From ef4ec7c5a1494c39b9148c3a121964388c3b72d5 Mon Sep 17 00:00:00 2001 From: bahetiamit Date: Fri, 30 Oct 2020 04:55:52 -0700 Subject: [PATCH] Adding multiarch image support --- .github/workflows/release.yaml | 56 ++++++++++++++++++++++++++++++++++ acr.patch | 32 +++++++++++++++++++ deploy/Dockerfile | 51 +++++++++++++++++++++++-------- hack/install_golint.sh | 1 + 4 files changed, 128 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/release.yaml create mode 100644 acr.patch diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000000..bf48614e81 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,56 @@ +name: Publish image + +on: + release: + types: [released] + +jobs: + build: + env: + IMAGE_NAME: gcr.io/kaniko-project/executor + + runs-on: ubuntu-latest + steps: + - name: Get latest release tag + uses: oprypin/find-latest-tag@v1 + with: + repository: GoogleContainerTools/kaniko # The repository to scan. + releases-only: true # We know that all relevant tags have a GitHub release for them. + id: kaniko + + - name: Clone source code + uses: actions/checkout@v2 + with: + ref: ${{ steps.kaniko.outputs.tag }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + version: latest + + - name: Available platforms + run: echo ${{ steps.buildx.outputs.platforms }} + + - name: Setup gcloud CLI + uses: GoogleCloudPlatform/github-actions/setup-gcloud@master + with: + service_account_key: ${{ secrets.GCR_DEVOPS_SERVICE_ACCOUNT_KEY }} + project_id: kaniko-project + export_default_credentials: true + + - name: Build and push image + run: | + gcloud auth configure-docker -q + IMAGE_VERSION="$(git describe --tags --abbrev=0)" + SHORT_SHA1=$(git rev-parse --short HEAD) + PLATFORMS="linux/amd64,linux/ppc64le,linux/arm64" + echo "Building and pushing version ${IMAGE_VERSION} of image ${IMAGE_NAME}" + docker buildx build --platform "${PLATFORMS}" -t "${IMAGE_NAME}:${IMAGE_VERSION}" -t "${IMAGE_NAME}:latest" -f ./deploy/Dockerfile \ + --push . + diff --git a/acr.patch b/acr.patch new file mode 100644 index 0000000000..bf3cedbca1 --- /dev/null +++ b/acr.patch @@ -0,0 +1,32 @@ +diff --git a/build/build-config-edit.sh b/build/build-config-edit.sh +index d9fffd0..88b83a9 100755 +--- a/build/build-config-edit.sh ++++ b/build/build-config-edit.sh +@@ -13,10 +13,9 @@ if [[ ! -d "$sourcedir" ]]; then + fi + + export CGO_ENABLED=0 +-export GOARCH=amd64 + export GOPATH=$PWD + echo "Go path = $GOPATH" +-for go_os in "linux" "windows" "darwin" ++for go_os in "linux" + do + if [[ "$go_os" == "windows" ]]; then + exe_extension=".exe" +diff --git a/build/build-cred-helper.sh b/build/build-cred-helper.sh +index 0e88315..d016988 100755 +--- a/build/build-cred-helper.sh ++++ b/build/build-cred-helper.sh +@@ -22,9 +22,8 @@ fi + + export BUILDVERSION=acr-docker-credential-helper`date -u +.%Y%m%d.%H%M%S` + export CGO_ENABLED=0 +-export GOARCH=amd64 + export GOPATH=$PWD +-for go_os in "linux" "windows" "darwin" ++for go_os in "linux" + do + export GOOS=$go_os + if [[ "$GOOS" == "windows" ]]; then + diff --git a/deploy/Dockerfile b/deploy/Dockerfile index be6f675f9a..2438fb4629 100644 --- a/deploy/Dockerfile +++ b/deploy/Dockerfile @@ -17,31 +17,56 @@ FROM golang:1.14 ARG GOARCH=amd64 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko + +RUN echo $GOARCH > /goarch + +#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc. +ARG TARGETPLATFORM + +#Capture ARCH has write to /goarch +RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM | awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH" + # Get GCR credential helper -ADD https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.0.2/docker-credential-gcr_linux_amd64-2.0.2.tar.gz /usr/local/bin/ -RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_amd64-2.0.2.tar.gz +RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ + (mkdir -p /go/src/github.com/GoogleCloudPlatform || true) && \ + cd /go/src/github.com/GoogleCloudPlatform && \ + git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \ + cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr && \ + make deps OUT_DIR=/usr/local/bin && \ + go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go + # Get Amazon ECR credential helper -RUN go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login -RUN make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper linux-amd64 +RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ + make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper + # ACR docker credential helper -ADD https://aadacr.blob.core.windows.net/acr-docker-credential-helper/docker-credential-acr-linux-amd64.tar.gz /usr/local/bin -RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-acr-linux-amd64.tar.gz -# ACR docker env credential helper -ADD https://github.com/chrismellard/docker-credential-acr-env/releases/download/0.6.0/docker-credential-acr-env_0.6.0_Linux_x86_64.tar.gz /usr/local/bin/ -RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-acr-env_0.6.0_Linux_x86_64.tar.gz +COPY ./acr.patch / +RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/Azure || true) && \ + cd /go/src/github.com/Azure && \ + git clone https://github.com/Azure/acr-docker-credential-helper && \ + cd /go/src/github.com/Azure/acr-docker-credential-helper && \ + git checkout a79b541f3ee761f6cc4511863ed41fb038c19464 && \ + git apply < /acr.patch && \ + make && cp -f bin/linux/${GOARCH}/docker-credential-acr-linux /usr/local/bin/docker-credential-acr-linux + +#ACR docker env credential helper +RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) && \ + cd /go/src/github.com/chrismellard && \ + git clone https://github.com/chrismellard/docker-credential-acr-env && \ + cd docker-credential-acr-env && \ + make build && cp -f ./build/docker-credential-acr-env /usr/local/bin # Add .docker config dir RUN mkdir -p /kaniko/.docker COPY . . -RUN make GOARCH=${GOARCH} +RUN make GOARCH=$(cat /goarch.txt) FROM scratch COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr -COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/linux-amd64/docker-credential-ecr-login /kaniko/docker-credential-ecr-login +COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login COPY --from=0 /usr/local/bin/docker-credential-acr-linux /kaniko/docker-credential-acr -COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env COPY files/ca-certificates.crt /kaniko/ssl/certs/ COPY --from=0 /kaniko/.docker /kaniko/.docker COPY files/nsswitch.conf /etc/nsswitch.conf @@ -53,4 +78,6 @@ ENV DOCKER_CONFIG /kaniko/.docker/ ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json WORKDIR /workspace RUN ["docker-credential-gcr", "config", "--token-source=env"] + ENTRYPOINT ["/kaniko/executor"] + diff --git a/hack/install_golint.sh b/hack/install_golint.sh index 6010f3b276..d0b0697704 100755 --- a/hack/install_golint.sh +++ b/hack/install_golint.sh @@ -69,6 +69,7 @@ is_supported_platform() { windows/386) found=0 ;; linux/amd64) found=0 ;; linux/386) found=0 ;; + linux/ppc64le) found=0 ;; esac return $found }