forked from TrueCloudLab/certificates
Merge pull request #336 from smallstep/max/docker
introduce docker-buildx
This commit is contained in:
commit
0eab3727bf
2 changed files with 91 additions and 70 deletions
79
Makefile
79
Makefile
|
@ -46,7 +46,11 @@ VERSION ?= $(shell [ -d .git ] && git describe --tags --always --dirty="-dev")
|
|||
# If we are not in an active git dir then try reading the version from .VERSION.
|
||||
# .VERSION contains a slug populated by `git archive`.
|
||||
VERSION := $(or $(VERSION),$(shell ./.version.sh .VERSION))
|
||||
ifeq ($(TRAVIS_BRANCH),master)
|
||||
PUSHTYPE := master
|
||||
else
|
||||
PUSHTYPE := branch
|
||||
endif
|
||||
endif
|
||||
|
||||
VERSION := $(shell echo $(VERSION) | sed 's/^v//')
|
||||
|
@ -59,6 +63,8 @@ $(info DEB_VERSION is $(DEB_VERSION))
|
|||
$(info PUSHTYPE is $(PUSHTYPE))
|
||||
endif
|
||||
|
||||
include make/docker.mk
|
||||
|
||||
#########################################
|
||||
# Build
|
||||
#########################################
|
||||
|
@ -169,76 +175,6 @@ run:
|
|||
|
||||
.PHONY: run
|
||||
|
||||
#########################################
|
||||
# Building Docker Image
|
||||
#
|
||||
# Builds a dockerfile for step by building a linux version of the step-cli and
|
||||
# then copying the specific binary when building the container.
|
||||
#
|
||||
# This ensures the container is as small as possible without having to deal
|
||||
# with getting access to private repositories inside the container during build
|
||||
# time.
|
||||
#########################################
|
||||
|
||||
# XXX We put the output for the build in 'output' so we don't mess with how we
|
||||
# do rule overriding from the base Makefile (if you name it 'build' it messes up
|
||||
# the wildcarding).
|
||||
DOCKER_OUTPUT=$(OUTPUT_ROOT)docker/
|
||||
|
||||
DOCKER_MAKE=V=$V GOOS_OVERRIDE='GOOS=linux GOARCH=amd64' PREFIX=$(1) make $(1)bin/$(2)
|
||||
DOCKER_BUILD=$Q docker build -t smallstep/$(1):latest -f docker/$(2) --build-arg BINPATH=$(DOCKER_OUTPUT)bin/$(1) .
|
||||
|
||||
docker: docker-make docker/Dockerfile.step-ca
|
||||
$(call DOCKER_BUILD,step-ca,Dockerfile.step-ca)
|
||||
|
||||
docker-make:
|
||||
mkdir -p $(DOCKER_OUTPUT)
|
||||
$(call DOCKER_MAKE,$(DOCKER_OUTPUT),step-ca)
|
||||
|
||||
.PHONY: docker docker-make
|
||||
|
||||
#################################################
|
||||
# Releasing Docker Images
|
||||
#
|
||||
# Using the docker build infrastructure, this section is responsible for
|
||||
# logging into docker hub and pushing the built docker containers up with the
|
||||
# appropriate tags.
|
||||
#################################################
|
||||
|
||||
DOCKER_TAG=docker tag smallstep/$(1):latest smallstep/$(1):$(2)
|
||||
DOCKER_PUSH=docker push smallstep/$(1):$(2)
|
||||
|
||||
docker-tag:
|
||||
$(call DOCKER_TAG,step-ca,$(VERSION))
|
||||
|
||||
docker-push-tag: docker-tag
|
||||
$(call DOCKER_PUSH,step-ca,$(VERSION))
|
||||
|
||||
docker-push-tag-latest:
|
||||
$(call DOCKER_PUSH,step-ca,latest)
|
||||
|
||||
# Rely on DOCKER_USERNAME and DOCKER_PASSWORD being set inside the CI or
|
||||
# equivalent environment
|
||||
docker-login:
|
||||
$Q docker login -u="$(DOCKER_USERNAME)" -p="$(DOCKER_PASSWORD)"
|
||||
|
||||
.PHONY: docker-login docker-tag docker-push-tag docker-push-tag-latest
|
||||
|
||||
#################################################
|
||||
# Targets for pushing the docker images
|
||||
#################################################
|
||||
|
||||
# For all builds we build the docker container
|
||||
docker-master: docker
|
||||
|
||||
# For all builds with a release candidate tag
|
||||
docker-release-candidate: docker-master docker-login docker-push-tag
|
||||
|
||||
# For all builds with a release tag
|
||||
docker-release: docker-release-candidate docker-push-tag-latest
|
||||
|
||||
.PHONY: docker-master docker-release-candidate docker-release
|
||||
|
||||
#########################################
|
||||
# Debian
|
||||
#########################################
|
||||
|
@ -325,6 +261,9 @@ artifacts-tag: artifacts-linux-tag artifacts-darwin-tag artifacts-archive-tag
|
|||
# Targets for creating step artifacts
|
||||
#################################################
|
||||
|
||||
# For all builds that are not tagged and not on the master branch
|
||||
artifacts-branch:
|
||||
|
||||
# For all builds that are not tagged
|
||||
artifacts-master:
|
||||
|
||||
|
|
82
make/docker.mk
Normal file
82
make/docker.mk
Normal file
|
@ -0,0 +1,82 @@
|
|||
#########################################
|
||||
# Building Docker Image
|
||||
#
|
||||
# This uses a multi-stage build file. The first stage is a builder (that might
|
||||
# be large in size). After the build has succeeded, the statically linked
|
||||
# binary is copied to a new image that is optimized for size.
|
||||
#########################################
|
||||
|
||||
docker-prepare:
|
||||
# Ensure, we can build for ARM architecture
|
||||
[ -f /proc/sys/fs/binfmt_misc/qemu-arm ] || docker run --rm --privileged docker/binfmt:a7996909642ee92942dcd6cff44b9b95f08dad64
|
||||
|
||||
# Register buildx builder
|
||||
mkdir -p $$HOME/.docker/cli-plugins
|
||||
|
||||
wget -O $$HOME/.docker/cli-plugins/docker-buildx https://github.com/docker/buildx/releases/download/v0.3.1/buildx-v0.3.1.linux-amd64
|
||||
chmod +x $$HOME/.docker/cli-plugins/docker-buildx
|
||||
|
||||
$$HOME/.docker/cli-plugins/docker-buildx create --name mybuilder --platform amd64 --platform arm || true
|
||||
$$HOME/.docker/cli-plugins/docker-buildx use mybuilder
|
||||
|
||||
.PHONY: docker-prepare
|
||||
|
||||
#################################################
|
||||
# Releasing Docker Images
|
||||
#
|
||||
# Using the docker build infrastructure, this section is responsible for
|
||||
# logging into docker hub.
|
||||
#################################################
|
||||
|
||||
# Rely on DOCKER_USERNAME and DOCKER_PASSWORD being set inside the CI or
|
||||
# equivalent environment
|
||||
docker-login:
|
||||
$Q docker login -u="$(DOCKER_USERNAME)" -p="$(DOCKER_PASSWORD)"
|
||||
|
||||
.PHONY: docker-login
|
||||
|
||||
#################################################
|
||||
# Targets for different type of builds
|
||||
#################################################
|
||||
|
||||
DOCKER_IMAGE_NAME = smallstep/step-ca
|
||||
PLATFORMS = --platform amd64 --platform 386 --platform arm --platform arm64
|
||||
|
||||
define DOCKER_BUILDX
|
||||
# $(1) -- Image Tag
|
||||
# $(2) -- Push (empty is no push | --push will push to dockerhub)
|
||||
$$HOME/.docker/cli-plugins/docker-buildx build . --progress plain -t $(DOCKER_IMAGE_NAME):$(1) -f docker/Dockerfile.step-ca $(PLATFORMS) $(2)
|
||||
endef
|
||||
|
||||
# For non-master builds don't build the docker containers.
|
||||
docker-branch:
|
||||
|
||||
# For master builds create the docker containers but don't push them.
|
||||
docker-master: docker-prepare
|
||||
$(call DOCKER_BUILDX,latest,)
|
||||
|
||||
# For all builds with a release candidate tag build and push the containers.
|
||||
docker-release-candidate: docker-prepare docker-login
|
||||
$(call DOCKER_BUILDX,$(VERSION),--push)
|
||||
|
||||
# For all builds with a release tag build and push the containers.
|
||||
docker-release: docker-prepare docker-login
|
||||
$(call DOCKER_BUILDX,latest,--push)
|
||||
$(call DOCKER_BUILDX,$(VERSION),--push)
|
||||
|
||||
.PHONY: docker-branch docker-master docker-release-candidate docker-release
|
||||
|
||||
# XXX We put the output for the build in 'output' so we don't mess with how we
|
||||
# do rule overriding from the base Makefile (if you name it 'build' it messes up
|
||||
# the wildcarding).
|
||||
DOCKER_OUTPUT=$(OUTPUT_ROOT)docker/
|
||||
|
||||
DOCKER_MAKE=V=$V GOOS_OVERRIDE='GOOS=linux GOARCH=amd64' PREFIX=$(1) make $(1)bin/$(BINNAME)
|
||||
DOCKER_BUILD=$Q docker build -t $(DOCKER_IMAGE_NAME):latest -f docker/Dockerfile.step-ca --build-arg BINPATH=$(DOCKER_OUTPUT)bin/$(BINNAME) .
|
||||
|
||||
docker-dev: docker/Dockerfile.step-ca
|
||||
mkdir -p $(DOCKER_OUTPUT)
|
||||
$(call DOCKER_MAKE,$(DOCKER_OUTPUT),step-ca)
|
||||
$(call DOCKER_BUILD)
|
||||
|
||||
.PHONY: docker-dev
|
Loading…
Reference in a new issue