Tagging of multiarch images on gcr #82
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -12,7 +12,46 @@ | |
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| .PHONY: push-multiarch-% push-multiarch | ||
|
|
||
| CMDS=csi-node-driver-registrar | ||
| all: build | ||
|
|
||
| include release-tools/build.make | ||
|
|
||
| # This target builds multiarch images using Moby BuildKit builder toolkit. | ||
| # Docker Buildx is included in Docker 19.03 and needs DOCKER_CLI_EXPERIMENTAL enabled to run corresponding commands. | ||
| # Currently amd, s390x and Windows manifest is pushed for canary, release branch and released tags. | ||
| # Images generated from Prow build are pushed to staging area on gcr | ||
| push-multiarch-%: | ||
| make BUILD_PLATFORMS="windows amd64 .exe" | ||
| set -ex; \ | ||
| gcloud auth configure-docker; \ | ||
|
There was a problem hiding this comment. This is going to require gcloud? Can we put this in the cloudbuild.yml instead? There was a problem hiding this comment. Earlier gcloud command was a part of cloudbuild only but later we have moved it to make target in order to keep cloudbuild simple and minimal. There was a problem hiding this comment. I think it would be preferable to keep gcloud command outside of this otherwise anybody that wants to build a multiarch image is going to require gcloud to be installed. If you still want put it in the makefile to reduce the commands in cloudbuild, then I would maybe wrap "push-multiarch" with a "cloudbuild-push-multiarch" There was a problem hiding this comment. I agree with @msau42 that this belongs into cloudbuild.yml. |
||
| DOCKER_CLI_EXPERIMENTAL=enabled; \ | ||
| export DOCKER_CLI_EXPERIMENTAL; \ | ||
| docker buildx create --use --name multiarchimage-buildertest; \ | ||
| pushMultiArch () { \ | ||
| tag=$$1; \ | ||
| docker buildx build --push -t $(IMAGE_NAME):amd64-linux-$$tag --platform=linux/amd64 -f $(shell if [ -e ./cmd/$*/Dockerfile.multiarch ]; then echo ./cmd/$*/Dockerfile.multiarch; else echo Dockerfile.multiarch; fi) --label revision=$(REV) .; \ | ||
|
There was a problem hiding this comment. Perhaps create a local variable There was a problem hiding this comment. I think we can use this once windows is also a part of There was a problem hiding this comment. Any way we can make the list of linux platforms as a variable instead of hard coding the command for each platform? Unfortunately I don't think there's much we can do to generalize windows atm. There was a problem hiding this comment. Currently with the help of this PR we are just testing that whether push-multiarch (keeping cloudbuild minimal) can be used to correctly tag multiarch images. |
||
| docker buildx build --push -t $(IMAGE_NAME):s390x-linux-$$tag --platform=linux/s390x -f $(shell if [ -e ./cmd/$*/Dockerfile.multiarch ]; then echo ./cmd/$*/Dockerfile.multiarch; else echo Dockerfile.multiarch; fi) --label revision=$(REV) .; \ | ||
| docker buildx build --push -t $(IMAGE_NAME):amd64-windows-$$tag --platform=windows -f $(shell if [ -e ./cmd/$*/Dockerfile.Windows ]; then echo ./cmd/$*/Dockerfile.Windows; else echo Dockerfile.Windows; fi) --label revision=$(REV) .; \ | ||
|
There was a problem hiding this comment. Have you tried doing this with You must extract the target OS from TARGETPLATFORM instead of hard-coding There was a problem hiding this comment.
I haven't tried this. We can't test windows images at our end. May be @jingxu97 can try this out. Ideally instead of writing different There was a problem hiding this comment. Since Dockerfile.multiarch contains a 'RUN' command, we cannot use it to build windows image on a linux machine with buildx. There was a problem hiding this comment. So we can build Windows binaries on the Linux host, but not inside a Docker container? Or does building for Windows need a Windows host? |
||
| docker manifest create --amend $(IMAGE_NAME):$$tag $(IMAGE_NAME):amd64-linux-$$tag \ | ||
| $(IMAGE_NAME):s390x-linux-$$tag \ | ||
| $(IMAGE_NAME):amd64-windows-$$tag; \ | ||
| docker manifest push -p $(IMAGE_NAME):$$tag; \ | ||
| }; \ | ||
| if [ $(PULL_BASE_REF) = "master" ]; then \ | ||
| : "creating or overwriting canary image"; \ | ||
| pushMultiArch canary; \ | ||
| elif echo $(PULL_BASE_REF) | grep -q -e 'release-*' ; then \ | ||
| : "creating or overwriting canary image for release branch"; \ | ||
| release_canary_tag=$$(echo $(PULL_BASE_REF) | cut -f2 -d '-')-canary; \ | ||
| pushMultiArch $$release_canary_tag; \ | ||
| elif docker pull $(IMAGE_NAME):$(PULL_BASE_REF) 2>&1 | tee /dev/stderr | grep -q "manifest for $(IMAGE_NAME):$(PULL_BASE_REF) not found"; then \ | ||
| : "creating release image"; \ | ||
| pushMultiArch $(PULL_BASE_REF); \ | ||
| else \ | ||
| : "release image $(IMAGE_NAME):$(PULL_BASE_REF) already exists, skipping push"; \ | ||
| fi; \ | ||
|
|
||
| push-multiarch: $(CMDS:%=push-multiarch-%) | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm still not sure what this
makeinvocation is needed for.Ah, it's because
Dockerfile.Windowsdoesn't build its binary. We probably should fix this and ideally remove the special Dockerfile for Windows entirely. But this can probably wait until later. We have to sort it out before including it in csi-release-tools.@ddebroy: is there a chance to use
gcr.io/distroless/static:latestas base for a Windows image?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In order to use buildx to build windows image on a linux machine, we cannot include any RUN command in the Dockerfile, so I think this limitation means we cannot build binary as a step in Dockerfile.