test

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

.github/workflows/release-docker.yml

@@ -0,0 +1,138 @@
+---
+name: Release Docker
+
+on:
+  push:
+    tags:
+      - "*" # triggers only if push new tag version
+  workflow_dispatch:
+
+jobs:
+  docker-release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Set up QEMU for multiple platforms
+        uses: docker/setup-qemu-action@master
+        with:
+          platforms: arm64,amd64
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            ${{ secrets.DOCKERHUB_USERNAME }}/headscale
+            ghcr.io/${{ github.repository_owner }}/headscale
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+            type=raw,value=develop
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Login to GHCR
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          context: .
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+          build-args: |
+            VERSION=${{ steps.meta.outputs.version }}
+      - name: Prepare cache for next build
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
+  docker-debug-release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Set up QEMU for multiple platforms
+        uses: docker/setup-qemu-action@master
+        with:
+          platforms: arm64,amd64
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache-debug
+          key: ${{ runner.os }}-buildx-debug-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-debug-
+      - name: Docker meta
+        id: meta-debug
+        uses: docker/metadata-action@v3
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            ${{ secrets.DOCKERHUB_USERNAME }}/headscale
+            ghcr.io/${{ github.repository_owner }}/headscale
+          flavor: |
+            suffix=-debug,onlatest=true
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+            type=raw,value=develop
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Login to GHCR
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          context: .
+          file: Dockerfile.debug
+          tags: ${{ steps.meta-debug.outputs.tags }}
+          labels: ${{ steps.meta-debug.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+          cache-from: type=local,src=/tmp/.buildx-cache-debug
+          cache-to: type=local,dest=/tmp/.buildx-cache-debug-new
+          build-args: |
+            VERSION=${{ steps.meta-debug.outputs.version }}
+      - name: Prepare cache for next build
+        run: |
+          rm -rf /tmp/.buildx-cache-debug
+          mv /tmp/.buildx-cache-debug-new /tmp/.buildx-cache-debug

.github/workflows/release.yml

@@ -20,6 +20,6 @@ jobs:
       - uses: DeterminateSystems/magic-nix-cache-action@main
 
       - name: Run goreleaser
-        run: nix develop --command -- "goreleaser release --clean"
+        run: nix develop --command -- goreleaser release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.goreleaser.yml

@@ -9,7 +9,7 @@ release:
 
 builds:
   - id: headscale
-    main: ./cmd/headscale
+    main: ./cmd/headscale/headscale.go
     mod_timestamp: "{{ .CommitTimestamp }}"
     env:
       - CGO_ENABLED=0
@@ -81,82 +81,35 @@ nfpms:
 
 kos:
   - id: ghcr
-    repository: ghcr.io/kradalby/headscale
-    base_image: gcr.io/distroless/base-debian12
     build: headscale
-    main: ./cmd/headscale
+    base_image: gcr.io/distroless/base-debian11
-    env:
+    repository: ghcr.io/juanfont/headscale
-      - CGO_ENABLED=0
     platforms:
       - linux/amd64
       - linux/386
       - linux/arm64
       - linux/arm/v7
+      - linux/arm/v6
+      - linux/arm/v5
     tags:
       - latest
-      - "{{ .Tag }}"
+      - '{{.Tag}}'
-      - "{{ .Major }}.{{ .Minor }}.{{ .Patch }}"
+      - '{{ .Major }}.{{ .Minor }}'
-      - "{{ .Major }}.{{ .Minor }}"
+      - '{{ .Major }}'
-      - "{{ .Major }}"
+  # - id: dockerhub
-      - "sha-{{ .ShortCommit }}"
+  #   build: headscale
-      - "{{ if not .Prerelease }}stable{{ end }}"
+  #   base_image: gcr.io/distroless/base-debian11
-
+  #   repository: headscale/headscale
-  - id: dockerhub
+  #   platforms:
-    build: headscale
+  #     - linux/amd64
-    base_image: gcr.io/distroless/base-debian12
+  #     - linux/386
-    repository: headscale/headscale
+  #     - linux/arm64
-    platforms:
+  #     - linux/arm/v7
-      - linux/amd64
+  #     - linux/arm/v6
-      - linux/386
+  #     - linux/arm/v5
-      - linux/arm64
+  #   tags:
-      - linux/arm/v7
+  #     - latest
-    tags:
+  #    - '{{.Tag}}'
-      - latest
-      - "{{ .Tag }}"
-      - "{{ .Major }}.{{ .Minor }}.{{ .Patch }}"
-      - "{{ .Major }}.{{ .Minor }}"
-      - "{{ .Major }}"
-      - "sha-{{ .ShortCommit }}"
-      - "{{ if not .Prerelease }}stable{{ end }}"
-
-  - id: ghcr-debug
-    repository: ghcr.io/kradalby/headscale
-    base_image: "debian:12"
-    build: headscale
-    main: ./cmd/headscale
-    env:
-      - CGO_ENABLED=0
-    platforms:
-      - linux/amd64
-      - linux/386
-      - linux/arm64
-      - linux/arm/v7
-    tags:
-      - latest
-      - "{{ .Tag }}-debug"
-      - "{{ .Major }}.{{ .Minor }}.{{ .Patch }}-debug"
-      - "{{ .Major }}.{{ .Minor }}-debug"
-      - "{{ .Major }}-debug"
-      - "sha-{{ .ShortCommit }}-debug"
-      - "{{ if not .Prerelease }}stable{{ end }}-debug"
-
-  - id: dockerhub-debug
-    build: headscale
-    base_image: "debian:12"
-    repository: headscale/headscale
-    platforms:
-      - linux/amd64
-      - linux/386
-      - linux/arm64
-      - linux/arm/v7
-    tags:
-      - latest
-      - "{{ .Tag }}-debug"
-      - "{{ .Major }}.{{ .Minor }}.{{ .Patch }}-debug"
-      - "{{ .Major }}.{{ .Minor }}-debug"
-      - "{{ .Major }}-debug"
-      - "sha-{{ .ShortCommit }}-debug"
-      - "{{ if not .Prerelease }}stable{{ end }}-debug"
 
 checksum:
   name_template: "checksums.txt"

Dockerfile

@@ -0,0 +1,33 @@
+# This Dockerfile and the images produced are for testing headscale,
+# and are in no way endorsed by Headscale's maintainers as an
+# official nor supported release or distribution.
+
+FROM docker.io/golang:1.21-bookworm AS build
+ARG VERSION=dev
+ENV GOPATH /go
+WORKDIR /go/src/headscale
+
+COPY go.mod go.sum /go/src/headscale/
+RUN go mod download
+
+COPY . .
+
+RUN CGO_ENABLED=0 GOOS=linux go install -ldflags="-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=$VERSION" -a ./cmd/headscale
+RUN strip /go/bin/headscale
+RUN test -e /go/bin/headscale
+
+# Production image
+FROM docker.io/debian:bookworm-slim
+
+RUN apt-get update \
+  && apt-get install -y ca-certificates \
+  && rm -rf /var/lib/apt/lists/* \
+  && apt-get clean
+
+COPY --from=build /go/bin/headscale /bin/headscale
+ENV TZ UTC
+
+RUN mkdir -p /var/run/headscale
+
+EXPOSE 8080/tcp
+CMD ["headscale"]

flake.nix

@@ -95,7 +95,6 @@
           gotestsum
           gotests
           ksh
-          ko
 
           # 'dot' is needed for pprof graphs
           # go tool pprof -http=: <source>