build multiple alpine images

nginxinc · Jun 10, 2024 · dfd3c46 · dfd3c46
1 parent 78b78f5
commit dfd3c46
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 11 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -16,14 +16,15 @@ env:
 jobs:
   build:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        image: ["3.17", "3.19", "3.20"]
+        openssl_version: ["3.0.9"]
+      fail-fast: false
     steps:
       - name: Checkout Repository
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
-      - name: Get Alpine version
-        id: alpine
-        run: echo "version=$(grep -m1 'FROM alpine' <Dockerfile | awk -F'[:]' '{print $2}')" >> $GITHUB_OUTPUT
-
       - name: Docker Buildx
         uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
 
@@ -49,10 +50,10 @@ jobs:
             name=ghcr.io/nginxinc/alpine-fips
           tags: |
             type=edge
-            type=ref,event=pr
+            type=ref,event=pr,suffix=-alpine${{ matrix.image }}
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{version}},suffix=-alpine${{ steps.alpine.outputs.version }}
+            type=semver,pattern={{version}},suffix=-alpine${{ matrix.image }}
         env:
           DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
 
@@ -62,16 +63,20 @@ jobs:
         with:
           file: Dockerfile
           context: "."
-          cache-from: type=gha,scope=alpine
-          cache-to: type=gha,scope=alpine,mode=max
+          cache-from: type=gha,scope=alpine${{ matrix.image }}
+          cache-to: type=gha,scope=alpine${{ matrix.image }},mode=max
           tags: ${{ steps.meta.outputs.tags }}
           load: ${{ github.event_name == 'pull_request' }}
           push: ${{ github.event_name != 'pull_request' }}
           platforms: ${{ github.event_name != 'pull_request' && env.platforms || '' }}
           annotations: ${{ github.event_name != 'pull_request' && steps.meta.outputs.annotations || '' }}
+          target: alpine
           pull: true
           sbom: ${{ github.event_name != 'pull_request' }}
           provenance: ${{ github.event_name != 'pull_request' }}
+          build-args: | 
+            BUILD_OS=alpine:${{ matrix.image }}
+            OPENSSL_VERSION=${{ matrix.openssl_version }}
 
       - name: Run Grype vulnerability scanner
         uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3.6.4

diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,10 @@
-FROM alpine:3.19
-
+# syntax=docker/dockerfile:1.6
+ARG BUILD_OS=alpine:3.19
 ARG OPENSSL_VERSION=3.0.9
 
+FROM ${BUILD_OS} as alpine
+ARG OPENSSL_VERSION
+
 RUN apk add --no-cache --virtual .build-deps \
     make gcc libgcc musl-dev linux-headers perl vim \
     &&  wget https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz \
@@ -11,6 +14,7 @@ RUN apk add --no-cache --virtual .build-deps \
     && make \
     && make install_fips \
     && apk del .build-deps \
-    && cd .. && rm -rf openssl-${OPENSSL_VERSION}.tar.gz openssl-${OPENSSL_VERSION}
+    && cd .. && rm -rf openssl-${OPENSSL_VERSION}.tar.gz openssl-${OPENSSL_VERSION} \
+    && apk upgrade --no-cache -U
 
 COPY openssl.cnf /etc/ssl/openssl.cnf