From aed83dc81d01ba342fd2f2ca313075954b92c0f7 Mon Sep 17 00:00:00 2001 From: Marco Franssen Date: Thu, 29 Aug 2024 15:52:16 +0200 Subject: [PATCH 1/4] Enable multi-arch Docker build Signed-off-by: Marco Franssen --- .github/workflows/images.yaml | 21 ++++++++++++--------- Dockerfile | 31 +++++++++++++++++++++++-------- 2 files changed, 35 insertions(+), 17 deletions(-) diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 92cd355f81..d98b58be95 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -25,6 +25,9 @@ jobs: strategy: matrix: include: + - name: cilium-cli + dockerfile: ./Dockerfile + platforms: linux/amd64,linux/arm64 - name: cilium-cli-ci dockerfile: ./Dockerfile platforms: linux/amd64 @@ -57,10 +60,10 @@ jobs: ref: ${{ steps.tag.outputs.tag }} # main branch or tag pushes - - name: CI Build ${{ matrix.name }} + - name: Build ${{ matrix.name }} if: ${{ github.event_name != 'pull_request_target' }} uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 - id: docker_build_ci_main + id: docker_build_main with: context: . file: ${{ matrix.dockerfile }} @@ -71,19 +74,19 @@ jobs: quay.io/${{ github.repository_owner }}/${{ matrix.name }}:latest quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }} - - name: CI Image Releases digests + - name: Image Releases digests if: ${{ github.event_name != 'pull_request_target' }} shell: bash run: | mkdir -p image-digest/ - echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}:latest@${{ steps.docker_build_ci_main.outputs.digest }}" > image-digest/${{ matrix.name }}.txt - echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_main.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt + echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}:latest@${{ steps.docker_build_main.outputs.digest }}" > image-digest/${{ matrix.name }}.txt + echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_main.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt # PR updates - - name: CI Build ${{ matrix.name }} + - name: Build ${{ matrix.name }} if: ${{ github.event_name == 'pull_request_target' }} uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 - id: docker_build_ci_pr + id: docker_build_pr with: context: . file: ${{ matrix.dockerfile }} @@ -93,12 +96,12 @@ jobs: tags: | quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }} - - name: CI Image Releases digests + - name: Image Releases digests if: ${{ github.event_name == 'pull_request_target' }} shell: bash run: | mkdir -p image-digest/ - echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_pr.outputs.digest }}" > image-digest/${{ matrix.name }}.txt + echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_pr.outputs.digest }}" > image-digest/${{ matrix.name }}.txt # Upload artifact digests - name: Upload artifact digests diff --git a/Dockerfile b/Dockerfile index 6a57cfec38..862335f7ce 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,26 +3,41 @@ # Copyright Authors of Cilium # SPDX-License-Identifier: Apache-2.0 -FROM docker.io/library/golang:1.23.4-alpine3.19@sha256:5f3336882ad15d10ac1b59fbaba7cb84c35d4623774198b36ae60edeba45fd84 AS builder +FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.23.4-alpine3.19@sha256:5f3336882ad15d10ac1b59fbaba7cb84c35d4623774198b36ae60edeba45fd84 AS base +RUN apk add --no-cache --update ca-certificates git make WORKDIR /go/src/github.com/cilium/cilium-cli -RUN apk add --no-cache curl git make ca-certificates +COPY go.* . +RUN --mount=type=cache,target=/go/pkg/mod go mod download COPY . . -RUN make + +# xx is a helper for cross-compilation +FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.5.0@sha256:0c6a569797744e45955f39d4f7538ac344bfb7ebf0a54006a0a4297b153ccf0f AS xx + +FROM --platform=${BUILDPLATFORM} base AS builder +ARG TARGETPLATFORM +ARG TARGETARCH +COPY --link --from=xx / / +RUN --mount=type=cache,target=/root/.cache/go-build \ + --mount=type=cache,target=/go/pkg/mod \ + xx-go --wrap && \ + make && \ + xx-verify --static /go/src/github.com/cilium/cilium-cli/cilium # cilium-cli is from scratch only including cilium binaries -FROM scratch AS cilium-cli -ENTRYPOINT ["cilium"] +FROM --platform=${BUILDPLATFORM} scratch AS cilium-cli +ENTRYPOINT [""] +USER 1000:1000 LABEL maintainer="maintainer@cilium.io" WORKDIR /root/app -COPY --from=builder --chown=root:root --chmod=755 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ -COPY --from=builder /go/src/github.com/cilium/cilium-cli/cilium /usr/local/bin/cilium +COPY --link --from=builder --chown=root:root --chmod=755 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --link --from=builder --chown=1000:1000 --chmod=755 /go/src/github.com/cilium/cilium-cli/cilium /usr/local/bin/cilium # cilium-cli-ci is based on ubuntu with cloud CLIs FROM ubuntu:24.04@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab AS cilium-cli-ci ENTRYPOINT [] LABEL maintainer="maintainer@cilium.io" WORKDIR /root/app -COPY --from=builder /go/src/github.com/cilium/cilium-cli/cilium /usr/local/bin/cilium +COPY --link --from=builder /go/src/github.com/cilium/cilium-cli/cilium /usr/local/bin/cilium # Install cloud CLIs. Based on these instructions: # - https://cloud.google.com/sdk/docs/install#deb From f996cce593f6661b90ee049fdbe8e2ed6cb28224 Mon Sep 17 00:00:00 2001 From: Marco Franssen Date: Wed, 27 Nov 2024 17:19:08 +0100 Subject: [PATCH 2/4] Use different GitHub environment for the images Signed-off-by: Marco Franssen --- .github/workflows/images.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index d98b58be95..8f327a2569 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -20,7 +20,7 @@ concurrency: jobs: build-and-push-prs: if: ${{ github.repository == 'cilium/cilium-cli' }} - environment: ci + environment: ${{ matrix.gh-env }} runs-on: ubuntu-24.04 strategy: matrix: @@ -28,9 +28,11 @@ jobs: - name: cilium-cli dockerfile: ./Dockerfile platforms: linux/amd64,linux/arm64 + gh-env: release - name: cilium-cli-ci dockerfile: ./Dockerfile platforms: linux/amd64 + gh-env: ci steps: - name: Set up Docker Buildx From d2ae2466208af5119c895806ac3cd0589073fd2b Mon Sep 17 00:00:00 2001 From: Michi Mutsuzaki Date: Sun, 8 Dec 2024 01:36:41 +0000 Subject: [PATCH 3/4] no curl Signed-off-by: Michi Mutsuzaki --- Makefile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Makefile b/Makefile index ecfd03d959..f7c1f04bdd 100644 --- a/Makefile +++ b/Makefile @@ -7,15 +7,13 @@ GO_TAGS ?= TARGET=cilium INSTALL = $(QUIET)install BINDIR ?= /usr/local/bin -CILIUM_VERSION=$(shell curl -s https://raw.githubusercontent.com/cilium/cilium/main/stable.txt) CLI_VERSION=$(shell git describe --tags --always) STRIP_DEBUG=-w -s ifdef DEBUG STRIP_DEBUG= endif GO_BUILD_LDFLAGS ?= $(STRIP_DEBUG) \ - -X 'github.com/cilium/cilium/cilium-cli/defaults.CLIVersion=$(CLI_VERSION)' \ - -X 'github.com/cilium/cilium/cilium-cli/defaults.Version=$(CILIUM_VERSION)' + -X 'github.com/cilium/cilium/cilium-cli/defaults.CLIVersion=$(CLI_VERSION)' TEST_TIMEOUT ?= 5s RELEASE_UID ?= $(shell id -u) From c6cfc8bebd44ddc4f7b757a2be398283c0ff1656 Mon Sep 17 00:00:00 2001 From: Michi Mutsuzaki Date: Sun, 8 Dec 2024 01:00:12 +0000 Subject: [PATCH 4/4] Add release image workflow Signed-off-by: Michi Mutsuzaki --- .github/workflows/release-image.yaml | 74 ++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 .github/workflows/release-image.yaml diff --git a/.github/workflows/release-image.yaml b/.github/workflows/release-image.yaml new file mode 100644 index 0000000000..a3747a8472 --- /dev/null +++ b/.github/workflows/release-image.yaml @@ -0,0 +1,74 @@ +on: + push: + tags: + - 'v*' + +name: Release Image + +jobs: + build-image: + name: Create Release Image + runs-on: ubuntu-24.04 + environment: release + steps: + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + + - name: Login to quay.io for release + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + with: + registry: quay.io + username: ${{ secrets.QUAY_RELEASE_USERNAME }} + password: ${{ secrets.QUAY_RELEASE_TOKEN }} + + - name: Checkout Source Code + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Release Image Build cilium-cli + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + id: docker_build_release + with: + context: . + file: Dockerfile + target: cilium-cli + platforms: linux/amd64,linux/arm64 + push: true + tags: | + quay.io/${{ github.repository_owner }}/cilium-cli:latest + quay.io/${{ github.repository_owner }}/cilium-cli:${{ github.ref_name }} + + - name: Release Image digest + shell: bash + run: | + mkdir -p image-digest/ + echo "quay.io/${{ github.repository_owner }}/cilium-cli:latest@${{ steps.docker_build_release.outputs.digest }}" > image-digest/cilium-cli.txt + echo "quay.io/${{ github.repository_owner }}/cilium-cli:${{ github.ref_name }}@${{ steps.docker_build_release.outputs.digest }}" >> image-digest/cilium-cli.txt + + - name: Upload artifact digests + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + with: + name: image-digest cilium-cli + path: image-digest + retention-days: 1 + + image-digests: + name: Display Digests + runs-on: ubuntu-24.04 + needs: [build-image] + steps: + - name: Downloading Image Digests + shell: bash + run: | + mkdir -p image-digest/ + + - name: Download digests of all images built + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + path: image-digest/ + pattern: "*image-digest *" + + - name: Image Digests Output + shell: bash + run: | + cd image-digest/ + find -type f | sort | xargs -d '\n' cat