From 5fddd7e8c3f53e8c940395bfb06d90f1f027487b Mon Sep 17 00:00:00 2001 From: Tiago Castro Date: Mon, 1 Jul 2024 19:53:06 +0100 Subject: [PATCH] feat: support multiple images Support for multiple images (dockerfiles) during the make process Ensures make test does not leave exited containers Add make clean to delete buildx builder Removes the push scripts as those are no longer used Signed-off-by: Tiago Castro --- .github/workflows/build.yml | 28 ++-- .github/workflows/pull_request.yml | 13 +- .github/workflows/release.yml | 28 ++-- Makefile | 40 ++--- Makefile.buildx.mk | 32 ++-- buildscripts/push | 149 ------------------ .../linux-utils/Dockerfile | 0 7 files changed, 91 insertions(+), 199 deletions(-) delete mode 100755 buildscripts/push rename Dockerfile => dockerfiles/linux-utils/Dockerfile (100%) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index faaf039..2789a37 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,8 +16,13 @@ name: build on: ['push'] jobs: - linux-utils: + images: runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - image: linux-utils steps: - name: Checkout uses: actions/checkout@v4 @@ -48,9 +53,9 @@ jobs: with: # add each registry to which the image needs to be pushed here images: | - ${{ env.IMAGE_ORG }}/linux-utils - quay.io/${{ env.IMAGE_ORG }}/linux-utils - ghcr.io/${{ env.IMAGE_ORG }}/linux-utils + ${{ env.IMAGE_ORG }}/${{ matrix.image }} + quay.io/${{ env.IMAGE_ORG }}/${{ matrix.image }} + ghcr.io/${{ env.IMAGE_ORG }}/${{ matrix.image }} tags: | type=raw,value=latest,enable=false type=raw,value=${{ env.TAG }} @@ -93,7 +98,7 @@ jobs: - name: Build & Push Image uses: docker/build-push-action@v5 with: - file: ./Dockerfile + file: ./dockerfiles/${{ matrix.image }}/Dockerfile push: true platforms: linux/amd64, linux/arm64, linux/arm/v7, linux/ppc64le tags: | @@ -102,20 +107,25 @@ jobs: DBUILD_DATE=${{ steps.date.outputs.DATE }} DBUILD_REPO_URL=https://github.com/openebs/linux-utils DBUILD_SITE_URL=https://openebs.io - + trivy: runs-on: ubuntu-latest - needs: ['linux-utils'] + needs: ['images'] + strategy: + fail-fast: false + matrix: + include: + - image: linux-utils steps: - name: Checkout code uses: actions/checkout@v4 - + - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: # the tag will be always ci since only main branch is present # in this repository - image-ref: 'openebs/linux-utils:ci' + image-ref: 'openebs/${{ matrix.image }}:ci' format: 'table' exit-code: '1' ignore-unfixed: true diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 4386db7..d6cd679 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -24,6 +24,11 @@ on: jobs: linux-utils: runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - image: linux-utils steps: - name: Checkout uses: actions/checkout@v4 @@ -42,17 +47,17 @@ jobs: - name: Build Image uses: docker/build-push-action@v5 with: - file: ./Dockerfile + file: ./dockerfiles/${{ matrix.image }}/Dockerfile push: false load: true platforms: linux/amd64 tags: | - openebs/linux-utils:ci - + openebs/${{ matrix.image }}:ci + - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'openebs/linux-utils:ci' + image-ref: 'openebs/${{ matrix.image }}:ci' format: 'table' exit-code: '1' ignore-unfixed: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9dd7e98..ac2f4c6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,8 +19,13 @@ on: - 'created' jobs: - linux-utils: + images: runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - image: linux-utils steps: - name: Checkout uses: actions/checkout@v4 @@ -47,9 +52,9 @@ jobs: with: # add each registry to which the image needs to be pushed here images: | - ${{ env.IMAGE_ORG }}/linux-utils - quay.io/${{ env.IMAGE_ORG }}/linux-utils - ghcr.io/${{ env.IMAGE_ORG }}/linux-utils + ${{ env.IMAGE_ORG }}/${{ matrix.image }} + quay.io/${{ env.IMAGE_ORG }}/${{ matrix.image }} + ghcr.io/${{ env.IMAGE_ORG }}/${{ matrix.image }} tags: | type=semver,pattern={{version}} @@ -92,7 +97,7 @@ jobs: - name: Build & Push Image uses: docker/build-push-action@v5 with: - file: ./Dockerfile + file: ./dockerfiles/${{ matrix.image }}/Dockerfile push: true platforms: linux/amd64, linux/arm64, linux/arm/v7, linux/ppc64le tags: | @@ -105,20 +110,25 @@ jobs: trivy: runs-on: ubuntu-latest - needs: ['linux-utils'] + strategy: + fail-fast: false + matrix: + include: + - image: linux-utils + needs: ['images'] steps: - name: Checkout code uses: actions/checkout@v4 - + - name: Set Release Tag run: | TAG="${GITHUB_REF#refs/*/v}" echo "RELEASE_TAG=${TAG}" >> $GITHUB_ENV - + - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: openebs/linux-utils:${{ env.RELEASE_TAG }} + image-ref: openebs/${{ matrix.image }}:${{ env.RELEASE_TAG }} format: 'table' exit-code: '1' ignore-unfixed: true diff --git a/Makefile b/Makefile index 6491baf..2071206 100644 --- a/Makefile +++ b/Makefile @@ -22,15 +22,13 @@ SHELL:=/bin/bash BUILDX:=false ifeq (${IMAGE_ORG}, ) - IMAGE_ORG="openebs" + IMAGE_ORG=openebs export IMAGE_ORG endif -# Determine the DIMAGE associated with given arch/os -ifeq (${DIMAGE}, ) - #Default image name - DIMAGE:=openebs/linux-utils - export DIMAGE +ifeq (${DIMAGES}, ) + DIMAGES:=linux-utils + export DIMAGES endif #Initialize Docker build arguments. Each of these @@ -60,27 +58,31 @@ build: image push .PHONY: header header: @echo "------------------------------------" - @echo "--> Building linux utils image " + @echo "--> Building linux utils images " @echo "------------------------------------" @echo .PHONY: image image: header - @sudo docker build -t "${DIMAGE}:ci" -f Dockerfile . ${DBUILD_ARGS} - @echo - + @for image in $$DIMAGES; do \ + sudo docker build -t "$$IMAGE_ORG/$$image:ci" -f ./dockerfiles/$$image/Dockerfile . ${DBUILD_ARGS}; \ + done + @echo "Done" .PHONY: test test: @echo "---------------------------------------" @echo "--> Test required tools are available " @echo "---------------------------------------" - @sudo docker run "${DIMAGE}:ci" which mkdir - @sudo docker run "${DIMAGE}:ci" which rm - @sudo docker run "${DIMAGE}:ci" which wipefs - -.PHONY: push -push: - ./buildscripts/push; - -include Makefile.buildx.mk + @sudo docker run --rm "$$IMAGE_ORG/linux-utils:ci" which mkdir + @sudo docker run --rm "$$IMAGE_ORG/linux-utils:ci" which rm + @sudo docker run --rm "$$IMAGE_ORG/linux-utils:ci" which wipefs + +.PHONY: clobber +clobber: + @for image in $$DIMAGES; do \ + docker rmi $$IMAGE_ORG/$$image:$$TAG || true; \ + done + docker image prune -f + +include Makefile.buildx.mk \ No newline at end of file diff --git a/Makefile.buildx.mk b/Makefile.buildx.mk index 2fd1d3d..1035091 100644 --- a/Makefile.buildx.mk +++ b/Makefile.buildx.mk @@ -33,19 +33,33 @@ else export PUSH_ARG="--push" endif -DOCKERX_IMAGE=${IMAGE_ORG}/linux-utils:${TAG} - .PHONY: buildx.image buildx.image: @if ! docker buildx ls | grep -q container-builder; then\ docker buildx create --platform ${PLATFORMS} --name container-builder --use;\ fi - @docker buildx build --platform ${PLATFORMS} \ - -t "$(DOCKERX_IMAGE)" ${DBUILD_ARGS} -f Dockerfile \ - . ${PUSH_ARG} - @echo "--> Build docker image: $(DOCKERX_IMAGE)" + @echo "Building $$DIMAGES for platforms ${PLATFORMS}" + @for image in $$DIMAGES; do \ + DOCKERX_IMAGE=$$IMAGE_ORG/$$image:$$TAG; \ + echo "--> Building $$DOCKERX_IMAGE"; \ + docker buildx build --platform ${PLATFORMS} \ + -t "$$DOCKERX_IMAGE" ${DBUILD_ARGS} -f ./dockerfiles/$$image/Dockerfile \ + . ${PUSH_ARG}; \ + echo "--> Built docker image: $$DOCKERX_IMAGE"; \ + echo; \ + done + @echo "Built $$DIMAGES for platforms ${PLATFORMS}" + @docker buildx stop --builder container-builder @echo -.PHONY: buildx.push -buildx.push: - BUILDX=true DIMAGE=${IMAGE_ORG}/linux-utils ./buildscripts/push +.PHONY: buildx.clean +buildx.clean: + docker buildx rm --builder container-builder || true + docker image prune -f + +.PHONY: buildx.clobber +buildx.clobber: buildx.clean + @for image in $$DIMAGES; do \ + docker rmi $$IMAGE_ORG/$$image:$$TAG || true; \ + done + docker rmi moby/buildkit:buildx-stable-1 diff --git a/buildscripts/push b/buildscripts/push deleted file mode 100755 index a856990..0000000 --- a/buildscripts/push +++ /dev/null @@ -1,149 +0,0 @@ -#!/bin/bash - -# Copyright 2020 The OpenEBS Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -if [ -z ${DIMAGE} ]; -then - echo "Error: DIMAGE is not specified"; - exit 1 -fi - -function pushBuildx() { - BUILD_TAG="latest" - TARGET_IMG=${DIMAGE} - -# TODO Currently ci builds with commit tag will not be generated, -# since buildx does not support multiple repo - # if not a release build set the tag and ci image - if [ -z "${RELEASE_TAG}" ]; then - return -# BUILD_ID=$(git describe --tags --always) -# BUILD_TAG="${BRANCH}-${BUILD_ID}" -# TARGET_IMG="${DIMAGE}-ci" - fi - - echo "Tagging and pushing ${DIMAGE}:${TAG} as ${TARGET_IMG}:${BUILD_TAG}" - docker buildx imagetools create "${DIMAGE}:${TAG}" -t "${TARGET_IMG}:${BUILD_TAG}" -} - -# if the push is for a buildx build -if [[ ${BUILDX} ]]; then - pushBuildx - exit 0 -fi - -IMAGEID=$( sudo docker images -q ${DIMAGE}:ci ) -echo "${DIMAGE}:ci -> $IMAGEID" -if [ -z ${IMAGEID} ]; -then - echo "Error: unable to get IMAGEID for ${DIMAGE}:ci"; - exit 1 -fi - -# Generate a unique tag based on the commit and tag -BUILD_ID=$(git describe --tags --always) - -# Determine the current branch -CURRENT_BRANCH="" -if [ -z ${BRANCH} ]; -then - CURRENT_BRANCH=$(git branch | grep \* | cut -d ' ' -f2) -else - CURRENT_BRANCH=${BRANCH} -fi - -#Depending on the branch where builds are generated, -# set the tag CI (fixed) and build tags. -BUILD_TAG="${CURRENT_BRANCH}-${BUILD_ID}" -CI_TAG="${CURRENT_BRANCH}-ci" -if [ ${CURRENT_BRANCH} = "master" ]; then - CI_TAG="ci" -fi - -echo "Set the fixed ci image tag as: ${CI_TAG}" -echo "Set the build/unique image tag as: ${BUILD_TAG}" - -function TagAndPushImage() { - REPO="$1" - # Trim the `v` from the TAG if it exists - # Example: v1.10.0 maps to 1.10.0 - # Example: 1.10.0 maps to 1.10.0 - # Example: v1.10.0-custom maps to 1.10.0-custom - TAG="${2#v}" - - #Add an option to specify a custom TAG_SUFFIX - #via environment variable. Default is no tag. - #Example suffix could be "-debug" of "-dev" - IMAGE_URI="${REPO}:${TAG}${TAG_SUFFIX}"; - sudo docker tag ${IMAGEID} ${IMAGE_URI}; - echo " push ${IMAGE_URI}"; - sudo docker push ${IMAGE_URI}; -} - - -if [ ! -z "${DNAME}" ] && [ ! -z "${DPASS}" ]; -then - sudo docker login -u "${DNAME}" -p "${DPASS}"; - - # Push CI tagged image - :ci or :branch-ci - TagAndPushImage "${DIMAGE}" "${CI_TAG}" - - # Push unique tagged image - :master- or :branch- - # This unique/build image will be pushed to corresponding ci repo. - TagAndPushImage "${DIMAGE}-ci" "${BUILD_TAG}" - - if [ ! -z "${RELEASE_TAG}" ] ; - then - # Push with different tags if tagged as a release - # When github is tagged with a release, then github action will - # set the release tag in env RELEASE_TAG - TagAndPushImage "${DIMAGE}" "${RELEASE_TAG}" - TagAndPushImage "${DIMAGE}" "latest" - fi; -else - echo "No docker credentials provided. Skip uploading ${DIMAGE} to docker hub"; -fi; - -# Push ci image to quay.io for security scanning -if [ ! -z "${QNAME}" ] && [ ! -z "${QPASS}" ]; -then - sudo docker login -u "${QNAME}" -p "${QPASS}" quay.io; - - # Push CI tagged image - :ci or :branch-ci - TagAndPushImage "quay.io/${DIMAGE}" "${CI_TAG}" - - if [ ! -z "${RELEASE_TAG}" ] ; - then - # Push with different tags if tagged as a release - # When github is tagged with a release, then github action will - # set the release tag in env RELEASE_TAG - # Trim the `v` from the RELEASE_TAG if it exists - TagAndPushImage "quay.io/${DIMAGE}" "${RELEASE_TAG}" - TagAndPushImage "quay.io/${DIMAGE}" "latest" - fi; -else - echo "No docker credentials provided. Skip uploading ${DIMAGE} to quay"; -fi; - -#Push image to run openebs-e2e based on git commit -if [ ! -z "${COMMIT}" ]; -then - sudo docker login -u "${GITLAB_DNAME}" -p "${GITLAB_DPASS}"; - - # Push COMMIT tagged image - :COMMIT - TagAndPushImage "${DIMAGE}" "${COMMIT}" -fi; diff --git a/Dockerfile b/dockerfiles/linux-utils/Dockerfile similarity index 100% rename from Dockerfile rename to dockerfiles/linux-utils/Dockerfile