Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci(release): release multi-arch docker images #11289

Merged
5 commits merged into from
Dec 19, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 7 additions & 14 deletions .github/actions/build-docker/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,6 @@ inputs:
revision:
description: 'The revision of the source the content of this image is based on.'
required: false
additionalTag:
description: 'Additional tag to be created, besides the default version tag.'
required: false
push:
description: 'If true, will push the image'
required: false
Expand All @@ -35,7 +32,7 @@ inputs:
outputs:
image:
description: "Fully qualified image name available in your local Docker daemon"
value: ${{ steps.get-images.outputs.versionedImage }}
value: ${{ steps.get-image.outputs.result }}
date:
description: "The ISO 8601 date at which the image was created"
value: ${{ steps.get-date.outputs.result }}
Expand Down Expand Up @@ -68,24 +65,20 @@ runs:
- name: Set image build label from ISO 8601 DATE
id: get-date
shell: bash
run: echo "::set-output name=result::$(date --iso-8601=seconds)"
- name: Set image names from params and/or project version
id: get-images
run: echo "result=$(date --iso-8601=seconds)" >> $GITHUB_OUTPUT
- name: Set image name from params and/or project version
id: get-image
shell: bash
run: |
export VERSION_TAG_IMAGE=${{ inputs.repository }}:${{ inputs.version || steps.get-version.outputs.result }}
export OPTIONAL_TAG_IMAGE=${{ inputs.additionalTag != '' && format('{0}:{1}', inputs.repository, inputs.additionalTag) || '' }}
echo "versionedImage=${VERSION_TAG_IMAGE}" >> $GITHUB_OUTPUT
echo "result=${VERSION_TAG_IMAGE},${OPTIONAL_TAG_IMAGE}" >> $GITHUB_OUTPUT
run: echo "result=${{ inputs.repository }}:${{ inputs.version || steps.get-version.outputs.result }}" >> $GITHUB_OUTPUT
- name: Set DISTBALL path relative to the build context
id: get-distball
shell: bash
run: echo "::set-output name=result::$(realpath --relative-to="${PWD}" ${{ inputs.distball }})"
run: echo "result=$(realpath --relative-to="${PWD}" ${{ inputs.distball }})" >> $GITHUB_OUTPUT
- name: Build Docker image
uses: docker/build-push-action@v3
with:
context: .
tags: ${{ steps.get-images.outputs.result }}
tags: ${{ steps.get-image.outputs.result }}
load: ${{ inputs.push != 'true' }}
push: ${{ inputs.push }}
no-cache: true
Expand Down
42 changes: 42 additions & 0 deletions .github/actions/verify-zeebe-docker/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# This action expects the docker to be setup beforehand
---
name: Verify Zeebe Docker Image
description: Verifies metadata of the Zeebe Docker image

inputs:
imageName:
description: 'Full name of the image, without the tag.'
required: true
date:
description: 'Date when the image to verify was built, used to verify the date label of the image.'
required: true
version:
description: 'Version tag of the image to verify.'
required: true
revision:
description: 'Revision from which the image to verify was built, used to verify the date label of the image.'
required: true
platforms:
# See https://docs.docker.com/build/ci/github-actions/examples/#multi-platform-images
description: 'Comma separated-list of platforms to verify the image for; defaults to linux/amd64'
required: false
default: 'linux/amd64'

runs:
using: composite
steps:
- name: Verify Docker image
id: verify-docker-image
shell: bash
env:
DATE: ${{ inputs.date }}
REVISION: ${{ inputs.revision }}
VERSION: ${{ inputs.version }}
PLATFORMS_RAW: ${{ inputs.platforms }}
run: |
declare -a platforms=(${PLATFORMS_RAW//,/ })

for platform in "${platforms[@]}"; do
docker pull --platform "$platform" "${{ inputs.imageName }}:${VERSION}"
${PWD}/docker/test/verify.sh "${{ inputs.imageName }}:${VERSION}" "$(echo $platform | cut -d '/' -f 2)"
done
28 changes: 14 additions & 14 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ defaults:
shell: bash

env:
BUILD_DOCKER_PLATFORMS: "linux/amd64,linux/arm64"
DOCKER_PLATFORMS: "linux/amd64,linux/arm64"

jobs:
integration-tests:
Expand Down Expand Up @@ -408,6 +408,8 @@ jobs:
image: registry:2
ports:
- 5000:5000
env:
LOCAL_DOCKER_IMAGE: localhost:5000/camunda/zeebe
steps:
- uses: actions/checkout@v3
- uses: hadolint/[email protected]
Expand All @@ -429,21 +431,19 @@ jobs:
id: build-docker
with:
# we use a local registry for pushing
repository: localhost:5000/camunda/zeebe
repository: ${{ env.LOCAL_DOCKER_IMAGE }}
distball: ${{ steps.build-zeebe.outputs.distball }}
platforms: ${{ env.BUILD_DOCKER_PLATFORMS }}
platforms: ${{ env.DOCKER_PLATFORMS }}
# push is needed for multi-arch images as buildkit does not support loading them locally
push: true
- name: Verify Docker images
env:
DATE: ${{ steps.build-docker.outputs.date }}
REVISION: ${{ github.sha }}
VERSION: ${{ steps.build-docker.outputs.version }}
run: |
docker pull --platform linux/amd64 ${{ steps.build-docker.outputs.image }}
${PWD}/docker/test/verify.sh '${{ steps.build-docker.outputs.image }}' amd64
docker pull --platform linux/arm64 ${{ steps.build-docker.outputs.image }}
${PWD}/docker/test/verify.sh '${{ steps.build-docker.outputs.image }}' arm64
- name: Verify Docker image
uses: ./.github/actions/verify-zeebe-docker
with:
imageName: ${{ env.LOCAL_DOCKER_IMAGE }}
date: ${{ steps.build-docker.outputs.date }}
revision: ${{ github.sha }}
version: ${{ steps.build-docker.outputs.version }}
platforms: ${{ env.DOCKER_PLATFORMS }}
test-summary:
# Used by bors to check all tests, including the unit test matrix.
# New test jobs must be added to the `needs` lists!
Expand Down Expand Up @@ -555,7 +555,7 @@ jobs:
with:
repository: camunda/zeebe
version: SNAPSHOT
platforms: ${{ env.BUILD_DOCKER_PLATFORMS }}
platforms: ${{ env.DOCKER_PLATFORMS }}
push: true
distball: ${{ steps.build-zeebe.outputs.distball }}
notify-if-failed:
Expand Down
47 changes: 29 additions & 18 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -260,9 +260,18 @@ jobs:
name: Docker Image Release
runs-on: n1-standard-8-netssd-preempt
timeout-minutes: 15
services:
# Local registry is used as multi arch images cannot be loaded locally but only pushed to a
# registry. As we want to verify the images first before pushing them to dockerhub though,
# a local registry is used and if verification passes images are pushed to the remote registry.
registry:
image: registry:2
ports:
- 5000:5000
env:
PLATFORMS: "linux/amd64,linux/arm64"
LOCAL_DOCKER_IMAGE: localhost:5000/camunda/zeebe
DOCKER_IMAGE: camunda/zeebe
TAG_LATEST: ${{ inputs.isLatest }}
steps:
- uses: actions/checkout@v3
with:
Expand Down Expand Up @@ -291,25 +300,27 @@ jobs:
uses: ./.github/actions/build-docker
id: build-docker
with:
repository: ${{ env.DOCKER_IMAGE }}
repository: ${{ env.LOCAL_DOCKER_IMAGE }}
version: ${{ inputs.releaseVersion }}
additionalTag: ${{ inputs.isLatest && 'latest' || '' }}
revision: ${{ needs.release.outputs.releaseTagRevision }}
push: false
# pushes to local registry for verification prior pushing to remote
push: true
distball: camunda-zeebe-${{ inputs.releaseVersion }}.tar.gz
platforms: ${{ env.PLATFORMS }}
- name: Verify Docker image
env:
DATE: ${{ steps.build-docker.outputs.date }}
REVISION: ${{ needs.release.outputs.releaseTagRevision }}
VERSION: ${{ inputs.releaseVersion }}
run: |
${PWD}/docker/test/verify.sh "${DOCKER_IMAGE}:${RELEASE_VERSION}"
if [ "$TAG_LATEST" = "true" ]; then
${PWD}/docker/test/verify.sh "${DOCKER_IMAGE}:latest"
fi
- name: Push Docker Image Tag ${{ inputs.releaseVersion }}
uses: ./.github/actions/verify-zeebe-docker
with:
imageName: ${{ env.LOCAL_DOCKER_IMAGE }}
date: ${{ steps.build-docker.outputs.date }}
revision: ${{ needs.release.outputs.releaseTagRevision }}
version: ${{ inputs.releaseVersion }}
platforms: ${{ env.PLATFORMS }}
- name: Sync Docker Image to DockerHub
id: push-docker
if: ${{ inputs.dryRun == false }}
run: docker push ${{ env.DOCKER_IMAGE }}:${{ inputs.releaseVersion }}
- name: Push Docker Image Tag latest
if: ${{ inputs.isLatest && inputs.dryRun == false }}
run: docker push ${{ env.DOCKER_IMAGE }}:latest
# see https://docs.docker.com/build/ci/github-actions/examples/#copy-images-between-registries
run: |
docker buildx imagetools create \
--tag ${{ env.DOCKER_IMAGE }}:${{ env.RELEASE_VERSION }} \
${{ inputs.isLatest && format('--tag {0}:latest', env.DOCKER_IMAGE) || '' }} \
${{ steps.build-docker.outputs.image }}