diff --git a/.github/workflows/build-debug-docker-release.yaml b/.github/workflows/build-debug-docker-release.yaml deleted file mode 100644 index c10c8448..00000000 --- a/.github/workflows/build-debug-docker-release.yaml +++ /dev/null @@ -1,71 +0,0 @@ ---- -name: Build Release - docker debug image for Github container registry -on: - workflow_dispatch: - push: - paths: - - "**/*.rs" - - "**/*.toml" - - ".github/workflows/build-debug-docker-release.yaml" - tags: - - unleash-edge-v[0-9]+.* - -permissions: - id-token: write - contents: read - packages: write - -jobs: - dockerpublish: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Install rust - run: | - rustup set auto-self-update disable - rustup toolchain install stable --profile default - rustup show - - name: Rust cache - uses: Swatinem/rust-cache@v2 - with: - prefix-key: "rust-v0-gnu" - - name: Install cross (cross compile) - run: | - cargo install cross - - name: Build release for x86_64 - run: | - cargo build --release --target=x86_64-unknown-linux-gnu - - name: Build release for aarch64 - run: | - cross build --release --target=aarch64-unknown-linux-gnu - - name: Setup docker buildx - uses: docker/setup-buildx-action@v3 - - name: Docker meta configuration (set image and tag) - uses: docker/metadata-action@v5 - id: meta - with: - images: | - ghcr.io/Unleash/unleash-edge-debug - tags: | - type=match,pattern=unleash-edge-v(\d+\.\d+.\d+),group=1,prefix=v - type=match,pattern=unleash-edge-v(\d+\.\d+).*,group=1,prefix=v - - - name: Login to Github Container registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build tag and push images - uses: docker/build-push-action@v6 - with: - file: Dockerfile.debug - context: . - platforms: linux/arm64,linux/amd64 - push: true - labels: ${{ steps.meta.outputs.labels }} - tags: ${{ steps.meta.outputs.tags }} - cache-from: type=gha - cache-to: type=gha,mode=max diff --git a/.github/workflows/build-debug-docker-with-chef.yaml b/.github/workflows/build-debug-docker-with-chef.yaml new file mode 100644 index 00000000..98a364f4 --- /dev/null +++ b/.github/workflows/build-debug-docker-with-chef.yaml @@ -0,0 +1,169 @@ +name: Build and Push Debug Docker Image (Chef) + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +on: + push: + branches: + - main + paths: + - "**/*.rs" + - "**/*.toml" + - "**/*.lock" + - ".github/workflows/build-docker-with-chef.yaml" + - "Dockerfile" + tags: + - unleash-edge-v[0-9]+.* + pull_request: + paths: + - "**/*.rs" + - "**/*.toml" + - "**/*.lock" + - ".github/workflows/build-docker-with-chef.yaml" + - "Dockerfile" + workflow_dispatch: + +env: + GHCR_SLUG: ghcr.io/unleash/unleash-edge-debug + +permissions: + id-token: write + contents: read + packages: write + +jobs: + prepare-bake-file: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.platforms.outputs.matrix }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Create matrix + id: platforms + run: | + echo "matrix=$(docker buildx bake image-all --print | jq -cr '.target."image-all".platforms')" >>${GITHUB_OUTPUT} + - name: Show matrix + run: | + echo ${{ steps.platforms.outputs.matrix }} + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.GHCR_SLUG }} + tags: | + type=match,pattern=unleash-edge-v(\d+\.\d+.\d+),group=1,prefix=v + type=match,pattern=unleash-edge-v(\d+\.\d+).*,group=1,prefix=v + type=ref,event=pr + type=edge + labels: | + org.containers.image.title=Unleash Edge + org.containers.image.vendor=Unleash + - name: Rename meta bake definition file + run: | + mv "${{ steps.meta.outputs.bake-file }}" "/tmp/bake-meta.json" + - name: Upload meta bake definition + uses: actions/upload-artifact@v4 + with: + name: bake-meta + path: /tmp/bake-meta.json + if-no-files-found: error + retention-days: 1 + + build: + runs-on: ubuntu-latest + needs: + - prepare-bake-file + strategy: + fail-fast: false + matrix: + platform: ${{ fromJson(needs.prepare-bake-file.outputs.matrix) }} + steps: + - name: Setup Platform pair + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Checkout + uses: actions/checkout@v4 + - name: Download meta bake definition + uses: actions/download-artifact@v4 + with: + name: bake-meta + path: /tmp + - name: Setup QEMU + uses: docker/setup-qemu-action@v3 + + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Github Container registry + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and bake + id: bake + uses: docker/bake-action@v5 + with: + files: | + ./docker-bake.hcl + /tmp/bake-meta.json + targets: image + set: | + *.tags= + *.platform=${{ matrix.platform }} + *.cache-from=type=gha,scope=build-${{ env.PLATFORM_PAIR }} + *.cache-to=type=gha,scope=build-${{ env.PLATFORM_PAIR }} + *.output=type=image,"name=${{ env.GHCR_SLUG }}",push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }} + - name: Export digests + run: | + mkdir -p /tmp/digests + digest="${{ fromJSON(steps.bake.outputs.metadata).image['containerimage.digest'] }}" + touch "/tmp/digests/${digest#sha256:}" + - name: Upload digests + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + runs-on: ubuntu-latest + if: github.event_name != 'pull_request' + needs: + - build + steps: + - name: Download meta bake definition + uses: actions/download-artifact@v4 + with: + name: bake-meta + path: /tmp + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: /tmp/digests + pattern: digests-* + merge-multiple: true + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Github Container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + docker buildx imagetools create $(jq -cr '.target."docker-metadata-action".tags | map(select(startswith("${{ env.GHCR_SLUG }}")) | "-t " + .) | join(" ")' /tmp/bake-meta.json) \ + $(printf '${{ env.GHCR_SLUG }}@sha256:%s ' *) + - name: Inspect image + run: | + tag=$(jq -r '.target."docker-metadata-action".args.DOCKER_META_VERSION' /tmp/bake-meta.json) + docker buildx imagetools inspect ${{ env.GHCR_SLUG }}:${tag} diff --git a/.github/workflows/build-docker-release.yaml b/.github/workflows/build-docker-release.yaml deleted file mode 100644 index e57b96ea..00000000 --- a/.github/workflows/build-docker-release.yaml +++ /dev/null @@ -1,89 +0,0 @@ ---- -name: Build Release - docker image for Github, DockerHub and AWS public gallery -on: - workflow_dispatch: - push: - paths: - - "**/*.rs" - - "**/*.toml" - - ".github/workflows/build-docker-release.yaml" - tags: - - unleash-edge-v[0-9]+.* - -permissions: - id-token: write - contents: read - packages: write - -jobs: - dockerpublish: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Install rust - run: | - rustup set auto-self-update disable - rustup toolchain install stable --profile default - rustup show - - name: Rust cache - uses: Swatinem/rust-cache@v2 - with: - prefix-key: "rust-v0-gnu" - - name: Install cross (cross compile) - run: | - cargo install cross - - name: Build release for x86_64 - run: | - cargo build --release --target=x86_64-unknown-linux-gnu - - name: Build release for aarch64 - run: | - cross build --release --target=aarch64-unknown-linux-gnu - - name: Setup docker buildx - uses: docker/setup-buildx-action@v3 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::726824350591:role/unleash-github-ecr-public-publish-role - role-session-name: edge-actions-push-to-ecr-public - aws-region: us-east-1 - - name: Login to AWS ECR - id: login-ecr-public - uses: aws-actions/amazon-ecr-login@v2 - with: - registry-type: public - - name: Docker meta configuration (set image and tag) - uses: docker/metadata-action@v5 - id: meta - with: - images: | - unleashorg/unleash-edge - ghcr.io/Unleash/unleash-edge - ${{ steps.login-ecr-public.outputs.registry }}/unleashorg/unleash-edge - tags: | - type=match,pattern=unleash-edge-v(\d+\.\d+.\d+),group=1,prefix=v - type=match,pattern=unleash-edge-v(\d+\.\d+).*,group=1,prefix=v - - - name: Login to docker hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to Github Container registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build tag and push images - uses: docker/build-push-action@v6 - with: - file: Dockerfile.publish - context: . - platforms: linux/arm64,linux/amd64 - push: true - labels: ${{ steps.meta.outputs.labels }} - tags: ${{ steps.meta.outputs.tags }} - cache-from: type=gha - cache-to: type=gha,mode=max diff --git a/.github/workflows/build-docker-with-chef.yaml b/.github/workflows/build-docker-with-chef.yaml index a9cfb87e..4ce57510 100644 --- a/.github/workflows/build-docker-with-chef.yaml +++ b/.github/workflows/build-docker-with-chef.yaml @@ -1,5 +1,9 @@ name: Build and Push Docker Image (Chef) +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + on: push: branches: @@ -9,69 +13,142 @@ on: - "**/*.toml" - "**/*.lock" - ".github/workflows/build-docker-with-chef.yaml" - - "Dockerfile.chef" + - "Dockerfile" + tags: + - unleash-edge-v[0-9]+.* + pull_request: + paths: + - "**/*.rs" + - "**/*.toml" + - "**/*.lock" + - ".github/workflows/build-docker-with-chef.yaml" + - "Dockerfile" workflow_dispatch: env: - REGISTRY_NAME: unleashorg/unleash-edge + DOCKERHUB_SLUG: unleashorg/unleash-edge + GHCR_SLUG: ghcr.io/unleash/unleash-edge + ECR_SLUG: public.ecr.aws/unleashorg/unleash-edge permissions: id-token: write contents: read packages: write + jobs: + prepare-bake-file: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.platforms.outputs.matrix }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Create matrix + id: platforms + run: | + echo "matrix=$(docker buildx bake image-all --print | jq -cr '.target."image-all".platforms')" >>${GITHUB_OUTPUT} + - name: Show matrix + run: | + echo ${{ steps.platforms.outputs.matrix }} + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.DOCKERHUB_SLUG }} + ${{ env.GHCR_SLUG }} + ${{ env.ECR_SLUG }} + tags: | + type=match,pattern=unleash-edge-v(\d+\.\d+.\d+),group=1,prefix=v + type=match,pattern=unleash-edge-v(\d+\.\d+).*,group=1,prefix=v + type=ref,event=pr + type=edge + labels: | + org.containers.image.title=Unleash Edge + org.containers.image.vendor=Unleash + - name: Rename meta bake definition file + run: | + mv "${{ steps.meta.outputs.bake-file }}" "/tmp/bake-meta.json" + - name: Upload meta bake definition + uses: actions/upload-artifact@v4 + with: + name: bake-meta + path: /tmp/bake-meta.json + if-no-files-found: error + retention-days: 1 + build: runs-on: ubuntu-latest + needs: + - prepare-bake-file strategy: fail-fast: false matrix: - platform: - - linux/amd64 - - linux/arm64 - + platform: ${{ fromJson(needs.prepare-bake-file.outputs.matrix) }} steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Prepare + - name: Setup Platform pair run: | platform=${{ matrix.platform }} echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - - - name: Docker meta configuration (set image and tag) - uses: docker/metadata-action@v5 - id: meta + - name: Checkout + uses: actions/checkout@v4 + - name: Download meta bake definition + uses: actions/download-artifact@v4 with: - images: ${{ env.REGISTRY_NAME }} - - - name: Set up QEMU + name: bake-meta + path: /tmp + - name: Setup QEMU uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx + - name: Setup Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Log in to DockerHub + - name: Login to docker hub uses: docker/login-action@v3 + if: github.event_name != 'pull_request' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Build and push by digest - id: build - uses: docker/build-push-action@v6 + - name: Login to Github Container registry + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' with: - context: . - file: Dockerfile.chef - platforms: ${{ matrix.platform }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha,scope=${{ github.repository }}-${{ github.ref_name }}-${{ matrix.platform }} - cache-to: type=gha,scope=${{ github.repository }}-${{ github.ref_name }}-${{ matrix.platform }},mode=max - outputs: type=image,name=${{ env.REGISTRY_NAME }},push-by-digest=true,name-canonical=true,push=true - - name: Export digest + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + if: github.event_name != 'pull_request' + with: + role-to-assume: arn:aws:iam::726824350591:role/unleash-github-ecr-public-publish-role + role-session-name: edge-actions-push-to-ecr-public + aws-region: us-east-1 + - name: Login to AWS ECR + id: login-ecr-public + uses: aws-actions/amazon-ecr-login@v2 + if: github.event_name != 'pull_request' + with: + registry-type: public + - name: Build and bake + id: bake + uses: docker/bake-action@v5 + with: + files: | + ./docker-bake.hcl + /tmp/bake-meta.json + targets: image + set: | + *.tags= + *.platform=${{ matrix.platform }} + *.cache-from=type=gha,scope=build-${{ env.PLATFORM_PAIR }} + *.cache-to=type=gha,scope=build-${{ env.PLATFORM_PAIR }} + *.output=type=image,"name=${{ env.DOCKERHUB_SLUG }},${{ env.GHCR_SLUG }},${{ env.ECR_SLUG }}",push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }} + - name: Export digests run: | mkdir -p /tmp/digests - digest="${{ steps.build.outputs.digest }}" + digest="${{ fromJSON(steps.bake.outputs.metadata).image['containerimage.digest'] }}" touch "/tmp/digests/${digest#sha256:}" - - - name: Upload digest + - name: Upload digests uses: actions/upload-artifact@v4 with: name: digests-${{ env.PLATFORM_PAIR }} @@ -81,39 +158,57 @@ jobs: merge: runs-on: ubuntu-latest + if: github.event_name != 'pull_request' needs: - build steps: + - name: Download meta bake definition + uses: actions/download-artifact@v4 + with: + name: bake-meta + path: /tmp - name: Download digests uses: actions/download-artifact@v4 with: path: /tmp/digests pattern: digests-* merge-multiple: true - - - name: Set up Docker Buildx + - name: Setup Docker Buildx uses: docker/setup-buildx-action@v3 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY_NAME }} - tags: | - type=raw,value=chef - - - name: Login to Docker Hub + - name: Login to docker hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - + - name: Login to Github Container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: arn:aws:iam::726824350591:role/unleash-github-ecr-public-publish-role + role-session-name: edge-actions-push-to-ecr-public + aws-region: us-east-1 + - name: Login to AWS ECR + id: login-ecr-public + uses: aws-actions/amazon-ecr-login@v2 + with: + registry-type: public - name: Create manifest list and push working-directory: /tmp/digests run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.REGISTRY_NAME }}@sha256:%s ' *) - + docker buildx imagetools create $(jq -cr '.target."docker-metadata-action".tags | map(select(startswith("${{ env.DOCKERHUB_SLUG }}")) | "-t " + .) | join(" ")' /tmp/bake-meta.json) \ + $(printf '${{ env.DOCKERHUB_SLUG }}@sha256:%s ' *) + docker buildx imagetools create $(jq -cr '.target."docker-metadata-action".tags | map(select(startswith("${{ env.GHCR_SLUG }}")) | "-t " + .) | join(" ")' /tmp/bake-meta.json) \ + $(printf '${{ env.GHCR_SLUG }}@sha256:%s ' *) + docker buildx imagetools create $(jq -cr '.target."docker-metadata-action".tags | map(select(startswith("${{ env.ECR_SLUG }}")) | "-t " + .) | join(" ")' /tmp/bake-meta.json) \ + $(printf '${{ env.ECR_SLUG }}@sha256:%s ' *) - name: Inspect image run: | - docker buildx imagetools inspect ${{ env.REGISTRY_NAME }}:${{ steps.meta.outputs.version }} + tag=$(jq -r '.target."docker-metadata-action".args.DOCKER_META_VERSION' /tmp/bake-meta.json) + docker buildx imagetools inspect ${{ env.DOCKERHUB_SLUG }}:${tag} + docker buildx imagetools inspect ${{ env.GHCR_SLUG }}:${tag} + docker buildx imagetools inspect ${{ steps.login-ecr-public.outputs.registry }}/unleashorg/unleash-edge:${tag} diff --git a/.github/workflows/build-main-debug-docker-container.yaml b/.github/workflows/build-main-debug-docker-container.yaml deleted file mode 100644 index 5421551e..00000000 --- a/.github/workflows/build-main-debug-docker-container.yaml +++ /dev/null @@ -1,69 +0,0 @@ ---- -name: Build main - debug docker image for Github Container registry -on: - workflow_dispatch: - push: - branches: - - main - paths: - - "**/*.rs" - - "**/*.toml" - - ".github/workflows/build-main-debug-docker-container.yaml" - -permissions: - id-token: write - contents: read - packages: write - -jobs: - dockerpublish: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Install rust - run: | - rustup set auto-self-update disable - rustup toolchain install stable --profile default - rustup show - - name: Rust cache - uses: Swatinem/rust-cache@v2 - with: - prefix-key: "rust-v0-gnu" - - name: Install cross (cross compile) - run: | - cargo install cross - - name: Build release for x86_64 - run: | - cargo build --release --target=x86_64-unknown-linux-gnu - - name: Build release for aarch64 - run: | - cross build --release --target=aarch64-unknown-linux-gnu - - name: Setup docker buildx - uses: docker/setup-buildx-action@v3 - - name: Docker meta configuration (set image and tag) - uses: docker/metadata-action@v5 - id: meta - with: - images: | - ghcr.io/unleash/unleash-edge-debug - tags: | - type=edge - - name: Login to Github Container registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build tag and push images - uses: docker/build-push-action@v6 - with: - file: Dockerfile.debug - context: . - platforms: linux/arm64,linux/amd64 - push: true - labels: ${{ steps.meta.outputs.labels }} - tags: ${{ steps.meta.outputs.tags }} - cache-from: type=gha - cache-to: type=gha,mode=max diff --git a/.github/workflows/build-main-docker-tag.yaml b/.github/workflows/build-main-docker-tag.yaml deleted file mode 100644 index af5b87e9..00000000 --- a/.github/workflows/build-main-docker-tag.yaml +++ /dev/null @@ -1,87 +0,0 @@ ---- -name: Build main - docker image for DockerHub and AWS public gallery -on: - workflow_dispatch: - push: - branches: - - main - paths: - - "**/*.rs" - - "**/*.toml" - - ".github/workflows/build-main-docker-tag.yaml" - -permissions: - id-token: write - contents: read - packages: write - -jobs: - dockerpublish: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Install rust - run: | - rustup set auto-self-update disable - rustup toolchain install stable --profile default - rustup show - - name: Rust cache - uses: Swatinem/rust-cache@v2 - with: - prefix-key: "rust-v0-gnu" - - name: Install cross (cross compile) - run: | - cargo install cross - - name: Build release for x86_64 - run: | - cargo build --release --target=x86_64-unknown-linux-gnu - - name: Build release for aarch64 - run: | - cross build --release --target=aarch64-unknown-linux-gnu - - name: Setup docker buildx - uses: docker/setup-buildx-action@v3 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::726824350591:role/unleash-github-ecr-public-publish-role - role-session-name: edge-actions-push-to-ecr-public - aws-region: us-east-1 - - name: Login to AWS ECR - id: login-ecr-public - uses: aws-actions/amazon-ecr-login@v2 - with: - registry-type: public - - name: Docker meta configuration (set image and tag) - uses: docker/metadata-action@v5 - id: meta - with: - images: | - unleashorg/unleash-edge - ${{ steps.login-ecr-public.outputs.registry }}/unleashorg/unleash-edge - tags: | - type=edge - - - name: Login to docker hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to Github Container registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build tag and push images - uses: docker/build-push-action@v6 - with: - file: Dockerfile.publish - context: . - platforms: linux/arm64,linux/amd64 - push: true - labels: ${{ steps.meta.outputs.labels }} - tags: ${{ steps.meta.outputs.tags }} - cache-from: type=gha - cache-to: type=gha,mode=max diff --git a/.github/workflows/docker_ecr_arch64.yaml b/.github/workflows/docker_ecr_arch64.yaml index 8e762b36..06945103 100644 --- a/.github/workflows/docker_ecr_arch64.yaml +++ b/.github/workflows/docker_ecr_arch64.yaml @@ -1,6 +1,8 @@ --- name: Build docker image for aarch64 (ECR) - +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true on: push: branches: @@ -11,6 +13,8 @@ on: - ".github/workflows/docker_ecr_arch64.yaml" tags: - unleash-edge-v[0-9]+.* + workflow_dispatch: + permissions: id-token: write contents: read @@ -20,23 +24,9 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 - - name: Install rust - run: | - rustup set auto-self-update disable - rustup toolchain install stable --profile default - rustup show - - name: Rust cache - uses: Swatinem/rust-cache@v2 - with: - prefix-key: "rust-v0-gnu" - - name: Install cross (cross compile) - run: | - cargo install cross - - name: Build release - run: | - cross build --release --target=aarch64-unknown-linux-gnu - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 + if: github.event_name != 'pull_request' with: role-to-assume: arn:aws:iam::726824350591:role/unleash-github-ecr-private-publish-role role-session-name: actions-push-to-ecr-private @@ -44,6 +34,7 @@ jobs: - name: Login to ECR id: login-ecr-eu-north uses: aws-actions/amazon-ecr-login@v2 + if: github.event_name != 'pull_request' - name: Setup docker buildx uses: docker/setup-buildx-action@v3 - name: Docker meta configuration (set image and tag) @@ -62,11 +53,15 @@ jobs: with: context: . platforms: linux/arm64 - push: true + push: ${{ github.event_name != 'pull_request' }} labels: ${{ steps.meta.outputs.labels }} tags: ${{ steps.meta.outputs.tags }} + cache-from: "type=gha,scope=build-linux-arm64" + cache-to: "type=gha,scope=build-linux-arm64" + notifypipeline: runs-on: ubuntu-latest + if: github.event_name != 'pull_request' timeout-minutes: 5 needs: docker steps: diff --git a/Dockerfile b/Dockerfile index cd1f8a09..312a62af 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,127 @@ -FROM gcr.io/distroless/cc-debian11 +FROM --platform=linux/amd64 lukemathwalker/cargo-chef:latest-rust-latest AS amd64-chef +FROM --platform=linux/arm64 lukemathwalker/cargo-chef:latest-rust-latest AS arm64-chef -COPY target/aarch64-unknown-linux-gnu/release/unleash-edge /unleash-edge -ENTRYPOINT ["/unleash-edge"] \ No newline at end of file +# Base image for the build stage - this is a multi-stage build that uses cross-compilation (thanks to --platform switch) +FROM --platform=$BUILDPLATFORM lukemathwalker/cargo-chef:latest-rust-latest AS chef +WORKDIR /app + +# Planner stage +FROM chef AS planner +COPY . . +RUN cargo chef prepare --recipe-path recipe.json + +# Builder stage +FROM chef AS builder +COPY --from=planner /app/recipe.json recipe.json + +ARG TARGETPLATFORM +ARG TARGETARCH + +# Copy runtime dependencies for specific target platform/architecture +# ARM specific folders +WORKDIR /all-files/linux/arm64/lib/aarch64-linux-gnu + +# AMD64 specific folders +WORKDIR /all-files/linux/amd64/lib/x86_64-linux-gnu +WORKDIR /all-files/linux/amd64/lib64 + +# Common folders +WORKDIR /all-files/${TARGETPLATFORM}/etc/ssl/certs +WORKDIR /all-files/${TARGETPLATFORM}/app + +# ARM64 +COPY --from=arm64-chef \ + /lib/aarch64-linux-gnu/libssl.so.3 \ + /lib/aarch64-linux-gnu/libcrypto.so.3 \ + /lib/aarch64-linux-gnu/libgcc_s.so.1 \ + /lib/aarch64-linux-gnu/libm.so.6 \ + /lib/aarch64-linux-gnu/libc.so.6 \ + /lib/aarch64-linux-gnu/libz.so.1 \ + /all-files/linux/arm64/lib/aarch64-linux-gnu/ + +COPY --from=arm64-chef \ + /lib/ld-linux-aarch64.so.1 \ + /all-files/linux/arm64/lib + +# AMD64 +COPY --from=amd64-chef \ + /lib/x86_64-linux-gnu/libssl.so.3 \ + /lib/x86_64-linux-gnu/libcrypto.so.3 \ + /lib/x86_64-linux-gnu/libgcc_s.so.1 \ + /lib/x86_64-linux-gnu/libm.so.6 \ + /lib/x86_64-linux-gnu/libc.so.6 \ + /lib/x86_64-linux-gnu/libz.so.1 \ + /all-files/linux/amd64/lib/x86_64-linux-gnu/ + +COPY --from=amd64-chef \ + /lib64/ld-linux-x86-64.so.2 \ + /all-files/linux/amd64/lib64/ + +# Common files - certs +COPY --from=amd64-chef \ + /etc/ssl/certs/ca-certificates.crt \ + /all-files/linux/amd64/etc/ssl/certs/ +COPY --from=arm64-chef \ + /etc/ssl/certs/ca-certificates.crt \ + /all-files/linux/arm64/etc/ssl/certs/ + +WORKDIR /app + +# Install dependencies for cross-compilation and protobuf +RUN dpkg --add-architecture arm64 \ + && apt-get update \ + && apt-get install -y \ + protobuf-compiler \ + g++-aarch64-linux-gnu \ + libc6-dev-arm64-cross \ + libssl-dev:arm64 \ + libzip-dev:arm64 \ + ca-certificates \ + && rustup target add aarch64-unknown-linux-gnu \ + && rustup toolchain install stable-aarch64-unknown-linux-gnu \ + && rm -rf /var/lib/apt/lists/* + +# Build dependencies - this is the caching Docker layer! +RUN case ${TARGETARCH} in \ + arm64) PKG_CONFIG_SYSROOT_DIR=/ CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc cargo chef cook --target=aarch64-unknown-linux-gnu --release --recipe-path recipe.json ;; \ + amd64) cargo chef cook --release --recipe-path recipe.json ;; \ + *) exit 1 ;; \ + esac + +# Copy the source code +COPY . /app + +# Build application - this is the caching Docker layer! +RUN case ${TARGETARCH} in \ + arm64) PKG_CONFIG_SYSROOT_DIR=/ CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc cargo build --target=aarch64-unknown-linux-gnu --release ;; \ + amd64) cargo build --release ;; \ + *) exit 1 ;; \ + esac + +# Copy all the dependencies to a separate folder +RUN set -ex; \ + # Determine target (source folder for the binary and env files) + case ${TARGETARCH} in \ + arm64) target='/app/target/aarch64-unknown-linux-gnu/release';; \ + amd64) target='/app/target/release';; \ + *) exit 1 ;; \ + esac; \ + # Copy files from the target folder to app folder + cp $target/unleash-edge /all-files/${TARGETPLATFORM}/app + +# # Create a single layer image +FROM scratch AS runtime + +# Make build arguments available in the runtime stage +ARG TARGETPLATFORM +ARG TARGETARCH + +WORKDIR /app + +# Copy the binary and the environment files from the pre-runtime stage as a single layer +COPY --from=builder /all-files/${TARGETPLATFORM} / + +# Expose the port that the application listens on. +EXPOSE 3063 + +ENTRYPOINT ["/app/unleash-edge"] diff --git a/Dockerfile.chef b/Dockerfile.chef deleted file mode 100644 index 312a62af..00000000 --- a/Dockerfile.chef +++ /dev/null @@ -1,127 +0,0 @@ -FROM --platform=linux/amd64 lukemathwalker/cargo-chef:latest-rust-latest AS amd64-chef -FROM --platform=linux/arm64 lukemathwalker/cargo-chef:latest-rust-latest AS arm64-chef - -# Base image for the build stage - this is a multi-stage build that uses cross-compilation (thanks to --platform switch) -FROM --platform=$BUILDPLATFORM lukemathwalker/cargo-chef:latest-rust-latest AS chef -WORKDIR /app - -# Planner stage -FROM chef AS planner -COPY . . -RUN cargo chef prepare --recipe-path recipe.json - -# Builder stage -FROM chef AS builder -COPY --from=planner /app/recipe.json recipe.json - -ARG TARGETPLATFORM -ARG TARGETARCH - -# Copy runtime dependencies for specific target platform/architecture -# ARM specific folders -WORKDIR /all-files/linux/arm64/lib/aarch64-linux-gnu - -# AMD64 specific folders -WORKDIR /all-files/linux/amd64/lib/x86_64-linux-gnu -WORKDIR /all-files/linux/amd64/lib64 - -# Common folders -WORKDIR /all-files/${TARGETPLATFORM}/etc/ssl/certs -WORKDIR /all-files/${TARGETPLATFORM}/app - -# ARM64 -COPY --from=arm64-chef \ - /lib/aarch64-linux-gnu/libssl.so.3 \ - /lib/aarch64-linux-gnu/libcrypto.so.3 \ - /lib/aarch64-linux-gnu/libgcc_s.so.1 \ - /lib/aarch64-linux-gnu/libm.so.6 \ - /lib/aarch64-linux-gnu/libc.so.6 \ - /lib/aarch64-linux-gnu/libz.so.1 \ - /all-files/linux/arm64/lib/aarch64-linux-gnu/ - -COPY --from=arm64-chef \ - /lib/ld-linux-aarch64.so.1 \ - /all-files/linux/arm64/lib - -# AMD64 -COPY --from=amd64-chef \ - /lib/x86_64-linux-gnu/libssl.so.3 \ - /lib/x86_64-linux-gnu/libcrypto.so.3 \ - /lib/x86_64-linux-gnu/libgcc_s.so.1 \ - /lib/x86_64-linux-gnu/libm.so.6 \ - /lib/x86_64-linux-gnu/libc.so.6 \ - /lib/x86_64-linux-gnu/libz.so.1 \ - /all-files/linux/amd64/lib/x86_64-linux-gnu/ - -COPY --from=amd64-chef \ - /lib64/ld-linux-x86-64.so.2 \ - /all-files/linux/amd64/lib64/ - -# Common files - certs -COPY --from=amd64-chef \ - /etc/ssl/certs/ca-certificates.crt \ - /all-files/linux/amd64/etc/ssl/certs/ -COPY --from=arm64-chef \ - /etc/ssl/certs/ca-certificates.crt \ - /all-files/linux/arm64/etc/ssl/certs/ - -WORKDIR /app - -# Install dependencies for cross-compilation and protobuf -RUN dpkg --add-architecture arm64 \ - && apt-get update \ - && apt-get install -y \ - protobuf-compiler \ - g++-aarch64-linux-gnu \ - libc6-dev-arm64-cross \ - libssl-dev:arm64 \ - libzip-dev:arm64 \ - ca-certificates \ - && rustup target add aarch64-unknown-linux-gnu \ - && rustup toolchain install stable-aarch64-unknown-linux-gnu \ - && rm -rf /var/lib/apt/lists/* - -# Build dependencies - this is the caching Docker layer! -RUN case ${TARGETARCH} in \ - arm64) PKG_CONFIG_SYSROOT_DIR=/ CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc cargo chef cook --target=aarch64-unknown-linux-gnu --release --recipe-path recipe.json ;; \ - amd64) cargo chef cook --release --recipe-path recipe.json ;; \ - *) exit 1 ;; \ - esac - -# Copy the source code -COPY . /app - -# Build application - this is the caching Docker layer! -RUN case ${TARGETARCH} in \ - arm64) PKG_CONFIG_SYSROOT_DIR=/ CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc cargo build --target=aarch64-unknown-linux-gnu --release ;; \ - amd64) cargo build --release ;; \ - *) exit 1 ;; \ - esac - -# Copy all the dependencies to a separate folder -RUN set -ex; \ - # Determine target (source folder for the binary and env files) - case ${TARGETARCH} in \ - arm64) target='/app/target/aarch64-unknown-linux-gnu/release';; \ - amd64) target='/app/target/release';; \ - *) exit 1 ;; \ - esac; \ - # Copy files from the target folder to app folder - cp $target/unleash-edge /all-files/${TARGETPLATFORM}/app - -# # Create a single layer image -FROM scratch AS runtime - -# Make build arguments available in the runtime stage -ARG TARGETPLATFORM -ARG TARGETARCH - -WORKDIR /app - -# Copy the binary and the environment files from the pre-runtime stage as a single layer -COPY --from=builder /all-files/${TARGETPLATFORM} / - -# Expose the port that the application listens on. -EXPOSE 3063 - -ENTRYPOINT ["/app/unleash-edge"] diff --git a/Dockerfile.cross.aarch64 b/Dockerfile.cross.aarch64 deleted file mode 100644 index 14e99eef..00000000 --- a/Dockerfile.cross.aarch64 +++ /dev/null @@ -1,3 +0,0 @@ -FROM ghcr.io/cross-rs/aarch64-unknown-linux-gnu:edge -RUN dpkg --add-architecture arm64 -RUN apt-get update && apt-get install --assume-yes libssl-dev:arm64 \ No newline at end of file diff --git a/Dockerfile.cross.x86_64 b/Dockerfile.cross.x86_64 deleted file mode 100644 index f87e94d7..00000000 --- a/Dockerfile.cross.x86_64 +++ /dev/null @@ -1,2 +0,0 @@ -FROM ghcr.io/cross-rs/x86_64-unknown-linux-gnu:edge -RUN apt-get update && apt-get install --assume-yes libssl-dev \ No newline at end of file diff --git a/Dockerfile.debug b/Dockerfile.debug index 82a57e51..0c21a76c 100644 --- a/Dockerfile.debug +++ b/Dockerfile.debug @@ -1,16 +1,128 @@ -# FINAL arch images -FROM --platform=amd64 debian:12-slim as final-amd64 -COPY target/x86_64-unknown-linux-gnu/release/unleash-edge /unleash-edge +FROM --platform=linux/amd64 lukemathwalker/cargo-chef:latest-rust-latest AS amd64-chef +FROM --platform=linux/arm64 lukemathwalker/cargo-chef:latest-rust-latest AS arm64-chef -FROM --platform=arm64 debian:12-slim as final-arm64 -COPY target/aarch64-unknown-linux-gnu/release/unleash-edge /unleash-edge +# Base image for the build stage - this is a multi-stage build that uses cross-compilation (thanks to --platform switch) +FROM --platform=$BUILDPLATFORM lukemathwalker/cargo-chef:latest-rust-latest AS chef +WORKDIR /app -# Final image -FROM final-${TARGETARCH} +# Planner stage +FROM chef AS planner +COPY . . +RUN cargo chef prepare --recipe-path recipe.json -RUN apt update -RUN apt install -y curl jq less telnet libssl3 +# Builder stage +FROM chef AS builder +COPY --from=planner /app/recipe.json recipe.json -ENV RUST_LOG=DEBUG -WORKDIR / -ENTRYPOINT [ "/unleash-edge" ] +ARG TARGETPLATFORM +ARG TARGETARCH + +# Copy runtime dependencies for specific target platform/architecture +# ARM specific folders +WORKDIR /all-files/linux/arm64/lib/aarch64-linux-gnu + +# AMD64 specific folders +WORKDIR /all-files/linux/amd64/lib/x86_64-linux-gnu +WORKDIR /all-files/linux/amd64/lib64 + +# Common folders +WORKDIR /all-files/${TARGETPLATFORM}/etc/ssl/certs +WORKDIR /all-files/${TARGETPLATFORM}/app + +# ARM64 +COPY --from=arm64-chef \ + /lib/aarch64-linux-gnu/libssl.so.3 \ + /lib/aarch64-linux-gnu/libcrypto.so.3 \ + /lib/aarch64-linux-gnu/libgcc_s.so.1 \ + /lib/aarch64-linux-gnu/libm.so.6 \ + /lib/aarch64-linux-gnu/libc.so.6 \ + /lib/aarch64-linux-gnu/libz.so.1 \ + /all-files/linux/arm64/lib/aarch64-linux-gnu/ + +COPY --from=arm64-chef \ + /lib/ld-linux-aarch64.so.1 \ + /all-files/linux/arm64/lib + +# AMD64 +COPY --from=amd64-chef \ + /lib/x86_64-linux-gnu/libssl.so.3 \ + /lib/x86_64-linux-gnu/libcrypto.so.3 \ + /lib/x86_64-linux-gnu/libgcc_s.so.1 \ + /lib/x86_64-linux-gnu/libm.so.6 \ + /lib/x86_64-linux-gnu/libc.so.6 \ + /lib/x86_64-linux-gnu/libz.so.1 \ + /all-files/linux/amd64/lib/x86_64-linux-gnu/ + +COPY --from=amd64-chef \ + /lib64/ld-linux-x86-64.so.2 \ + /all-files/linux/amd64/lib64/ + +# Common files - certs +COPY --from=amd64-chef \ + /etc/ssl/certs/ca-certificates.crt \ + /all-files/linux/amd64/etc/ssl/certs/ +COPY --from=arm64-chef \ + /etc/ssl/certs/ca-certificates.crt \ + /all-files/linux/arm64/etc/ssl/certs/ + +WORKDIR /app + +# Install dependencies for cross-compilation and protobuf +RUN dpkg --add-architecture arm64 \ + && apt-get update \ + && apt-get install -y \ + protobuf-compiler \ + g++-aarch64-linux-gnu \ + libc6-dev-arm64-cross \ + libssl-dev:arm64 \ + libzip-dev:arm64 \ + ca-certificates \ + && rustup target add aarch64-unknown-linux-gnu \ + && rustup toolchain install stable-aarch64-unknown-linux-gnu \ + && rm -rf /var/lib/apt/lists/* + +# Build dependencies - this is the caching Docker layer! +RUN case ${TARGETARCH} in \ + arm64) PKG_CONFIG_SYSROOT_DIR=/ CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc cargo chef cook --target=aarch64-unknown-linux-gnu --release --recipe-path recipe.json ;; \ + amd64) cargo chef cook --release --recipe-path recipe.json ;; \ + *) exit 1 ;; \ + esac + +# Copy the source code +COPY . /app + +# Build application - this is the caching Docker layer! +RUN case ${TARGETARCH} in \ + arm64) PKG_CONFIG_SYSROOT_DIR=/ CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc cargo build --target=aarch64-unknown-linux-gnu --release ;; \ + amd64) cargo build --release ;; \ + *) exit 1 ;; \ + esac + +# Copy all the dependencies to a separate folder +RUN set -ex; \ + # Determine target (source folder for the binary and env files) + case ${TARGETARCH} in \ + arm64) target='/app/target/aarch64-unknown-linux-gnu/release';; \ + amd64) target='/app/target/release';; \ + *) exit 1 ;; \ + esac; \ + # Copy files from the target folder to app folder + cp $target/unleash-edge /all-files/${TARGETPLATFORM}/app + +# # Create a single layer image +FROM debian:12-slim AS runtime +# Make build arguments available in the runtime stage +ARG TARGETPLATFORM +ARG TARGETARCH + +RUN apt-get update && apt-get install -y curl telnet jq + +WORKDIR /app + +# Copy the binary and the environment files from the pre-runtime stage as a single layer +COPY --from=builder /all-files/${TARGETPLATFORM}/app/unleash-edge /app/unleash-edge + +# Expose the port that the application listens on. +EXPOSE 3063 + +ENTRYPOINT ["/app/unleash-edge"] diff --git a/Dockerfile.publish b/Dockerfile.publish deleted file mode 100644 index 6583b9a7..00000000 --- a/Dockerfile.publish +++ /dev/null @@ -1,12 +0,0 @@ -# FINAL arch images -FROM --platform=amd64 gcr.io/distroless/cc-debian12:nonroot as final-amd64 -COPY target/x86_64-unknown-linux-gnu/release/unleash-edge /unleash-edge - -FROM --platform=arm64 gcr.io/distroless/cc-debian11:nonroot as final-arm64 -COPY target/aarch64-unknown-linux-gnu/release/unleash-edge /unleash-edge - -# Final image - -FROM final-${TARGETARCH} - -ENTRYPOINT [ "/unleash-edge" ] diff --git a/docker-bake.hcl b/docker-bake.hcl new file mode 100644 index 00000000..790c4fbe --- /dev/null +++ b/docker-bake.hcl @@ -0,0 +1,28 @@ +variable "DEFAULT_TAG" { + default = "unleash-edge:local" +} + +target "docker-metadata-action" { + tags = ["${DEFAULT_TAG}"] +} + +group "default" { + targets = ["image-local"] +} + +target "image" { + inherits = ["docker-metadata-action"] +} + +target "image-local" { + inherits = ["image"] + output = ["type=docker"] +} + +target "image-all" { + inherits = ["image"] + platforms = [ + "linux/amd64", + "linux/arm64" + ] +}