Enable build cloud

assets/common.sh

@@ -121,6 +121,10 @@ log_in() {
   fi
 }
 
+create_cloud_builder() {
+  docker buildx create --use --driver cloud opendoor/default
+}
+
 private_registry() {
   local repository="${1}"
 

assets/out

@@ -54,6 +54,9 @@ start_docker \
 	"$registry_mirror"
 log_in "$username" "$password" "$registry"
 
+# TODO: wrap with a flag, get builder from config, etc.
+create_cloud_builder
+
 tag_source=$(jq -r '.source.tag // "latest"' < $payload)
 tag_params=$(jq -r '.params.tag_file // ""' < $payload)
 # for backwards compatibility, check `tag` if `tag_file` is empty
@@ -244,7 +247,36 @@ elif [ -n "$build" ]; then
     done    
   fi
 
-  docker build -t "${repository}:${tag_name}" "${target[@]}" "${expanded_build_args[@]}" "${expanded_labels[@]}" -f "$dockerfile" $cache_from "$build"
+  tags=("--tag" "${repository}:${tag_name}")
+  if [ "$need_tag_as_latest" = "true" ] && [ "${tag_name}" != "latest"  ]; then
+    tags+=("--tag" "${repository}:latest")
+    echo "tagging ${repository}:${tag_name} as latest"
+  fi
+
+  if [ -n "$additional_tag_names" ]    ; then
+    for additional_tag in $additional_tag_names; do
+      tags+=("--tag" "${repository}:${additional_tag}")
+      echo "tagging ${repository}:${tag_name} as ${additional_tag}"
+    done
+  fi
+
+  # careful to not let 'tee' mask exit status
+  {
+    if ! docker buildx build \
+      --builder cloud-opendoor-default \
+      --push \
+      "${tags[@]}" \
+      "${target[@]}" \
+      "${expanded_build_args[@]}" \
+      "${expanded_labels[@]}" \
+      -f "$dockerfile" \
+      $cache_from \
+      "$build" 2>&1
+    then
+      touch /tmp/push-failed
+    fi
+  } | tee push-output
+
 elif [ -n "$load_file" ]; then
   if [ -n "$load_repository" ]; then
     docker load -i "$load_file"
@@ -265,40 +297,11 @@ fi
 
 image_id="$(image_from_tag "$repository" "$tag_name")"
 
-# afaict there's no clean way to get the digest after a push. docker prints
-# this line at the end at least:
-#
-#   (tagname): digest: (digest) size: (size)
-#
-# so just parse it out
-
-# careful to not let 'tee' mask exit status
-
-{
-  if ! docker push "${repository}:${tag_name}"; then
-    touch /tmp/push-failed
-  fi
-} | tee push-output
-
 if [ -e /tmp/push-failed ]; then
   exit 1
 fi
 
-digest="$(grep 'digest' push-output | awk '{print $3}')"
-
-if [ "$need_tag_as_latest" = "true" ] && [ "${tag_name}" != "latest"  ]; then
-  docker tag "${repository}:${tag_name}" "${repository}:latest"
-  docker push "${repository}:latest"
-  echo "${repository}:${tag_name} tagged as latest"
-fi
-
-if [ -n "$additional_tag_names" ]    ; then
-  for additional_tag in $additional_tag_names; do
-    docker tag "${repository}:${tag_name}" "${repository}:${additional_tag}"
-    docker push "${repository}:${additional_tag}"
-    echo "${repository}:${tag_name} tagged as ${additional_tag}"
-  done
-fi
+digest="$(egrep -oh 'sha256:[a-f0-9]{64}' push-output | tail -n 1)"
 
 jq -n "{
   version: {

dockerfiles/alpine/Dockerfile

@@ -4,6 +4,7 @@ FROM concourse/golang-builder AS builder
 COPY . /go/src/github.com/concourse/docker-image-resource
 ENV CGO_ENABLED 0
 COPY assets/ /assets
+RUN go env -w GO111MODULE=off
 RUN go build -o /assets/check github.com/concourse/docker-image-resource/cmd/check
 RUN go build -o /assets/print-metadata github.com/concourse/docker-image-resource/cmd/print-metadata
 RUN go build -o /assets/ecr-login github.com/concourse/docker-image-resource/vendor/github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cmd
@@ -16,7 +17,9 @@ RUN set -e; \
 FROM alpine:edge AS resource
 RUN apk --no-cache add \
       bash \
+      curl \
       docker \
+      git \
       jq \
       ca-certificates \
       xz \
@@ -25,6 +28,13 @@ RUN apk --no-cache add \
 COPY --from=builder /assets /opt/resource
 RUN ln -s /opt/resource/ecr-login /usr/local/bin/docker-credential-ecr-login
 
+# Install build cloud. See https://docs.docker.com/build/cloud/ci/
+RUN mkdir -vp ~/.docker/cli-plugins/ && \
+  curl --silent -L --output ~/.docker/cli-plugins/docker-buildx \
+    $(curl -s https://raw.githubusercontent.com/docker/actions-toolkit/main/.github/buildx-lab-releases.json \
+      | jq -r ".latest.assets[] | select(endswith(\"linux-amd64\"))") && \
+  chmod a+x ~/.docker/cli-plugins/docker-buildx
+
 # stage: tests
 FROM resource AS tests
 COPY --from=builder /tests /tests