docker image hardening and one dockerfile for all services

[marcus-sva]

What this PR does / why we need it:

Hardening docker image build by

• using build stages with two stages
  • build stage to build go binary
  • runtime stage will run built go binary as dedicated user
• not using latest images
• not running build go binary as root

Other changes

• adapt Makefile
• unified Dockerfile for services
• smaller go binary in ci/cd via -ldflags="-s -w" causing smaller docker images
• use buildkit for multi-platform docker builds
• github workflow for pr which builds go binary using go build
• github workflow for release which does docker multi-platform builds

Makefile

:> make help

Usage:
  make docker-setup
  make docker-build [SERVICES=service1 service2] [IMAGE_TAG=tag] [IMAGE_REGISTRY=registry] [PLATFORMS=os/arch,os/arch] [PUSH=true]
  make docker-push [SERVICES=service1 service2] [IMAGE_TAG=tag] [IMAGE_REGISTRY=registry] [PLATFORMS=os/arch,os/arch]
  make generate-client
  make generate-protos
  make list-services
  make help

Targets:
  docker-setup       Sets up and configures Docker Buildx for the first time
  docker-build       Build the docker images with multi-platform support
  docker-push        Build and push the docker images with multi-platform support
  generate-client    Generate kubernetes glue code for go
  generate-protos    Generate go code from proto files
  list-services      Prints the available services for building
  help               Prints help

Options:
  SERVICES           List of services to build (default: all detected)
  IMAGE_TAG          Tag for the built images (default: latest)
  IMAGE_REGISTRY     Registry for images (default: hobbyfarm)
  PLATFORMS          Comma-separated list of target platforms (default: linux/amd64)
  PUSH               If set to true, push images to the registry (default: false)

Examples

• to setup docker buildx for the first time run make docker-setup
• build the images like:

make docker-build SERVICES="costsvc vmsetsvc" PLATFORMS="linux/amd64,linux/arm64" IMAGE_REGISTRY="my.registry/test" IMAGE_TAG="v1.2.3"

• build and push the images like:

make docker-push SERVICES="costsvc vmsetsvc" PLATFORMS="linux/amd64,linux/arm64" IMAGE_REGISTRY="my.registry/test" IMAGE_TAG="v1.2.3"

Build service docker image

cd $ROOT_OF_PROJECT
docker build --build-arg SERVICE_NAME=costsvc -f v3/Dockerfile -t costsvc:latest .
docker build --build-arg SERVICE_NAME=usersvc -f v3/Dockerfile -t usersvc:latest .
docker build --build-arg SERVICE_NAME=sessionsvc -f v3/Dockerfile -t sessionsvc:latest .
...

Build gargantua

cd $ROOT_OF_PROJECT
docker build -f Dockerfile -t gargantua:latest .

TODO

• is docker-compose.yaml can be removed
• adapt ci/cd pipeline
• add github variable for DOCKER_REGISTRY with value hobbyfarm

Which issue(s) this PR fixes:

Fixes hobbyfarm/hobbyfarm#487