From d11c4ecc5cf966d5d1098ad94da8d57cf37b2028 Mon Sep 17 00:00:00 2001 From: galargh Date: Tue, 18 Jul 2023 18:21:36 +0200 Subject: [PATCH] ci: docker test --- .github/workflows/docker-image.yml | 49 ++++++++++++++++++++-- Dockerfile | 66 +++++++++++------------------- 2 files changed, 70 insertions(+), 45 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index e64850c33354..661b2a4b331b 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -6,6 +6,7 @@ on: branches: - 'master' - 'bifrost-*' + - 'ci-docker-test' tags: - 'v*' @@ -53,17 +54,57 @@ jobs: username: ${{ vars.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Build Docker image and publish to Docker Hub + - name: Build Docker image (linux/amd64) uses: docker/build-push-action@v4 with: - platforms: linux/amd64,linux/arm/v7,linux/arm64/v8 + platforms: linux/amd64 context: . - push: true + push: false + load: true file: ./Dockerfile - tags: "${{ steps.tags.outputs.value }}" + tags: ${{ env.IMAGE_NAME }}:linux-amd64 cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new + # - name: Build Docker image (linux/arm/v7) + # uses: docker/build-push-action@v4 + # with: + # platforms: linux/arm/v7 + # context: . + # push: false + # load: true + # file: ./Dockerfile + # tags: ${{ env.IMAGE_NAME }}:linux-arm-v7 + # cache-from: type=local,src=/tmp/.buildx-cache + # cache-to: type=local,dest=/tmp/.buildx-cache-new + + # - name: Build Docker image (linux/arm64/v8) + # uses: docker/build-push-action@v4 + # with: + # platforms: linux/arm64/v8 + # context: . + # push: false + # load: true + # file: ./Dockerfile + # tags: ${{ env.IMAGE_NAME }}:linux-arm64-v8 + # cache-from: type=local,src=/tmp/.buildx-cache + # cache-to: type=local,dest=/tmp/.buildx-cache-new + + - run: docker run --rm $IMAGE_NAME:linux-amd64 --version + # - run: docker run --rm $IMAGE_NAME:linux-arm-v7 --version + # - run: docker run --rm $IMAGE_NAME:linux-arm64-v8 --version + + # - name: Publish to Docker Hub + # uses: docker/build-push-action@v4 + # with: + # platforms: linux/amd64,linux/arm/v7,linux/arm64/v8 + # context: . + # push: true + # file: ./Dockerfile + # tags: "${{ steps.tags.outputs.value }}" + # cache-from: type=local,src=/tmp/.buildx-cache-new + # cache-to: type=local,dest=/tmp/.buildx-cache-new + # https://github.com/docker/build-push-action/issues/252 # https://github.com/moby/buildkit/issues/1896 - name: Move cache to limit growth diff --git a/Dockerfile b/Dockerfile index a5c8d816c5ec..ce5c733937d5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,6 @@ -FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-buster -LABEL maintainer="Steven Allen " +FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-buster AS builder -ARG TARGETPLATFORM -ARG BUILDPLATFORM -ARG TARGETOS -ARG TARGETARCH - -# Install deps -RUN apt-get update && apt-get install -y \ - libssl-dev \ - ca-certificates \ - fuse +ARG TARGETPLATFORM TARGETOS TARGETARCH ENV SRC_DIR /kubo @@ -31,38 +21,32 @@ RUN cd $SRC_DIR \ && mkdir -p .git/objects \ && GOOS=$TARGETOS GOARCH=$TARGETARCH GOFLAGS=-buildvcs=false make build GOTAGS=openssl IPFS_PLUGINS=$IPFS_PLUGINS -# Get su-exec, a very minimal tool for dropping privileges, -# and tini, a very minimal init daemon for containers -ENV SUEXEC_VERSION v0.2 -ENV TINI_VERSION v0.19.0 +FROM debian:bookworm-slim AS utilities RUN set -eux; \ - dpkgArch="$(dpkg --print-architecture)"; \ - case "${dpkgArch##*-}" in \ - "amd64" | "armhf" | "arm64") tiniArch="tini-static-$dpkgArch" ;;\ - *) echo >&2 "unsupported architecture: ${dpkgArch}"; exit 1 ;; \ - esac; \ - cd /tmp \ - && git clone https://github.com/ncopa/su-exec.git \ - && cd su-exec \ - && git checkout -q $SUEXEC_VERSION \ - && make su-exec-static \ - && cd /tmp \ - && wget -q -O tini https://github.com/krallin/tini/releases/download/$TINI_VERSION/$tiniArch \ - && chmod +x tini + apt-get update; \ + apt-get install -y \ + # v0.19.0 + tini \ + # v0.2, su-exec + gosu \ + fuse \ + ca-certificates \ + libssl-dev \ + ; \ + rm -rf /var/lib/apt/lists/* # Now comes the actual target image, which aims to be as small as possible. -FROM --platform=${BUILDPLATFORM:-linux/amd64} busybox:1.31.1-glibc -LABEL maintainer="Steven Allen " +FROM busybox:1.31.1-glibc # Get the ipfs binary, entrypoint script, and TLS CAs from the build container. ENV SRC_DIR /kubo -COPY --from=0 $SRC_DIR/cmd/ipfs/ipfs /usr/local/bin/ipfs -COPY --from=0 $SRC_DIR/bin/container_daemon /usr/local/bin/start_ipfs -COPY --from=0 $SRC_DIR/bin/container_init_run /usr/local/bin/container_init_run -COPY --from=0 /tmp/su-exec/su-exec-static /sbin/su-exec -COPY --from=0 /tmp/tini /sbin/tini -COPY --from=0 /bin/fusermount /usr/local/bin/fusermount -COPY --from=0 /etc/ssl/certs /etc/ssl/certs +COPY --from=builder $SRC_DIR/cmd/ipfs/ipfs /usr/local/bin/ipfs +COPY --from=builder $SRC_DIR/bin/container_daemon /usr/local/bin/start_ipfs +COPY --from=builder $SRC_DIR/bin/container_init_run /usr/local/bin/container_init_run +COPY --from=utilities /usr/sbin/gosu /sbin/su-exec +COPY --from=utilities /usr/bin/tini /sbin/tini +COPY --from=utilities /usr/bin/fusermount /usr/local/bin/fusermount +COPY --from=utilities /etc/ssl/certs /etc/ssl/certs # Add suid bit on fusermount so it will run properly RUN chmod 4755 /usr/local/bin/fusermount @@ -71,11 +55,11 @@ RUN chmod 4755 /usr/local/bin/fusermount RUN chmod 0755 /usr/local/bin/start_ipfs # This shared lib (part of glibc) doesn't seem to be included with busybox. -COPY --from=0 /lib/*-linux-gnu*/libdl.so.2 /lib/ +COPY --from=utilities /lib/*-linux-gnu*/libdl.so.2 /lib/ # Copy over SSL libraries. -COPY --from=0 /usr/lib/*-linux-gnu*/libssl.so* /usr/lib/ -COPY --from=0 /usr/lib/*-linux-gnu*/libcrypto.so* /usr/lib/ +COPY --from=utilities /usr/lib/*-linux-gnu*/libssl.so* /usr/lib/ +COPY --from=utilities /usr/lib/*-linux-gnu*/libcrypto.so* /usr/lib/ # Swarm TCP; should be exposed to the public EXPOSE 4001