Multi arch docker build #28
Conversation
Signed-off-by: Adam McElwee <[email protected]>
Signed-off-by: Adam McElwee <[email protected]>
Signed-off-by: Adam McElwee <[email protected]>
acmcelwee
force-pushed
the
multi-arch-docker-build
branch
from
68df406 to
986f0bc
Compare
| @@ -38,7 +38,7 @@ jobs: | |||
|
|
|||
| - name: Docker meta | |||
| id: docker_meta | |||
| uses: crazy-max/ghaction-docker-meta@v1 | |||
| uses: docker/metadata-action@v3 | |||
There was a problem hiding this comment.
Is there a reason we need to change docker meta?
There was a problem hiding this comment.
Oops, just saw your comment, do we know for sure the tags will not change between the versions?
There was a problem hiding this comment.
After a short review of metadata-actions it seems the docker image tags remain the same. 👍
There was a problem hiding this comment.
right, it seems that docker took over the action as the official owner, but the code is the same. The v1 -> v2 upgrade notes are here. AFAICT, the v1 -> v2 jump would not affect the behavior that's used in this repo. Then the v2 -> v3 jump was largely around the move to the new repo name.
|
Thanks for the PR @acmcelwee this is nice to have 👍 |
Codecov Report
@@ Coverage Diff @@
## master #28 +/- ##
=======================================
Coverage 81.00% 81.00%
=======================================
Files 4 4
Lines 300 300
=======================================
Hits 243 243
Misses 32 32
Partials 25 25 Continue to review full report at Codecov.
|
I stumbled upon this tool whilst perusing the AWS EKS Best Practices Guide, and it seems like a great way to improve on how we're currently managing updates to our aws-auth configmap with Terraform.
One thing that's missing, though, is a docker image built for the arm64 architecture. With the rapid rise of Graviton2 and Apple Silicon, I can't imagine I'll be the first person to need an arm64 image to work with an EKS cluster.
While I was here, I updated the Docker meta build step to use the official
docker/metadata-actionto replace thecrazy-max/ghaction-docker-buildxpredecessor. You can see the guidance to do so in the repo for the old action.Finally, I updated the Dockerfile to use multi-stage builds. This keeps the same build behavior that was in place before, but instead of having users download a docker image with the entire go buildchain, git, curl, aws cli, etc, the final assembled image is built on a Distroless base to reduce the surface area and risk of the container that will ultimately run.
If you need me to break out any of these changes from the others, or if you're only interested in a subset of the changes, let me know, and I can rework this PR.
Here's a test build in GH Actions where I ran through the entire docker build/push workflow, with the push going to my Docker Hub repo.