From 248275181a7655261915cc08ac99780129d4ba77 Mon Sep 17 00:00:00 2001 From: Michael Uti Date: Fri, 24 Nov 2023 12:49:23 +0100 Subject: [PATCH] ci: add support for multiarch build --- .github/workflows/distroless.yml | 60 ++++++++++++++++---------- tools/docker/wolfi/base_image.yaml | 1 + tools/docker/wolfi/builder_image.yaml | 1 + tools/docker/wolfi/elixir_package.yaml | 1 + tools/docker/wolfi/erlang_package.yaml | 5 +-- 5 files changed, 42 insertions(+), 26 deletions(-) diff --git a/.github/workflows/distroless.yml b/.github/workflows/distroless.yml index 228ab00216c..c07eb511002 100644 --- a/.github/workflows/distroless.yml +++ b/.github/workflows/distroless.yml @@ -17,7 +17,7 @@ defaults: shell: bash env: - ARCH_TO_BUILD_IMAGES: amd64 + ARCH_TO_BUILD_IMAGES: amd64,arm64 ORGANIZATION: ${{ github.repository_owner }} jobs: @@ -34,6 +34,23 @@ jobs: with: ref: ${{ github.event.inputs.commit_sha }} + - uses: docker/login-action@bc135a1993a1d0db3e9debefa0cfcb70443cc94c # v2.1.0 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 + + - id: buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 + # TODO: change after new buildkit version gets fixed + # https://github.com/moby/buildkit/issues/3347 + # https://github.com/docker/build-push-action/issues/761 + with: + driver-opts: | + image=moby/buildkit:v0.10.6 + - name: Generate Signing Key run: docker run --rm -v "${PWD}":/work cgr.dev/chainguard/melange keygen @@ -54,34 +71,31 @@ jobs: docker load < base_image.tar docker load < builder_image.tar - - uses: docker/login-action@bc135a1993a1d0db3e9debefa0cfcb70443cc94c # v2.1.0 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Push Images run: | - docker tag ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-base:latest-${{ env.ARCH_TO_BUILD_IMAGES }} ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-base:latest - docker push ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-base:latest + set -ex + docker image ls + manifests="" - docker tag ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-builder:latest-${{ env.ARCH_TO_BUILD_IMAGES }} ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-builder:latest - docker push ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-builder:latest + IFS=',' read -ra ARCHS <<< "$ARCH_TO_BUILD_IMAGES" + for arch in "${ARCHS[@]}"; do + echo "Pushing for ${arch}" + docker push "ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-base:latest-${arch}" + docker push "ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-builder:latest-${arch}" - - name: Get Image ref - id: image_ref - run: | - base=$(docker image inspect ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-base:latest | jq -r .[0].Id) - builder=$(docker image inspect ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-builder:latest | jq -r .[0].Id) + base_manifests="${base_manifests} --amend ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-base:latest-${arch}" + builder_manifests="${builder_manifests} --amend ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-builder:latest-${arch}" + done - echo "BUILDER=$builder" >> $GITHUB_OUTPUT - echo "BASE=$base" >> $GITHUB_OUTPUT + # Create manifest + docker manifest create ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-base:latest $base_manifests + docker manifest create ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-builder:latest $builder_manifests - - name: Install Cosign - uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 - with: - cosign-release: 'v2.2.1' + base_image_sha=$(docker manifest push ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-base:latest) + builder_image_sha=$(docker manifest push ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-builder:latest) + + echo "BUILDER=$builder_image_sha" >> $GITHUB_OUTPUT + echo "BASE=$base_image_sha" >> $GITHUB_OUTPUT - uses: build-trust/.github/actions/image_cosign@custom-actions with: diff --git a/tools/docker/wolfi/base_image.yaml b/tools/docker/wolfi/base_image.yaml index cfa5ec9d257..2234274637e 100644 --- a/tools/docker/wolfi/base_image.yaml +++ b/tools/docker/wolfi/base_image.yaml @@ -21,3 +21,4 @@ contents: archs: - x86_64 + - aarch64 diff --git a/tools/docker/wolfi/builder_image.yaml b/tools/docker/wolfi/builder_image.yaml index 0c2193b681c..187cdb3cb0b 100644 --- a/tools/docker/wolfi/builder_image.yaml +++ b/tools/docker/wolfi/builder_image.yaml @@ -30,3 +30,4 @@ contents: archs: - x86_64 + - aarch64 diff --git a/tools/docker/wolfi/elixir_package.yaml b/tools/docker/wolfi/elixir_package.yaml index d76fb1f5cb8..03ca7137aa5 100644 --- a/tools/docker/wolfi/elixir_package.yaml +++ b/tools/docker/wolfi/elixir_package.yaml @@ -1,3 +1,4 @@ +# docker run --rm --privileged -v "${PWD}":/work cgr.dev/chainguard/melange build elixir_package.yaml --arch amd64 -k melange.rsa.pub --signing-key melange.rsa # Builds a pinned version of the elixir package package: name: elixir-1_14 diff --git a/tools/docker/wolfi/erlang_package.yaml b/tools/docker/wolfi/erlang_package.yaml index 8676727174b..51eff14ace4 100644 --- a/tools/docker/wolfi/erlang_package.yaml +++ b/tools/docker/wolfi/erlang_package.yaml @@ -48,8 +48,7 @@ pipeline: --build="$CBUILD" \ --enable-threads \ --enable-shared-zlib \ - --enable-ssl=dynamic-ssl-lib \ - --enable-jit + --enable-ssl=dynamic-ssl-lib - uses: autoconf/make @@ -64,4 +63,4 @@ subpackages: - uses: split/dev dependencies: runtime: - - erlang-24 + - erlang-24 \ No newline at end of file