Merge pull request #149 from grepplabs/fix/147

Fix #147

Author: everesio

.github/workflows/release.yaml

@@ -78,6 +78,7 @@ jobs:
         with:
           context: .
           push: true
+          file: Dockerfile.all
           platforms: linux/amd64,linux/arm64
           tags: ${{ steps.meta-all.outputs.tags }}
           labels: ${{ steps.meta-all.outputs.labels }}

Dockerfile.all

@@ -0,0 +1,53 @@
+FROM --platform=$BUILDPLATFORM golang:1.20-alpine3.17 as builder
+RUN apk add alpine-sdk ca-certificates
+
+ARG TARGETOS
+ARG TARGETARCH
+ARG TARGETVARIANT
+ARG VERSION
+
+ENV CGO_ENABLED=0 \
+    GO111MODULE=on \
+    GOOS=${TARGETOS} \
+    GOARCH=${TARGETARCH} \
+    GOARM=${TARGETVARIANT} \
+    LDFLAGS="-X github.com/grepplabs/kafka-proxy/config.Version=${VERSION} -w -s"
+
+WORKDIR /go/src/github.com/grepplabs/kafka-proxy
+COPY . .
+
+RUN mkdir -p build && \
+    export GOARM=$( echo "${GOARM}" | cut -c2-) && \
+    go build -mod=vendor -o build/kafka-proxy -ldflags "${LDFLAGS}" . && \
+    go build -mod=vendor -o build/auth-user -ldflags "${LDFLAGS}" cmd/plugin-auth-user/main.go && \
+    go build -mod=vendor -o build/auth-ldap -ldflags "${LDFLAGS}" cmd/plugin-auth-ldap/main.go && \
+    go build -mod=vendor -o build/google-id-provider -ldflags "${LDFLAGS}" cmd/plugin-googleid-provider/main.go && \
+    go build -mod=vendor -o build/google-id-info -ldflags "${LDFLAGS}" cmd/plugin-googleid-info/main.go && \
+    go build -mod=vendor -o build/unsecured-jwt-info -ldflags "${LDFLAGS}" cmd/plugin-unsecured-jwt-info/main.go && \
+    go build -mod=vendor -o build/unsecured-jwt-provider -ldflags "${LDFLAGS}" cmd/plugin-unsecured-jwt-provider/main.go && \
+    go build -mod=vendor -o build/oidc-provider -ldflags "${LDFLAGS}" cmd/plugin-oidc-provider/main.go
+
+FROM --platform=$BUILDPLATFORM alpine:3.17
+RUN apk add --no-cache ca-certificates libcap
+RUN adduser \
+        --disabled-password \
+        --gecos "" \
+        --home "/nonexistent" \
+        --shell "/sbin/nologin" \
+        --no-create-home \
+        kafka-proxy
+
+COPY --from=builder /go/src/github.com/grepplabs/kafka-proxy/build /opt/kafka-proxy/bin
+RUN setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/kafka-proxy && \
+    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/auth-user && \
+    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/auth-ldap && \
+    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/google-id-provider && \
+    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/google-id-info && \
+    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/unsecured-jwt-info && \
+    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/unsecured-jwt-provider && \
+    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/oidc-provider
+
+USER kafka-proxy
+ENTRYPOINT ["/opt/kafka-proxy/bin/kafka-proxy"]
+CMD ["--help"]
+