From cd7edd21601264a8188515b0c4b70292a9f6b2ea Mon Sep 17 00:00:00 2001
From: "Giau. Tran Minh" <12751435+giautm@users.noreply.github.com>
Date: Wed, 11 Dec 2024 19:36:50 +0700
Subject: [PATCH] chore: added docker for actions (#270)

---
 .github/workflows/cd.yaml | 51 ++++++++++++++++++++++++++++++++++-----
 Dockerfile                | 16 ++++++++++++
 cmd/atlas-action/main.go  |  2 +-
 scripts/setup-atlas.sh    | 10 ++++++++
 4 files changed, 72 insertions(+), 7 deletions(-)
 create mode 100644 Dockerfile
 create mode 100644 scripts/setup-atlas.sh

diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml
index 4a0538d2..f4e789d9 100644
--- a/.github/workflows/cd.yaml
+++ b/.github/workflows/cd.yaml
@@ -20,17 +20,53 @@ jobs:
   build:
     needs: test
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+    env:
+      REGISTRY: "docker.io"
+      IMAGE_NAME: "arigaio/atlas-action"
+      DOCKERHUB_USERNAME: arigaio
     steps:
-      - name: Install Atlas
-        uses: ariga/setup-atlas@v0
       - name: Checkout code
         uses: actions/checkout@v3.0.2
         with:
           ref: ${{ github.event.inputs.commit || 'master' }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker Hub (${{ env.REGISTRY }})
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ env.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern=v{{major}}
+            type=sha
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.RELEASE_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.RELEASE_AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
       - name: Setup Go Environment
         uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
+      - name: Install Atlas
+        uses: ariga/setup-atlas@v0
       - name: Set BINARY_NAME
         id: set_binary_name
         env:
@@ -51,15 +87,18 @@ jobs:
           fi
         env:
           CGO_ENABLED: 0
-      - name: Configure AWS credentials
-        run: |
-          aws configure set aws_access_key_id ${{ secrets.RELEASE_AWS_ACCESS_KEY_ID }}
-          aws configure set aws_secret_access_key ${{ secrets.RELEASE_AWS_SECRET_ACCESS_KEY }}
       - name: Upload binary to S3
         run: |
           aws s3 cp ./atlas-action s3://release.ariga.io/atlas-action/$BINARY_NAME
         env:
           AWS_REGION: us-east-1
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: ${{ steps.meta.outputs.tags }}
+          push: true
   # Run end-to-end test on the published binary.
   e2e-test:
     needs: build
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 00000000..61505754
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,16 @@
+# Copyright 2021-present The Atlas Authors. All rights reserved.
+# This source code is licensed under the Apache 2.0 license found
+# in the LICENSE file in the root directory of this source tree.
+# syntax=docker/dockerfile:1
+
+ARG ALPINE_VERSION="3.21"
+
+FROM alpine:${ALPINE_VERSION}
+COPY LICENSE README.md /
+COPY --chmod=001 ./scripts/setup-atlas.sh /usr/local/bin/setup-atlas
+COPY --chmod=001 ./atlas-action /usr/local/bin/
+RUN apk add --update --no-cache curl
+RUN setup-atlas && rm -rf /root/.atlas /tmp/*
+WORKDIR /root
+VOLUME /root/.atlas
+ENTRYPOINT ["/usr/local/bin/atlas-action"]
diff --git a/cmd/atlas-action/main.go b/cmd/atlas-action/main.go
index ef6a6fa9..47b0d7eb 100644
--- a/cmd/atlas-action/main.go
+++ b/cmd/atlas-action/main.go
@@ -67,7 +67,7 @@ func (v VersionFlag) BeforeReset(app *kong.Kong) error {
 
 // RunActionCmd is a command to run one of the Atlas GitHub Actions.
 type RunActionCmd struct {
-	Action  string      `help:"Command to run" required:""`
+	Action  string      `help:"Command to run" required:"" env:"ATLAS_ACTION"`
 	Version VersionFlag `help:"Prints the version and exits"`
 }
 
diff --git a/scripts/setup-atlas.sh b/scripts/setup-atlas.sh
new file mode 100644
index 00000000..46029094
--- /dev/null
+++ b/scripts/setup-atlas.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env sh
+# Copyright 2021-present The Atlas Authors. All rights reserved.
+# This source code is licensed under the Apache 2.0 license found
+# in the LICENSE file in the root directory of this source tree.
+
+set -e
+curl -sSf https://atlasgo.sh | sh
+if [ -n "$ATLAS_TOKEN" ]; then
+  atlas login --token $ATLAS_TOKEN
+fi