From c66013e48324d418661194e718c300b4f7958c5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20Loipf=C3=BChrer?= <michael.loipfuehrer@stusta.de>
Date: Wed, 3 Jan 2024 21:40:42 +0100
Subject: [PATCH] ci: enable multi arch docker builds

---
 .github/workflows/pull_request.yaml   | 73 +++++++++++++++++++++++++++
 .github/workflows/push_on_master.yaml | 15 ++++--
 docker/Dockerfile-api                 | 16 ++++--
 docker/entrypoint.py                  | 20 ++++----
 4 files changed, 105 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index fdc36819..00898944 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -2,6 +2,11 @@ name: Pull Request
 on:
   pull_request:
 
+env:
+    DOCKER_IMAGE_NAME_API: api
+    DOCKER_IMAGE_NAME_FRONTEND: frontend
+    DOCKER_IMAGE_TAGS: latest ${{ github.sha }} ${{github.ref_name}}
+
 jobs:
   build_and_test_frontend:
     uses: ./.github/workflows/frontend.yaml
@@ -10,3 +15,71 @@ jobs:
   build_and_test_backend:
     uses: ./.github/workflows/backend.yaml
     secrets: inherit
+
+  get-distros:
+    name: "Calculate list of debian distros and docker image tags"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+      - id: set-distros
+        run: |
+          # if we're running from a tag, get the full list of distros; otherwise just use debian:sid
+          dists='["debian:bookworm"]'
+          tags="latest $GITHUB_SHA"
+          if [[ $GITHUB_REF == refs/tags/* ]]; then
+              dists=$(tools/build_debian_packages.py --show-dists-json)
+              tags="latest $GITHUB_SHA latest-release $GITHUB_REF_NAME"
+          fi
+          echo "::set-output name=distros::$dists"
+          echo "::set-output name=tags::$tags"
+    # map the step outputs to job outputs
+    outputs:
+      distros: ${{ steps.set-distros.outputs.distros }}
+      tags: ${{ steps.set-distros.outputs.tags }}
+
+  test-build-docker:
+    name: Build and publish ready made docker containers
+    runs-on: ubuntu-latest
+    needs:
+    - get-distros
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Install qemu dependency
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y qemu-user-static
+
+    - name: Set up Nodejs
+      uses: actions/setup-node@v4
+      with:
+        node-version: "18"
+        cache: "npm"
+        cache-dependency-path: frontend/package-lock.json
+
+    - name: Install dependencies
+      run: npm ci
+      working-directory: frontend
+
+    - name: Build API Image
+      id: build-api-image
+      uses: redhat-actions/buildah-build@v2
+      with:
+        image: ${{ env.DOCKER_IMAGE_NAME_API }}
+        tags: ${{ needs.get-distros.outputs.tags }}
+        platforms: linux/amd64, linux/arm64/v8
+        containerfiles: ./docker/Dockerfile-api
+
+    - name: Build Frontend
+      working-directory: frontend
+      run: npx nx build web
+
+    - name: Build Frontend Image
+      id: build-frontend-image
+      uses: redhat-actions/buildah-build@v2
+      with:
+        image: ${{ env.DOCKER_IMAGE_NAME_FRONTEND }}
+        tags: ${{ needs.get-distros.outputs.tags }}
+        platforms: linux/amd64, linux/arm64/v8
+        containerfiles: ./docker/Dockerfile-frontend
diff --git a/.github/workflows/push_on_master.yaml b/.github/workflows/push_on_master.yaml
index a0e4dd39..2318966a 100644
--- a/.github/workflows/push_on_master.yaml
+++ b/.github/workflows/push_on_master.yaml
@@ -50,12 +50,19 @@ jobs:
     - get-distros
     steps:
     - uses: actions/checkout@v4
+
+    - name: Install qemu dependency
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y qemu-user-static
+
     - name: Set up Nodejs
       uses: actions/setup-node@v4
       with:
         node-version: "18"
         cache: "npm"
         cache-dependency-path: frontend/package-lock.json
+
     - name: Install dependencies
       run: npm ci
       working-directory: frontend
@@ -66,8 +73,8 @@ jobs:
       with:
         image: ${{ env.DOCKER_IMAGE_NAME_API }}
         tags: ${{ needs.get-distros.outputs.tags }}
-        containerfiles: |
-          ./docker/Dockerfile-api
+        platforms: linux/arm64/v8, linux/amd64
+        containerfiles: ./docker/Dockerfile-api
 
     - name: Push API Image To quay.io
       id: push-to-quay-api
@@ -89,8 +96,8 @@ jobs:
       with:
         image: ${{ env.DOCKER_IMAGE_NAME_FRONTEND }}
         tags: ${{ needs.get-distros.outputs.tags }}
-        containerfiles: |
-          ./docker/Dockerfile-frontend
+        platforms: linux/arm64/v8, linux/amd64
+        containerfiles: ./docker/Dockerfile-frontend
 
     - name: Push Frontend Image To quay.io
       id: push-to-quay-frontend
diff --git a/docker/Dockerfile-api b/docker/Dockerfile-api
index 158b5333..c03de81e 100644
--- a/docker/Dockerfile-api
+++ b/docker/Dockerfile-api
@@ -1,9 +1,15 @@
 # syntax=docker/dockerfile:1.3
+FROM python:3.10-alpine as builder
+RUN apk add --no-cache build-base libffi-dev
+RUN python3 -m venv /opt/abrechnung-venv
+ADD . /src
+RUN /opt/abrechnung-venv/bin/python3 -m pip install /src
+
 FROM python:3.10-alpine
-RUN addgroup -S abrechnung && adduser -S abrechnung -G abrechnung \
-  && apk add --no-cache curl
-ADD . /usr/share/abrechnung
-RUN pip install --editable /usr/share/abrechnung
+RUN addgroup -S abrechnung && adduser -S abrechnung -G abrechnung && apk add --no-cache curl
+COPY --from=builder /opt/abrechnung-venv/ /opt/abrechnung-venv/
+ADD --chmod=644 --chown=abrechnung:abrechung config/abrechnung.yaml /etc/abrechnung/abrechnung.yaml
 ADD --chmod=755 ./docker/entrypoint.py /
 COPY --chown=abrechnung:abrechnung ./docker/crontab /var/spool/cron/crontabs/abrechnung
-ENTRYPOINT ["/entrypoint.py"]
\ No newline at end of file
+USER abrechnung
+ENTRYPOINT ["/opt/abrechnung-venv/bin/python3", "/entrypoint.py"]
\ No newline at end of file
diff --git a/docker/entrypoint.py b/docker/entrypoint.py
index 56d54ddc..a7b1cbc4 100644
--- a/docker/entrypoint.py
+++ b/docker/entrypoint.py
@@ -1,4 +1,3 @@
-#!/usr/bin/env python
 import subprocess
 import sys
 from os import execlp, execvp, getenv, makedirs
@@ -16,21 +15,22 @@ def to_bool(data: str):
         "on",
     ]
 
+abrechnung_venv_python = "/opt/abrechnung-venv/bin/python3"
 
 print("generating config")
-config = dict()
-filename = "/usr/share/abrechnung/config/abrechnung.yaml"
+config = {}
+filename = "/etc/abrechnung/abrechnung.yaml"
 with open(filename, "r", encoding="utf-8") as filehandle:
     config = safe_load(filehandle)
 
 if not "service" in config:
-    config["service"] = dict()
+    config["service"] = {}
 if not "database" in config:
-    config["database"] = dict()
+    config["database"] = {}
 if not "registration" in config:
-    config["registration"] = dict()
+    config["registration"] = {}
 if not "email" in config:
-    config["email"] = dict()
+    config["email"] = {}
 
 config["service"]["url"] = getenv("SERVICE_URL", "https://localhost")
 config["service"]["api_url"] = getenv("SERVICE_API_URL", "https://localhost/api")
@@ -70,12 +70,12 @@ def to_bool(data: str):
 if sys.argv[1] == "api":
     print("migrating")
     sys.stdout.flush()
-    subprocess.run("abrechnung db migrate", shell=True, check=True)
+    subprocess.run([abrechnung_venv_python, "-m", "abrechnung", "db", "migrate"], shell=True, check=True)
     print("migrated")
 if sys.argv[1] == "cron":
     print("running cron...")
     sys.stdout.flush()
     execlp("crond", "crond", "-f")
-print("starting abrechnung...")
+print(f"starting abrechnung with forwarded argv {sys.argv}")
 sys.stdout.flush()
-execvp("abrechnung", sys.argv)
+execvp(abrechnung_venv_python, [abrechnung_venv_python, "-m", "abrechnung"] + sys.argv[1:])