ci: adds workflow to build custom alpine image

.github/workflows/build-alpine.yml

@@ -0,0 +1,52 @@
+name: Build alpine image
+
+on:
+  push:
+  workflow_dispatch:
+
+env:
+  BUILD_VERSION: "v0.22.3-dev"
+  DOCKER_CLI_EXPERIMENTAL: enabled
+
+permissions: read-all
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 🛒 Checkout Code
+        uses: actions/checkout@v4
+
+      - name: ⚙️ Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: ⚙️ Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: 🔑 Login to quay.io
+        uses: docker/login-action@v3
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USER }}
+          password: ${{ secrets.QUAY_PASS }}
+
+      - name: 🏷️ Generate Image Tags
+        id: image-metadata
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            name=quay.io/rapyuta/rr-headscale
+          tags: |
+            type=raw,value=${{ env.BUILD_VERSION }}
+
+      - name: ⬆️ Build and Push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.alpine
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.image-metadata.outputs.tags }}
+          push: true
+          build-args: |
+            BUILD_VERSION
+          sbom: true

Dockerfile.alpine

@@ -0,0 +1,37 @@
+FROM golang:1.21.4-alpine3.18@sha256:110b07af87238fbdc5f1df52b00927cf58ce3de358eeeb1854f10a8b5e5e1411 AS build
+
+WORKDIR /go/src/github.com/juanfont/headscale/
+
+ARG BUILD_VERSION
+
+COPY . .
+
+RUN test -n "${BUILD_VERSION}" \
+	&& apk update \
+	&& apk upgrade -a \
+	&& apk add --no-cache ca-certificates curl gcc musl-dev \
+	&& update-ca-certificates \
+	&& CGO_ENABLED=0 go build -o ./headscale -v -trimpath -ldflags="-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=${BUILD_VERSION}" ./cmd/headscale
+
+WORKDIR /config
+
+FROM alpine:3.18.4@sha256:eece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978
+
+LABEL org.opencontainers.image.title="quay.io/rapyuta/rr-headscale"
+LABEL org.opencontainers.image.description="An open source, self-hosted implementation of the Tailscale coordination server."
+
+RUN apk update && apk upgrade -a && apk add inotify-tools
+
+COPY --from=build /etc/ssl/certs /etc/ssl/certs
+
+COPY --from=build /go/src/github.com/juanfont/headscale/headscale /usr/local/bin/headscale
+COPY --from=build /config /config
+
+COPY ./hack/acl_watcher.sh ./hack/start.sh .
+RUN chmod +x start.sh acl_watcher.sh
+
+EXPOSE 8080/tcp
+
+ENTRYPOINT [ "./start.sh" ]
+
+CMD ["help"]

hack/acl_watcher.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+set -x
+
+inotifywait --event moved_to --recursive --monitor /acl |
+while read -r
+do
+    echo "$(date +%s) noticed acl update; triggered reload"
+    killall -s SIGHUP headscale
+done

hack/start.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -x
+
+./acl_watcher.sh &
+
+/usr/local/bin/headscale serve --config /etc/headscale/config.yaml