refactor: use buildx for multiarch container builds (#459)

2023-01-16 09:10:35 +01:00 · 2023-01-16 09:10:35 +01:00 · 8135f73ee2
parent fa1d245f12
commit 8135f73ee2
10 changed files with 45 additions and 231 deletions
--- a/.drone.jsonnet
+++ b/.drone.jsonnet
@ -217,12 +217,12 @@ local PipelineBuildPackage = {
  },
 };
-local PipelineBuildContainer(arch='amd64') = {
+local PipelineBuildContainer = {
  kind: 'pipeline',
-  name: 'build-container-' + arch,
+  name: 'build-container',
  platform: {
    os: 'linux',
-    arch: arch,
+    arch: 'amd64',
  },
  steps: [
    {
@ -239,10 +239,13 @@ local PipelineBuildContainer(arch='amd64') = {
      image: 'thegeeklab/drone-docker-buildx:20',
      settings: {
        dry_run: true,
-        dockerfile: 'docker/Dockerfile.' + arch,
+        dockerfile: 'Dockerfile.multiarch',
        repo: 'thegeeklab/${DRONE_REPO_NAME}',
-        username: { from_secret: 'docker_username' },
+        platforms: [
-        password: { from_secret: 'docker_password' },
+          'linux/amd64',
          'linux/arm64',
        ],
        provenance: false,
      },
      depends_on: ['build'],
      when: {
@ -254,11 +257,15 @@ local PipelineBuildContainer(arch='amd64') = {
      image: 'thegeeklab/drone-docker-buildx:20',
      settings: {
        auto_tag: true,
-        auto_tag_suffix: arch,
+        dockerfile: 'Dockerfile.multiarch',
        dockerfile: 'docker/Dockerfile.' + arch,
        repo: 'thegeeklab/${DRONE_REPO_NAME}',
        username: { from_secret: 'docker_username' },
        password: { from_secret: 'docker_password' },
        platforms: [
          'linux/amd64',
          'linux/arm64',
        ],
        provenance: false,
      },
      when: {
        ref: ['refs/heads/main', 'refs/tags/**'],
@ -270,12 +277,16 @@ local PipelineBuildContainer(arch='amd64') = {
      image: 'thegeeklab/drone-docker-buildx:20',
      settings: {
        auto_tag: true,
-        auto_tag_suffix: arch,
+        dockerfile: 'Dockerfile.multiarch',
        dockerfile: 'docker/Dockerfile.' + arch,
        registry: 'quay.io',
        repo: 'quay.io/thegeeklab/${DRONE_REPO_NAME}',
        username: { from_secret: 'quay_username' },
        password: { from_secret: 'quay_password' },
        platforms: [
          'linux/amd64',
          'linux/arm64',
        ],
        provenance: false,
      },
      when: {
        ref: ['refs/heads/main', 'refs/tags/**'],
@ -384,8 +395,7 @@ local PipelineDocs = {
  ],
  depends_on: [
    'build-package',
-    'build-container-amd64',
+    'build-container',
    'build-container-arm64',
  ],
  trigger: {
    ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
@ -400,37 +410,8 @@ local PipelineNotifications = {
    arch: 'amd64',
  },
  steps: [
    {
      image: 'plugins/manifest',
      name: 'manifest-dockerhub',
      settings: {
        ignore_missing: true,
        auto_tag: true,
        username: { from_secret: 'docker_username' },
        password: { from_secret: 'docker_password' },
        spec: 'docker/manifest.tmpl',
      },
      when: {
        status: ['success'],
      },
    },
    {
      image: 'plugins/manifest',
      name: 'manifest-quay',
      settings: {
        ignore_missing: true,
        auto_tag: true,
        username: { from_secret: 'quay_username' },
        password: { from_secret: 'quay_password' },
        spec: 'docker/manifest-quay.tmpl',
      },
      when: {
        status: ['success'],
      },
    },
    {
      name: 'pushrm-dockerhub',
      pull: 'always',
      image: 'chko/docker-pushrm:1',
      environment: {
        DOCKER_PASS: {
@ -449,7 +430,6 @@ local PipelineNotifications = {
    },
    {
      name: 'pushrm-quay',
      pull: 'always',
      image: 'chko/docker-pushrm:1',
      environment: {
        APIKEY__QUAY_IO: {
@ -491,8 +471,7 @@ local PipelineNotifications = {
  PipelineTest,
  PipelineSecurity,
  PipelineBuildPackage,
-  PipelineBuildContainer(arch='amd64'),
+  PipelineBuildContainer,
  PipelineBuildContainer(arch='arm64'),
  PipelineDocs,
  PipelineNotifications,
 ]
--- a/.drone.yml
+++ b/.drone.yml
@ -247,7 +247,7 @@ depends_on:
 ---
 kind: pipeline
-name: build-container-amd64
+name: build-container
 platform:
  os: linux
@ -264,13 +264,13 @@ steps:
  - name: dryrun
    image: thegeeklab/drone-docker-buildx:20
    settings:
-      dockerfile: docker/Dockerfile.amd64
+      dockerfile: Dockerfile.multiarch
      dry_run: true
-      password:
+      platforms:
-        from_secret: docker_password
+        - linux/amd64
        - linux/arm64
      provenance: false
      repo: thegeeklab/${DRONE_REPO_NAME}
      username:
        from_secret: docker_username
    when:
      ref:
        - refs/pull/**
@ -281,10 +281,13 @@ steps:
    image: thegeeklab/drone-docker-buildx:20
    settings:
      auto_tag: true
-      auto_tag_suffix: amd64
+      dockerfile: Dockerfile.multiarch
      dockerfile: docker/Dockerfile.amd64
      password:
        from_secret: docker_password
      platforms:
        - linux/amd64
        - linux/arm64
      provenance: false
      repo: thegeeklab/${DRONE_REPO_NAME}
      username:
        from_secret: docker_username
@ -299,88 +302,13 @@ steps:
    image: thegeeklab/drone-docker-buildx:20
    settings:
      auto_tag: true
-      auto_tag_suffix: amd64
+      dockerfile: Dockerfile.multiarch
      dockerfile: docker/Dockerfile.amd64
      password:
        from_secret: quay_password
      registry: quay.io
      repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
      username:
        from_secret: quay_username
    when:
      ref:
        - refs/heads/main
        - refs/tags/**
    depends_on:
      - dryrun
 trigger:
  ref:
    - refs/heads/main
    - refs/tags/**
    - refs/pull/**
 depends_on:
  - security
 ---
 kind: pipeline
 name: build-container-arm64
 platform:
  os: linux
  arch: arm64
 steps:
  - name: build
    image: python:3.11
    commands:
      - git fetch -tq
      - pip install poetry poetry-dynamic-versioning -qq
      - poetry build
  - name: dryrun
    image: thegeeklab/drone-docker-buildx:20
    settings:
      dockerfile: docker/Dockerfile.arm64
      dry_run: true
      password:
        from_secret: docker_password
      repo: thegeeklab/${DRONE_REPO_NAME}
      username:
        from_secret: docker_username
    when:
      ref:
        - refs/pull/**
    depends_on:
      - build
  - name: publish-dockerhub
    image: thegeeklab/drone-docker-buildx:20
    settings:
      auto_tag: true
      auto_tag_suffix: arm64
      dockerfile: docker/Dockerfile.arm64
      password:
        from_secret: docker_password
      repo: thegeeklab/${DRONE_REPO_NAME}
      username:
        from_secret: docker_username
    when:
      ref:
        - refs/heads/main
        - refs/tags/**
    depends_on:
      - dryrun
  - name: publish-quay
    image: thegeeklab/drone-docker-buildx:20
    settings:
      auto_tag: true
      auto_tag_suffix: arm64
      dockerfile: docker/Dockerfile.arm64
      password:
        from_secret: quay_password
      platforms:
        - linux/amd64
        - linux/arm64
      provenance: false
      registry: quay.io
      repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
      username:
@ -484,8 +412,7 @@ trigger:
 depends_on:
  - build-package
-  - build-container-amd64
+  - build-container
  - build-container-arm64
 ---
 kind: pipeline
@ -496,36 +423,7 @@ platform:
  arch: amd64
 steps:
  - name: manifest-dockerhub
    image: plugins/manifest
    settings:
      auto_tag: true
      ignore_missing: true
      password:
        from_secret: docker_password
      spec: docker/manifest.tmpl
      username:
        from_secret: docker_username
    when:
      status:
        - success
  - name: manifest-quay
    image: plugins/manifest
    settings:
      auto_tag: true
      ignore_missing: true
      password:
        from_secret: quay_password
      spec: docker/manifest-quay.tmpl
      username:
        from_secret: quay_username
    when:
      status:
        - success
  - name: pushrm-dockerhub
    pull: always
    image: chko/docker-pushrm:1
    environment:
      DOCKER_PASS:
@ -540,7 +438,6 @@ steps:
        - success
  - name: pushrm-quay
    pull: always
    image: chko/docker-pushrm:1
    environment:
      APIKEY__QUAY_IO:
@ -581,6 +478,6 @@ depends_on:
 ---
 kind: signature
-hmac: 737d9df344ce1a6f625be620e006a7adf6290e0402c0a1d742e066236c733a22
+hmac: d82784ee9ae352d39c3ac6b68caee218c41c15765f7d90ba8748931f75eeb258
 ...
--- a/docker/Dockerfile.amd64
+++ b/docker/Dockerfile.amd64
--- a/docker/Dockerfile.arm64
+++ b/docker/Dockerfile.arm64
@ -1,26 +0,0 @@
 FROM arm64v8/python:3.11-alpine@sha256:941d62a7bcc71f7d25b3fa14a8121a549a72afdc4c4e06a7636b77dca1228620
 LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
 LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
 LABEL org.opencontainers.image.title="docker-tidy"
 LABEL org.opencontainers.image.url="https://docker-tidy.geekdocs.de/"
 LABEL org.opencontainers.image.source="https://github.com/thegeeklab/docker-tidy"
 LABEL org.opencontainers.image.documentation="https://docker-tidy.geekdocs.de/"
 ENV PY_COLORS=1
 ENV TZ=UTC
 ADD dist/docker_tidy-*.whl /
 RUN apk --update add --virtual .build-deps build-base libffi-dev openssl-dev && \
    pip install --upgrade --no-cache-dir pip && \
    pip install --no-cache-dir $(find / -name "docker_tidy-*.whl") && \
    apk del .build-deps && \
    rm -f docker_tidy-*.whl && \
    rm -rf /var/cache/apk/* && \
    rm -rf /root/.cache/ && \
    rm -rf /tmp/*
 USER root
 CMD []
 ENTRYPOINT ["/usr/local/bin/docker-tidy", "gc"]
--- a/docker/manifest-quay.tmpl
+++ b/docker/manifest-quay.tmpl
@ -1,18 +0,0 @@
 image: quay.io/thegeeklab/docker-tidy:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
 {{#if build.tags}}
 tags:
 {{#each build.tags}}
  - {{this}}
 {{/each}}
 {{/if}}
 manifests:
  - image: quay.io/thegeeklab/docker-tidy:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}amd64
    platform:
      architecture: amd64
      os: linux
  - image: quay.io/thegeeklab/docker-tidy:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}arm64
    platform:
      architecture: arm64
      os: linux
      variant: v8
--- a/docker/manifest.tmpl
+++ b/docker/manifest.tmpl
@ -1,18 +0,0 @@
 image: thegeeklab/docker-tidy:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
 {{#if build.tags}}
 tags:
 {{#each build.tags}}
  - {{this}}
 {{/each}}
 {{/if}}
 manifests:
  - image: thegeeklab/docker-tidy:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}amd64
    platform:
      architecture: amd64
      os: linux
  - image: thegeeklab/docker-tidy:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}arm64
    platform:
      architecture: arm64
      os: linux
      variant: v8
--- a/dockertidy/autostop.py
+++ b/dockertidy/autostop.py
@ -2,10 +2,10 @@
 """Stop long running docker iamges."""
 import dateutil.parser
 import docker
 import docker.errors
 import requests.exceptions
 import docker
 from dockertidy.config import SingleConfig
 from dockertidy.logger import SingleLog
 from dockertidy.parser import timedelta
--- a/dockertidy/garbage_collector.py
+++ b/dockertidy/garbage_collector.py
@ -5,10 +5,10 @@ import fnmatch
 from collections import namedtuple
 import dateutil.parser
 import docker
 import docker.errors
 import requests.exceptions
 import docker
 from dockertidy.config import SingleConfig
 from dockertidy.logger import SingleLog
 from dockertidy.parser import timedelta
--- a/dockertidy/test/unit/test_autostop.py
+++ b/dockertidy/test/unit/test_autostop.py
@ -1,8 +1,8 @@
 """Test Autostop class."""
 import docker
 import pytest
 import docker
 from dockertidy import autostop
 pytest_plugins = [
--- a/dockertidy/test/unit/test_garbagecollector.py
+++ b/dockertidy/test/unit/test_garbagecollector.py
@ -1,9 +1,9 @@
 """Test GarbageCollector class."""
 import docker
 import pytest
 import requests
 import docker
 from dockertidy import garbage_collector
 pytest_plugins = [