Merge pull request #336 from smallstep/max/docker

introduce docker-buildx
This commit is contained in:
Max 2020-08-04 11:21:53 -07:00 committed by GitHub
commit 0eab3727bf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 91 additions and 70 deletions

View file

@ -46,7 +46,11 @@ VERSION ?= $(shell [ -d .git ] && git describe --tags --always --dirty="-dev")
# If we are not in an active git dir then try reading the version from .VERSION.
# .VERSION contains a slug populated by `git archive`.
VERSION := $(or $(VERSION),$(shell ./.version.sh .VERSION))
ifeq ($(TRAVIS_BRANCH),master)
PUSHTYPE := master
else
PUSHTYPE := branch
endif
endif
VERSION := $(shell echo $(VERSION) | sed 's/^v//')
@ -59,6 +63,8 @@ $(info DEB_VERSION is $(DEB_VERSION))
$(info PUSHTYPE is $(PUSHTYPE))
endif
include make/docker.mk
#########################################
# Build
#########################################
@ -169,76 +175,6 @@ run:
.PHONY: run
#########################################
# Building Docker Image
#
# Builds a dockerfile for step by building a linux version of the step-cli and
# then copying the specific binary when building the container.
#
# This ensures the container is as small as possible without having to deal
# with getting access to private repositories inside the container during build
# time.
#########################################
# XXX We put the output for the build in 'output' so we don't mess with how we
# do rule overriding from the base Makefile (if you name it 'build' it messes up
# the wildcarding).
DOCKER_OUTPUT=$(OUTPUT_ROOT)docker/
DOCKER_MAKE=V=$V GOOS_OVERRIDE='GOOS=linux GOARCH=amd64' PREFIX=$(1) make $(1)bin/$(2)
DOCKER_BUILD=$Q docker build -t smallstep/$(1):latest -f docker/$(2) --build-arg BINPATH=$(DOCKER_OUTPUT)bin/$(1) .
docker: docker-make docker/Dockerfile.step-ca
$(call DOCKER_BUILD,step-ca,Dockerfile.step-ca)
docker-make:
mkdir -p $(DOCKER_OUTPUT)
$(call DOCKER_MAKE,$(DOCKER_OUTPUT),step-ca)
.PHONY: docker docker-make
#################################################
# Releasing Docker Images
#
# Using the docker build infrastructure, this section is responsible for
# logging into docker hub and pushing the built docker containers up with the
# appropriate tags.
#################################################
DOCKER_TAG=docker tag smallstep/$(1):latest smallstep/$(1):$(2)
DOCKER_PUSH=docker push smallstep/$(1):$(2)
docker-tag:
$(call DOCKER_TAG,step-ca,$(VERSION))
docker-push-tag: docker-tag
$(call DOCKER_PUSH,step-ca,$(VERSION))
docker-push-tag-latest:
$(call DOCKER_PUSH,step-ca,latest)
# Rely on DOCKER_USERNAME and DOCKER_PASSWORD being set inside the CI or
# equivalent environment
docker-login:
$Q docker login -u="$(DOCKER_USERNAME)" -p="$(DOCKER_PASSWORD)"
.PHONY: docker-login docker-tag docker-push-tag docker-push-tag-latest
#################################################
# Targets for pushing the docker images
#################################################
# For all builds we build the docker container
docker-master: docker
# For all builds with a release candidate tag
docker-release-candidate: docker-master docker-login docker-push-tag
# For all builds with a release tag
docker-release: docker-release-candidate docker-push-tag-latest
.PHONY: docker-master docker-release-candidate docker-release
#########################################
# Debian
#########################################
@ -325,6 +261,9 @@ artifacts-tag: artifacts-linux-tag artifacts-darwin-tag artifacts-archive-tag
# Targets for creating step artifacts
#################################################
# For all builds that are not tagged and not on the master branch
artifacts-branch:
# For all builds that are not tagged
artifacts-master:

82
make/docker.mk Normal file
View file

@ -0,0 +1,82 @@
#########################################
# Building Docker Image
#
# This uses a multi-stage build file. The first stage is a builder (that might
# be large in size). After the build has succeeded, the statically linked
# binary is copied to a new image that is optimized for size.
#########################################
docker-prepare:
# Ensure, we can build for ARM architecture
[ -f /proc/sys/fs/binfmt_misc/qemu-arm ] || docker run --rm --privileged docker/binfmt:a7996909642ee92942dcd6cff44b9b95f08dad64
# Register buildx builder
mkdir -p $$HOME/.docker/cli-plugins
wget -O $$HOME/.docker/cli-plugins/docker-buildx https://github.com/docker/buildx/releases/download/v0.3.1/buildx-v0.3.1.linux-amd64
chmod +x $$HOME/.docker/cli-plugins/docker-buildx
$$HOME/.docker/cli-plugins/docker-buildx create --name mybuilder --platform amd64 --platform arm || true
$$HOME/.docker/cli-plugins/docker-buildx use mybuilder
.PHONY: docker-prepare
#################################################
# Releasing Docker Images
#
# Using the docker build infrastructure, this section is responsible for
# logging into docker hub.
#################################################
# Rely on DOCKER_USERNAME and DOCKER_PASSWORD being set inside the CI or
# equivalent environment
docker-login:
$Q docker login -u="$(DOCKER_USERNAME)" -p="$(DOCKER_PASSWORD)"
.PHONY: docker-login
#################################################
# Targets for different type of builds
#################################################
DOCKER_IMAGE_NAME = smallstep/step-ca
PLATFORMS = --platform amd64 --platform 386 --platform arm --platform arm64
define DOCKER_BUILDX
# $(1) -- Image Tag
# $(2) -- Push (empty is no push | --push will push to dockerhub)
$$HOME/.docker/cli-plugins/docker-buildx build . --progress plain -t $(DOCKER_IMAGE_NAME):$(1) -f docker/Dockerfile.step-ca $(PLATFORMS) $(2)
endef
# For non-master builds don't build the docker containers.
docker-branch:
# For master builds create the docker containers but don't push them.
docker-master: docker-prepare
$(call DOCKER_BUILDX,latest,)
# For all builds with a release candidate tag build and push the containers.
docker-release-candidate: docker-prepare docker-login
$(call DOCKER_BUILDX,$(VERSION),--push)
# For all builds with a release tag build and push the containers.
docker-release: docker-prepare docker-login
$(call DOCKER_BUILDX,latest,--push)
$(call DOCKER_BUILDX,$(VERSION),--push)
.PHONY: docker-branch docker-master docker-release-candidate docker-release
# XXX We put the output for the build in 'output' so we don't mess with how we
# do rule overriding from the base Makefile (if you name it 'build' it messes up
# the wildcarding).
DOCKER_OUTPUT=$(OUTPUT_ROOT)docker/
DOCKER_MAKE=V=$V GOOS_OVERRIDE='GOOS=linux GOARCH=amd64' PREFIX=$(1) make $(1)bin/$(BINNAME)
DOCKER_BUILD=$Q docker build -t $(DOCKER_IMAGE_NAME):latest -f docker/Dockerfile.step-ca --build-arg BINPATH=$(DOCKER_OUTPUT)bin/$(BINNAME) .
docker-dev: docker/Dockerfile.step-ca
mkdir -p $(DOCKER_OUTPUT)
$(call DOCKER_MAKE,$(DOCKER_OUTPUT),step-ca)
$(call DOCKER_BUILD)
.PHONY: docker-dev