-
-
Notifications
You must be signed in to change notification settings - Fork 3.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* generate multiarch images for non-architecture tags * Update documentation related to multiarch Docker * Remove qemu and switch to build via buildkit * Move to multistage Dockerfile * refactor docker script arg parsing and fix merge bugs * removed unnecessary testing script and fixed function name * improved quoting in shell scripts --------- Co-authored-by: humanoid2050 <humanoid2050@monolith> Co-authored-by: Brad Warren <bmw@users.noreply.github.com> Co-authored-by: humanoid2050 <humanoid2050@katana> Co-authored-by: Brad Warren <bmw@eff.org>
- Loading branch information
1 parent
7a68b29
commit 9ee1eee
Showing
12 changed files
with
303 additions
and
262 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,108 +1,56 @@ | ||
#!/bin/bash | ||
set -euxo pipefail | ||
IFS=$'\n\t' | ||
|
||
# This script builds certbot docker and certbot dns plugins docker using the | ||
# local Certbot files. | ||
# This script builds docker images for certbot and each dns plugin from the | ||
# local Certbot source files. Results are stored in the docker image cache | ||
|
||
# Usage: ./build.sh [TAG] [all|amd64|arm32v6|arm64v8] | ||
# with the [TAG] value corresponding the base of the tag to give the Docker | ||
# images and the 2nd value being the architecture to build snaps for. | ||
# Values for the tag should be something like `v0.34.0` or `nightly`. The | ||
# given value is only the base of the tag because the things like the CPU | ||
# architecture are also added to the full tag. | ||
# Usage: | ||
# ./build.sh <tag> all | ||
# ./build.sh <tag> <architectures> | ||
# The <tag> argument is used to identify the code version (e.g v2.3.1) or type of build | ||
# (e.g. nightly). This will be used when saving images to the docker image cache. | ||
# The argument "all" will build all known architectures. Alternatively, the | ||
# user may provide a comma separated list of architectures drawn from the | ||
# known architectures. Known architectures include amd64, arm32v6, and arm64v8. | ||
|
||
WORK_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" | ||
REPO_ROOT="$(dirname "$(dirname "${WORK_DIR}")")" | ||
source "$WORK_DIR/lib/common" | ||
source "$(realpath "$(dirname "${BASH_SOURCE[0]}")")/lib/common" | ||
|
||
trap Cleanup EXIT | ||
ParseArgs "$@" | ||
|
||
#jump to root, matching popd handed by Cleanup on EXIT via trap | ||
pushd "${REPO_ROOT}" | ||
|
||
Cleanup() { | ||
rm -rf "$REPO_ROOT"/qemu-*-static || true | ||
# Set trap here, as the popd won't work as expected if invoked prior to pushd | ||
trap Cleanup EXIT | ||
# Create the builder | ||
CreateBuilder | ||
InstallMultiarchSupport | ||
|
||
|
||
BuildAndLoadByArch() { | ||
TAG_ARCH=$1 | ||
docker buildx build --target certbot --builder certbot_builder \ | ||
--platform "$(arch2platform "$TAG_ARCH")" \ | ||
-f "${WORK_DIR}/Dockerfile" \ | ||
-t "${DOCKER_HUB_ORG}/certbot:${TAG_ARCH}-${TAG_VER}" \ | ||
--load \ | ||
. | ||
for plugin in "${CERTBOT_PLUGINS[@]}"; do | ||
rm -rf "$REPO_ROOT/certbot-$plugin"/qemu-*-static || true | ||
docker buildx build --target certbot-plugin --builder certbot_builder \ | ||
--platform "$(arch2platform "$TAG_ARCH")" \ | ||
--build-context plugin-src="${REPO_ROOT}/certbot-${plugin}" \ | ||
-f "${WORK_DIR}/Dockerfile" \ | ||
-t "${DOCKER_HUB_ORG}/${plugin}:${TAG_ARCH}-${TAG_VER}" \ | ||
--load \ | ||
. | ||
done | ||
} | ||
|
||
# Returns the translation from Docker to QEMU architecture | ||
# Usage: GetQemuArch [amd64|arm32v6|arm64v8] | ||
GetQemuArch() { | ||
ARCH=$1 | ||
|
||
case "$ARCH" in | ||
"amd64") | ||
echo "x86_64" | ||
;; | ||
"arm32v6") | ||
echo "arm" | ||
;; | ||
"arm64v8") | ||
echo "aarch64" | ||
;; | ||
"*") | ||
echo "Not supported build architecture '$1'." >&2 | ||
exit 1 | ||
esac | ||
} | ||
|
||
# Downloads QEMU static binary file for architecture | ||
# Usage: DownloadQemuStatic [x86_64|arm|aarch64] | ||
DownloadQemuStatic() { | ||
ARCH=$1 | ||
# In principle, there is a better way to do with by using `docker buildx bake` | ||
# instead of a for-loop. However, issues have been found in the results | ||
# of such a build. See the branch buildx-bake and | ||
# https://github.com/certbot/certbot/issues/9587. | ||
|
||
QEMU_ARCH=$(GetQemuArch "$ARCH") | ||
if [ ! -f "qemu-${QEMU_ARCH}-static" ]; then | ||
QEMU_DOWNLOAD_URL="https://github.com/multiarch/qemu-user-static/releases/download" | ||
QEMU_LATEST_TAG=$(curl -s https://api.github.com/repos/multiarch/qemu-user-static/tags \ | ||
| grep 'name.*v[0-9]' \ | ||
| head -n 1 \ | ||
| cut -d '"' -f 4) | ||
curl -SL "${QEMU_DOWNLOAD_URL}/${QEMU_LATEST_TAG}/x86_64_qemu-$QEMU_ARCH-static.tar.gz" \ | ||
| tar xzv | ||
fi | ||
} | ||
|
||
TAG_BASE="$1" | ||
if [ -z "$TAG_BASE" ]; then | ||
echo "We cannot tag Docker images with an empty string!" >&2 | ||
exit 1 | ||
fi | ||
ParseRequestedArch "${2}" | ||
|
||
# Register QEMU handlers | ||
docker run --rm --privileged multiarch/qemu-user-static:register --reset | ||
|
||
# Step 1: Certbot core Docker | ||
DOCKER_REPO="${DOCKER_HUB_ORG}/certbot" | ||
for TARGET_ARCH in "${ALL_REQUESTED_ARCH[@]}"; do | ||
pushd "${REPO_ROOT}" | ||
DownloadQemuStatic "${TARGET_ARCH}" | ||
QEMU_ARCH=$(GetQemuArch "${TARGET_ARCH}") | ||
DOCKER_BUILDKIT=0 docker build \ | ||
--build-arg TARGET_ARCH="${TARGET_ARCH}" \ | ||
--build-arg QEMU_ARCH="${QEMU_ARCH}" \ | ||
-f "${WORK_DIR}/core/Dockerfile" \ | ||
-t "${DOCKER_REPO}:${TARGET_ARCH}-${TAG_BASE}" \ | ||
. | ||
popd | ||
done | ||
|
||
# Step 2: Certbot DNS plugins Docker images | ||
for plugin in "${CERTBOT_PLUGINS[@]}"; do | ||
DOCKER_REPO="${DOCKER_HUB_ORG}/${plugin}" | ||
pushd "${REPO_ROOT}/certbot-${plugin}" | ||
# Copy QEMU static binaries downloaded when building the core Certbot image | ||
cp ../qemu-*-static . | ||
for TARGET_ARCH in "${ALL_REQUESTED_ARCH[@]}"; do | ||
QEMU_ARCH=$(GetQemuArch "${TARGET_ARCH}") | ||
BASE_IMAGE="${DOCKER_HUB_ORG}/certbot:${TARGET_ARCH}-${TAG_BASE}" | ||
DOCKER_BUILDKIT=0 docker build \ | ||
--build-arg BASE_IMAGE="${BASE_IMAGE}" \ | ||
--build-arg QEMU_ARCH="${QEMU_ARCH}" \ | ||
-f "${WORK_DIR}/plugin/Dockerfile" \ | ||
-t "${DOCKER_REPO}:${TARGET_ARCH}-${TAG_BASE}" \ | ||
. | ||
done | ||
popd | ||
done | ||
for ARCH in "${REQUESTED_ARCH_ARRAY[@]}"; do | ||
BuildAndLoadByArch "$ARCH" | ||
done |
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.