feat: Enable multi-arch builds

AMD64 and ARM64 for now. The Tyk plugin depends on the tykio/tyk-plugin-compiler image which does not support any other architecture than AMD64 for now. See TykTechnologies/tyk-build-env#4 ARMv7 was tried but Kong and Tyk do not support it and it may introduce issues due to its 32-bit architecture that we don't want to have to support. Signed-off-by: Felix Kaechele <[email protected]>
openclarity · Feb 24, 2022 · 6c3d730 · 6c3d730
1 parent c39a242
commit 6c3d730
Show file tree

Hide file tree

Showing 6 changed files with 147 additions and 29 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -24,6 +24,13 @@ jobs:
     - name: Check out code
       uses: actions/checkout@v2
 
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v1
+
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@v1
+
     - name: Check licenses
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -32,8 +39,66 @@ jobs:
     - name: Run verification
       run: make check
 
-    - name: Build Docker image
-      run: make docker
+    - name: Get current timestamp
+      id: timestamp
+      run: echo "::set-output name=timestamp::$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
+
+    - name: Build APIClarity
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        platforms: linux/amd64,linux/arm64
+        tags: ghcr.io/apiclarity/apiclarity:${{ github.sha }}
+        file: Dockerfile
+        cache-from: type=local,src=/tmp/.buildx-cache
+        cache-to: type=local,dest=/tmp/.buildx-cache
+        build-args: |
+          VERSION=${{ github.sha }}
+          BUILD_TIMESTAMP=${{ steps.timestamp.outputs.timestamp }}
+          COMMIT_HASH=${{ github.sha }}
+
+    - name: Build Kong plugin
+      uses: docker/build-push-action@v2
+      with:
+        context: plugins
+        platforms: linux/amd64,linux/arm64
+        tags: ghcr.io/apiclarity/kong-plugin:${{ github.sha }}
+        file: plugins/Dockerfile.kong
+        cache-from: type=local,src=/tmp/.buildx-cache
+        cache-to: type=local,dest=/tmp/.buildx-cache
+
+    - name: Fix Tyk Plugin API dep
+      id: tyk-dep
+      run: |
+        cd plugins/gateway/tyk/v3.2.2
+        go mod edit -replace github.com/apiclarity/apiclarity/plugins/[email protected]=./../api
+        go mod edit -replace github.com/apiclarity/apiclarity/plugins/[email protected]=./../common
+
+    - name: Build Tyk plugin
+      uses: docker/build-push-action@v2
+      with:
+        context: plugins
+        platforms: linux/amd64 # tykio/tyk-plugin-compiler does not currently support other architectures
+        tags: ghcr.io/apiclarity/tyk-plugin-v3.2.2:${{ github.sha }}
+        file: plugins/Dockerfile.tyk.v3.2.2
+        cache-from: type=local,src=/tmp/.buildx-cache
+        cache-to: type=local,dest=/tmp/.buildx-cache
+
+    - name: Undo Tyk Plugin API dep change
+      id: undo-tyk-dep
+      run: git checkout -- plugins/gateway/tyk/v3.2.2/go.mod
+
+    - name: Build passive taper
+      uses: docker/build-push-action@v2
+      with:
+        context: plugins
+        platforms: linux/amd64,linux/arm64
+        tags: ghcr.io/apiclarity/passive-taper:${{ github.sha }}
+        file: plugins/Dockerfile.taper
+        cache-from: type=local,src=/tmp/.buildx-cache
+        cache-to: type=local,dest=/tmp/.buildx-cache
+        build-args: |
+          VERSION=${{ github.sha }}
 
   lint_chart:
     name: Lint Helm Chart

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -14,6 +14,9 @@ jobs:
         with:
           submodules: true
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
 
@@ -40,6 +43,7 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           context: .
+          platforms: linux/amd64,linux/arm64
           tags: ghcr.io/apiclarity/apiclarity:latest
           file: Dockerfile
           push: true
@@ -54,6 +58,7 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           context: plugins
+          platforms: linux/amd64,linux/arm64
           tags: ghcr.io/apiclarity/kong-plugin:latest
           file: plugins/Dockerfile.kong
           push: true
@@ -71,6 +76,7 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           context: plugins
+          platforms: linux/amd64 # tykio/tyk-plugin-compiler does not currently support other architectures
           tags: ghcr.io/apiclarity/tyk-plugin-v3.2.2:latest
           file: plugins/Dockerfile.tyk.v3.2.2
           push: true
@@ -81,6 +87,7 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           context: plugins
+          platforms: linux/amd64,linux/arm64
           tags: ghcr.io/apiclarity/passive-taper:latest
           file: plugins/Dockerfile.taper
           push: true

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -81,6 +81,9 @@ jobs:
           git tag --annotate --message "Tag for release $tag" "$tag"
           git push origin "refs/tags/$tag"
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
 
@@ -107,6 +110,7 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           context: .
+          platforms: linux/amd64,linux/arm64
           tags: ghcr.io/apiclarity/apiclarity:${{ github.event.inputs.version }}
           file: Dockerfile
           push: true
@@ -121,6 +125,7 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           context: plugins
+          platforms: linux/amd64,linux/arm64
           tags: ghcr.io/apiclarity/kong-plugin:${{ github.event.inputs.version }}
           file: plugins/Dockerfile.kong
           push: true
@@ -138,6 +143,7 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           context: plugins
+          platforms: linux/amd64 # tykio/tyk-plugin-compiler does not currently support other architectures
           tags: ghcr.io/apiclarity/tyk-plugin-v3.2.2:${{ github.event.inputs.version }}
           file: plugins/Dockerfile.tyk.v3.2.2
           push: true
@@ -152,6 +158,7 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           context: plugins
+          platforms: linux/amd64,linux/arm64
           tags: ghcr.io/apiclarity/passive-taper:${{ github.event.inputs.version }}
           file: plugins/Dockerfile.taper
           push: true

diff --git a/Dockerfile b/Dockerfile
@@ -1,31 +1,40 @@
-FROM node:14-slim AS site-build
+## Build Frontend
+FROM --platform=$BUILDPLATFORM node:14-slim AS site-build
 
 WORKDIR /app/ui-build
 
+# Cache optimization: Avoid npm install unless package.json changed
+COPY ui/package-lock.json ui/package.json ./
+RUN npm ci
+
 COPY ui .
-RUN npm i
 RUN npm run build
 
+## Build Backend
+# Cross-compilation tools
+FROM --platform=$BUILDPLATFORM tonistiigi/xx AS xx
 
-FROM golang:1.16.6-alpine AS builder
+FROM --platform=$BUILDPLATFORM golang:1.16.6-alpine AS builder
 
-RUN apk add --update --no-cache gcc g++
+# Copy cross-compilation tools
+COPY --from=xx / /
 
 WORKDIR /build
 COPY api ./api
 COPY plugins/api ./plugins/api
 
+# Cache optimization: Avoid go module downloads unless go.mod/go.sum changed
 WORKDIR /build/backend
 COPY backend/go.* ./
 RUN go mod download
 
-ARG VERSION
-ARG BUILD_TIMESTAMP
-ARG COMMIT_HASH
+ARG BUILD_TIMESTAMP COMMIT_HASH VERSION TARGETOS TARGETARCH
 
 # Copy and build backend code
 COPY backend .
-RUN go build -ldflags="-s -w \
+ARG TARGETPLATFORM
+ENV CGO_ENABLED=0
+RUN xx-go build -ldflags="-s -w \
      -X 'github.com/apiclarity/apiclarity/backend/pkg/version.Version=${VERSION}' \
      -X 'github.com/apiclarity/apiclarity/backend/pkg/version.CommitHash=${COMMIT_HASH}' \
      -X 'github.com/apiclarity/apiclarity/backend/pkg/version.BuildTimestamp=${BUILD_TIMESTAMP}'" -o backend ./cmd/backend/main.go

diff --git a/plugins/Dockerfile.kong b/plugins/Dockerfile.kong
@@ -1,28 +1,39 @@
-FROM golang:1.16.6-alpine AS builder
+## Common build steps for plugins
+# Cross-compilation tools
+FROM --platform=$BUILDPLATFORM tonistiigi/xx AS xx
 
-## Note: this Dockerfile will only be built from the plugins context
+FROM --platform=$BUILDPLATFORM golang:1.16.6-alpine AS builder
 
-RUN apk add --update --no-cache gcc g++
+# Copy cross-compilation tools
+COPY --from=xx / /
 
-WORKDIR /plugins
-COPY api ./api
+# To optimize caching and multi-architecture we try to get in as much upfront
+# work as possible before branching out using our actual source
+WORKDIR /plugins/api
+COPY api/go.* ./
+RUN go mod download
 
 WORKDIR /plugins/common
-
 COPY common/go.* ./
 RUN go mod download
 
-COPY common ./
+WORKDIR /plugins
+COPY api ./api
+COPY common ./common
 
+## Kong plugin build steps
 WORKDIR /plugins/gateway/kong
-COPY gateway/kong/go.* ./
 
+# Cache optimization: Avoid go module downloads unless go.mod/go.sum changed
+COPY gateway/kong/go.* ./
 RUN go mod download
 
 COPY gateway/kong .
 
 # Build the plugin.
-RUN go build -o bin/kong-plugin plugin.go
+ARG TARGETPLATFORM
+ENV CGO_ENABLED=0
+RUN xx-go build -o bin/kong-plugin plugin.go
 
 FROM busybox
 COPY --from=builder ["/plugins/gateway/kong/bin/kong-plugin", "/kong-plugin"]
diff --git a/plugins/Dockerfile.taper b/plugins/Dockerfile.taper
@@ -1,33 +1,52 @@
-FROM golang:1.16.6-alpine AS builder
+## Common build steps for plugins
+# Cross-compilation tools
+FROM --platform=$BUILDPLATFORM tonistiigi/xx AS xx
 
-# Set necessary environment variables needed for our image.
-ENV CGO_ENABLED=1 GOOS=linux GOARCH=amd64
+FROM --platform=$BUILDPLATFORM golang:1.16.6-alpine AS builder
 
-RUN apk add libpcap-dev gcc g++ make bash
+# Copy cross-compilation tools
+COPY --from=xx / /
 
-WORKDIR /plugins
+# To optimize caching and multi-architecture we try to get in as much upfront
+# work as possible before branching out using our actual source
+WORKDIR /plugins/api
+COPY api/go.* ./
+RUN go mod download
 
+WORKDIR /plugins/common
+COPY common/go.* ./
+RUN go mod download
+
+WORKDIR /plugins
 COPY api ./api
 COPY common ./common
 
-WORKDIR /plugins/taper
+## Taper plugin build steps
+# Cache optimization: Avoid go module downloads unless go.mod/go.sum changed
+WORKDIR /plugins/taper/extensions/http
+COPY taper/extensions/http/go.* ./
+RUN go mod download
 
+WORKDIR /plugins/taper
 COPY taper/go.* ./
 RUN go mod download
 
-ARG VERSION
+ARG TARGETPLATFORM VERSION
 COPY taper .
-RUN go build -ldflags="-s -w \
+RUN apk add --no-cache clang lld
+RUN xx-apk add --no-cache binutils-gold gcc libpcap-dev musl-dev
+ENV CGO_ENABLED=1
+RUN export QEMU_LD_PREFIX=/$(xx-info) && xx-go build -ldflags="-s -w \
      -X 'github.com/apiclarity/apiclarity/plugins/taper/version.Version=${VERSION}'" -o agent .
 
 WORKDIR /plugins/taper/extensions/http
 
 COPY taper/extensions/http .
-RUN go build -buildmode=plugin -o ../http.so .
+RUN export QEMU_LD_PREFIX=/$(xx-info) && xx-go build -buildmode=plugin -o ../http.so .
 
 FROM alpine:3.14
 
-RUN apk add bash libpcap-dev tcpdump
+RUN apk add --no-cache bash libpcap tcpdump
 WORKDIR /app
 
 # Copy binary and config files from /build to root folder of scratch container.