Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set up remote builders #23

Merged
merged 3 commits into from Sep 23, 2022
Merged

Set up remote builders #23

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6a667ab
ci: set up remote arm64 and s390x builders
crazy-max Sep 16, 2022
439b421
pkgs(buildx,compose): fix nfpm support for s390x arch
crazy-max Sep 16, 2022
9116e82
ci: use append input (edge)
crazy-max Sep 19, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
55 changes: 55 additions & 0 deletions .github/actions/setup-remote-builder/action.yml
View file
Open in desktop
@@ -0,0 +1,55 @@
name: 'Setup remote builder'
description: 'Composite action to set up BuildKit remote builder'
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we split this out into a separate action at some point? It seems fairly generic, and could be useful 👀

Copy link
Member Author

@crazy-max crazy-max Sep 16, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes I planned to move that to setup-buildx-action at some point but pure typescript. I'm still thinking of how to handle authentication for the protocols we currently support like ssh:// and tcp://.


inputs:
name:
description: 'Node name'
required: true
builder_name:
description: 'Builder name to append to'
required: true
endpoint:
description: 'Host'
required: true
cacert:
description: 'CA Cert'
required: true
ca:
description: 'Cert'
required: true
key:
description: 'Key'
required: true
platforms:
description: 'Preferred platforms'
required: false

runs:
using: composite
steps:
-
name: Set up certs
uses: actions/github-script@v6
with:
script: |
const fs = require('fs');
const homedir = require('os').homedir();
fs.mkdirSync(`${homedir}/.certs/${{ inputs.name }}`, { recursive: true });
fs.writeFileSync(`${homedir}/.certs/${{ inputs.name }}/ca.pem`, process.env.BUILDKIT_CACERT);
fs.writeFileSync(`${homedir}/.certs/${{ inputs.name }}/cert.pem`, process.env.BUILDKIT_CERT);
fs.writeFileSync(`${homedir}/.certs/${{ inputs.name }}/key.pem`, process.env.BUILDKIT_KEY);
env:
BUILDKIT_CACERT: ${{ inputs.cacert }}
BUILDKIT_CERT: ${{ inputs.ca }}
BUILDKIT_KEY: ${{ inputs.key }}
-
name: Set up remote builder
shell: bash
run: |
docker buildx create --bootstrap --append \
--name ${{ inputs.builder_name }} \
--node ${{ inputs.name }} \
--driver remote \
--driver-opt cacert=$HOME/.certs/${{ inputs.name }}/ca.pem,cert=$HOME/.certs/${{ inputs.name }}/cert.pem,key=$HOME/.certs/${{ inputs.name }}/key.pem \
--platform "${{ inputs.platforms }}" \
${{ inputs.endpoint }}
44 changes: 44 additions & 0 deletions .github/workflows/build.yml
View file
Open in desktop
Expand Up @@ -10,6 +10,9 @@ on:
- 'main'
pull_request:

env:
BUILDER_NAME: remote-builder

jobs:
validate:
runs-on: ubuntu-20.04
Expand Down Expand Up @@ -49,7 +52,42 @@ jobs:
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
id: builder
uses: docker/setup-buildx-action@v2
-
# necessary to be able to append remote builders
name: Set up container builder as remote
run: |
docker buildx create --use \
--name ${{ env.BUILDER_NAME }} \
--driver remote \
docker-container://buildx_buildkit_${{ steps.builder.outputs.name }}0
-
name: Set up AWS Graviton2 remote builder
uses: ./.github/actions/setup-remote-builder
with:
name: aws_graviton2
builder_name: ${{ env.BUILDER_NAME }}
endpoint: tcp://${{ secrets.AWS_ARM64_HOST }}:1234
cacert: ${{ secrets.AWS_ARM64_CACERT }}
ca: ${{ secrets.AWS_ARM64_CERT }}
key: ${{ secrets.AWS_ARM64_KEY }}
platforms: darwin/arm64,linux/arm64,linux/arm/v5,linux/arm/v6,linux/arm/v7,windows/arm64
-
name: Set up LinuxONE s390x remote builder
uses: ./.github/actions/setup-remote-builder
with:
name: linuxone_s390x
builder_name: ${{ env.BUILDER_NAME }}
endpoint: tcp://${{ secrets.LINUXONE_S390X_HOST }}:1234
cacert: ${{ secrets.LINUXONE_S390X_CACERT }}
ca: ${{ secrets.LINUXONE_S390X_CERT }}
key: ${{ secrets.LINUXONE_S390X_KEY }}
platforms: linux/s390x
-
name: List builders
run: |
docker buildx ls
-
# necessary to use gha cache export
name: Expose GitHub Runtime
Expand All @@ -64,6 +102,12 @@ jobs:
name: List artifacts
run: |
tree -nh ./pkg/${{ matrix.name }}/bin
-
name: Cleanup
if: always()
run: |
docker buildx rm ${{ env.BUILDER_NAME }}
rm -rf ~/.certs
# FIXME: Uncomment when repo made public
# -
# name: Upload artifacts
Expand Down
12 changes: 8 additions & 4 deletions pkg/buildx/Dockerfile
View file
Open in desktop
Expand Up @@ -15,7 +15,7 @@
# limitations under the License.

ARG ALPINE_VERSION="3.16"
ARG NFPM_VERSION="2.15.1"
ARG NFPM_VERSION="v2.15.1"
ARG XX_VERSION="1.1.2"
ARG MODE="download"

Expand All @@ -28,8 +28,12 @@ ARG PKG_SUITE="bullseye"
# cross compilation helper
FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx

# nFPM is Not FPM - a simple deb, rpm and apk packager
FROM --platform=$BUILDPLATFORM goreleaser/nfpm:v${NFPM_VERSION} AS nfpm
# nFPM
FROM --platform=$BUILDPLATFORM golang:1.18-alpine AS nfpm
RUN apk add --no-cache git
ARG GO111MODULE="on"
ARG NFPM_VERSION
RUN go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${NFPM_VERSION}

FROM --platform=$BUILDPLATFORM alpine:${ALPINE_VERSION} AS base
COPY --from=xx / /
Expand Down Expand Up @@ -83,7 +87,7 @@ ARG TARGETPLATFORM
RUN --mount=type=bind,source=internal/pkg-build.sh,target=/usr/local/bin/pkg-build \
--mount=type=bind,source=internal/nfpm.yml,target=nfpm.yml \
--mount=type=bind,from=src,source=/src,target=/src \
--mount=type=bind,from=nfpm,source=/usr/bin/nfpm,target=/usr/bin/nfpm <<EOT
--mount=type=bind,from=nfpm,source=/go/bin/nfpm,target=/usr/bin/nfpm <<EOT
set -e
if [ "$MODE" != "download" ]; then
export BUILDX_VERSION="$(git -C "/src" describe --match 'v[0-9]*' --dirty='.m' --always --tags)"
Expand Down
12 changes: 8 additions & 4 deletions pkg/compose/Dockerfile
View file
Open in desktop
Expand Up @@ -15,7 +15,7 @@
# limitations under the License.

ARG ALPINE_VERSION="3.16"
ARG NFPM_VERSION="2.15.1"
ARG NFPM_VERSION="v2.15.1"
ARG XX_VERSION="1.1.2"
ARG MODE="download"

Expand All @@ -28,8 +28,12 @@ ARG PKG_SUITE="bullseye"
# cross compilation helper
FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx

# nFPM is Not FPM - a simple deb, rpm and apk packager
FROM --platform=$BUILDPLATFORM goreleaser/nfpm:v${NFPM_VERSION} AS nfpm
# nFPM
FROM --platform=$BUILDPLATFORM golang:1.18-alpine AS nfpm
RUN apk add --no-cache git
ARG GO111MODULE="on"
ARG NFPM_VERSION
RUN go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${NFPM_VERSION}

FROM --platform=$BUILDPLATFORM alpine:${ALPINE_VERSION} AS base
COPY --from=xx / /
Expand Down Expand Up @@ -86,7 +90,7 @@ ARG TARGETPLATFORM
RUN --mount=type=bind,source=internal/pkg-build.sh,target=/usr/local/bin/pkg-build \
--mount=type=bind,source=internal/nfpm.yml,target=nfpm.yml \
--mount=type=bind,from=src,source=/src,target=/src \
--mount=type=bind,from=nfpm,source=/usr/bin/nfpm,target=/usr/bin/nfpm <<EOT
--mount=type=bind,from=nfpm,source=/go/bin/nfpm,target=/usr/bin/nfpm <<EOT
set -e
if [ "$MODE" != "download" ]; then
export COMPOSE_VERSION="$(git -C "/src" describe --match 'v[0-9]*' --dirty='.m' --always --tags)"
Expand Down