Enhance Docker configuration: update .dockerignore to exclude additional files and directories, optimize Dockerfile build command with new flags for reduced binary size, and improve GitHub Actions workflow by adding Go module caching and conditional platform support for Docker builds.

rajsinghtech · rajsinghtech · commit c8a5b4b47655 · 2025-07-05T01:43:10.000-05:00
diff --git a/.dockerignore b/.dockerignore
@@ -1,3 +1,42 @@
 # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
 # Ignore build and test binaries.
 bin/
+
+# Git and GitHub files
+.git
+.github
+.gitignore
+
+# Documentation
+*.md
+README*
+CHANGELOG*
+LICENSE*
+
+# Test files
+*_test.go
+testdata/
+tests/
+coverage.*
+cover.*
+
+# Development files
+Makefile
+.dockerignore
+
+# Config samples (not needed in runtime)
+config/samples/
+
+# Temporary files
+*.tmp
+*.log
+.DS_Store
+
+# IDE files
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# Chart development
+charts/*/tests/
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -33,7 +33,16 @@ jobs:
         with:
           go-version: ${{ env.GO_VERSION }}
 
+      - name: Cache Go modules
+        uses: actions/cache@v4
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
       - name: Run tests
+        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
         run: make test
 
       - name: Set up QEMU
@@ -69,7 +78,7 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
-          platforms: linux/amd64,linux/arm64
+          platforms: ${{ github.event_name == 'push' && contains(github.ref, 'refs/tags/') && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
@@ -88,7 +97,7 @@ jobs:
         env:
           DIGEST: ${{ steps.build.outputs.digest }}
         run: |
-          echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${DIGEST}
+          echo "${{ steps.meta.outputs.tags }}" | xargs -I {} -P 4 cosign sign --yes {}@${DIGEST}
 
   # Separate job for PR validation
   validate:
diff --git a/Dockerfile b/Dockerfile
@@ -22,7 +22,8 @@ COPY pkg/ pkg/
 # was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
 # the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
 # by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
-RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} \
+    go build -a -ldflags="-w -s" -trimpath -o manager cmd/main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
