Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: build and push Docker image based on Chainguard base image #3623

Merged
merged 5 commits into from
May 16, 2024
Merged

ci: build and push Docker image based on Chainguard base image #3623

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
032c601
ci: build and push Docker image based on Chainguard base image
v1v May 9, 2024
10508bb
fix
v1v May 9, 2024
6956aa6
fail fast
v1v May 9, 2024
07c90b6
fix: find
v1v May 9, 2024
5983537
fix: find
v1v May 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 32 additions & 1 deletion .github/workflows/snapshot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,38 @@ jobs:
with:
subject-path: "${{ github.workspace }}/**/target/*.jar"

- if: ${{ failure() }}
build-docker-images:
name: "Build docker images"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: elastic/apm-pipeline-library/.github/actions/docker-login@current
with:
registry: docker.elastic.co
secret: secret/apm-team/ci/docker-registry/prod
url: ${{ secrets.VAULT_ADDR }}
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
- name: prepare context for testing docker build
run: |
mkdir -p elastic-apm-agent/target
curl -L -s -o elastic-apm-agent/target/elastic-apm-agent-1.49.0.jar \
"https://oss.sonatype.org/service/local/artifact/maven/redirect?r=releases&g=co.elastic.apm&a=elastic-apm-agent&v=1.49.0"
- name: "Build docker image"
run: ./scripts/docker-release/build_docker.sh "test"

notify:
needs:
- build-docker-images
- deploy
- validate
runs-on: ubuntu-latest
steps:
- id: check
uses: elastic/apm-pipeline-library/.github/actions/check-dependent-jobs@current
with:
needs: ${{ toJSON(needs) }}
- if: ${{ failure() && ! inputs.dry_run }}
uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
with:
url: ${{ secrets.VAULT_ADDR }}
Expand Down
8 changes: 7 additions & 1 deletion CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -330,8 +330,14 @@ docker.elastic.co and are located in the `observability` namespace.

For example, to download the v1.12.0 of the agent, use the following:

```bash
docker pull docker.elastic.co/observability/apm-agent-java:1.12.0
```
docker pull docker.elastic.co/observability/apm-agent-java:1.12.0

In addition, you can use the `wolfi` version by adding the suffix `-wolfi`

```bash
docker pull docker.elastic.co/observability/apm-agent-java:1.12.0-wolfi
```

#### Creating images for a Release
Expand Down
7 changes: 7 additions & 0 deletions Dockerfile.wolfi
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
FROM docker.elastic.co/wolfi/chainguard-base@sha256:9f940409f96296ef56140bcc4665c204dd499af4c32c96cc00e792558097c3f1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We'll eventually switch to just publishing the wolfi images, right?
When that happens I'd suggest to use an ARG for the base image:

ARG BASE_IMAGE=alpine@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b
FROM $BASE_IMAGE

This way we can have a single Dockerfile which locally builts on top of Alpine, but from CI we can pass in the wolfi image as base image.

Nothing to do for now, just something to maybe keep in mind for when we drop publishing the alpine based image.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We'll eventually switch to just publishing the wolfi images, right?

I think so, that's something we are still discussing internally

RUN mkdir /usr/agent
ARG JAR_FILE
ARG HANDLER_FILE
COPY ${JAR_FILE} /usr/agent/elastic-apm-agent.jar
COPY ${HANDLER_FILE} /usr/agent/elastic-apm-handler
RUN chmod +x /usr/agent/elastic-apm-handler
36 changes: 23 additions & 13 deletions scripts/docker-release/build_docker.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,13 @@ readonly SCRIPT_PATH="$( cd "$(dirname "$0")" ; pwd -P )"
readonly PROJECT_ROOT=$SCRIPT_PATH/../../
readonly NAMESPACE="observability"

if [ "$(ls -A ${PROJECT_ROOT}elastic-apm-agent/target/*.jar)" ]
FILE=$(ls -A ${PROJECT_ROOT}elastic-apm-agent/target/*.jar | grep -E "elastic-apm-agent-[0-9]+.[0-9]+.[0-9]+(-SNAPSHOT)?.jar" )

if [ -n "${FILE}" ]
then
# We have build files to use
echo "INFO: Found local build artifact. Using locally built for Docker build"
find -E ${PROJECT_ROOT}elastic-apm-agent/target -regex '.*/elastic-apm-agent-[0-9]+.[0-9]+.[0-9]+(-SNAPSHOT)?.jar' -exec cp {} ${PROJECT_ROOT}apm-agent-java.jar \; || echo "INFO: No locally built image found"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm afraid -E is MacOS based, using ls with grep instead

cp "${FILE}" "${PROJECT_ROOT}apm-agent-java.jar" || echo "INFO: No locally built image found"
elif [ ! -z ${SONATYPE_FALLBACK+x} ]
then
echo "INFO: No local build artifact and SONATYPE_FALLBACK. Falling back to downloading artifact from Sonatype Nexus repository for version $RELEASE_VERSION"
Expand All @@ -37,19 +39,27 @@ then
exit 1
fi

echo "INFO: Starting Docker build for version $RELEASE_VERSION"
ls -l apm-agent-java.jar

docker build -t docker.elastic.co/$NAMESPACE/apm-agent-java:$RELEASE_VERSION \
--platform linux/amd64 \
--build-arg JAR_FILE=apm-agent-java.jar \
--build-arg HANDLER_FILE=apm-agent-lambda-layer/src/main/assembly/elastic-apm-handler .
echo "INFO: Starting Docker build for version $RELEASE_VERSION"
for DOCKERFILE in "Dockerfile" "Dockerfile.wolfi" ; do
DOCKER_TAG=$RELEASE_VERSION
if [[ $DOCKERFILE =~ "wolfi" ]]; then
DOCKER_TAG="${RELEASE_VERSION}-wolfi"
fi
docker build -t docker.elastic.co/$NAMESPACE/apm-agent-java:$DOCKER_TAG \
--platform linux/amd64 \
--build-arg JAR_FILE=apm-agent-java.jar \
--build-arg HANDLER_FILE=apm-agent-lambda-layer/src/main/assembly/elastic-apm-handler \
--file $DOCKERFILE .

if [ $? -eq 0 ]
then
echo "INFO: Docker image built successfully"
else
echo "ERROR: Problem building Docker image!"
fi
if [ $? -eq 0 ]
then
echo "INFO: Docker image built successfully"
else
echo "ERROR: Problem building Docker image!"
fi
done

function finish {

Expand Down
3 changes: 3 additions & 0 deletions scripts/docker-release/push_docker.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ readonly DOCKER_PUSH_IMAGE_LATEST="$DOCKER_REGISTRY_URL/$DOCKER_IMAGE_NAME:lates
echo "INFO: Pushing image $DOCKER_PUSH_IMAGE to $DOCKER_REGISTRY_URL"

docker push $DOCKER_PUSH_IMAGE || { echo "You may need to run 'docker login' first and then re-run this script"; exit 1; }
docker push "${DOCKER_PUSH_IMAGE}-wolfi" || { echo "You may need to run 'docker login' first and then re-run this script"; exit 1; }

readonly LATEST_TAG=$(git tag --list --sort=version:refname "v*" | grep -v RC | sed s/^v// | tail -n 1)

Expand All @@ -40,4 +41,6 @@ then
echo "INFO: Current version ($RELEASE_VERSION) is the latest version. Tagging and pushing $DOCKER_PUSH_IMAGE_LATEST ..."
docker tag $DOCKER_PUSH_IMAGE $DOCKER_PUSH_IMAGE_LATEST
docker push $DOCKER_PUSH_IMAGE_LATEST || { echo "You may need to run 'docker login' first and then re-run this script"; exit 1; }
docker tag "${DOCKER_PUSH_IMAGE}-wolfi" "${DOCKER_PUSH_IMAGE_LATEST}-wolfi"
docker push "${DOCKER_PUSH_IMAGE_LATEST}-wolfi" || { echo "You may need to run 'docker login' first and then re-run this script"; exit 1; }
fi
Loading