From d91b325e764d0172bf2e6ae87fcda2540acc7a3e Mon Sep 17 00:00:00 2001 From: initdc Date: Fri, 8 Apr 2022 16:45:27 +0800 Subject: [PATCH] feat(docker): build docker images with buildkit, add actions --- .github/workflows/docker-ci-test.yml | 37 ++++++++++++++++++++++ .github/workflows/docker-ci.yml | 47 ++++++++++++++++++++++++++++ Dockerfile | 47 +++++++++++++++++----------- docker-env.rb | 17 ++++++++++ 4 files changed, 130 insertions(+), 18 deletions(-) create mode 100644 .github/workflows/docker-ci-test.yml create mode 100644 .github/workflows/docker-ci.yml create mode 100644 docker-env.rb diff --git a/.github/workflows/docker-ci-test.yml b/.github/workflows/docker-ci-test.yml new file mode 100644 index 00000000..60bdeb4e --- /dev/null +++ b/.github/workflows/docker-ci-test.yml @@ -0,0 +1,37 @@ +name: push-images-test + +on: + schedule: + - cron: "0 0 */3 * *" + workflow_dispatch: + +env: + REGISTRY: docker.io + IMAGE_NAME: initdc/cloudflared + +jobs: + buildx: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v3 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Build and push Docker image + run: | + set -e + docker buildx ls + docker buildx build --platform linux/amd64,linux/arm64,linux/riscv64,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6 -t initdc/cloudflared:v$(TZ=Asia/Shanghai date +%Y.%m.%d) . --push + docker buildx build --platform linux/amd64,linux/arm64,linux/riscv64,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6 -t initdc/cloudflared:latest . --push diff --git a/.github/workflows/docker-ci.yml b/.github/workflows/docker-ci.yml new file mode 100644 index 00000000..a7613578 --- /dev/null +++ b/.github/workflows/docker-ci.yml @@ -0,0 +1,47 @@ +name: push-images + +on: + workflow_dispatch: + +env: + REGISTRY: docker.io + IMAGE_NAME: ${{ secrets.DOCKER_USERNAME }}/cloudflared + +jobs: + buildx: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v3 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Build and push Docker image + uses: docker/build-push-action@v2 + with: + context: . + platforms: | + linux/amd64 + linux/arm64 + linux/riscv64 + linux/ppc64le + linux/s390x + linux/386 + linux/mips64le + linux/mips64 + linux/arm/v7 + linux/arm/v6 + tags: | + ${{ env.IMAGE_NAME }}:latest + labels: ${{ steps.meta.outputs.labels }} diff --git a/Dockerfile b/Dockerfile index 4f744f93..c79fe5c0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,29 +1,40 @@ -# use a builder image for building cloudflare -ARG TARGET_GOOS -ARG TARGET_GOARCH -FROM golang:1.17.1 as builder +# syntax=docker/dockerfile:1 +FROM --platform=$BUILDPLATFORM golang:1.17.1 as build +ARG TARGETPLATFORM +ARG BUILDPLATFORM + ENV GO111MODULE=on \ - CGO_ENABLED=0 \ - TARGET_GOOS=${TARGET_GOOS} \ - TARGET_GOARCH=${TARGET_GOARCH} + CGO_ENABLED=0 + +ENV FIPS=false WORKDIR /go/src/github.com/cloudflare/cloudflared/ -# copy our sources into the builder image +# build with github tags +#ADD https://github.com/cloudflare/cloudflared/archive/refs/tags/2022.4.0.zip + COPY . . # compile cloudflared -RUN make cloudflared +RUN set -e \ + && echo "Running on $BUILDPLATFORM, building for $TARGETPLATFORM" \ + && apt-get update \ + && apt-get install --no-install-recommends -y ruby \ + && ruby docker-env.rb -# use a distroless base image with glibc -FROM gcr.io/distroless/base-debian10:nonroot +FROM --platform=$TARGETPLATFORM alpine:edge +COPY --from=build /go/src/github.com/cloudflare/cloudflared/cloudflared /usr/local/bin/cloudflared -# copy our compiled binary -COPY --from=builder --chown=nonroot /go/src/github.com/cloudflare/cloudflared/cloudflared /usr/local/bin/ +RUN set -e \ + && apk add --no-cache ca-certificates nano -# run as non-privileged user -USER nonroot +WORKDIR /root -# command / entrypoint of container -ENTRYPOINT ["cloudflared", "--no-autoupdate"] -CMD ["version"] +# ref: https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/dns-over-https-client/ +EXPOSE 53/udp +# ref: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/ports-and-ips/ +EXPOSE 443 +EXPOSE 7844 + +# Don't set entrypoint, user need edit config file +CMD ["/bin/sh"] diff --git a/docker-env.rb b/docker-env.rb new file mode 100644 index 00000000..ffcf7488 --- /dev/null +++ b/docker-env.rb @@ -0,0 +1,17 @@ +#!/usr/bin/ruby -w + +TargetPlatform = ENV.fetch('TARGETPLATFORM') +TPArray = TargetPlatform.split('/') + +# ref: https://github.com/containerd/containerd/blob/v1.4.3/platforms/defaults.go +OS = TPArray[0] +Architecture = TPArray[1] +Variant = TPArray[2].to_s[1] + +puts "GOOS=#{OS} GOARCH=#{Architecture} GOARM=#{Variant}" + +if Variant == '' + `GOOS=#{OS} GOARCH=#{Architecture} make cloudflared` +else + `GOOS=#{OS} GOARCH=#{Architecture} GOARM=#{Variant} make cloudflared` +end