chore: Distribute as docker image

[mircea-pavel-anton]

This is currently a WIP to solve #1801

Some notes

• I chose debian as a base for the docker image instead of alpine, for example, such that I can load the bash completion

• I set the workdir to /workspace to facilitate mounting volumes into the container via ad-hoc docker commands, i.e.:

  docker run -it -v $PWD:/workspace ghcr.io/go-task/task:v3.39.2-amd64 lint # equivalent of `task lint`

• I set the cmd instead of the entrypoint to the task executable such that it is easier to just exec into the container like so:

  docker run -it -v $PWD:/workspace ghcr.io/go-task/task:v3.39.2-amd64 /bin/bash

• the current implementation pushes both to dockerhub and ghcr.io

• the current implementation pushes:

  • version tagged images (ghcr.io/go-task/task:v3.39.2)
  • version and arch tagged images (ghcr.io/go-task/task:v3.39.2-amd64)
  • latest images (ghcr.io/go-task/task:latest)

TODO

• update release workflow to login to ghcr and/or dockerhub
• figure out bash completion

[mircea-pavel-anton]

@pd93 @andreynering

What do you think about this implementation?

I moved to using scratch as a base for the image and put in only the binary and the shell completions so that they can both be easily imported.

I also added some documentation about the changes, though I decided to keep it rather minimal. Not sure about the Note section. I'm open to suggestions.

I also modified the goreleaser to only push to GHCR (initially it was configured to push to docker.io as well).

P.S. Ignore the devcontainer file, that was only for my local testing. I will drop that commit once this PR is ready

[pd93]

We should probably also add additional tags for latest, 3, 3.40 etc.

[pd93]

Direct usage of these files is deprecated.

[mircea-pavel-anton]

Oh damn, I completely missed that. Will fix!

FWIW, they still seem to be referenced throughout the goreleaser config. If I understand correctly, the brew installer also uses them as well as the nfpms?

[pd93]

Yeah unfortunately, they are still used in a few places. This is why we deprecated them instead of removing them. We need to slowly remove the references to them. We could probably still add completions to the image by writing a .bashrc during the build and using the new method

[mircea-pavel-anton]

I thought about generating the completions in the container, but then I decided against it.

It doesn't make much sense to generate the bash completions given the image is based on scratch IMHO, and even then, if we generate and include one set of completions we might as well generate all.

I think that, given the completions can be generated from the binary, it is just as simple to add a RUN command in your dockerfile to set up your required completions.

There are already instructions for generating the completions so that should have it covered. At the end of the day, the container image is a means to distribute the binary, right?

Let me know what you think!

[andreynering]

Haven't attempted to build it yet, but added some comments for now.

[andreynering]

Hi @mircea-pavel-anton, this looks good!

It still misses the login step, right? Anything needed from my part to move this forward?

[mircea-pavel-anton]

Hi @andreynering !

Sorry for the delay, I've been a bit busy. I have added the login step and rebased my branch. It should be all good now

[mircea-pavel-anton]

@reneleonhardt thanks for the feedback! I added your suggestions to this PR and made sure my branch is updated

@andreynering @pd93 anything else I can help with to move this forward?

I am not 100% sure on that ghcr login step as I think it depends on the permissions configured for this repo. I could try to use secrets.GH_PAT as well but idk what permissions are set on that either. If you could confirm which one I should go with, that would be great!

[reneleonhardt]

Probably better if you would actually run this container for whatever reasons 😅

Suggested change

	CMD ["/task"]
	ENTRYPOINT ["/task"]

[mircea-pavel-anton]

Since its based on distroless, would you ever run it by itself though? I think this would maybe make sense with a usable base. Dunno

[reneleonhardt]

You could use the CLI / help at least if you're curious 😉

[reneleonhardt]

Back to the future... 🚀

Suggested change

	FROM ubuntu:22.04
	FROM ubuntu:24.04

[mircea-pavel-anton]

At this point we might as well put latest as a tag rather than keep updating the example, I'd say.

[reneleonhardt]

Of course, it's just an example anyway. Convention is not to use latest, the user should override anyway.

[reneleonhardt]

Let's use the nice new "shortcut"

Suggested change

	COPY --from=ghcr.io/go-task/task:v3.40.2 /usr/local/bin/task /usr/local/bin/task
	COPY --from=ghcr.io/go-task/task /task /usr/local/bin/task

[reneleonhardt]

I don't know if the build is "hardened", let's just make sure that users can read and execute automatically

Suggested change

	COPY task /task
	COPY --chmod=555 task /task

[mircea-pavel-anton]

IMO this isn't really necessary. We started under the assumption this is a means to distribute the binary. You can just copy it from this container and apply whatever permissions you want on it in your container

[reneleonhardt]

Just a suggestion. Most users don't know or care about permissions, this argument would make it easier for everyone, it's a binary after all.