From 5d671a9dc09c0d980f6d6c14da6f1b8753899052 Mon Sep 17 00:00:00 2001 From: Ismo Vuorinen Date: Fri, 2 Jan 2026 03:30:50 +0200 Subject: [PATCH] fix(ci): update security workflow to match goreleaser paths (#134) * fix(ci): update security workflow to match goreleaser paths * chore(ci): use GOOS and GOARCH in security.yml --- .github/workflows/security.yml | 18 ++++++++++++++++-- Dockerfile | 3 +++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 4d96728..531a931 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -115,10 +115,24 @@ jobs: - name: Build the bin shell: bash - run: make build + run: | + # Auto-detect platform (matching GoReleaser's structure) + PLATFORM="$(go env GOOS)/$(go env GOARCH)" + + # Create platform-specific directory structure + mkdir -p "$PLATFORM" + + # Build binary into the platform directory + go build -o "$PLATFORM/gh-action-readme" . + + # Verify binary was created + ls -lh "$PLATFORM/gh-action-readme" + + # Export platform for Docker build step + echo "TARGETPLATFORM=$PLATFORM" >> "$GITHUB_ENV" - name: Build Docker image - run: docker build -t gh-action-readme:test . + run: docker build --build-arg TARGETPLATFORM=${{ env.TARGETPLATFORM }} -t gh-action-readme:test . - name: Run Trivy vulnerability scanner on Docker image uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1 diff --git a/Dockerfile b/Dockerfile index c2354c1..c468469 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,6 +2,9 @@ FROM scratch # Multi-platform build support +# See: https://goreleaser.com/customization/dockers_v2/ +# GoReleaser organizes binaries in platform subdirectories (linux/amd64/, linux/arm64/) +# TARGETPLATFORM arg resolves to the correct platform directory ARG TARGETPLATFORM # Copy the binary from the build context (platform-specific)