Add support for amd64, arm64 multiplatform images

binhex · Sep 18, 2023 · a500a21 · a500a21
1 parent 20ca12e
commit a500a21
Show file tree

Hide file tree

Showing 11 changed files with 278 additions and 119 deletions.
diff --git a/.github/workflows/workflow-docker-manual.yml b/.github/workflows/workflow-docker-manual.yml
@@ -13,6 +13,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+      - name: Set up QEMU for multi-arch support
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       - name: Login to Docker Hub
         uses: docker/login-action@v2
         with:
@@ -58,56 +62,24 @@ jobs:
           echo "[debug] Generated app name is '${app_name}'"
           echo "app_name=$app_name" >> $GITHUB_OUTPUT
         id: generate_app_name
-      - name: Build Docker image and tag
-        shell: bash
-        run: |
-            docker build \
-              --tag ${{ github.repository }}:${{ steps.generate_temporary_tag_name.outputs.test_tag }} \
-              --tag ${{ github.repository }}:${{ github.event.inputs.tags }} \
-              --tag quay.io/${{ github.repository }}:${{ steps.generate_temporary_tag_name.outputs.test_tag }} \
-              --tag quay.io/${{ github.repository }}:${{ github.event.inputs.tags }} \
-              --tag ghcr.io/${{ github.repository }}:${{ steps.generate_temporary_tag_name.outputs.test_tag }} \
-              --tag ghcr.io/${{ github.repository }}:${{ github.event.inputs.tags }} \
-              --tag registry.gitlab.com/${{ github.repository }}:${{ steps.generate_temporary_tag_name.outputs.test_tag }} \
-              --tag registry.gitlab.com/${{ github.repository }}:${{ github.event.inputs.tags }} \
-              .
-      - name: Run Tests
+      - name: Build amd64 image and export to Docker for testing
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          load: true
+          tags: ${{ steps.generate_temporary_tag_name.outputs.test_tag }}
+      - name: Run tests using previously built image
         shell: bash
         run: |
           git_clone_scripts_dest="/tmp/scripts"
           git_clone_scripts_repo="https://github.com/binhex/scripts.git"
-
           git clone "${git_clone_scripts_repo}" "${git_clone_scripts_dest}"
           "${git_clone_scripts_dest}/shell/arch/docker/testrunner.sh" --app-name ${{ steps.generate_app_name.outputs.app_name }} --image-name "ghcr.io/${{ github.repository }}:${{ steps.generate_temporary_tag_name.outputs.test_tag }}"
-      - name: Push Docker image to Docker Hub
-        uses: nick-fields/retry@v2
-        with:
-          timeout_minutes: 30
-          max_attempts: 3
-          retry_wait_seconds: 120
-          command: |
-            docker push ${{ github.repository }}:${{ github.event.inputs.tags }}
-      - name: Push Docker image to Quay Container Registry
-        uses: nick-fields/retry@v2
+      # note this will re-use the internal cached amd64 image from the previous build
+      - name: Build multi-arch Docker image, tag and push to registries
+        uses: docker/build-push-action@v5
         with:
-          timeout_minutes: 30
-          max_attempts: 3
-          retry_wait_seconds: 120
-          command: |
-            docker push quay.io/${{ github.repository }}:${{ github.event.inputs.tags }}
-      - name: Push Docker image to GitHub Container Registry (GHCR)
-        uses: nick-fields/retry@v2
-        with:
-          timeout_minutes: 30
-          max_attempts: 3
-          retry_wait_seconds: 120
-          command: |
-            docker push ghcr.io/${{ github.repository }}:${{ github.event.inputs.tags }}
-      - name: Push Docker image to GitLab Container Registry (GCR)
-        uses: nick-fields/retry@v2
-        with:
-          timeout_minutes: 30
-          max_attempts: 3
-          retry_wait_seconds: 120
-          command: |
-            docker push registry.gitlab.com/${{ github.repository }}:${{ github.event.inputs.tags }}
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ github.repository }}:${{ github.event.inputs.tags }}, quay.io/${{ github.repository }}:${{ github.event.inputs.tags }}, ghcr.io/${{ github.repository }}:${{ github.event.inputs.tags }}, registry.gitlab.com/${{ github.repository }}:${{ github.event.inputs.tags }}
diff --git a/.github/workflows/workflow-docker-schedule.yml b/.github/workflows/workflow-docker-schedule.yml
@@ -14,6 +14,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+      - name: Set up QEMU for multi-arch support
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       - name: Login to Docker Hub
         uses: docker/login-action@v2
         with:
@@ -88,76 +92,29 @@ jobs:
           echo "[debug] Generated app name is '${app_name}'"
           echo "app_name=$app_name" >> $GITHUB_OUTPUT
         id: generate_app_name
-      - name: Build Docker image and tag
-        shell: bash
-        run: |
-            docker build \
-              --tag ${{ github.repository }}:${{ steps.generate_temporary_tag_name.outputs.test_tag }} \
-              --tag ${{ github.repository }}:latest \
-              --tag ${{ github.repository }}:${{ steps.identify_github_release_tag_name.outputs.tag }} \
-              --tag quay.io/${{ github.repository }}:${{ steps.generate_temporary_tag_name.outputs.test_tag }} \
-              --tag quay.io/${{ github.repository }}:latest \
-              --tag quay.io/${{ github.repository }}:${{ steps.identify_github_release_tag_name.outputs.tag }} \
-              --tag ghcr.io/${{ github.repository }}:${{ steps.generate_temporary_tag_name.outputs.test_tag }} \
-              --tag ghcr.io/${{ github.repository }}:latest \
-              --tag ghcr.io/${{ github.repository }}:${{ steps.identify_github_release_tag_name.outputs.tag }} \
-              --tag registry.gitlab.com/${{ github.repository }}:${{ steps.generate_temporary_tag_name.outputs.test_tag }} \
-              --tag registry.gitlab.com/${{ github.repository }}:latest \
-              --tag registry.gitlab.com/${{ github.repository }}:${{ steps.identify_github_release_tag_name.outputs.tag }} \
-              --build-arg release_tag_name=${{ steps.identify_github_release_tag_name.outputs.tag }} \
-              .
-      - name: DEBUG Show built Docker Images
-        uses: nick-fields/retry@v2
+      - name: Build amd64 image and export to Docker for testing
+        uses: docker/build-push-action@v5
         with:
-          timeout_minutes: 5
-          max_attempts: 3
-          retry_wait_seconds: 120
-          command: |
-            docker images
-      - name: Run Tests
+          context: .
+          load: true
+          tags: ${{ steps.generate_temporary_tag_name.outputs.test_tag }}
+      - name: Run tests using previously built image
         shell: bash
         run: |
           git_clone_scripts_dest="/tmp/scripts"
           git_clone_scripts_repo="https://github.com/binhex/scripts.git"
-
           git clone "${git_clone_scripts_repo}" "${git_clone_scripts_dest}"
           "${git_clone_scripts_dest}/shell/arch/docker/testrunner.sh" --app-name ${{ steps.generate_app_name.outputs.app_name }} --image-name "ghcr.io/${{ github.repository }}:${{ steps.generate_temporary_tag_name.outputs.test_tag }}"
-      - name: Push Docker image to Docker Hub
-        uses: nick-fields/retry@v2
-        with:
-          timeout_minutes: 30
-          max_attempts: 3
-          retry_wait_seconds: 120
-          command: |
-            docker push ${{ github.repository }}:latest
-            docker push ${{ github.repository }}:${{ steps.identify_github_release_tag_name.outputs.tag }}
-      - name: Push Docker image to Quay Container Registry
-        uses: nick-fields/retry@v2
+      # note this will re-use the internal cached amd64 image from the previous build
+      - name: Build multi-arch Docker image, tag and push to registries
+        uses: docker/build-push-action@v5
         with:
-          timeout_minutes: 30
-          max_attempts: 3
-          retry_wait_seconds: 120
-          command: |
-            docker push quay.io/${{ github.repository }}:latest
-            docker push quay.io/${{ github.repository }}:${{ steps.identify_github_release_tag_name.outputs.tag }}
-      - name: Push Docker image to GitHub Container Registry (GHCR)
-        uses: nick-fields/retry@v2
-        with:
-          timeout_minutes: 30
-          max_attempts: 3
-          retry_wait_seconds: 120
-          command: |
-            docker push ghcr.io/${{ github.repository }}:latest
-            docker push ghcr.io/${{ github.repository }}:${{ steps.identify_github_release_tag_name.outputs.tag }}
-      - name: Push Docker image to GitLab Container Registry (GCR)
-        uses: nick-fields/retry@v2
-        with:
-          timeout_minutes: 30
-          max_attempts: 3
-          retry_wait_seconds: 120
-          command: |
-            docker push registry.gitlab.com/${{ github.repository }}:latest
-            docker push registry.gitlab.com/${{ github.repository }}:${{ steps.identify_github_release_tag_name.outputs.tag }}
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ github.repository }}:latest, ${{ github.repository }}:${{ steps.identify_github_release_tag_name.outputs.tag }}, quay.io/${{ github.repository }}:latest, quay.io/${{ github.repository }}:${{ steps.identify_github_release_tag_name.outputs.tag }}, ghcr.io/${{ github.repository }}:latest, ghcr.io/${{ github.repository }}:${{ steps.identify_github_release_tag_name.outputs.tag }}, registry.gitlab.com/${{ github.repository }}:latest, registry.gitlab.com/${{ github.repository }}:${{ steps.identify_github_release_tag_name.outputs.tag }}
+          build-args: |
+            release_tag_name=${{ steps.identify_github_release_tag_name.outputs.tag }}
       - name: Trigger build of int images
         uses: nick-fields/retry@v2
         with:

diff --git a/Dockerfile b/Dockerfile
@@ -2,17 +2,23 @@ FROM scratch
 LABEL org.opencontainers.image.authors = "binhex"
 LABEL org.opencontainers.image.source = "https://github.com/binhex/arch-base"
 
+ARG TARGETARCH
+
 # additional files
 ##################
 
 # add supervisor conf file
-ADD build/*.conf /etc/supervisor.conf
+ADD build/${TARGETARCH}/*.conf /etc/supervisor.conf
 
 # add install bash script
-ADD build/root/*.sh /root/
+ADD build/${TARGETARCH}/root/*.sh /root/
+
+# add statically linked busybox arm64
+ADD build/${TARGETARCH}/utils/busybox/busybox /bootstrap/busybox
+
+# add build bootstrap file
+ADD build/${TARGETARCH}/build-bootstrap.sh /bootstrap/build-bootstrap.sh
 
-# add statically linked busybox
-ADD build/utils/busybox/busybox /bootstrap/busybox
 
 # unpack tarball
 ################
@@ -25,7 +31,7 @@ RUN ["/bootstrap/busybox", "--install", "-s", "/bootstrap"]
 # once the tarball is extracted we then use bash to execute the install script to
 # install everything else for the base image.
 # note, do not line wrap the below command, as it will fail looking for /bin/sh
-RUN ["/bootstrap/sh", "-c", "/bootstrap/wget --timeout=60 -O /bootstrap/archlinux.tar.gz http://mirror.bytemark.co.uk/archlinux/iso/latest/archlinux-bootstrap-x86_64.tar.gz && /bootstrap/tar --exclude=root.x86_64/etc/resolv.conf --exclude=root.x86_64/etc/hosts -xvf /bootstrap/archlinux.tar.gz --strip-components=1 -C / && /bin/bash -c 'chmod +x /root/*.sh && /bin/bash /root/install.sh'"]
+RUN ["/bootstrap/sh", "-c", "/bootstrap/build-bootstrap.sh"]
 
 # env
 #####

diff --git a/build/amd64/build-bootstrap.sh b/build/amd64/build-bootstrap.sh
@@ -0,0 +1,4 @@
+#!/bootstrap/sh
+
+# busybox wget does not support SSL
+/bootstrap/sh -c "/bootstrap/wget --timeout=60 -O /bootstrap/archlinux.tar.gz http://mirror.bytemark.co.uk/archlinux/iso/latest/archlinux-bootstrap-x86_64.tar.gz && /bootstrap/tar --exclude=root.x86_64/etc/resolv.conf --exclude=root.x86_64/etc/hosts -xvf /bootstrap/archlinux.tar.gz --strip-components=1 -C / && /bin/bash -c 'chmod +x /root/*.sh && /bin/bash /root/install.sh'"
diff --git a/build/root/install.sh → build/amd64/root/install.sh b/build/root/install.sh → build/amd64/root/install.sh
@@ -36,13 +36,15 @@ rm -rf '/etc/pacman.d/gnupg/' '/root/.gnupg/' || true
 # refresh gpg keys
 gpg --refresh-keys
 
-# initialise key for pacman and populate keys
 if [[ "${OS_ARCH}" == "aarch64" ]]; then
-	pacman-key --init && pacman-key --populate archlinuxarm
+	pacman_arch="archlinuxarm"
 else
-	pacman-key --init && pacman-key --populate archlinux
+	pacman_arch="archlinux"
 fi
 
+# initialise key for pacman and populate keys
+pacman-key --init && pacman-key --populate "${pacman_arch}"
+
 echo "[info] set pacman to ignore signatures - required due to rolling release nature of archlinux"
 sed -i -E "s~^SigLevel(\s+)?=.*~SigLevel = Never~g" '/etc/pacman.conf'
 
@@ -145,13 +147,15 @@ dumbinit_release_tag=$(grep -P -o -m 1 '(?<=/Yelp/dumb-init/releases/tag/)[^"]+'
 # remove first character 'v' from string, used for url to download binary
 dumbinit_release_tag_strip="${dumbinit_release_tag#?}"
 
-# download dumb-init, used to do graceful exit when docker stop issued and correct reaping of zombie processes.
 if [[ "${OS_ARCH}" == "aarch64" ]]; then
-	curl --connect-timeout 5 --max-time 600 --retry 5 --retry-delay 0 --retry-max-time 60 -o "/usr/bin/dumb-init" -L "https://github.com/Yelp/dumb-init/releases/download/${dumbinit_release_tag}/dumb-init_${dumbinit_release_tag_strip}_aarch64" && chmod +x "/usr/bin/dumb-init"
+	dumbinit_arch="aarch64"
 else
-	curl --connect-timeout 5 --max-time 600 --retry 5 --retry-delay 0 --retry-max-time 60 -o "/usr/bin/dumb-init" -L "https://github.com/Yelp/dumb-init/releases/download/${dumbinit_release_tag}/dumb-init_${dumbinit_release_tag_strip}_x86_64" && chmod +x "/usr/bin/dumb-init"
+	dumbinit_arch="x86_64"
 fi
 
+# download dumb-init, used to do graceful exit when docker stop issued and correct reaping of zombie processes.
+curl --connect-timeout 5 --max-time 600 --retry 5 --retry-delay 0 --retry-max-time 60 -o "/usr/bin/dumb-init" -L "https://github.com/Yelp/dumb-init/releases/download/${dumbinit_release_tag}/dumb-init_${dumbinit_release_tag_strip}_${dumbinit_arch}" && chmod +x "/usr/bin/dumb-init"
+
 # identify if base-devel package installed
 if pacman -Qg "base-devel" > /dev/null ; then
 

diff --git a/build/supervisor.conf → build/amd64/supervisor.conf b/build/supervisor.conf → build/amd64/supervisor.conf
diff --git a/build/utils/busybox/busybox → build/amd64/utils/busybox/busybox b/build/utils/busybox/busybox → build/amd64/utils/busybox/busybox
diff --git a/build/arm64/build-bootstrap.sh b/build/arm64/build-bootstrap.sh
@@ -0,0 +1,4 @@
+#!/bootstrap/sh
+
+# busybox wget does not support SSL
+/bootstrap/sh -c "/bootstrap/wget -O /bootstrap/archlinux.tar.gz http://mirrors.dotsrc.org/archlinuxarm/os/ArchLinuxARM-aarch64-latest.tar.gz && /bootstrap/tar --exclude=./etc/resolv.conf --exclude=./etc/hostname --exclude=./etc/hosts -xvf /bootstrap/archlinux.tar.gz -C / && /usr/sbin/chmod +x /root/install.sh && /bin/bash -c /root/install.sh"