1 |
commit: 2a77ebf7e7c02d43eb9dd385dc808efd87a54af0 |
2 |
Author: Konstantinos Smanis <konstantinos.smanis <AT> gmail <DOT> com> |
3 |
AuthorDate: Sun Aug 23 18:54:34 2020 +0000 |
4 |
Commit: Alexys Jacob <ultrabug <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Sep 3 20:34:00 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/docker-images.git/commit/?id=2a77ebf7 |
7 |
|
8 |
Add CI builds for all supported stage3 architectures |
9 |
|
10 |
Build multiarch images using buildx [1] instead of modifying the image |
11 |
architecture post-creation with docker-copyedit. Although still |
12 |
experimental, buildx is the recommended way of building multi-platform |
13 |
images. |
14 |
|
15 |
All stage3 architectures that are supported by Docker [2] were added. |
16 |
|
17 |
Closes: #61 |
18 |
|
19 |
[1] https://docs.docker.com/buildx/working-with-buildx/#build-multi-platform-images |
20 |
[2] https://github.com/docker-library/official-images#architectures-other-than-amd64 |
21 |
|
22 |
Signed-off-by: Konstantinos Smanis <konstantinos.smanis <AT> gmail.com> |
23 |
Closes: https://github.com/gentoo/gentoo-docker-images/pull/92 |
24 |
Signed-off-by: Alexys Jacob <ultrabug <AT> gentoo.org> |
25 |
|
26 |
.gitmodules | 3 --- |
27 |
.travis.yml | 67 ++++++++++++++++++++++++++++++++------------------- |
28 |
README.md | 59 +++++++++++++++++++++++++++++++++++++-------- |
29 |
build-multiarch.sh | 9 ------- |
30 |
build.sh | 71 ++++++++++++++++++++++++++++++++++-------------------- |
31 |
docker-copyedit | 1 - |
32 |
portage.Dockerfile | 2 +- |
33 |
stage3.Dockerfile | 2 +- |
34 |
8 files changed, 138 insertions(+), 76 deletions(-) |
35 |
|
36 |
diff --git a/.gitmodules b/.gitmodules |
37 |
deleted file mode 100644 |
38 |
index 52c678d..0000000 |
39 |
--- a/.gitmodules |
40 |
+++ /dev/null |
41 |
@@ -1,3 +0,0 @@ |
42 |
-[submodule "docker-copyedit"] |
43 |
- path = docker-copyedit |
44 |
- url = https://github.com/gdraheim/docker-copyedit.git |
45 |
|
46 |
diff --git a/.travis.yml b/.travis.yml |
47 |
index 874e1ce..50ba3f4 100644 |
48 |
--- a/.travis.yml |
49 |
+++ b/.travis.yml |
50 |
@@ -1,46 +1,63 @@ |
51 |
-services: docker |
52 |
-language: bash |
53 |
+language: shell |
54 |
env: |
55 |
global: |
56 |
+ - DOCKER_CLI_EXPERIMENTAL=enabled # required by buildx |
57 |
- ORG=gentoo |
58 |
- matrix: |
59 |
+ jobs: |
60 |
- TARGET=portage |
61 |
- TARGET=stage3-amd64 |
62 |
- TARGET=stage3-amd64-hardened |
63 |
- TARGET=stage3-amd64-hardened-nomultilib |
64 |
+ - TARGET=stage3-amd64-musl-hardened |
65 |
+ - TARGET=stage3-amd64-musl-vanilla |
66 |
- TARGET=stage3-amd64-nomultilib |
67 |
- TARGET=stage3-amd64-systemd |
68 |
- - TARGET=stage3-amd64-musl-vanilla |
69 |
- - TARGET=stage3-amd64-musl-hardened |
70 |
+ - TARGET=stage3-amd64-uclibc-hardened |
71 |
+ - TARGET=stage3-amd64-uclibc-vanilla |
72 |
+ - TARGET=stage3-arm64 |
73 |
+ - TARGET=stage3-arm64-systemd |
74 |
+ - TARGET=stage3-armv5tel |
75 |
+ - TARGET=stage3-armv6j_hardfp |
76 |
+ - TARGET=stage3-armv7a_hardfp |
77 |
+ - TARGET=stage3-ppc64le |
78 |
+ - TARGET=stage3-s390x |
79 |
- TARGET=stage3-x86 |
80 |
- TARGET=stage3-x86-hardened |
81 |
- - TARGET=stage3-armv7a |
82 |
- TARGET=stage3-x86-musl-vanilla |
83 |
- - TARGET=stage3-ppc |
84 |
- - TARGET=stage3-ppc64 |
85 |
- - TARGET=stage3-ppc64le |
86 |
+ - TARGET=stage3-x86-systemd |
87 |
+ - TARGET=stage3-x86-uclibc-hardened |
88 |
+ - TARGET=stage3-x86-uclibc-vanilla |
89 |
|
90 |
before_install: |
91 |
- # Install latest Docker |
92 |
+ # Install latest Docker (>=19.03.0 required by buildx) |
93 |
+ # https://docs.travis-ci.com/user/docker/#installing-a-newer-docker-version |
94 |
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - |
95 |
- sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" |
96 |
- sudo apt-get update -qq |
97 |
- sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce |
98 |
- - echo '{"experimental":true}' | sudo tee /etc/docker/daemon.json |
99 |
- - sudo apt-get install qemu-user-static binfmt-support |
100 |
- - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes |
101 |
+ - docker info |
102 |
+before_script: |
103 |
+ # Create multiarch buildx builder |
104 |
+ - docker buildx create --driver docker-container --use |
105 |
script: |
106 |
- - VERSION="$(date -u +%Y%m%d)" |
107 |
- - sudo ./build.sh |
108 |
- - if [[ "${TARGET}" == stage* ]]; then |
109 |
- sudo docker run -it --rm ${ORG}/${TARGET}:${VERSION} /bin/bash -c "emerge --info" ; |
110 |
- fi |
111 |
- |
112 |
-# Travis is set up to push daily to dockerhub |
113 |
+ # Build image |
114 |
+ - ./build.sh |
115 |
after_success: |
116 |
- - if [[ "${TRAVIS_PULL_REQUEST_BRANCH:-${TRAVIS_BRANCH}}" == "master" && "${TRAVIS_EVENT_TYPE}" == "cron" ]]; then |
117 |
- VERSION=$(date -u +%Y%m%d); |
118 |
- echo "${DOCKER_PASSWORD}" | docker login -u="${DOCKER_USERNAME}" --password-stdin; |
119 |
- docker push "${ORG}/${TARGET}:latest"; |
120 |
- docker push "${ORG}/${TARGET}:${VERSION}"; |
121 |
+ # Inspect built image |
122 |
+ - docker image inspect "${ORG}/${TARGET}:latest" |
123 |
+ # Run `emerge --info` for stage builds |
124 |
+ - | |
125 |
+ if [[ "${TARGET}" == stage* ]]; then |
126 |
+ # Check if QEMU emulation support is required |
127 |
+ if [[ ! "${TARGET}" =~ -(amd64|x86)($|-) ]]; then |
128 |
+ # Enable execution of foreign binary formats (i.e., non-amd64/x86) |
129 |
+ docker run --rm --privileged multiarch/qemu-user-static --reset -p yes |
130 |
+ fi |
131 |
+ docker run --rm "${ORG}/${TARGET}:latest" emerge --info |
132 |
+ fi |
133 |
+ # Push all built images to Docker Hub (cron daily task) |
134 |
+ - | |
135 |
+ if [[ "${TRAVIS_PULL_REQUEST_BRANCH:-${TRAVIS_BRANCH}}" == "master" && "${TRAVIS_EVENT_TYPE}" == "cron" ]]; then |
136 |
+ echo "${DOCKER_PASSWORD}" | docker login -u "${DOCKER_USERNAME}" --password-stdin |
137 |
+ docker push "${ORG}/${TARGET}" |
138 |
fi |
139 |
|
140 |
diff --git a/README.md b/README.md |
141 |
index eb5eba5..10eba12 100644 |
142 |
--- a/README.md |
143 |
+++ b/README.md |
144 |
@@ -14,19 +14,58 @@ https://hub.docker.com/u/gentoo/ |
145 |
|
146 |
## Inventory |
147 |
|
148 |
-* portage |
149 |
-* stage3 |
150 |
- * stage3-amd64 |
151 |
- * stage3-amd64-hardened |
152 |
- * stage3-amd64-hardened-nomultilib |
153 |
- * stage3-amd64-nomultilib |
154 |
- * stage3-amd64-systemd |
155 |
- * stage3-x86 |
156 |
- * stage3-x86-hardened |
157 |
+The following targets are built by Travis (bold targets are also pushed to Docker Hub): |
158 |
+ * **`portage`** |
159 |
+ * `stage3` |
160 |
+ * `amd64` |
161 |
+ * **`stage3-amd64`** |
162 |
+ * **`stage3-amd64-hardened`** |
163 |
+ * **`stage3-amd64-hardened-nomultilib`** |
164 |
+ * `stage3-amd64-musl-hardened` |
165 |
+ * `stage3-amd64-musl-vanilla` |
166 |
+ * **`stage3-amd64-nomultilib`** |
167 |
+ * `stage3-amd64-systemd` |
168 |
+ * `stage3-amd64-uclibc-hardened` |
169 |
+ * `stage3-amd64-uclibc-vanilla` |
170 |
+ * `arm64` |
171 |
+ * `stage3-arm64` |
172 |
+ * `stage3-arm64-systemd` |
173 |
+ * `arm` |
174 |
+ * `stage3-armv5tel` |
175 |
+ * `stage3-armv6j_hardfp` |
176 |
+ * `stage3-armv7a_hardfp` |
177 |
+ * `ppc` |
178 |
+ * `stage3-ppc64le` |
179 |
+ * `s390` |
180 |
+ * `stage3-s390x` |
181 |
+ * `x86` |
182 |
+ * **`stage3-x86`** |
183 |
+ * **`stage3-x86-hardened`** |
184 |
+ * `stage3-x86-musl-vanilla` |
185 |
+ * `stage3-x86-systemd` |
186 |
+ * `stage3-x86-uclibc-hardened` |
187 |
+ * `stage3-x86-uclibc-vanilla` |
188 |
+ |
189 |
+The following upstream stage3 targets are not built at all (see [rationale](https://github.com/gentoo/gentoo-docker-images/issues/75#issuecomment-680776939)): |
190 |
+ * `amd64` |
191 |
+ * `stage3-amd64-hardened-selinux` |
192 |
+ * `stage3-amd64-hardened-selinux+nomultilib` |
193 |
+ * `stage3-x32` |
194 |
+ * `arm` |
195 |
+ * `stage3-armv4tl` |
196 |
+ * `stage3-armv6j` |
197 |
+ * `stage3-armv7a` |
198 |
+ * `ppc` |
199 |
+ * `stage3-ppc` |
200 |
+ * `stage3-ppc64` |
201 |
+ * `s390` |
202 |
+ * `stage3-s390` |
203 |
+ * `x86` |
204 |
+ * `stage3-i486` |
205 |
|
206 |
# Building the containers |
207 |
|
208 |
-The containers are created using a multi-stage build, which requires docker-17.05.0 or later. |
209 |
+The containers are created using a multi-stage build, which requires Docker >= 19.03.0. |
210 |
The container being built is defined by the TARGET environment variable: |
211 |
|
212 |
`` TARGET=stage3-amd64 ./build.sh `` |
213 |
|
214 |
diff --git a/build-multiarch.sh b/build-multiarch.sh |
215 |
deleted file mode 100755 |
216 |
index bc2fde9..0000000 |
217 |
--- a/build-multiarch.sh |
218 |
+++ /dev/null |
219 |
@@ -1,9 +0,0 @@ |
220 |
-#!/bin/bash |
221 |
-docker manifest create gentoo/stage3 \ |
222 |
- gentoo/stage3-amd64 \ |
223 |
- gentoo/stage3-x86 \ |
224 |
- gentoo/stage3-armv7a \ |
225 |
- gentoo/stage3-amd64 \ |
226 |
- gentoo/stage3-ppc \ |
227 |
- gentoo/stage3-ppc64 \ |
228 |
- gentoo/stage3-ppc64le |
229 |
|
230 |
diff --git a/build.sh b/build.sh |
231 |
index 10651cf..c0100d7 100755 |
232 |
--- a/build.sh |
233 |
+++ b/build.sh |
234 |
@@ -11,32 +11,45 @@ fi |
235 |
|
236 |
# Split the TARGET variable into three elements separated by hyphens |
237 |
IFS=- read -r NAME ARCH SUFFIX <<< "${TARGET}" |
238 |
-DOCKER_ARCH="${ARCH}" |
239 |
- |
240 |
-# Ensure upstream directories for stage3-amd64-hardened+nomultilib work |
241 |
-# unless we're building for musl targets (vanilla/hardened) |
242 |
-if [[ "${SUFFIX}" != *musl* ]]; then |
243 |
- SUFFIX=${SUFFIX/-/+} |
244 |
-fi |
245 |
|
246 |
VERSION=${VERSION:-$(date -u +%Y%m%d)} |
247 |
|
248 |
ORG=${ORG:-gentoo} |
249 |
|
250 |
-# x86 requires the i686 subfolder |
251 |
-if [[ "${ARCH}" == "x86" ]]; then |
252 |
- DOCKER_ARCH="386" |
253 |
- MICROARCH="i686" |
254 |
- BOOTSTRAP="multiarch/alpine:x86-v3.11" |
255 |
-elif [[ "${ARCH}" = ppc* ]]; then |
256 |
- MICROARCH="${ARCH}" |
257 |
- ARCH=ppc |
258 |
-elif [[ "${ARCH}" = arm* ]]; then |
259 |
- DOCKER_ARCH=$(echo $ARCH | sed -e 's-\(v.\).*-/\1-g') |
260 |
- MICROARCH="${ARCH}" |
261 |
- ARCH=arm |
262 |
-else |
263 |
- MICROARCH="${ARCH}" |
264 |
+case $ARCH in |
265 |
+ "amd64" | "arm64") |
266 |
+ DOCKER_ARCH="${ARCH}" |
267 |
+ MICROARCH="${ARCH}" |
268 |
+ ;; |
269 |
+ "armv"*) |
270 |
+ # armv6j_hardfp -> arm/v6 |
271 |
+ # armv7a_hardfp -> arm/v7 |
272 |
+ DOCKER_ARCH=$(echo "$ARCH" | sed -e 's#arm\(v.\).*#arm/\1#g') |
273 |
+ MICROARCH="${ARCH}" |
274 |
+ ARCH="arm" |
275 |
+ ;; |
276 |
+ "ppc64le") |
277 |
+ DOCKER_ARCH="${ARCH}" |
278 |
+ MICROARCH="${ARCH}" |
279 |
+ ARCH="ppc" |
280 |
+ ;; |
281 |
+ "s390x") |
282 |
+ DOCKER_ARCH="${ARCH}" |
283 |
+ MICROARCH="${ARCH}" |
284 |
+ ARCH="s390" |
285 |
+ ;; |
286 |
+ "x86") |
287 |
+ DOCKER_ARCH="386" |
288 |
+ MICROARCH="i686" |
289 |
+ ;; |
290 |
+ *) # portage |
291 |
+ DOCKER_ARCH="amd64" |
292 |
+ ;; |
293 |
+esac |
294 |
+ |
295 |
+# Handle targets with special characters in the suffix |
296 |
+if [[ "${TARGET}" == "stage3-amd64-hardened-nomultilib" ]]; then |
297 |
+ SUFFIX="hardened+nomultilib" |
298 |
fi |
299 |
|
300 |
# Prefix the suffix with a hyphen to make sure the URL works |
301 |
@@ -44,8 +57,14 @@ if [[ -n "${SUFFIX}" ]]; then |
302 |
SUFFIX="-${SUFFIX}" |
303 |
fi |
304 |
|
305 |
-set -x |
306 |
-docker build --build-arg ARCH="${ARCH}" --build-arg MICROARCH="${MICROARCH}" --build-arg BOOTSTRAP="${BOOTSTRAP}" --build-arg SUFFIX="${SUFFIX}" -t "${ORG}/${TARGET}:${VERSION}" -f "${NAME}.Dockerfile" . |
307 |
-docker-copyedit/docker-copyedit.py FROM "${ORG}/${TARGET}:${VERSION}" INTO "${ORG}/${TARGET}:${VERSION}" -vv \ |
308 |
- set arch ${DOCKER_ARCH} |
309 |
-docker tag "${ORG}/${TARGET}:${VERSION}" "${ORG}/${TARGET}:latest" |
310 |
+docker buildx build \ |
311 |
+ --file "${NAME}.Dockerfile" \ |
312 |
+ --build-arg ARCH="${ARCH}" \ |
313 |
+ --build-arg MICROARCH="${MICROARCH}" \ |
314 |
+ --build-arg SUFFIX="${SUFFIX}" \ |
315 |
+ --tag "${ORG}/${TARGET}:latest" \ |
316 |
+ --tag "${ORG}/${TARGET}:${VERSION}" \ |
317 |
+ --platform "linux/${DOCKER_ARCH}" \ |
318 |
+ --progress plain \ |
319 |
+ --load \ |
320 |
+ . |
321 |
|
322 |
diff --git a/docker-copyedit b/docker-copyedit |
323 |
deleted file mode 160000 |
324 |
index ab6bd5d..0000000 |
325 |
--- a/docker-copyedit |
326 |
+++ /dev/null |
327 |
@@ -1 +0,0 @@ |
328 |
-Subproject commit ab6bd5d9f5ca3a9ba314e7124c2aac8ad7987a3b |
329 |
|
330 |
diff --git a/portage.Dockerfile b/portage.Dockerfile |
331 |
index 7f51c7e..23261d2 100644 |
332 |
--- a/portage.Dockerfile |
333 |
+++ b/portage.Dockerfile |
334 |
@@ -3,7 +3,7 @@ |
335 |
# docker-17.05.0 or later. It fetches a daily snapshot from the official |
336 |
# sources and verifies its checksum as well as its gpg signature. |
337 |
|
338 |
-FROM alpine:3.11 as builder |
339 |
+FROM --platform=$BUILDPLATFORM alpine:3.11 as builder |
340 |
|
341 |
WORKDIR /portage |
342 |
|
343 |
|
344 |
diff --git a/stage3.Dockerfile b/stage3.Dockerfile |
345 |
index a9dc594..b9909ee 100644 |
346 |
--- a/stage3.Dockerfile |
347 |
+++ b/stage3.Dockerfile |
348 |
@@ -4,7 +4,7 @@ |
349 |
# sources and verifies its checksum as well as its gpg signature. |
350 |
|
351 |
ARG BOOTSTRAP |
352 |
-FROM ${BOOTSTRAP:-alpine:3.11} as builder |
353 |
+FROM --platform=$BUILDPLATFORM ${BOOTSTRAP:-alpine:3.11} as builder |
354 |
|
355 |
WORKDIR /gentoo |