feat(docker): build docker images with buildkit, add actions

2022-04-08 16:45:27 +08:00 · 2022-04-08 16:45:27 +08:00 · d91b325e76
parent b07b8b4d4b
commit d91b325e76
4 changed files with 130 additions and 18 deletions
--- a/.github/workflows/docker-ci-test.yml
+++ b/.github/workflows/docker-ci-test.yml
@ -0,0 +1,37 @@
+name: push-images-test
+
+on:
+  schedule:
+      - cron: "0 0 */3 * *"
+  workflow_dispatch:
+
+env:
+  REGISTRY: docker.io
+  IMAGE_NAME: initdc/cloudflared
+
+jobs:
+  buildx:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      - name: Build and push Docker image
+        run: |
+          set -e
+          docker buildx ls
+          docker buildx build --platform linux/amd64,linux/arm64,linux/riscv64,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6 -t initdc/cloudflared:v$(TZ=Asia/Shanghai date +%Y.%m.%d) . --push
+          docker buildx build --platform linux/amd64,linux/arm64,linux/riscv64,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6 -t initdc/cloudflared:latest . --push
--- a/.github/workflows/docker-ci.yml
+++ b/.github/workflows/docker-ci.yml
@ -0,0 +1,47 @@
+name: push-images
+
+on:
+  workflow_dispatch:
+
+env:
+  REGISTRY: docker.io
+  IMAGE_NAME: ${{ secrets.DOCKER_USERNAME }}/cloudflared
+
+jobs:
+  buildx:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          platforms: |
+            linux/amd64
+            linux/arm64
+            linux/riscv64
+            linux/ppc64le
+            linux/s390x
+            linux/386
+            linux/mips64le
+            linux/mips64
+            linux/arm/v7
+            linux/arm/v6
+          tags: |
+            ${{ env.IMAGE_NAME }}:latest
+          labels: ${{ steps.meta.outputs.labels }}
--- a/47
+++ b/47
@ -1,29 +1,40 @@
-# use a builder image for building cloudflare
-ARG TARGET_GOOS
-ARG TARGET_GOARCH
-FROM golang:1.17.1 as builder
+# syntax=docker/dockerfile:1
+FROM --platform=$BUILDPLATFORM golang:1.17.1 as build
+ARG TARGETPLATFORM
+ARG BUILDPLATFORM
+
 ENV GO111MODULE=on \
-    CGO_ENABLED=0 \
-    TARGET_GOOS=${TARGET_GOOS} \
-    TARGET_GOARCH=${TARGET_GOARCH}
+    CGO_ENABLED=0 
+
+ENV FIPS=false

 WORKDIR /go/src/github.com/cloudflare/cloudflared/

-# copy our sources into the builder image
+# build with github tags
+#ADD https://github.com/cloudflare/cloudflared/archive/refs/tags/2022.4.0.zip
+
 COPY . .

 # compile cloudflared
-RUN make cloudflared
+RUN set -e \
+    && echo "Running on $BUILDPLATFORM, building for $TARGETPLATFORM" \
+    && apt-get update \
+    && apt-get install --no-install-recommends -y ruby \
+    && ruby docker-env.rb

-# use a distroless base image with glibc
-FROM gcr.io/distroless/base-debian10:nonroot
+FROM --platform=$TARGETPLATFORM alpine:edge
+COPY --from=build /go/src/github.com/cloudflare/cloudflared/cloudflared /usr/local/bin/cloudflared

-# copy our compiled binary
-COPY --from=builder --chown=nonroot /go/src/github.com/cloudflare/cloudflared/cloudflared /usr/local/bin/
+RUN set -e \
+    && apk add --no-cache ca-certificates nano

-# run as non-privileged user
-USER nonroot
+WORKDIR /root

-# command / entrypoint of container
-ENTRYPOINT ["cloudflared", "--no-autoupdate"]
-CMD ["version"]
+# ref: https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/dns-over-https-client/
+EXPOSE 53/udp
+# ref: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/ports-and-ips/
+EXPOSE 443
+EXPOSE 7844
+
+# Don't set entrypoint, user need edit config file
+CMD ["/bin/sh"]
--- a/docker-env.rb
+++ b/docker-env.rb
@ -0,0 +1,17 @@
+#!/usr/bin/ruby -w
+
+TargetPlatform = ENV.fetch('TARGETPLATFORM')
+TPArray = TargetPlatform.split('/')
+
+# ref: https://github.com/containerd/containerd/blob/v1.4.3/platforms/defaults.go
+OS = TPArray[0]
+Architecture = TPArray[1]
+Variant = TPArray[2].to_s[1]
+
+puts "GOOS=#{OS} GOARCH=#{Architecture} GOARM=#{Variant}"
+
+if Variant == ''
+    `GOOS=#{OS} GOARCH=#{Architecture} make cloudflared`
+else
+    `GOOS=#{OS} GOARCH=#{Architecture} GOARM=#{Variant}  make cloudflared`
+end