From 1ccf69f7319263ad5cad10853e4abab09f09e5b5 Mon Sep 17 00:00:00 2001 From: Akash Satheesan Date: Fri, 28 May 2021 22:21:41 +0530 Subject: [PATCH] chore: cross-compile docker images with buildx (#3503) --- .github/workflows/ci.yaml | 36 +++++++++----------------------- CHANGELOG.md | 2 +- ci/README.md | 4 ++-- ci/release-image/build.sh | 11 ---------- ci/release-image/docker-bake.hcl | 25 ++++++++++++++++++++++ ci/steps/build-docker-image.sh | 4 +--- 6 files changed, 39 insertions(+), 43 deletions(-) delete mode 100755 ci/release-image/build.sh create mode 100644 ci/release-image/docker-bake.hcl diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 6dd06c5f7..f6c3f008e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -386,9 +386,10 @@ jobs: - name: Remove release packages and test artifacts run: rm -rf ./release-packages ./test/test-results - docker-amd64: + # Builds both amd64 and arm64 images + docker-images: runs-on: ubuntu-latest - needs: package-linux-amd64 + needs: [package-linux-amd64, package-linux-arm64] steps: - uses: actions/checkout@v2 @@ -398,34 +399,16 @@ jobs: name: release-packages path: ./release-packages - - name: Run ./ci/steps/build-docker-image.sh - run: ./ci/steps/build-docker-image.sh + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 - - name: Upload release image - uses: actions/upload-artifact@v2 - with: - name: release-images - path: ./release-images - - # TODO: this is the last place where we use our self-hosted arm64 runner. - # In the future, consider switching to docker buildx + qemu, - # thus removing the requirement for us to maintain the runner. - docker-arm64: - runs-on: ubuntu-arm64-latest - needs: package-linux-arm64 - steps: - - uses: actions/checkout@v2 - - - name: Download release package - uses: actions/download-artifact@v2 - with: - name: release-packages - path: ./release-packages + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 - name: Run ./ci/steps/build-docker-image.sh run: ./ci/steps/build-docker-image.sh - - name: Upload release image + - name: Upload release images uses: actions/upload-artifact@v2 with: name: release-images @@ -433,7 +416,7 @@ jobs: trivy-scan-image: runs-on: ubuntu-20.04 - needs: docker-amd64 + needs: docker-images # NOTE@jsjoeio: disabling due to a memory issue upstream # See: https://github.com/github/codeql-action/issues/528 if: 1 == 2 @@ -466,6 +449,7 @@ jobs: uses: github/codeql-action/upload-sarif@v1 with: sarif_file: "trivy-image-results.sarif" + # We have to use two trivy jobs # because GitHub only allows # codeql/upload-sarif action per job diff --git a/CHANGELOG.md b/CHANGELOG.md index 21e2a0605..5a7063fe9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -54,7 +54,7 @@ VS Code v0.00.0 ### Development -- item +- chore: cross-compile docker images with buildx #3166 @oxy ## 3.10.2 diff --git a/ci/README.md b/ci/README.md index c8a8a0ad6..be14aa8fc 100644 --- a/ci/README.md +++ b/ci/README.md @@ -100,8 +100,8 @@ You can disable minification by setting `MINIFY=`. This directory contains the release docker container image. -- [./release-image/build.sh](./release-image/build.sh) - - Builds the release container with the tag `codercom/code-server-$ARCH:$VERSION`. +- [./ci/steps/build-docker-image.sh](./ci/steps/build-docker-image.sh) + - Builds the release containers with tags `codercom/code-server-$ARCH:$VERSION` for amd64 and arm64 with `docker buildx`. - Assumes debian releases are ready in `./release-packages`. ## images diff --git a/ci/release-image/build.sh b/ci/release-image/build.sh deleted file mode 100755 index 5969e15ae..000000000 --- a/ci/release-image/build.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -main() { - cd "$(dirname "$0")/../.." - source ./ci/lib.sh - - docker build -t "codercom/code-server-$ARCH:$VERSION" -f ./ci/release-image/Dockerfile . -} - -main "$@" diff --git a/ci/release-image/docker-bake.hcl b/ci/release-image/docker-bake.hcl new file mode 100644 index 000000000..bbb856232 --- /dev/null +++ b/ci/release-image/docker-bake.hcl @@ -0,0 +1,25 @@ +# Use this file from the top of the repo, with `-f ci/release-image/docker-bake.hcl` + +# Uses env var VERSION if set; +# normally, this is set by ci/lib.sh +variable "VERSION" { + default = "latest" +} + +group "default" { + targets = ["code-server-amd64", "code-server-arm64"] +} + +target "code-server-amd64" { + dockerfile = "ci/release-image/Dockerfile" + tags = ["docker.io/codercom/code-server-amd64:${VERSION}"] + platforms = ["linux/amd64"] + output = ["type=tar,dest=./release-images/code-server-amd64-${VERSION}.tar"] +} + +target "code-server-arm64" { + dockerfile = "ci/release-image/Dockerfile" + tags = ["docker.io/codercom/code-server-arm64:${VERSION}"] + platforms = ["linux/arm64"] + output = ["type=tar,dest=./release-images/code-server-arm64-${VERSION}.tar"] +} diff --git a/ci/steps/build-docker-image.sh b/ci/steps/build-docker-image.sh index 8ae5855bd..881132a9d 100755 --- a/ci/steps/build-docker-image.sh +++ b/ci/steps/build-docker-image.sh @@ -5,10 +5,8 @@ main() { cd "$(dirname "$0")/../.." source ./ci/lib.sh - ./ci/release-image/build.sh - mkdir -p release-images - docker save "codercom/code-server-$ARCH:$VERSION" >"release-images/code-server-$ARCH-$VERSION.tar" + docker buildx bake -f ci/release-image/docker-bake.hcl } main "$@"