⚡ Mjolnir

The hammer for every build

A powerful multi-language build container for GitHub Actions. Forge your builds with the power of gods.

# Debian-based (default)
docker pull ghcr.io/inovacc/mjolnir:latest

# Alpine-based (smaller image)
docker pull ghcr.io/inovacc/mjolnir:alpine

Features

• Multi-language Support - Go, Node.js, Python, Rust toolchains
• GoReleaser - Build static Linux Go binaries
• Task - Task runner for build automation
• Buf - Protocol Buffer CLI with Go plugins
• SQLC - Type-safe SQL code generator
• Security Tools - gitleaks, govulncheck, cosign, syft
• Code Quality - golangci-lint, hadolint, Trivy scanning
• Fast Builds - Pre-built binaries for heavy tools (~6 min build time)
• Scheduled Builds - Automatic bi-weekly rebuilds for security updates

Image Flavors

Flavor	Base	Tag	Size
Debian	golang:1.25	latest, debian	~1.6GB
Alpine	golang:1.25-alpine	alpine	~700MB

Included Tools

Go Ecosystem

Tool	Version	Purpose
Go	1.25	Go toolchain
Task	latest	Task runner
GoReleaser	latest	Release automation
SQLC	latest	SQL code generator
Buf	latest	Protocol Buffer CLI
protoc-gen-go	latest	Go protobuf generator
protoc-gen-go-grpc	latest	Go gRPC generator
golangci-lint	latest	Go linters aggregator
govulncheck	latest	Go vulnerability scanner
mockgen	latest	Go mock generator
air	latest	Live reload for development
xc	latest	Markdown-based task runner

Security & Signing

Tool	Version	Purpose
gitleaks	latest	Secret detection in repos
cosign	latest	Container signing (Sigstore)
syft	latest	SBOM generator

Node.js Ecosystem

Tool	Version	Purpose
Node.js	OS package	JavaScript runtime
npm	OS package	Package manager
pnpm	latest	Fast package manager (via corepack)
TypeScript (tsc)	5.9.3	TypeScript compiler
bun	latest	Fast JavaScript runtime

Other Languages

Tool	Version	Purpose
Python 3	OS package	Python runtime
Rust (rustc)	stable	Rust compiler
Cargo	stable	Rust package manager

Containers & Linting

Tool	Version	Purpose
Docker CLI	27.5.1	Docker command-line tool
hadolint	latest	Dockerfile linter

Data Processing

Tool	Version	Purpose
jq	OS package	JSON processor
yq	latest	YAML processor (mikefarah/yq)

Utilities

Tool	Version	Purpose
git	OS package	Version control
curl	OS package	HTTP client
Make	OS package	Build automation
GCC	OS package	C/C++ compiler
glix	latest	Go module manager

Image Tagging

Images use mythology-themed tags with Go version, flavor suffix, and divine names:

<go-version><flavor>-<figure>-<realm>

Tag Format

Component	Alpine	Debian	Purpose
Go version	1.25	1.25	Go toolchain version
Flavor	A	D	Alpine or Debian
Figure	thor	thor	Mythological figure
Realm	asgard	asgard	Divine realm/attribute

Examples:

• Alpine: ghcr.io/inovacc/mjolnir:1.25A-thor-asgard
• Debian: ghcr.io/inovacc/mjolnir:1.25D-zeus-olympus

Available Tags

Tag	Description
latest	Latest Debian build
debian	Latest Debian build
alpine	Latest Alpine build
1.25D-<figure>-<realm>	Specific Debian build
1.25A-<figure>-<realm>	Specific Alpine build
x.y.z	Semantic version release

Local Tag Generation

# Generate tags
task taggen              # Full Debian tag: 1.25D-odin-valhalla
task taggen:alpine       # Full Alpine tag: 1.25A-odin-valhalla
task taggen:debian       # Full Debian tag: 1.25D-odin-valhalla
task taggen:name         # Random name only: odin-valhalla

# Build images
task docker:build:debian  # Build Debian image
task docker:build:alpine  # Build Alpine image
task docker:build:both    # Build both with same name

Quick Start

Use as GitHub Actions Job Container

jobs:
  build:
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/inovacc/mjolnir:latest
    steps:
      - uses: actions/checkout@v4
      - run: task build:prod

Use Alpine for Faster Pulls

jobs:
  build:
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/inovacc/mjolnir:alpine
    steps:
      - uses: actions/checkout@v4
      - run: task build:prod

Use with Private Modules

jobs:
  build:
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/inovacc/mjolnir:latest
      env:
        GOPRIVATE: github.com/your-org/*
        GONOSUMDB: github.com/your-org/*
    steps:
      - uses: actions/checkout@v4

      - name: Configure git auth
        env:
          GH_PAT: ${{ secrets.GH_PAT }}
        run: |
          git config --global url."https://${GH_PAT}@github.com/".insteadOf "https://github.com/"

      - run: task build:prod

Creating Distroless Production Images

After building your Go binary, create a minimal production image:

FROM gcr.io/distroless/static-debian12:nonroot
ARG BIN_PATH=dist/myapp
COPY ${BIN_PATH} /app
USER nonroot:nonroot
ENTRYPOINT ["/app"]

Why distroless?

• No shell, no package manager = minimal attack surface
• ~2MB base image vs ~100MB+ for alpine
• No CVE noise from unused packages
• Runs as non-root by default

CI Pipeline

taggen → lint ──────────────────────┐
           ├── build-debian ────────┼── security → release
           └── build-alpine ────────┘

Job	Description
taggen	Generate consistent mythology name for both builds
lint	Hadolint Dockerfile best practices
build-debian	Build Debian image and verify tools
build-alpine	Build Alpine image and verify tools
security	Trivy vulnerability scan (CRITICAL, HIGH)
release	Push to GHCR (on tags only)

Scheduled Builds

Images are automatically rebuilt on the 1st and 15th of each month to include:

• Latest Go tool versions
• Security patches from base images
• Updated dependencies
• Trivy vulnerability scanning (CRITICAL, HIGH) with SARIF upload

Sample Taskfile

version: 3

tasks:
  build:dev:
    desc: Build development snapshot
    cmds:
      - goreleaser build --snapshot --clean

  build:prod:
    desc: Build production snapshot
    cmds:
      - goreleaser build --snapshot --clean

  release:
    desc: Create production release (requires git tag)
    cmds:
      - goreleaser release --clean

Mythology

Mjolnir (pronounced "mee-ol-neer") is Thor's hammer in Norse mythology - a weapon of immense power forged by dwarven blacksmiths. Like the legendary hammer, this container forges your builds with divine precision.

Image tags draw from world mythology:

• Norse: Thor, Odin, Freya, Asgard, Valhalla
• Greek: Zeus, Athena, Apollo, Olympus
• Roman: Jupiter, Mars, Venus
• Egyptian: Ra, Anubis, Isis
• Celtic: Dagda, Morrigan, Lugh

License

MIT