From 9e9808fe3d9b4da618e38689f9d61a1071c4a864 Mon Sep 17 00:00:00 2001 From: max furman Date: Sun, 2 Aug 2020 13:25:21 -0700 Subject: [PATCH 1/2] introduce docker-buildx --- Makefile | 79 ++++++-------------------------------------------- make/docker.mk | 67 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+), 70 deletions(-) create mode 100644 make/docker.mk diff --git a/Makefile b/Makefile index 870ad000..74063957 100644 --- a/Makefile +++ b/Makefile @@ -46,7 +46,11 @@ VERSION ?= $(shell [ -d .git ] && git describe --tags --always --dirty="-dev") # If we are not in an active git dir then try reading the version from .VERSION. # .VERSION contains a slug populated by `git archive`. VERSION := $(or $(VERSION),$(shell ./.version.sh .VERSION)) + ifeq ($(TRAVIS_BRANCH),master) PUSHTYPE := master + else +PUSHTYPE := branch + endif endif VERSION := $(shell echo $(VERSION) | sed 's/^v//') @@ -57,6 +61,8 @@ $(info VERSION is $(VERSION)) $(info PUSHTYPE is $(PUSHTYPE)) endif +include make/docker.mk + ######################################### # Build ######################################### @@ -167,76 +173,6 @@ run: .PHONY: run -######################################### -# Building Docker Image -# -# Builds a dockerfile for step by building a linux version of the step-cli and -# then copying the specific binary when building the container. -# -# This ensures the container is as small as possible without having to deal -# with getting access to private repositories inside the container during build -# time. -######################################### - -# XXX We put the output for the build in 'output' so we don't mess with how we -# do rule overriding from the base Makefile (if you name it 'build' it messes up -# the wildcarding). -DOCKER_OUTPUT=$(OUTPUT_ROOT)docker/ - -DOCKER_MAKE=V=$V GOOS_OVERRIDE='GOOS=linux GOARCH=amd64' PREFIX=$(1) make $(1)bin/$(2) -DOCKER_BUILD=$Q docker build -t smallstep/$(1):latest -f docker/$(2) --build-arg BINPATH=$(DOCKER_OUTPUT)bin/$(1) . - -docker: docker-make docker/Dockerfile.step-ca - $(call DOCKER_BUILD,step-ca,Dockerfile.step-ca) - -docker-make: - mkdir -p $(DOCKER_OUTPUT) - $(call DOCKER_MAKE,$(DOCKER_OUTPUT),step-ca) - -.PHONY: docker docker-make - -################################################# -# Releasing Docker Images -# -# Using the docker build infrastructure, this section is responsible for -# logging into docker hub and pushing the built docker containers up with the -# appropriate tags. -################################################# - -DOCKER_TAG=docker tag smallstep/$(1):latest smallstep/$(1):$(2) -DOCKER_PUSH=docker push smallstep/$(1):$(2) - -docker-tag: - $(call DOCKER_TAG,step-ca,$(VERSION)) - -docker-push-tag: docker-tag - $(call DOCKER_PUSH,step-ca,$(VERSION)) - -docker-push-tag-latest: - $(call DOCKER_PUSH,step-ca,latest) - -# Rely on DOCKER_USERNAME and DOCKER_PASSWORD being set inside the CI or -# equivalent environment -docker-login: - $Q docker login -u="$(DOCKER_USERNAME)" -p="$(DOCKER_PASSWORD)" - -.PHONY: docker-login docker-tag docker-push-tag docker-push-tag-latest - -################################################# -# Targets for pushing the docker images -################################################# - -# For all builds we build the docker container -docker-master: docker - -# For all builds with a release candidate tag -docker-release-candidate: docker-master docker-login docker-push-tag - -# For all builds with a release tag -docker-release: docker-release-candidate docker-push-tag-latest - -.PHONY: docker-master docker-release-candidate docker-release - ######################################### # Debian ######################################### @@ -323,6 +259,9 @@ artifacts-tag: artifacts-linux-tag artifacts-darwin-tag artifacts-archive-tag # Targets for creating step artifacts ################################################# +# For all builds that are not tagged and not on the master branch +artifacts-branch: + # For all builds that are not tagged artifacts-master: diff --git a/make/docker.mk b/make/docker.mk new file mode 100644 index 00000000..9a9e3c6d --- /dev/null +++ b/make/docker.mk @@ -0,0 +1,67 @@ +######################################### +# Building Docker Image +# +# This uses a multi-stage build file. The first stage is a builder (that might +# be large in size). After the build has succeeded, the statically linked +# binary is copied to a new image that is optimized for size. +######################################### + +docker-prepare: + # Ensure, we can build for ARM architecture + [ -f /proc/sys/fs/binfmt_misc/qemu-arm ] || docker run --rm --privileged docker/binfmt:a7996909642ee92942dcd6cff44b9b95f08dad64 + + # Register buildx builder + mkdir -p $$HOME/.docker/cli-plugins + + wget -O $$HOME/.docker/cli-plugins/docker-buildx https://github.com/docker/buildx/releases/download/v0.3.1/buildx-v0.3.1.linux-amd64 + chmod +x $$HOME/.docker/cli-plugins/docker-buildx + + $$HOME/.docker/cli-plugins/docker-buildx create --name mybuilder --platform amd64 --platform arm || true + $$HOME/.docker/cli-plugins/docker-buildx use mybuilder + +.PHONY: docker-prepare + +################################################# +# Releasing Docker Images +# +# Using the docker build infrastructure, this section is responsible for +# logging into docker hub. +################################################# + +# Rely on DOCKER_USERNAME and DOCKER_PASSWORD being set inside the CI or +# equivalent environment +docker-login: + $Q docker login -u="$(DOCKER_USERNAME)" -p="$(DOCKER_PASSWORD)" + +.PHONY: docker-login + +################################################# +# Targets for different type of builds +################################################# + +DOCKER_IMAGE_NAME = smallstep/step-ca +PLATFORMS = --platform amd64 --platform 386 --platform arm --platform arm64 + +define DOCKER_BUILDX + # $(1) -- Image Tag + # $(2) -- Push (empty is no push | --push will push to dockerhub) + $$HOME/.docker/cli-plugins/docker-buildx build . --progress plain -t $(DOCKER_IMAGE_NAME):$(1) -f docker/Dockerfile.step-ca $(PLATFORMS) $(2) +endef + +# For non-master builds don't build the docker containers. +docker-branch: + +# For master builds create the docker containers but don't push them. +docker-master: docker-prepare + $(call DOCKER_BUILDX,latest,) + +# For all builds with a release candidate tag build and push the containers. +docker-release-candidate: docker-prepare docker-login + $(call DOCKER_BUILDX,$(VERSION),--push) + +# For all builds with a release tag build and push the containers. +docker-release: docker-prepare docker-login + $(call DOCKER_BUILDX,latest,--push) + $(call DOCKER_BUILDX,$(VERSION),--push) + +.PHONY: docker-branch docker-master docker-release-candidate docker-release From 476bca371759b12465451075a636b3d8d7006d6b Mon Sep 17 00:00:00 2001 From: max furman Date: Mon, 3 Aug 2020 20:45:51 -0700 Subject: [PATCH 2/2] Add make docker-dev building and testing locally. --- make/docker.mk | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/make/docker.mk b/make/docker.mk index 9a9e3c6d..da41fd60 100644 --- a/make/docker.mk +++ b/make/docker.mk @@ -65,3 +65,18 @@ docker-release: docker-prepare docker-login $(call DOCKER_BUILDX,$(VERSION),--push) .PHONY: docker-branch docker-master docker-release-candidate docker-release + +# XXX We put the output for the build in 'output' so we don't mess with how we +# do rule overriding from the base Makefile (if you name it 'build' it messes up +# the wildcarding). +DOCKER_OUTPUT=$(OUTPUT_ROOT)docker/ + +DOCKER_MAKE=V=$V GOOS_OVERRIDE='GOOS=linux GOARCH=amd64' PREFIX=$(1) make $(1)bin/$(BINNAME) +DOCKER_BUILD=$Q docker build -t $(DOCKER_IMAGE_NAME):latest -f docker/Dockerfile.step-ca --build-arg BINPATH=$(DOCKER_OUTPUT)bin/$(BINNAME) . + +docker-dev: docker/Dockerfile.step-ca + mkdir -p $(DOCKER_OUTPUT) + $(call DOCKER_MAKE,$(DOCKER_OUTPUT),step-ca) + $(call DOCKER_BUILD) + +.PHONY: docker-dev