build: update Docker workflow & build process (#6094)

* ci: runners to use ubuntu-latest

Signed-off-by: Dwi Siswanto <[email protected]>

* build: update Docker workflow & build process

Signed-off-by: Dwi Siswanto <[email protected]>

---------

Signed-off-by: Dwi Siswanto <[email protected]>

Author: dwisiswant0

.github/workflows/dockerhub-push.yml

@@ -19,7 +19,7 @@ jobs:
     strategy:
       matrix:
         targets: [150]
-    runs-on: ubuntu-latest-16-cores
+    runs-on: ubuntu-latest
     if: github.repository == 'projectdiscovery/nuclei'
     permissions:
       contents: write

.github/workflows/generate-pgo.yaml

@@ -6,7 +6,7 @@ on:
 
 jobs:
   perf-regression:
-    runs-on: ubuntu-latest-16-cores
+    runs-on: ubuntu-latest
     if: github.repository == 'projectdiscovery/nuclei'
     env:
       BENCH_OUT: "/tmp/bench.out"

.github/workflows/perf-regression.yaml

@@ -10,7 +10,7 @@ jobs:
     strategy:
       matrix:
         count: [50, 100, 150]
-    runs-on: ubuntu-latest-16-cores
+    runs-on: ubuntu-latest
     if: github.repository == 'projectdiscovery/nuclei'
     env:
       LIST_FILE: "/tmp/targets-${{ matrix.count }}.txt"

.github/workflows/perf-test.yaml

@@ -14,6 +14,12 @@ jobs:
         with: 
           fetch-depth: 0
       - uses: projectdiscovery/actions/setup/go@v1
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3 
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
       - uses: projectdiscovery/actions/goreleaser@v1
         with: 
           release: true

.github/workflows/release.yaml

@@ -1,3 +1,5 @@
+version: 2
+
 before:
   hooks:
     - go mod download
@@ -44,6 +46,26 @@ archives:
 checksum:
   algorithm: sha256
 
+dockers:
+  - image_templates:
+      - "{{ .ProjectName }}:{{ .Tag }}"
+      - "{{ .ProjectName }}:v{{ .Major }}.{{ .Minor }}"
+      - "{{ .ProjectName }}:v{{ .Major }}"
+      - "{{ .ProjectName }}:latest"
+    dockerfile: Dockerfile.goreleaser
+    use: buildx
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.authors=ProjectDiscovery"
+      - "--label=org.opencontainers.image.created={{ .Date }}"
+      - "--label=org.opencontainers.image.description=\"Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.\""
+      - "--label=org.opencontainers.image.licenses=MIT"
+      - "--label=org.opencontainers.image.ref.name={{ .Tag }}"
+      - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
+      - "--label=org.opencontainers.image.title={{ .ProjectName }}"
+      - "--label=org.opencontainers.image.url=https://github.com/projectdiscovery/{{ .ProjectName }}"
+      - "--label=org.opencontainers.image.version={{ .Version }}"
+
 announce:
   slack:
     enabled: true

.goreleaser.yml

@@ -1,15 +1,16 @@
 # Build
-FROM golang:1.22-alpine AS build-env
+FROM golang:1.22-alpine AS builder
+
 RUN apk add build-base
 WORKDIR /app
 COPY . /app
-RUN go mod download
-RUN go build ./cmd/nuclei
+RUN make verify
+RUN make build
 
 # Release
-FROM alpine:3.18.6
-RUN apk upgrade --no-cache \
-    && apk add --no-cache bind-tools chromium ca-certificates
-COPY --from=build-env /app/nuclei /usr/local/bin/
+FROM alpine:latest
+
+RUN apk add --no-cache bind-tools chromium ca-certificates
+COPY --from=builder /app/bin/nuclei /usr/local/bin/
 
 ENTRYPOINT ["nuclei"]

Dockerfile

@@ -0,0 +1,6 @@
+FROM alpine:latest
+
+RUN apk add --no-cache bind-tools chromium ca-certificates
+COPY nuclei /usr/local/bin/
+
+ENTRYPOINT ["nuclei"]