Chore updates (#20)

Dmytro Bondar · web-flow · commit a9e87ca95345 · 2024-11-13T22:21:38.000+01:00
* Added .dockerignore
* Use one curl command to download release artifact
* Set image user compatible with K8s 'securityContext' by default
* Added examples to readme
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1 @@
+*
diff --git a/Dockerfile b/Dockerfile
@@ -2,11 +2,10 @@ FROM --platform=${BUILDPLATFORM} alpine:3 AS tools
 ARG SQLCMD_VERSION=v1.8.0
 ARG TARGETARCH
 RUN apk add --update-cache --no-cache curl jq xz && \
-  curl -sSL $(curl -sSL "https://api.github.com/repos/microsoft/go-sqlcmd/releases/tags/${SQLCMD_VERSION}" | \
-  jq -r --arg arch "${TARGETARCH}" '.assets[] | select(.name | test(".*linux.*" + $arch + ".*")).browser_download_url') \
+  curl -sSL https://github.com/microsoft/go-sqlcmd/releases/download/${SQLCMD_VERSION}/sqlcmd-linux-${TARGETARCH}.tar.bz2 \
   | tar -xj
 
 FROM gcr.io/distroless/static:nonroot@sha256:d71f4b239be2d412017b798a0a401c44c3049a3ca454838473a4c32ed076bfea
 COPY --from=tools /sqlcmd /sqlcmd
-USER nonroot:nonroot
+USER 65532:65532
 ENTRYPOINT ["/sqlcmd"]
diff --git a/README.md b/README.md
@@ -2,17 +2,17 @@
 
 [docker-hub]: https://hub.docker.com/r/bonddim/go-sqlcmd
 [![Docker](https://github.com/bonddim/go-sqlcmd/actions/workflows/docker.yaml/badge.svg)](https://github.com/bonddim/go-sqlcmd/actions/workflows/docker.yaml)
-[![Docker Image Version](https://img.shields.io/docker/v/bonddim/go-sqlcmd)][docker-hub]
-[![Docker Image Size](https://img.shields.io/docker/image-size/bonddim/go-sqlcmd)][docker-hub]
-[![Docker Pulls](https://img.shields.io/docker/pulls/bonddim/go-sqlcmd)][docker-hub]
+[![Docker Image Version](https://img.shields.io/docker/v/bonddim/go-sqlcmd?logo=docker&label=latest)][docker-hub]
+[![Docker Image Size](https://img.shields.io/docker/image-size/bonddim/go-sqlcmd?logo=docker)][docker-hub]
+[![Docker Pulls](https://img.shields.io/docker/pulls/bonddim/go-sqlcmd?logo=docker&label=pulls)][docker-hub]
 [![GitHub License](https://img.shields.io/github/license/bonddim/go-sqlcmd)](https://github.com/bonddim/go-sqlcmd?tab=MIT-1-ov-file)
 
 ## About
 
-- Uses [gcr.io/distroless/static:nonroot](https://github.com/GoogleContainerTools/distroless) as image base
 - Supported architectures: **amd64**, **arm64**, **s390x**
+- Uses [gcr.io/distroless/static:nonroot](https://github.com/GoogleContainerTools/distroless) as image base
 - Uses [released sqlcmd](https://github.com/microsoft/go-sqlcmd/releases) binary
-- Automated release process
+- Updated automatically by Renovate
 
 ## Usage
 
@@ -23,6 +23,47 @@ docker pull bonddim/go-sqlcmd
 docker pull ghcr.io/bonddim/go-sqlcmd
 ```
 
+Docker container with mounted scripts to run:
+
+```bash
+docker run \
+  --rm \
+  -v $(pwd)/sql_scripts:/mnt/sql \
+  -e SQLCMDPASSWORD={{ password }} \
+  ghcr.io/bonddim/go-sqlcmd \
+    -i /mnt/sql \
+    -S {{ server }} \
+    -d {{ database }} \
+    -u {{ user }}
+```
+
+K8s pod with Entra ID authentication:
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: go-sqlcmd
+  labels:
+    azure.workload.identity/use: "true"
+spec:
+  serviceAccountName: go-sqlcmd
+  containers:
+  - name: go-sqlcmd
+    image: bonddim/go-sqlcmd
+    args: 
+      - --use-aad
+      - --server
+      - {{ server }}.database.windows.net
+      - --database-name
+      - {{ database }}
+      - --query
+      - {{ query }}
+    securityContext:
+      runAsNonRoot: true
+...
+```
+
 Refer to official [docs](https://docs.microsoft.com/sql/tools/go-sqlcmd-utility) for syntax and command line arguments
 
 ## License
