From 01e5cae509a41ee31ec3ee00b786420e87a0786b Mon Sep 17 00:00:00 2001
From: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>
Date: Sun, 16 Mar 2025 02:37:44 +0700
Subject: [PATCH] build: update Docker workflow & build process (#6094)

* ci: runners to use ubuntu-latest

Signed-off-by: Dwi Siswanto <git@dw1.io>

* build: update Docker workflow & build process

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
---
 .github/workflows/dockerhub-push.yml   | 47 --------------------------
 .github/workflows/generate-pgo.yaml    |  2 +-
 .github/workflows/perf-regression.yaml |  2 +-
 .github/workflows/perf-test.yaml       |  2 +-
 .github/workflows/release.yaml         |  6 ++++
 .goreleaser.yml                        | 22 ++++++++++++
 Dockerfile                             | 15 ++++----
 Dockerfile.goreleaser                  |  6 ++++
 8 files changed, 45 insertions(+), 57 deletions(-)
 delete mode 100644 .github/workflows/dockerhub-push.yml
 create mode 100644 Dockerfile.goreleaser

diff --git a/.github/workflows/dockerhub-push.yml b/.github/workflows/dockerhub-push.yml
deleted file mode 100644
index 8743e914f..000000000
--- a/.github/workflows/dockerhub-push.yml
+++ /dev/null
@@ -1,47 +0,0 @@
-name: 🐳 Docker Push
-
-on:
-  workflow_run:
-    workflows: ["🎉 Release Binary"]
-    types:
-      - completed
-  workflow_dispatch:
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest-16-cores
-    steps:
-      - name: Git Checkout
-        uses: actions/checkout@v4
-
-      - name: Get GitHub tag
-        id: meta
-        run: |
-          curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name | xargs -I {} echo TAG={} >> $GITHUB_OUTPUT
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v3 
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_TOKEN }}
-
-      - name: Build and push
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: projectdiscovery/nuclei:latest,projectdiscovery/nuclei:${{ steps.meta.outputs.TAG }}
-
-      - name: Update DockerHub Description
-        uses: peter-evans/dockerhub-description@v4
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_TOKEN }}
-          repository: projectdiscovery/nuclei
diff --git a/.github/workflows/generate-pgo.yaml b/.github/workflows/generate-pgo.yaml
index 25ea17858..463e7d686 100644
--- a/.github/workflows/generate-pgo.yaml
+++ b/.github/workflows/generate-pgo.yaml
@@ -19,7 +19,7 @@ jobs:
     strategy:
       matrix:
         targets: [150]
-    runs-on: ubuntu-latest-16-cores
+    runs-on: ubuntu-latest
     if: github.repository == 'projectdiscovery/nuclei'
     permissions:
       contents: write
diff --git a/.github/workflows/perf-regression.yaml b/.github/workflows/perf-regression.yaml
index 9f4b2fb88..090f722eb 100644
--- a/.github/workflows/perf-regression.yaml
+++ b/.github/workflows/perf-regression.yaml
@@ -6,7 +6,7 @@ on:
 
 jobs:
   perf-regression:
-    runs-on: ubuntu-latest-16-cores
+    runs-on: ubuntu-latest
     if: github.repository == 'projectdiscovery/nuclei'
     env:
       BENCH_OUT: "/tmp/bench.out"
diff --git a/.github/workflows/perf-test.yaml b/.github/workflows/perf-test.yaml
index ec2449464..94dec5cbd 100644
--- a/.github/workflows/perf-test.yaml
+++ b/.github/workflows/perf-test.yaml
@@ -10,7 +10,7 @@ jobs:
     strategy:
       matrix:
         count: [50, 100, 150]
-    runs-on: ubuntu-latest-16-cores
+    runs-on: ubuntu-latest
     if: github.repository == 'projectdiscovery/nuclei'
     env:
       LIST_FILE: "/tmp/targets-${{ matrix.count }}.txt"
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 66d45b01b..a7d187b66 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -14,6 +14,12 @@ jobs:
         with: 
           fetch-depth: 0
       - uses: projectdiscovery/actions/setup/go@v1
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3 
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
       - uses: projectdiscovery/actions/goreleaser@v1
         with: 
           release: true
diff --git a/.goreleaser.yml b/.goreleaser.yml
index f488d4df0..0eed4c4be 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -1,3 +1,5 @@
+version: 2
+
 before:
   hooks:
     - go mod download
@@ -44,6 +46,26 @@ archives:
 checksum:
   algorithm: sha256
 
+dockers:
+  - image_templates:
+      - "{{ .ProjectName }}:{{ .Tag }}"
+      - "{{ .ProjectName }}:v{{ .Major }}.{{ .Minor }}"
+      - "{{ .ProjectName }}:v{{ .Major }}"
+      - "{{ .ProjectName }}:latest"
+    dockerfile: Dockerfile.goreleaser
+    use: buildx
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.authors=ProjectDiscovery"
+      - "--label=org.opencontainers.image.created={{ .Date }}"
+      - "--label=org.opencontainers.image.description=\"Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.\""
+      - "--label=org.opencontainers.image.licenses=MIT"
+      - "--label=org.opencontainers.image.ref.name={{ .Tag }}"
+      - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
+      - "--label=org.opencontainers.image.title={{ .ProjectName }}"
+      - "--label=org.opencontainers.image.url=https://github.com/projectdiscovery/{{ .ProjectName }}"
+      - "--label=org.opencontainers.image.version={{ .Version }}"
+
 announce:
   slack:
     enabled: true
diff --git a/Dockerfile b/Dockerfile
index 2a054840d..9d7a780c7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,15 +1,16 @@
 # Build
-FROM golang:1.22-alpine AS build-env
+FROM golang:1.22-alpine AS builder
+
 RUN apk add build-base
 WORKDIR /app
 COPY . /app
-RUN go mod download
-RUN go build ./cmd/nuclei
+RUN make verify
+RUN make build
 
 # Release
-FROM alpine:3.18.6
-RUN apk upgrade --no-cache \
-    && apk add --no-cache bind-tools chromium ca-certificates
-COPY --from=build-env /app/nuclei /usr/local/bin/
+FROM alpine:latest
+
+RUN apk add --no-cache bind-tools chromium ca-certificates
+COPY --from=builder /app/bin/nuclei /usr/local/bin/
 
 ENTRYPOINT ["nuclei"]
\ No newline at end of file
diff --git a/Dockerfile.goreleaser b/Dockerfile.goreleaser
new file mode 100644
index 000000000..7007a213d
--- /dev/null
+++ b/Dockerfile.goreleaser
@@ -0,0 +1,6 @@
+FROM alpine:latest
+
+RUN apk add --no-cache bind-tools chromium ca-certificates
+COPY nuclei /usr/local/bin/
+
+ENTRYPOINT ["nuclei"]
\ No newline at end of file