Docker: support multiarch builds (#1984)
General alignment with Kubo and other projects - Switch to Alpine for final image - Switch to Github Actions for building and pushing
This commit is contained in:
parent
d4484ec3f1
commit
b1da448418
70
.github/workflows/docker-image.yml
vendored
Normal file
70
.github/workflows/docker-image.yml
vendored
Normal file
|
@ -0,0 +1,70 @@
|
||||||
|
name: Publish Docker image
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- 'master'
|
||||||
|
tags:
|
||||||
|
- 'v*'
|
||||||
|
|
||||||
|
env:
|
||||||
|
REGISTRY: ""
|
||||||
|
IMAGE_NAME: ipfs/ipfs-cluster
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build-and-push-image:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
packages: write
|
||||||
|
steps:
|
||||||
|
- name: Checkout repository
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Set up QEMU
|
||||||
|
uses: docker/setup-qemu-action@v3
|
||||||
|
|
||||||
|
- name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v3
|
||||||
|
|
||||||
|
- name: Cache Docker layers
|
||||||
|
uses: actions/cache@v3
|
||||||
|
with:
|
||||||
|
path: /tmp/.buildx-cache
|
||||||
|
key: ${{ runner.os }}-buildx-${{ github.sha }}
|
||||||
|
restore-keys: |
|
||||||
|
${{ runner.os }}-buildx-
|
||||||
|
|
||||||
|
- name: Log in to the Container registry
|
||||||
|
uses: docker/login-action@v3
|
||||||
|
with:
|
||||||
|
# registry: ${{ env.REGISTRY }}
|
||||||
|
username: ${{ secrets.DOCKER_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||||
|
|
||||||
|
- name: Get tags
|
||||||
|
id: tags
|
||||||
|
run: |
|
||||||
|
echo "value<<EOF" >> $GITHUB_OUTPUT
|
||||||
|
./docker/get-docker-tags.sh "$(date -u +%F)" >> $GITHUB_OUTPUT
|
||||||
|
echo "EOF" >> $GITHUB_OUTPUT
|
||||||
|
shell: bash
|
||||||
|
|
||||||
|
- name: Build Docker image and publish to Docker Hub
|
||||||
|
uses: docker/build-push-action@v4
|
||||||
|
with:
|
||||||
|
platforms: linux/amd64,linux/arm/v7,linux/arm64/v8
|
||||||
|
context: .
|
||||||
|
push: true
|
||||||
|
file: ./Dockerfile
|
||||||
|
tags: "${{ steps.tags.outputs.value }}"
|
||||||
|
cache-from: type=local,src=/tmp/.buildx-cache
|
||||||
|
cache-to: type=local,dest=/tmp/.buildx-cache-new
|
||||||
|
|
||||||
|
# https://github.com/docker/build-push-action/issues/252
|
||||||
|
# https://github.com/moby/buildkit/issues/1896
|
||||||
|
- name: Move cache to limit growth
|
||||||
|
run: |
|
||||||
|
rm -rf /tmp/.buildx-cache
|
||||||
|
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
|
28
Dockerfile
28
Dockerfile
|
@ -1,34 +1,39 @@
|
||||||
FROM golang:1.20-bullseye AS builder
|
FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.20-bullseye AS builder
|
||||||
MAINTAINER Hector Sanjuan <hector@protocol.ai>
|
MAINTAINER Hector Sanjuan <code@hector.link>
|
||||||
|
|
||||||
# This dockerfile builds and runs ipfs-cluster-service.
|
# This dockerfile builds and runs ipfs-cluster-service.
|
||||||
|
ARG TARGETPLATFORM TARGETOS TARGETARCH
|
||||||
|
|
||||||
ENV GOPATH /go
|
ENV GOPATH /go
|
||||||
ENV SRC_PATH $GOPATH/src/github.com/ipfs-cluster/ipfs-cluster
|
ENV SRC_PATH $GOPATH/src/github.com/ipfs-cluster/ipfs-cluster
|
||||||
ENV GO111MODULE on
|
|
||||||
ENV GOPROXY https://proxy.golang.org
|
ENV GOPROXY https://proxy.golang.org
|
||||||
|
|
||||||
# Get the TLS CA certificates, they're not provided by busybox.
|
|
||||||
RUN apt-get update && apt-get install -y ca-certificates tini gosu
|
|
||||||
|
|
||||||
COPY --chown=1000:users go.* $SRC_PATH/
|
COPY --chown=1000:users go.* $SRC_PATH/
|
||||||
WORKDIR $SRC_PATH
|
WORKDIR $SRC_PATH
|
||||||
RUN go mod download
|
RUN go mod download -x
|
||||||
|
|
||||||
COPY --chown=1000:users . $SRC_PATH
|
COPY --chown=1000:users . $SRC_PATH
|
||||||
RUN git config --global --add safe.directory /go/src/github.com/ipfs-cluster/ipfs-cluster
|
RUN git config --global --add safe.directory /go/src/github.com/ipfs-cluster/ipfs-cluster
|
||||||
|
|
||||||
|
ENV CGO_ENABLED 0
|
||||||
RUN make install
|
RUN make install
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------
|
#------------------------------------------------------
|
||||||
FROM busybox:1-glibc
|
FROM alpine:3.18
|
||||||
MAINTAINER Hector Sanjuan <hector@protocol.ai>
|
MAINTAINER Hector Sanjuan <hector@protocol.ai>
|
||||||
|
|
||||||
|
LABEL org.opencontainers.image.source=https://github.com/ipfs-cluster/ipfs-cluster
|
||||||
|
LABEL org.opencontainers.image.description="Pinset orchestration for IPFS"
|
||||||
|
LABEL org.opencontainers.image.licenses=MIT+APACHE_2.0
|
||||||
|
|
||||||
|
# Install binaries for $TARGETARCH
|
||||||
|
RUN apk add --no-cache tini su-exec ca-certificates
|
||||||
|
|
||||||
ENV GOPATH /go
|
ENV GOPATH /go
|
||||||
ENV SRC_PATH /go/src/github.com/ipfs-cluster/ipfs-cluster
|
ENV SRC_PATH /go/src/github.com/ipfs-cluster/ipfs-cluster
|
||||||
ENV IPFS_CLUSTER_PATH /data/ipfs-cluster
|
ENV IPFS_CLUSTER_PATH /data/ipfs-cluster
|
||||||
ENV IPFS_CLUSTER_CONSENSUS crdt
|
ENV IPFS_CLUSTER_CONSENSUS crdt
|
||||||
ENV IPFS_CLUSTER_DATASTORE pebble
|
|
||||||
|
|
||||||
EXPOSE 9094
|
EXPOSE 9094
|
||||||
EXPOSE 9095
|
EXPOSE 9095
|
||||||
|
@ -38,16 +43,13 @@ COPY --from=builder $GOPATH/bin/ipfs-cluster-service /usr/local/bin/ipfs-cluster
|
||||||
COPY --from=builder $GOPATH/bin/ipfs-cluster-ctl /usr/local/bin/ipfs-cluster-ctl
|
COPY --from=builder $GOPATH/bin/ipfs-cluster-ctl /usr/local/bin/ipfs-cluster-ctl
|
||||||
COPY --from=builder $GOPATH/bin/ipfs-cluster-follow /usr/local/bin/ipfs-cluster-follow
|
COPY --from=builder $GOPATH/bin/ipfs-cluster-follow /usr/local/bin/ipfs-cluster-follow
|
||||||
COPY --from=builder $SRC_PATH/docker/entrypoint.sh /usr/local/bin/entrypoint.sh
|
COPY --from=builder $SRC_PATH/docker/entrypoint.sh /usr/local/bin/entrypoint.sh
|
||||||
COPY --from=builder /usr/bin/tini /usr/bin/tini
|
|
||||||
COPY --from=builder /usr/sbin/gosu /usr/sbin/gosu
|
|
||||||
COPY --from=builder /etc/ssl/certs /etc/ssl/certs
|
|
||||||
|
|
||||||
RUN mkdir -p $IPFS_CLUSTER_PATH && \
|
RUN mkdir -p $IPFS_CLUSTER_PATH && \
|
||||||
adduser -D -h $IPFS_CLUSTER_PATH -u 1000 -G users ipfs && \
|
adduser -D -h $IPFS_CLUSTER_PATH -u 1000 -G users ipfs && \
|
||||||
chown ipfs:users $IPFS_CLUSTER_PATH
|
chown ipfs:users $IPFS_CLUSTER_PATH
|
||||||
|
|
||||||
VOLUME $IPFS_CLUSTER_PATH
|
VOLUME $IPFS_CLUSTER_PATH
|
||||||
ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/entrypoint.sh"]
|
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/entrypoint.sh"]
|
||||||
|
|
||||||
# Defaults for ipfs-cluster-service go here
|
# Defaults for ipfs-cluster-service go here
|
||||||
CMD ["daemon"]
|
CMD ["daemon"]
|
||||||
|
|
|
@ -11,7 +11,7 @@ if [ `id -u` -eq 0 ]; then
|
||||||
echo "Changing user to $user"
|
echo "Changing user to $user"
|
||||||
# ensure directories are writable
|
# ensure directories are writable
|
||||||
su-exec "$user" test -w "${IPFS_CLUSTER_PATH}" || chown -R -- "$user" "${IPFS_CLUSTER_PATH}"
|
su-exec "$user" test -w "${IPFS_CLUSTER_PATH}" || chown -R -- "$user" "${IPFS_CLUSTER_PATH}"
|
||||||
exec gosu "$user" "$0" $@
|
exec su-exec "$user" "$0" $@
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Only ipfs user can get here
|
# Only ipfs user can get here
|
||||||
|
@ -22,7 +22,7 @@ if [ -e "${IPFS_CLUSTER_PATH}/service.json" ]; then
|
||||||
else
|
else
|
||||||
echo "This container only runs ipfs-cluster-service. ipfs needs to be run separately!"
|
echo "This container only runs ipfs-cluster-service. ipfs needs to be run separately!"
|
||||||
echo "Initializing default configuration..."
|
echo "Initializing default configuration..."
|
||||||
ipfs-cluster-service init --consensus "${IPFS_CLUSTER_CONSENSUS}" --datastore "${IPFS_CLUSTER_DATASTORE}"
|
ipfs-cluster-service init --consensus "${IPFS_CLUSTER_CONSENSUS}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
exec ipfs-cluster-service $@
|
exec ipfs-cluster-service $@
|
||||||
|
|
55
docker/get-docker-tags.sh
Executable file
55
docker/get-docker-tags.sh
Executable file
|
@ -0,0 +1,55 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
# get-docker-tags.sh produces Docker tags for the current build
|
||||||
|
#
|
||||||
|
# Usage:
|
||||||
|
# ./get-docker-tags.sh <build number> <git commit sha1> <git branch name> [git tag name]
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
#
|
||||||
|
# # get tag for the main branch
|
||||||
|
# ./get-docker-tags.sh $(date -u +%F) testingsha main
|
||||||
|
#
|
||||||
|
# # get tag for a release tag
|
||||||
|
# ./get-docker-tags.sh $(date -u +%F) testingsha release v0.5.0
|
||||||
|
#
|
||||||
|
# # Serving suggestion in CI
|
||||||
|
# ./get-docker-tags.sh $(date -u +%F) "$CI_SHA1" "$CI_BRANCH" "$CI_TAG"
|
||||||
|
#
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
if [[ $# -lt 1 ]] ; then
|
||||||
|
echo 'At least 1 arg required.'
|
||||||
|
echo 'Usage:'
|
||||||
|
echo './get-docker-tags.sh <build number> [git commit sha1] [git branch name] [git tag name]'
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
BUILD_NUM=$1
|
||||||
|
GIT_SHA1=${2:-$(git rev-parse HEAD)}
|
||||||
|
GIT_SHA1_SHORT=$(echo "$GIT_SHA1" | cut -c 1-7)
|
||||||
|
GIT_BRANCH=${3:-$(git symbolic-ref -q --short HEAD || echo "unknown")}
|
||||||
|
GIT_TAG=${4:-$(git describe --tags --exact-match 2> /dev/null || echo "")}
|
||||||
|
|
||||||
|
IMAGE_NAME=${IMAGE_NAME:-ipfs/ipfs-cluster}
|
||||||
|
|
||||||
|
echoImageName () {
|
||||||
|
local IMAGE_TAG=$1
|
||||||
|
echo "$IMAGE_NAME:$IMAGE_TAG"
|
||||||
|
}
|
||||||
|
|
||||||
|
if [[ $GIT_TAG =~ ^v[0-9]+\.[0-9]+\.[0-9]+-rc ]]; then
|
||||||
|
echoImageName "$GIT_TAG"
|
||||||
|
|
||||||
|
elif [[ $GIT_TAG =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
||||||
|
echoImageName "$GIT_TAG"
|
||||||
|
echoImageName "stable"
|
||||||
|
|
||||||
|
elif [ "$GIT_BRANCH" = "master" ]; then
|
||||||
|
echoImageName "master-${BUILD_NUM}-${GIT_SHA1_SHORT}"
|
||||||
|
echoImageName "master-latest"
|
||||||
|
|
||||||
|
else
|
||||||
|
echo "Nothing to do. No docker tag defined for branch: $GIT_BRANCH, tag: $GIT_TAG"
|
||||||
|
|
||||||
|
fi
|
Loading…
Reference in New Issue
Block a user