build: update Docker workflow & build process (#6094)

* ci: runners to use ubuntu-latest Signed-off-by: Dwi Siswanto <git@dw1.io> * build: update Docker workflow & build process Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>
2025-12-17 17:25:28 +00:00 · 2025-03-16 02:37:44 +07:00 · 2025-03-16 02:37:44 +07:00 · 01e5cae509
commit 01e5cae509
parent 46c05d2f35
8 changed files with 45 additions and 57 deletions
--- a/.github/workflows/dockerhub-push.yml
+++ b/.github/workflows/dockerhub-push.yml
@ -1,47 +0,0 @@
-name: 🐳 Docker Push
-
-on:
-  workflow_run:
-    workflows: ["🎉 Release Binary"]
-    types:
-      - completed
-  workflow_dispatch:
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest-16-cores
-    steps:
-      - name: Git Checkout
-        uses: actions/checkout@v4
-
-      - name: Get GitHub tag
-        id: meta
-        run: |
-          curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name | xargs -I {} echo TAG={} >> $GITHUB_OUTPUT
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v3 
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_TOKEN }}
-
-      - name: Build and push
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: projectdiscovery/nuclei:latest,projectdiscovery/nuclei:${{ steps.meta.outputs.TAG }}
-
-      - name: Update DockerHub Description
-        uses: peter-evans/dockerhub-description@v4
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_TOKEN }}
-          repository: projectdiscovery/nuclei
--- a/.github/workflows/generate-pgo.yaml
+++ b/.github/workflows/generate-pgo.yaml
@ -19,7 +19,7 @@ jobs:
    strategy:
      matrix:
        targets: [150]
-    runs-on: ubuntu-latest-16-cores
+    runs-on: ubuntu-latest
    if: github.repository == 'projectdiscovery/nuclei'
    permissions:
      contents: write
--- a/.github/workflows/perf-regression.yaml
+++ b/.github/workflows/perf-regression.yaml
@ -6,7 +6,7 @@ on:

 jobs:
  perf-regression:
-    runs-on: ubuntu-latest-16-cores
+    runs-on: ubuntu-latest
    if: github.repository == 'projectdiscovery/nuclei'
    env:
      BENCH_OUT: "/tmp/bench.out"
--- a/.github/workflows/perf-test.yaml
+++ b/.github/workflows/perf-test.yaml
@ -10,7 +10,7 @@ jobs:
    strategy:
      matrix:
        count: [50, 100, 150]
-    runs-on: ubuntu-latest-16-cores
+    runs-on: ubuntu-latest
    if: github.repository == 'projectdiscovery/nuclei'
    env:
      LIST_FILE: "/tmp/targets-${{ matrix.count }}.txt"
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -14,6 +14,12 @@ jobs:
        with: 
          fetch-depth: 0
      - uses: projectdiscovery/actions/setup/go@v1
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3 
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
      - uses: projectdiscovery/actions/goreleaser@v1
        with: 
          release: true
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@ -1,3 +1,5 @@
+version: 2
+
 before:
  hooks:
    - go mod download
@ -44,6 +46,26 @@ archives:
 checksum:
  algorithm: sha256

+dockers:
+  - image_templates:
+      - "{{ .ProjectName }}:{{ .Tag }}"
+      - "{{ .ProjectName }}:v{{ .Major }}.{{ .Minor }}"
+      - "{{ .ProjectName }}:v{{ .Major }}"
+      - "{{ .ProjectName }}:latest"
+    dockerfile: Dockerfile.goreleaser
+    use: buildx
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.authors=ProjectDiscovery"
+      - "--label=org.opencontainers.image.created={{ .Date }}"
+      - "--label=org.opencontainers.image.description=\"Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.\""
+      - "--label=org.opencontainers.image.licenses=MIT"
+      - "--label=org.opencontainers.image.ref.name={{ .Tag }}"
+      - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
+      - "--label=org.opencontainers.image.title={{ .ProjectName }}"
+      - "--label=org.opencontainers.image.url=https://github.com/projectdiscovery/{{ .ProjectName }}"
+      - "--label=org.opencontainers.image.version={{ .Version }}"
+
 announce:
  slack:
    enabled: true
--- a/15
+++ b/15
@ -1,15 +1,16 @@
 # Build
-FROM golang:1.22-alpine AS build-env
+FROM golang:1.22-alpine AS builder
+
 RUN apk add build-base
 WORKDIR /app
 COPY . /app
-RUN go mod download
-RUN go build ./cmd/nuclei
+RUN make verify
+RUN make build

 # Release
-FROM alpine:3.18.6
-RUN apk upgrade --no-cache \
-    && apk add --no-cache bind-tools chromium ca-certificates
-COPY --from=build-env /app/nuclei /usr/local/bin/
+FROM alpine:latest
+
+RUN apk add --no-cache bind-tools chromium ca-certificates
+COPY --from=builder /app/bin/nuclei /usr/local/bin/

 ENTRYPOINT ["nuclei"]
--- a/Dockerfile.goreleaser
+++ b/Dockerfile.goreleaser
@ -0,0 +1,6 @@
+FROM alpine:latest
+
+RUN apk add --no-cache bind-tools chromium ca-certificates
+COPY nuclei /usr/local/bin/
+
+ENTRYPOINT ["nuclei"]