Docker: support multiarch builds (#1984)
General alignment with Kubo and other projects - Switch to Alpine for final image - Switch to Github Actions for building and pushing
This commit is contained in:
parent
d4484ec3f1
commit
b1da448418
70
.github/workflows/docker-image.yml
vendored
Normal file
70
.github/workflows/docker-image.yml
vendored
Normal file
|
@ -0,0 +1,70 @@
|
|||
name: Publish Docker image
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
push:
|
||||
branches:
|
||||
- 'master'
|
||||
tags:
|
||||
- 'v*'
|
||||
|
||||
env:
|
||||
REGISTRY: ""
|
||||
IMAGE_NAME: ipfs/ipfs-cluster
|
||||
|
||||
jobs:
|
||||
build-and-push-image:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v3
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Cache Docker layers
|
||||
uses: actions/cache@v3
|
||||
with:
|
||||
path: /tmp/.buildx-cache
|
||||
key: ${{ runner.os }}-buildx-${{ github.sha }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-buildx-
|
||||
|
||||
- name: Log in to the Container registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
# registry: ${{ env.REGISTRY }}
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
|
||||
- name: Get tags
|
||||
id: tags
|
||||
run: |
|
||||
echo "value<<EOF" >> $GITHUB_OUTPUT
|
||||
./docker/get-docker-tags.sh "$(date -u +%F)" >> $GITHUB_OUTPUT
|
||||
echo "EOF" >> $GITHUB_OUTPUT
|
||||
shell: bash
|
||||
|
||||
- name: Build Docker image and publish to Docker Hub
|
||||
uses: docker/build-push-action@v4
|
||||
with:
|
||||
platforms: linux/amd64,linux/arm/v7,linux/arm64/v8
|
||||
context: .
|
||||
push: true
|
||||
file: ./Dockerfile
|
||||
tags: "${{ steps.tags.outputs.value }}"
|
||||
cache-from: type=local,src=/tmp/.buildx-cache
|
||||
cache-to: type=local,dest=/tmp/.buildx-cache-new
|
||||
|
||||
# https://github.com/docker/build-push-action/issues/252
|
||||
# https://github.com/moby/buildkit/issues/1896
|
||||
- name: Move cache to limit growth
|
||||
run: |
|
||||
rm -rf /tmp/.buildx-cache
|
||||
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
|
28
Dockerfile
28
Dockerfile
|
@ -1,34 +1,39 @@
|
|||
FROM golang:1.20-bullseye AS builder
|
||||
MAINTAINER Hector Sanjuan <hector@protocol.ai>
|
||||
FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.20-bullseye AS builder
|
||||
MAINTAINER Hector Sanjuan <code@hector.link>
|
||||
|
||||
# This dockerfile builds and runs ipfs-cluster-service.
|
||||
ARG TARGETPLATFORM TARGETOS TARGETARCH
|
||||
|
||||
ENV GOPATH /go
|
||||
ENV SRC_PATH $GOPATH/src/github.com/ipfs-cluster/ipfs-cluster
|
||||
ENV GO111MODULE on
|
||||
ENV GOPROXY https://proxy.golang.org
|
||||
|
||||
# Get the TLS CA certificates, they're not provided by busybox.
|
||||
RUN apt-get update && apt-get install -y ca-certificates tini gosu
|
||||
|
||||
COPY --chown=1000:users go.* $SRC_PATH/
|
||||
WORKDIR $SRC_PATH
|
||||
RUN go mod download
|
||||
RUN go mod download -x
|
||||
|
||||
COPY --chown=1000:users . $SRC_PATH
|
||||
RUN git config --global --add safe.directory /go/src/github.com/ipfs-cluster/ipfs-cluster
|
||||
|
||||
ENV CGO_ENABLED 0
|
||||
RUN make install
|
||||
|
||||
|
||||
#------------------------------------------------------
|
||||
FROM busybox:1-glibc
|
||||
FROM alpine:3.18
|
||||
MAINTAINER Hector Sanjuan <hector@protocol.ai>
|
||||
|
||||
LABEL org.opencontainers.image.source=https://github.com/ipfs-cluster/ipfs-cluster
|
||||
LABEL org.opencontainers.image.description="Pinset orchestration for IPFS"
|
||||
LABEL org.opencontainers.image.licenses=MIT+APACHE_2.0
|
||||
|
||||
# Install binaries for $TARGETARCH
|
||||
RUN apk add --no-cache tini su-exec ca-certificates
|
||||
|
||||
ENV GOPATH /go
|
||||
ENV SRC_PATH /go/src/github.com/ipfs-cluster/ipfs-cluster
|
||||
ENV IPFS_CLUSTER_PATH /data/ipfs-cluster
|
||||
ENV IPFS_CLUSTER_CONSENSUS crdt
|
||||
ENV IPFS_CLUSTER_DATASTORE pebble
|
||||
|
||||
EXPOSE 9094
|
||||
EXPOSE 9095
|
||||
|
@ -38,16 +43,13 @@ COPY --from=builder $GOPATH/bin/ipfs-cluster-service /usr/local/bin/ipfs-cluster
|
|||
COPY --from=builder $GOPATH/bin/ipfs-cluster-ctl /usr/local/bin/ipfs-cluster-ctl
|
||||
COPY --from=builder $GOPATH/bin/ipfs-cluster-follow /usr/local/bin/ipfs-cluster-follow
|
||||
COPY --from=builder $SRC_PATH/docker/entrypoint.sh /usr/local/bin/entrypoint.sh
|
||||
COPY --from=builder /usr/bin/tini /usr/bin/tini
|
||||
COPY --from=builder /usr/sbin/gosu /usr/sbin/gosu
|
||||
COPY --from=builder /etc/ssl/certs /etc/ssl/certs
|
||||
|
||||
RUN mkdir -p $IPFS_CLUSTER_PATH && \
|
||||
adduser -D -h $IPFS_CLUSTER_PATH -u 1000 -G users ipfs && \
|
||||
chown ipfs:users $IPFS_CLUSTER_PATH
|
||||
|
||||
VOLUME $IPFS_CLUSTER_PATH
|
||||
ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/entrypoint.sh"]
|
||||
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/entrypoint.sh"]
|
||||
|
||||
# Defaults for ipfs-cluster-service go here
|
||||
CMD ["daemon"]
|
||||
|
|
|
@ -11,7 +11,7 @@ if [ `id -u` -eq 0 ]; then
|
|||
echo "Changing user to $user"
|
||||
# ensure directories are writable
|
||||
su-exec "$user" test -w "${IPFS_CLUSTER_PATH}" || chown -R -- "$user" "${IPFS_CLUSTER_PATH}"
|
||||
exec gosu "$user" "$0" $@
|
||||
exec su-exec "$user" "$0" $@
|
||||
fi
|
||||
|
||||
# Only ipfs user can get here
|
||||
|
@ -22,7 +22,7 @@ if [ -e "${IPFS_CLUSTER_PATH}/service.json" ]; then
|
|||
else
|
||||
echo "This container only runs ipfs-cluster-service. ipfs needs to be run separately!"
|
||||
echo "Initializing default configuration..."
|
||||
ipfs-cluster-service init --consensus "${IPFS_CLUSTER_CONSENSUS}" --datastore "${IPFS_CLUSTER_DATASTORE}"
|
||||
ipfs-cluster-service init --consensus "${IPFS_CLUSTER_CONSENSUS}"
|
||||
fi
|
||||
|
||||
exec ipfs-cluster-service $@
|
||||
|
|
55
docker/get-docker-tags.sh
Executable file
55
docker/get-docker-tags.sh
Executable file
|
@ -0,0 +1,55 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# get-docker-tags.sh produces Docker tags for the current build
|
||||
#
|
||||
# Usage:
|
||||
# ./get-docker-tags.sh <build number> <git commit sha1> <git branch name> [git tag name]
|
||||
#
|
||||
# Example:
|
||||
#
|
||||
# # get tag for the main branch
|
||||
# ./get-docker-tags.sh $(date -u +%F) testingsha main
|
||||
#
|
||||
# # get tag for a release tag
|
||||
# ./get-docker-tags.sh $(date -u +%F) testingsha release v0.5.0
|
||||
#
|
||||
# # Serving suggestion in CI
|
||||
# ./get-docker-tags.sh $(date -u +%F) "$CI_SHA1" "$CI_BRANCH" "$CI_TAG"
|
||||
#
|
||||
set -euo pipefail
|
||||
|
||||
if [[ $# -lt 1 ]] ; then
|
||||
echo 'At least 1 arg required.'
|
||||
echo 'Usage:'
|
||||
echo './get-docker-tags.sh <build number> [git commit sha1] [git branch name] [git tag name]'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
BUILD_NUM=$1
|
||||
GIT_SHA1=${2:-$(git rev-parse HEAD)}
|
||||
GIT_SHA1_SHORT=$(echo "$GIT_SHA1" | cut -c 1-7)
|
||||
GIT_BRANCH=${3:-$(git symbolic-ref -q --short HEAD || echo "unknown")}
|
||||
GIT_TAG=${4:-$(git describe --tags --exact-match 2> /dev/null || echo "")}
|
||||
|
||||
IMAGE_NAME=${IMAGE_NAME:-ipfs/ipfs-cluster}
|
||||
|
||||
echoImageName () {
|
||||
local IMAGE_TAG=$1
|
||||
echo "$IMAGE_NAME:$IMAGE_TAG"
|
||||
}
|
||||
|
||||
if [[ $GIT_TAG =~ ^v[0-9]+\.[0-9]+\.[0-9]+-rc ]]; then
|
||||
echoImageName "$GIT_TAG"
|
||||
|
||||
elif [[ $GIT_TAG =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
||||
echoImageName "$GIT_TAG"
|
||||
echoImageName "stable"
|
||||
|
||||
elif [ "$GIT_BRANCH" = "master" ]; then
|
||||
echoImageName "master-${BUILD_NUM}-${GIT_SHA1_SHORT}"
|
||||
echoImageName "master-latest"
|
||||
|
||||
else
|
||||
echo "Nothing to do. No docker tag defined for branch: $GIT_BRANCH, tag: $GIT_TAG"
|
||||
|
||||
fi
|
Loading…
Reference in New Issue
Block a user