Skip to content

Commit 3b194de

Browse files
marcofranssendeveloper-guyMarcos Yacob
authored
Add arm64 support for linux images (#3607)
Add arm64 support for linux images Signed-off-by: Marco Franssen <[email protected]> Signed-off-by: Batuhan Apaydın <[email protected]> Co-authored-by: Batuhan Apaydın <[email protected]> Co-authored-by: Marcos Yacob <[email protected]>
1 parent 7bff3a0 commit 3b194de

File tree

10 files changed

+226
-49
lines changed

10 files changed

+226
-49
lines changed

.dockerignore

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,3 +3,9 @@
33
.cache
44
releases/
55
artifacts/
6+
.githooks/
7+
script/
8+
doc/
9+
examples/
10+
oci/
11+
*-image.tar

.github/workflows/nightly_build.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,10 @@ jobs:
1919
steps:
2020
- name: Checkout
2121
uses: actions/checkout@v3
22+
- name: Install regctl
23+
uses: regclient/actions/regctl-installer@main
2224
- name: Build images
23-
run: make images scratch-images
25+
run: make images scratch-images load-images load-scratch-images
2426
- name: Log in to GCR
2527
uses: docker/login-action@v2
2628
with:

.github/workflows/pr_build.yaml

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -176,10 +176,14 @@ jobs:
176176
key: ${{ runner.os }}-tools-${{ github.sha }}
177177
restore-keys: |
178178
${{ runner.os }}-tools-
179+
- name: Set up QEMU
180+
uses: docker/setup-qemu-action@v2
181+
- name: Set up Docker Buildx
182+
uses: docker/setup-buildx-action@v2
179183
- name: Build images
180184
run: make images
181185
- name: Export images
182-
run: docker save spire-server:latest-local spire-agent:latest-local k8s-workload-registrar:latest-local oidc-discovery-provider:latest-local | gzip > images.tar.gz
186+
run: tar -czvf images.tar.gz *-image.tar
183187
- name: Archive images
184188
uses: actions/upload-artifact@v3
185189
with:
@@ -240,10 +244,14 @@ jobs:
240244
key: ${{ runner.os }}-tools-${{ github.sha }}
241245
restore-keys: |
242246
${{ runner.os }}-tools-
247+
- name: Set up QEMU
248+
uses: docker/setup-qemu-action@v2
249+
- name: Set up Docker Buildx
250+
uses: docker/setup-buildx-action@v2
243251
- name: Build scratch images
244252
run: make scratch-images
245253
- name: Export scratch images
246-
run: docker save spire-server-scratch:latest-local spire-agent-scratch:latest-local k8s-workload-registrar-scratch:latest-local oidc-discovery-provider-scratch:latest-local | gzip > scratch-images.tar.gz
254+
run: tar -czvf scratch-images.tar.gz *-scratch-image.tar
247255
- name: Archive scratch images
248256
uses: actions/upload-artifact@v3
249257
with:
@@ -276,6 +284,8 @@ jobs:
276284
uses: actions/setup-go@v3
277285
with:
278286
go-version: ${{ env.GO_VERSION }}
287+
- name: Install regctl
288+
uses: regclient/actions/regctl-installer@main
279289
- name: Load cached deps
280290
uses: actions/cache@v3
281291
with:
@@ -299,9 +309,13 @@ jobs:
299309
name: scratch-images
300310
path: .
301311
- name: Load archived images
302-
run: zcat images.tar.gz | docker load
312+
run: |
313+
tar xvf images.tar.gz
314+
make load-images
303315
- name: Load archived scratch images
304-
run: zcat scratch-images.tar.gz | docker load
316+
run: |
317+
tar xvf scratch-images.tar.gz
318+
make load-scratch-images
305319
- name: Run integration tests
306320
env:
307321
NUM_RUNNERS: ${{ matrix.num_runners }}

.github/workflows/release_build.yaml

Lines changed: 18 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -177,7 +177,7 @@ jobs:
177177
- name: Build images
178178
run: make images
179179
- name: Export images
180-
run: docker save spire-server:latest-local spire-agent:latest-local k8s-workload-registrar:latest-local oidc-discovery-provider:latest-local | gzip > images.tar.gz
180+
run: tar -czvf images.tar.gz *-image.tar
181181
- name: Archive images
182182
uses: actions/upload-artifact@v3
183183
with:
@@ -241,7 +241,7 @@ jobs:
241241
- name: Build scratch images
242242
run: make scratch-images
243243
- name: Export scratch images
244-
run: docker save spire-server-scratch:latest-local spire-agent-scratch:latest-local k8s-workload-registrar-scratch:latest-local oidc-discovery-provider-scratch:latest-local | gzip > scratch-images.tar.gz
244+
run: tar -czvf scratch-images.tar.gz *-scratch-image.tar
245245
- name: Archive scratch images
246246
uses: actions/upload-artifact@v3
247247
with:
@@ -283,6 +283,8 @@ jobs:
283283
uses: actions/setup-go@v3
284284
with:
285285
go-version: ${{ env.GO_VERSION }}
286+
- name: Install regctl
287+
uses: regclient/actions/regctl-installer@main
286288
- name: Load cached deps
287289
uses: actions/cache@v3
288290
with:
@@ -306,9 +308,13 @@ jobs:
306308
name: scratch-images
307309
path: .
308310
- name: Load archived images
309-
run: zcat images.tar.gz | docker load
311+
run: |
312+
tar xvf images.tar.gz
313+
make load-images
310314
- name: Load archived scratch images
311-
run: zcat scratch-images.tar.gz | docker load
315+
run: |
316+
tar xvf scratch-images.tar.gz
317+
make load-scratch-images
312318
- name: Run integration tests
313319
env:
314320
NUM_RUNNERS: ${{ matrix.num_runners }}
@@ -574,28 +580,30 @@ jobs:
574580
with:
575581
name: images
576582
path: .
583+
- name: Install regctl
584+
uses: regclient/actions/regctl-installer@main
577585
- name: Download archived scratch images
578586
uses: actions/download-artifact@v3
579587
with:
580588
name: scratch-images
581589
path: .
582-
- name: Load archived images
583-
run: zcat images.tar.gz | docker load
584-
- name: Load archived scratch images
585-
run: zcat scratch-images.tar.gz | docker load
586590
- name: Log in to GCR
587591
uses: docker/login-action@v2
588592
with:
589593
registry: gcr.io
590594
username: _json_key
591595
password: ${{ secrets.GCR_JSON_KEY }}
592596
- name: Push images
593-
run: ./.github/workflows/scripts/push-images.sh "${GITHUB_REF}"
597+
run: |
598+
tar xzvf images.tar.gz
599+
./.github/workflows/scripts/push-images.sh "${GITHUB_REF}"
594600
- name: Log in to GHCR
595601
uses: docker/login-action@v2
596602
with:
597603
registry: ghcr.io
598604
username: ${{ github.actor }}
599605
password: ${{ secrets.GITHUB_TOKEN }}
600606
- name: Push images
601-
run: ./.github/workflows/scripts/push-images.sh "${GITHUB_REF}" -scratch
607+
run: |
608+
tar xzvf scratch-images.tar.gz
609+
./.github/workflows/scripts/push-images.sh "${GITHUB_REF}" -scratch
Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,74 @@
1+
#!/usr/bin/env bash
2+
# shellcheck shell=bash
3+
##
4+
## USAGE: __PROG__
5+
##
6+
## "__PROG__" loads oci tarballs created with xbuild into docker.
7+
##
8+
## Usage example(s):
9+
## ./__PROG__
10+
## ./__PROG__ -scratch
11+
## PLATFORM=linux/arm64 ./__PROG__ -scratch
12+
##
13+
## Commands
14+
## - ./__PROG__ <image-variant> loads the oci tarball for the optional variant into Docker.
15+
16+
function usage {
17+
grep '^##' "$0" | sed -e 's/^##//' -e "s/__PROG__/$me/" >&2
18+
}
19+
20+
function normalize_path {
21+
# Remove all /./ sequences.
22+
local path=${1//\/.\//\/}
23+
local npath
24+
# Remove first dir/.. sequence.
25+
npath="${path//[^\/][^\/]*\/\.\.\//}"
26+
# Remove remaining dir/.. sequence.
27+
while [[ $npath != "$path" ]] ; do
28+
path=$npath
29+
npath="${path//[^\/][^\/]*\/\.\.\//}"
30+
done
31+
echo "$path"
32+
}
33+
34+
me=$(basename "$0")
35+
BASEDIR=$(dirname "$0")
36+
ROOTDIR="$(normalize_path "$BASEDIR/../../../")"
37+
38+
command -v regctl >/dev/null 2>&1 || { usage; echo -e "\n * The regctl cli is required to run this script." >&2 ; exit 1; }
39+
command -v docker >/dev/null 2>&1 || { usage; echo -e "\n * The docker cli is required to run this script." >&2 ; exit 1; }
40+
41+
variant="$1"
42+
43+
if [ -n "$variant" ] && [ "$variant" != "-scratch" ] ; then
44+
usage
45+
echo -e "The only supported variants are '-scratch'." >&2
46+
exit 1
47+
fi
48+
49+
# Takes the current platform architecture or plaftorm as defined externally in a platform variable.
50+
# e.g.:
51+
# linux/amd64
52+
# linux/arm64
53+
# linux/arm64/v7
54+
PLATFORM="${PLATFORM:-local}"
55+
OCI_IMAGES=(
56+
spire-server spire-agent k8s-workload-registrar oidc-discovery-provider
57+
)
58+
59+
echo "Importing ${OCI_IMAGES[*]} into docker".
60+
for img in "${OCI_IMAGES[@]}"; do
61+
image_variant="${img}${variant}"
62+
oci_dir="ocidir://${ROOTDIR}oci/${image_variant}"
63+
platform_tar="${image_variant}-${PLATFORM}-image.tar"
64+
65+
# regclient works with directories rather than tars, so import the OCI tar to a directory
66+
regctl image import "$oci_dir" "${image_variant}-image.tar"
67+
dig="$(regctl image digest --platform "$PLATFORM" "$oci_dir")"
68+
# export the single platform image using the digest
69+
regctl image export "$oci_dir@${dig}" "${platform_tar}"
70+
71+
docker load < "${platform_tar}"
72+
docker image tag "localhost/oci/${image_variant}:latest" "${image_variant}:latest-local"
73+
docker image rm "localhost/oci/${image_variant}:latest"
74+
done

.github/workflows/scripts/push-images.sh

Lines changed: 21 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,23 @@ function usage {
2121
grep '^##' "$0" | sed -e 's/^##//' -e "s/__PROG__/$me/" >&2
2222
}
2323

24+
function normalize_path {
25+
# Remove all /./ sequences.
26+
local path=${1//\/.\//\/}
27+
local npath
28+
# Remove first dir/.. sequence.
29+
npath="${path//[^\/][^\/]*\/\.\.\//}"
30+
# Remove remaining dir/.. sequence.
31+
while [[ $npath != "$path" ]] ; do
32+
path=$npath
33+
npath="${path//[^\/][^\/]*\/\.\.\//}"
34+
done
35+
echo "$path"
36+
}
37+
2438
me=$(basename "$0")
39+
BASEDIR=$(dirname "$0")
40+
ROOTDIR="$(normalize_path "$BASEDIR/../../../")"
2541

2642
version="$1"
2743
if [ -z "${version}" ]; then
@@ -37,7 +53,7 @@ version="${version#refs/tags/v}"
3753
version="${version#v}"
3854

3955
variant="$2"
40-
if [ -n "${variant}" ] && [ "${variant}" != "-scratch" ]; then
56+
if [ -n "${variant}" ] && [ "${variant}" != "-scratch" ] ; then
4157
usage
4258
echo -e "\n Errors:\n * The only supported variant is '-scratch'." >&2
4359
exit 1
@@ -60,7 +76,9 @@ fi
6076
echo "Pushing images ${OCI_IMAGES[*]} to ${registry} with tag ${version}".
6177
for img in "${OCI_IMAGES[@]}"; do
6278
image_variant="${img}${variant}"
79+
oci_dir="ocidir://${ROOTDIR}oci/${image_variant}"
6380
image_to_push="${registry}/${img}:${version}"
64-
docker tag "${image_variant}:latest-local" "${image_to_push}"
65-
docker push "${image_to_push}"
81+
82+
regctl image import "${oci_dir}" "${image_variant}-image.tar"
83+
regctl image copy "${oci_dir}" "${image_to_push}"
6684
done

.gitignore

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,3 +34,7 @@ tools/spire-plugingen/spire-plugingen
3434
# Runtime version manager specific configuration
3535
# asdf config file
3636
.tool-versions
37+
38+
# oci artifacts
39+
*-image.tar
40+
oci/

Dockerfile

Lines changed: 18 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,37 +1,44 @@
11
# Build stage
2+
# syntax = docker/dockerfile:1.4.2@sha256:443aab4ca21183e069e7d8b2dc68006594f40bddf1b15bbd83f5137bd93e80e2
23
ARG goversion
3-
FROM golang:${goversion}-alpine as builder
4+
FROM --platform=${BUILDPLATFORM} golang:${goversion}-alpine as base
45
WORKDIR /spire
6+
COPY go.* ./
7+
# https://go.dev/ref/mod#module-cache
8+
RUN --mount=type=cache,target=/go/pkg/mod go mod download
9+
COPY . .
10+
11+
FROM base as builder
12+
ARG TARGETOS TARGETARCH
513
RUN apk --no-cache --update add build-base git mercurial
6-
ADD go.* ./
7-
RUN go mod download
8-
ADD . .
9-
RUN make build
14+
RUN --mount=type=cache,target=/root/.cache/go-build \
15+
--mount=type=cache,target=/go/pkg/mod \
16+
GOOS=$TARGETOS GOARCH=$TARGETARCH \
17+
make build
1018

1119
# Common base
12-
FROM alpine AS spire-base
20+
FROM --platform=${BUILDPLATFORM} alpine AS spire-base
1321
WORKDIR /opt/spire
14-
RUN mkdir -p /opt/spire/bin
1522
CMD []
1623
RUN apk --no-cache --update add dumb-init
1724
RUN apk --no-cache --update add ca-certificates
1825

1926
# SPIRE Server
2027
FROM spire-base AS spire-server
2128
ENTRYPOINT ["/usr/bin/dumb-init", "/opt/spire/bin/spire-server", "run"]
22-
COPY --from=builder /spire/bin/spire-server bin/spire-server
29+
COPY --link --from=builder /spire/bin/spire-server bin/spire-server
2330

2431
# SPIRE Agent
2532
FROM spire-base AS spire-agent
2633
ENTRYPOINT ["/usr/bin/dumb-init", "/opt/spire/bin/spire-agent", "run"]
27-
COPY --from=builder /spire/bin/spire-agent bin/spire-agent
34+
COPY --link --from=builder /spire/bin/spire-agent bin/spire-agent
2835

2936
# K8S Workload Registrar
3037
FROM spire-base AS k8s-workload-registrar
3138
ENTRYPOINT ["/usr/bin/dumb-init", "/opt/spire/bin/k8s-workload-registrar"]
32-
COPY --from=builder /spire/bin/k8s-workload-registrar bin/k8s-workload-registrar
39+
COPY --link --from=builder /spire/bin/k8s-workload-registrar bin/k8s-workload-registrar
3340

3441
# OIDC Discovery Provider
3542
FROM spire-base AS oidc-discovery-provider
3643
ENTRYPOINT ["/usr/bin/dumb-init", "/opt/spire/bin/oidc-discovery-provider"]
37-
COPY --from=builder /spire/bin/oidc-discovery-provider bin/oidc-discovery-provider
44+
COPY --link --from=builder /spire/bin/oidc-discovery-provider bin/oidc-discovery-provider

0 commit comments

Comments
 (0)