Build multi arch images

WyriHaximusNet · Sep 29, 2024 · f526833 · f526833
1 parent 9c98c40
commit f526833
Showing 1 changed file with 108 additions and 44 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -9,15 +9,18 @@ on:
 jobs:
   registry-matrix:
     name: Extract registries from registry secret mapping
+#    if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master'
     runs-on: ubuntu-latest
+    needs:
+      - tests
     outputs:
       registry: ${{ steps.registry-matrix.outputs.registry }}
     steps:
       - uses: actions/checkout@v4
       - id: registry-matrix
         name: Extract registries from registry secret mapping
         run: |
-          echo "::set-output name=registry::$(printenv DOCKER_IMAGE_REGISTRIES_SECRET_MAPPING | jq -c 'keys')"
+          echo "registry=$(printenv DOCKER_IMAGE_REGISTRIES_SECRET_MAPPING | jq -c 'keys')" >> $GITHUB_OUTPUT
   generate-image-strategy:
     name: Generate Image Strategy
     runs-on: ubuntu-latest
@@ -30,10 +33,12 @@ jobs:
         run: |
           ls images | jq -csR '. + "random" | split("\n")' > images.list
           cat images.list
-          echo "::set-output name=images::$(cat images.list)"
+          echo "images=$(cat images.list)" >> $GITHUB_OUTPUT
   generate-rule-strategy:
     name: Generate Rules Strategy
     runs-on: ubuntu-latest
+    needs:
+      - scan-vulnerability
     outputs:
       rules: ${{ steps.generate-rule-strategy.outputs.rules }}
     steps:
@@ -43,7 +48,7 @@ jobs:
         run: |
           ls tests/rules | jq -csR '. | rtrimstr("\n") | split("\n")' > rules.list
           cat rules.list
-          echo "::set-output name=rules::$(cat rules.list)"
+          echo "rules=$(cat rules.list)" >> $GITHUB_OUTPUT
   lint-dockerfile:
     name: Lint ${{ matrix.image }}'s Dockerfile
     needs:
@@ -63,77 +68,120 @@ jobs:
           entrypoint: hadolint
           args: ./images/${{ matrix.image }}/Dockerfile
   build-docker-image:
-    name: Build ${{ matrix.image }} Docker
+    name: Build ${{ matrix.image }} Docker (${{ matrix.platform }})
     strategy:
       fail-fast: false
       matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
         image: ${{ fromJson(needs.generate-image-strategy.outputs.images) }}
     needs:
       - generate-image-strategy
       - lint-dockerfile
     runs-on: ubuntu-latest
     steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY_IMAGE }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       - uses: actions/checkout@v4
       - run: cp -R $(echo -e "./images/$(ls ./images/ | shuf -n 1)") ./images/random
         if: matrix.image == 'random'
-      - run: docker image build --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` --build-arg VCS_REF=`git rev-parse --short HEAD` -t "${DOCKER_IMAGE}:${{ matrix.image }}" --no-cache --build-arg VERSION=$TAG_VERSION ./images/${{ matrix.image }}/
       - run: mkdir ./docker-image
-      - run: docker save "${DOCKER_IMAGE}:${{ matrix.image }}" -o ./docker-image/docker_image.tar
-      - uses: actions/upload-artifact@master
+      - run: docker image build --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` --build-arg VCS_REF=`git rev-parse --short HEAD` -t "${DOCKER_IMAGE}:${{ matrix.image }}-${{ env.PLATFORM_PAIR }}" --no-cache --build-arg VERSION=$TAG_VERSION ./images/${{ matrix.image }}/
+      - run: docker save "${DOCKER_IMAGE}:${{ matrix.image }}-${{ env.PLATFORM_PAIR }}" -o ./docker-image/docker_image-${{ env.PLATFORM_PAIR }}.tar
+#      - name: Build
+#        uses: docker/build-push-action@v6
+#        with:
+#          context: ./images/${{ matrix.image }}/
+#          tags: ${{ env.DOCKER_IMAGE }}:${{ matrix.image }}
+#          platforms: ${{ matrix.platform }}
+#          labels: ${{ steps.meta.outputs.labels }}
+#          outputs: type=tar,dest=./docker-image/docker_image-${{ env.PLATFORM_PAIR }}.tar
+#          cache-from: type=gha
+#          cache-to: type=gha,mode=max
+      - uses: actions/upload-artifact@v4
         with:
-          name: docker-image-${{ matrix.image }}
+          name: docker-image-${{ matrix.image }}-${{ env.PLATFORM_PAIR }}
           path: ./docker-image
   scan-vulnerability:
-    name: Scan ${{ matrix.image }} for vulnerabilities
+    name: Scan ${{ matrix.image }} for vulnerabilities (${{ matrix.platform }})
     strategy:
       fail-fast: false
       matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
         image: ${{ fromJson(needs.generate-image-strategy.outputs.images) }}
     needs:
       - generate-image-strategy
       - build-docker-image
     runs-on: ubuntu-latest
     steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
       - uses: actions/checkout@v4
-      - uses: actions/download-artifact@master
+      - uses: actions/download-artifact@v4
         with:
-          name: docker-image-${{ matrix.image }}
-          path: ./docker-image
-      - run: docker load --input ./docker-image/docker_image.tar
-      - run: rm -Rf ./docker-image/
-      - run: echo -e "${DOCKER_IMAGE}:${{ matrix.image }}" | xargs -I % sh -c 'docker run -v /tmp/trivy:/var/lib/trivy -v /var/run/docker.sock:/var/run/docker.sock -t aquasec/trivy:latest --cache-dir /var/lib/trivy image --exit-code 1 --no-progress --format table %'
+          name: docker-image-${{ matrix.image }}-${{ env.PLATFORM_PAIR }}
+          path: /tmp/docker-image
+      - run: docker load --input /tmp/docker-image/docker_image-${{ env.PLATFORM_PAIR }}.tar
+      - run: rm -Rf /tmp/docker-image/
+      - run: echo -e "wyrihaximusnet/redirect:${{ matrix.image }}-${{ env.PLATFORM_PAIR }}" | xargs -I % sh -c 'docker run -v /tmp/trivy:/var/lib/trivy -v /var/run/docker.sock:/var/run/docker.sock -t aquasec/trivy:latest --cache-dir /var/lib/trivy image --exit-code 1 --no-progress --format table %'
   tests:
-    name: Test ${{ matrix.image }} against ${{ matrix.rule }}
+    name: Test ${{ matrix.image }} against ${{ matrix.rule }} (${{ matrix.platform }})
     needs:
       - generate-image-strategy
       - generate-rule-strategy
       - scan-vulnerability
     strategy:
       fail-fast: false
       matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
         image: ${{ fromJson(needs.generate-image-strategy.outputs.images) }}
         rule: ${{ fromJson(needs.generate-rule-strategy.outputs.rules) }}
     runs-on: ubuntu-latest
     steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
       - uses: actions/checkout@v4
-      - uses: actions/download-artifact@master
+      - uses: actions/download-artifact@v4
         with:
-          name: docker-image-${{ matrix.image }}
-          path: ./docker-image
-      - run: docker load --input ./docker-image/docker_image.tar
-      - name: Start image ${{ matrix.image }}
-        run: docker run -d --rm -v ${GITHUB_WORKSPACE}/${REDIRECT_CONFIG_FILE}:/etc/redirect/config.yaml ${DOCKER_IMAGE}:${{ matrix.image }}
+          name: docker-image-${{ matrix.image }}-${{ env.PLATFORM_PAIR }}
+          path: /tmp/docker-image
+      - run: docker load --input /tmp/docker-image/docker_image-${{ env.PLATFORM_PAIR }}.tar
+      - run: docker image ls -a
+      - name: Start image ${{ matrix.image }} (${{ matrix.platform }})
+        run: docker run -d --rm -v ${GITHUB_WORKSPACE}/${REDIRECT_CONFIG_FILE}:/etc/redirect/config.yaml wyrihaximusnet/redirect:${{ matrix.image }}-${{ env.PLATFORM_PAIR }}
         env:
           IMAGE: ${{ steps.build.outputs.tag }}
           REDIRECT_CONFIG_FILE: tests/rules/${{ matrix.rule }}/config.yaml
       - name: Get running image ID
         id: ps
-        run: printf "::set-output name=id::%s" $(docker ps --format "{{.ID}}")
+        run: printf "id=%s" $(docker ps --format "{{.ID}}") >> $GITHUB_OUTPUT
         env:
           IMAGE: ${{ steps.build.outputs.tag }}
       - name: Get running image IP
         id: inspect
-        run: printf "::set-output name=ip::%s" $(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${IMAGE_ID})
+        run: printf "ip=%s" $(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${IMAGE_ID}) >> $GITHUB_OUTPUT
         env:
           IMAGE_ID: ${{ steps.ps.outputs.id }}
       - name: Sleep 13 seconds before attempting to connect
@@ -165,7 +213,7 @@ jobs:
         env:
           IMAGE_ID: ${{ steps.ps.outputs.id }}
   push-image:
-    if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master'
+#    if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master'
     name: Push ${{ matrix.image }} to ${{ matrix.registry }}
     strategy:
       fail-fast: false
@@ -178,25 +226,41 @@ jobs:
       - registry-matrix
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/download-artifact@master
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - uses: actions/download-artifact@v4
         with:
-          name: docker-image-${{ matrix.image }}
-          path: ./docker-image
-      - run: docker load --input ./docker-image/docker_image.tar
-      - run: rm -Rf ./docker-image/
-      - name: Login to ${{ matrix.registry }}
-        run: |
-          echo "${{ env.DOCKER_PASSWORD }}" | \
-          docker login ${{ matrix.registry }} \
-            --username "${{ env.DOCKER_USER }}" \
-            --password-stdin
-        env:
-          DOCKER_USER: ${{ secrets.HUB_USERNAME }}
-          DOCKER_PASSWORD: ${{ secrets[fromJson(env.DOCKER_IMAGE_REGISTRIES_SECRET_MAPPING)[matrix.registry]] }}
+          pattern: docker-image-${{ matrix.image }}-*
+          path: /tmp/docker-image
+          merge-multiple: true
+      - run: ls -lasth /tmp/docker-image/
+      - run: |
+          for f in /tmp/docker-image/docker_image-*.tar; do
+            docker load --input $f
+          done
+      - run: rm -Rf /tmp/docker-image/
+      - run: docker images
+#      - name: Login to ${{ matrix.registry }}
+#        run: |
+#          echo "${{ env.DOCKER_PASSWORD }}" | \
+#          docker login ${{ matrix.registry }} \
+#            --username "${{ env.DOCKER_USER }}" \
+#            --password-stdin
+#        env:
+#          DOCKER_USER: ${{ secrets.HUB_USERNAME }}
+#          DOCKER_PASSWORD: ${{ secrets[fromJson(env.DOCKER_IMAGE_REGISTRIES_SECRET_MAPPING)[matrix.registry]] }}
       - name: Docker info
         run: docker info
-      - run: docker tag ${DOCKER_IMAGE}:${{ matrix.image }} ${{ matrix.registry }}/${DOCKER_IMAGE}:${{ matrix.image }}
-      - name: Echo full tag
-        run: echo -e "${{ matrix.registry }}/${DOCKER_IMAGE}:${{ matrix.image }}"
-      - name: Push image to Docker Hub
-        run: docker push "${{ matrix.registry }}/${DOCKER_IMAGE}:${{ matrix.image }}"
+      - name: Create merge Dockerfile
+        run: echo "FROM ${{ matrix.registry }}/wyrihaximusnet/redirect:${{ matrix.image }}-\${TARGETOS}-\${TARGETARCH}" >> docker-file-${{ matrix.registry }}-wyrihaximusnet-redirect-${{ matrix.image }}
+      - run: cat docker-file-${{ matrix.registry }}-wyrihaximusnet-redirect-${{ matrix.image }}
+      - name: Merged different arch imags into one
+        run: docker buildx build -f docker-file-${{ matrix.registry }}-wyrihaximusnet-redirect-${{ matrix.image }} --platform=linux/amd64,linux/arm64 -t ${{ matrix.registry }}/wyrihaximusnet/redirect:${{ matrix.image }} .
+      - run: docker images
+      - run: docker manifest inspect ${{ matrix.registry }}/wyrihaximusnet/redirect:${{ matrix.image }}
+#      - name: Echo full tag
+#        run: echo -e "${{ matrix.registry }}/wyrihaximusnet/redirect:${{ matrix.image }}"
+#      - name: Push image to Docker Hub
+#        run: docker push "${{ matrix.registry }}/wyrihaximusnet/redirect:${{ matrix.image }}"