMD64
|
|
||||||
ARG BINARY_ARM64
|
|
||||||
|
|
||||||
RUN set -eux; \
|
|
||||||
apt-get update; \
|
|
||||||
apt-get install -y --no-install-recommends \
|
|
||||||
binutils \
|
binutils \
|
||||||
curl \
|
curl \
|
||||||
xz-utils \
|
ca-certificates \
|
||||||
ca-certificates; \
|
&& rm -rf /var/lib/apt/lists/* \
|
||||||
rm -rf /var/lib/apt/lists/*
|
|
||||||
|
|
||||||
# --- Select correct binary ---
|
|
||||||
RUN set -eux; \
|
|
||||||
case "${TARGETARCH}" in \
|
|
||||||
amd64) BIN="${BINARY_AMD64}" ;; \
|
|
||||||
arm64) BIN="${BINARY_ARM64}" ;; \
|
|
||||||
*) echo "Unsupported TARGETARCH: ${TARGETARCH}" >&2; exit 1 ;; \
|
|
||||||
esac; \
|
|
||||||
echo "Using binary: $BIN"; \
|
|
||||||
test -f "$BIN"; \
|
|
||||||
cp "$BIN" /telemt
|
|
||||||
|
|
||||||
# --- Install UPX (arch-aware) ---
|
|
||||||
RUN set -eux; \
|
|
||||||
case "${TARGETARCH}" in \
|
|
||||||
amd64) UPX_ARCH="amd64" ;; \
|
|
||||||
arm64) UPX_ARCH="arm64" ;; \
|
|
||||||
*) echo "Unsupported TARGETARCH: ${TARGETARCH}" >&2; exit 1 ;; \
|
|
||||||
esac; \
|
|
||||||
\
|
\
|
||||||
curl -fL \
|
&& curl -fL \
|
||||||
--retry 5 \
|
--retry 5 \
|
||||||
--retry-delay 3 \
|
--retry-delay 3 \
|
||||||
--connect-timeout 10 \
|
--connect-timeout 10 \
|
||||||
--max-time 120 \
|
--max-time 120 \
|
||||||
-o /tmp/upx.tar.xz \
|
-o /tmp/upx.tar.xz \
|
||||||
"https://github.com/telemt/telemt/releases/download/toolchains/upx-${UPX_ARCH}_linux.tar.xz"; \
|
https://github.com/telemt/telemt/releases/download/toolchains/upx-amd64_linux.tar.xz \
|
||||||
\
|
&& tar -xf /tmp/upx.tar.xz -C /tmp \
|
||||||
tar -xf /tmp/upx.tar.xz -C /tmp; \
|
&& mv /tmp/upx*/upx /usr/local/bin/upx \
|
||||||
install -m 0755 /tmp/upx*/upx /usr/local/bin/upx; \
|
&& chmod +x /usr/local/bin/upx \
|
||||||
rm -rf /tmp/upx*
|
&& rm -rf /tmp/upx*
|
||||||
|
|
||||||
# --- Optimize binary ---
|
COPY ${BINARY} /telemt
|
||||||
RUN set -eux; \
|
|
||||||
test -f /telemt; \
|
RUN strip /telemt || true
|
||||||
strip --strip-unneeded /telemt || true; \
|
RUN upx --best --lzma /telemt || true
|
||||||
upx --best --lzma /telemt || true
|
|
||||||
|
|
||||||
# ==========================
|
# ==========================
|
||||||
# Debug Image
|
# Debug image
|
||||||
# ==========================
|
# ==========================
|
||||||
FROM debian:12-slim AS debug
|
FROM debian:12-slim AS debug
|
||||||
|
|
||||||
RUN set -eux; \
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||||
apt-get update; \
|
|
||||||
apt-get install -y --no-install-recommends \
|
|
||||||
ca-certificates \
|
ca-certificates \
|
||||||
tzdata \
|
tzdata \
|
||||||
curl \
|
curl \
|
||||||
iproute2 \
|
iproute2 \
|
||||||
busybox; \
|
busybox \
|
||||||
rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
|
|
@ -85,7 +54,7 @@ ENTRYPOINT ["/app/telemt"]
|
||||||
CMD ["config.toml"]
|
CMD ["config.toml"]
|
||||||
|
|
||||||
# ==========================
|
# ==========================
|
||||||
# Production Distroless on MUSL
|
# Production (REAL distroless)
|
||||||
# ==========================
|
# ==========================
|
||||||
FROM gcr.io/distroless/static-debian12 AS prod
|
FROM gcr.io/distroless/static-debian12 AS prod
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue