feat(docker)!: include support for buildx

when the dockerPlatform array option is supplied and has a non zero number of items, buildx will be used to build and push images rather than the standard docker builder. BREAKING CHANGE: images built with buildx will not be stored locally BREAKING CHANGE: dockerVerifyCmd will only take effect during dry runs (--dry-run) Fixes: #44 Fixes: #39
esatterwhite · Mar 22, 2024 · d0cddfa · d0cddfa
1 parent 1a86e77
commit d0cddfa
Show file tree

Hide file tree

Showing 19 changed files with 456 additions and 189 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 # 0000-BASE
 FROM docker:latest
 ARG SRC_DIR='.'
-RUN apk update && apk upgrade && apk add nodejs npm git
+RUN apk update && apk upgrade && apk add nodejs npm git curl
 WORKDIR /opt/app
 COPY ${SRC_DIR}/package.json /opt/app/
 RUN npm install

diff --git a/README.md b/README.md
@@ -30,7 +30,7 @@ Run `npm i --save-dev @codedependant/semantic-release-docker` to install this se
 
 ### Docker registry authentication
 
-The `docker registry` authentication set via environment variables. It is not required, and if
+Authentication to a `docker registry` is set via environment variables. It is not required, and if
 omitted, it is assumed the docker daemon is already authenticated with the target registry.
 
 ### Environment variables
@@ -48,6 +48,7 @@ omitted, it is assumed the docker daemon is already authenticated with the targe
 | `dockerImage`          | _Optional_. The name of the image to release.                                                                                                                          | [String][]                                    | Parsed from package.json `name` property                      |
 | `dockerRegistry`       | _Optional_. The hostname and port used by the the registry in format `hostname[:port]`. Omit the port if the registry uses the default port                            | [String][]                                    | `null` (dockerhub)                                            |
 | `dockerProject`        | _Optional_. The project or repository name to publish the image to                                                                                                     | [String][]                                    | For scoped packages, the scope will be used, otherwise `null` |
+| `dockerPlatform`       | _Optional_. A list of target platofmrs to build for. If specified, [buildx][] Will be used to generate the final images                                                | [Array][]&lt;[String][]&gt;                   | `null` (default docker build behavior)                        |
 | `dockerFile`           | _Optional_. The path, relative to `$PWD` to a Docker file to build the target image with                                                                               | [String][]                                    | `Dockerfile`                                                  |
 | `dockerContext`        | _Optional_. A path, relative to `$PWD` to use as the build context A                                                                                                   | [String][]                                    | `.`                                                           |
 | `dockerLogin`          | _Optional_. Set to false it by pass docker login if the docker daemon is already authorized                                                                            | [String][]                                    | `true`                                                        |
@@ -59,6 +60,19 @@ omitted, it is assumed the docker daemon is already authenticated with the targe
 | `dockerBuildFlags`     | _Optional_. An object containing additional flags to the `docker build` command. Values can be strings or an array of strings                                          | [Object][]                                    | `{}`                                                          |
 | `dockerBuildCacheFrom` | _Optional_. A list of external cache sources. See [--cache-from][]                                                                                                     | [String][] &#124; [Array][]&lt;[String][]&gt; |                                                               |
 
+
+### BuildX Support
+
+Version 5.X includes initial and experimental support for multi-platform images via the [buildx][] plugin.
+This plugin assumes that the docker daemon and buildx have already been setup correctly.
+Platform specific builder must be setup and selected for this plugin to utilize [buildx][]
+
+> [!WARNING]
+>
+> When using buildx via the dockerPlatform option, images are not kept locally
+> and normal docker commands targeting those images will not work.
+> The `dockerVerifyCmd` behavior will only trigger a build and is unable to execute local command
+
 ### Build Arguments
 
 By default several build arguments will be included when the docker images is being built.
@@ -180,6 +194,7 @@ module.exports = {
       dockerFile: 'Dockerfile',
       dockerRegistry: 'quay.io',
       dockerProject: 'codedependant',
+      dockerPlatform: ['linux/amd64', 'linux/arm64']
       dockerBuildFlags: {
         pull: null
       , target: 'release'
@@ -209,7 +224,7 @@ Alternatively, using global options w/ root configuration
     "dockerFile": "Dockerfile",
     "dockerRegistry": "quay.io",
     "dockerArgs": {
-      "GITHUB_TOKEN": true
+      "GITHUB_TOKEN": null
     , "SOME_VALUE": '{{git_sha}}'
     }
   }
@@ -283,3 +298,4 @@ $ openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout server.key -o
 [Object]: https://mdn.io/object
 [Number]: https://mdn.io/number
 [--cache-from]: https://docs.docker.com/engine/reference/commandline/build/#cache-from
+[buildx]: https://docs.docker.com/reference/cli/docker/buildx/build
diff --git a/compose/base.yml b/compose/base.yml
@@ -11,3 +11,13 @@ services:
     volumes:
       - $PWD/compose/certs:/certs
       - $PWD/compose/auth:/auth
+  docker:
+    privileged: true
+    image: docker:25-dind
+    environment:
+      DOCKER_TLS_CERTDIR: ''
+      DOCKER_BUILDKIT: 1
+    command: [
+      "--insecure-registry=registry:5000"
+    ]
+
diff --git a/compose/certs/server.crt b/compose/certs/server.crt
@@ -1,23 +1,22 @@
 -----BEGIN CERTIFICATE-----
-MIID3TCCAsWgAwIBAgIUREN25M+jBRPPygoJXM4UITdE02EwDQYJKoZIhvcNAQEL
-BQAwfjELMAkGA1UEBhMCVVMxEjAQBgNVBAgMCVdpc2NvbnNpbjESMBAGA1UEBwwJ
-RnJhbmtsaW5lMRAwDgYDVQQKDAdjb21wYW55MRcwFQYDVQQDDA5sb2NhbGhvc3Q6
-NTAwMDEcMBoGCSqGSIb3DQEJARYNdGVzdEBtYWlsLmNvbTAeFw0yNDAzMTIxODI3
-MzBaFw0yNTAzMTIxODI3MzBaMH4xCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlXaXNj
-b25zaW4xEjAQBgNVBAcMCUZyYW5rbGluZTEQMA4GA1UECgwHY29tcGFueTEXMBUG
-A1UEAwwObG9jYWxob3N0OjUwMDAxHDAaBgkqhkiG9w0BCQEWDXRlc3RAbWFpbC5j
-b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRg74DHZd3zIyO+Yy6
-eWXNt1CfO17iEGauCE8xWulsdoxh1g5cphA7lICsdrMTm/2pAMnqXCg/i8Zd2gqD
-kNbwk1CnMbB/zTTscMnRRLnNVp6Bm1IPtO42IiNo17ZhVBgMMol+pGWj0ytZNyNg
-d+rTYS1VjIRnWl8jEKWlyEBFLRxEsBYxuv15dUiWb76XZmi8201SIwJNM82rqCoL
-Qqb/StJIGT1SHtKuFi/FYNaZ1kqoQdUWQk/nLo8zt9Ml31tTebEBcShAkB2hqT/e
-o0loEuGr1OVovvBSkCPf+tHit+dstmtL/5EnQGeQOXIadD/F8DKLCukLqWj5X6F3
-Cn7NAgMBAAGjUzBRMB0GA1UdDgQWBBQgLEK2+ZhH6dYifsxNCo062iVBrjAfBgNV
-HSMEGDAWgBQgLEK2+ZhH6dYifsxNCo062iVBrjAPBgNVHRMBAf8EBTADAQH/MA0G
-CSqGSIb3DQEBCwUAA4IBAQBPDvzvKGF+GFxbMN/NrWqNPW/pI1I8/LmgccsP2Od4
-Ug4XB/3t+Eb7wYh4cZWUtaPL0Azh0B3uINH/l10L7dKvKoY0MzlJ4xn/dlZLh8Ry
-aX0oBrsDGB8AMclTaSbFpgI7dEUCL1Pm7GliQYD/qI+7Lv+gCm7JKBWbJD/W8hra
-FybBPpWRntbP3ZYNPw1QZCvw6/9bUq74Euo9uuNahfQE/Bn7y4XqaF6MoEguDcF5
-eBOv6gelqg4HXQZCo/qkeUEGCpMR3iQl5Bjq8ex/6fiAqb7r64wDhckSHkhTo469
-7C5Cxq+Jc1kQDwVtGpDt9DDgpb+gFlTDN/pF3oguakDZ
+MIIDqTCCApGgAwIBAgIUIhCiQjOm2jsKK+eW9xynGc/kVqEwDQYJKoZIhvcNAQEL
+BQAwZDELMAkGA1UEBhMCVVMxEjAQBgNVBAgMCVdpc2NvbnNpbjERMA8GA1UEBwwI
+RnJhbmtsaW4xFjAUBgNVBAoMDWNvZGVkZXBlbmRhbnQxFjAUBgNVBAMMDXJlZ2lz
+dHJ5OjUwMDAwHhcNMjQwMzE1MTY0MjM0WhcNMjUwMzE1MTY0MjM0WjBkMQswCQYD
+VQQGEwJVUzESMBAGA1UECAwJV2lzY29uc2luMREwDwYDVQQHDAhGcmFua2xpbjEW
+MBQGA1UECgwNY29kZWRlcGVuZGFudDEWMBQGA1UEAwwNcmVnaXN0cnk6NTAwMDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJhjGQdJVl94Cjphf4+uPSJA
+o2vo5eCD1mTU0qgA/0Oar9Z27IS274WMXv+fiYiTSgICrSBPu8rqnKPsE8ps3mMs
+K7ZCvzKX3dwS/XL3qdtoqu+Z7aMt6EbyR0PddpApWTHucmR2ZFluIbxt+BGJabtL
+LaboDXK8t37vs036mwjKxn16fnaVIsqZtbpmFnxXge8uJrMHufMrqw4L/4oVl0ar
+J2J0eJfyE6fPOxkwc7INUcnIP5ZqEn5xJrTI7DjwfE/M9qArdoieOo+4UNEpxhdY
+wm99IDLGkKyVUEIYKR7FG9fmedcCqdz+JKQoR/gBFAm2P2XXZQUcYc3MdhB14l8C
+AwEAAaNTMFEwHQYDVR0OBBYEFCdItgsrVNAQxNOxJ1oLK0n4feCbMB8GA1UdIwQY
+MBaAFCdItgsrVNAQxNOxJ1oLK0n4feCbMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAE1jZt3Mgv2FkTncd5GoXFfH7zJp6d/Yq1JTckpdDLndviV/
+j+q5cK1xxMFLMqqEbya8qMfrc7DeyZCTZiFZQ0BiQfR6zKm83ZsJ16aEaR8zVvRu
+gdfrj9jlWZvTYpWM5G6bPTMGtcYwPBjPd/zSR+xbMSlHk5JeCSE/17evSc3Jd6i9
+m7OR0SHfQD82us5VZEfZKqXUwn9frE0cLJ0PuEPOQq5914QBzrr99UWF6XMeURD0
+9MZP+y9MhNK5ltTxI4wIhVNbyPFV+9g0Xfbfo8yV5evN0veUlMHwVAfm4xhMrqoW
+z+kBlf7dGTzAHdqRI2KhI1nA3mrykaCe/WX2wuU=
 -----END CERTIFICATE-----
diff --git a/compose/certs/server.key b/compose/certs/server.key
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRg74DHZd3zIyO
-+Yy6eWXNt1CfO17iEGauCE8xWulsdoxh1g5cphA7lICsdrMTm/2pAMnqXCg/i8Zd
-2gqDkNbwk1CnMbB/zTTscMnRRLnNVp6Bm1IPtO42IiNo17ZhVBgMMol+pGWj0ytZ
-NyNgd+rTYS1VjIRnWl8jEKWlyEBFLRxEsBYxuv15dUiWb76XZmi8201SIwJNM82r
-qCoLQqb/StJIGT1SHtKuFi/FYNaZ1kqoQdUWQk/nLo8zt9Ml31tTebEBcShAkB2h
-qT/eo0loEuGr1OVovvBSkCPf+tHit+dstmtL/5EnQGeQOXIadD/F8DKLCukLqWj5
-X6F3Cn7NAgMBAAECggEAAyEmONqGYpbMAFm4EVP9YjaArjQ0krNfLpkiAlvNh0jO
-XYAVRwCAVxIniYvyA6hi6v/qRDAmthZIJarmA84+y6lOUoUCkid2SNQsIOOs08/y
-qP8b2W9g1y7+MOjMnlpjdpEtrmuAYiimFIcnOzUSAqDIYidUa00gBSsl55qct9Ec
-WF0QlnCPexUpnuVw3n2v9fmFqFY9jvcTXk5mMsQ+EVAOClYPDIDycB6iXZe4Us5A
-yM6IatmQTbSduu80y83atMriFWupG8ckXvVe88J5WdE4TbmEIvZhxXDEFbcugJ7r
-m6V9uWTkuwKYeaAIHP5zeNmdZLjR+O+f6xJ4vCtx6QKBgQDoyK9ZXS4gw4/wdCii
-mXLhFro4+GDdpX/b5ng/NzcEv0FuTXzSHoZq+hW/AjSBaYisplaGm7IcUOk3z8mN
-gUELqzKqQFovce/ft3Azo3Tj4OJgjw4+0iaXtW/x6pWHm827XdtK+KtYVlPgDzXA
-2x3LMA7fMzrvmgKaKdPKlNdfaQKBgQDmaPUtrBX7P5a/9hDc8QNt70Uy/A3g9Nuh
-CXswPRSXJKeZ4RZmvU4bXggz24l0Gx9T2k3Wq7uYLXJcPKerIR/5wVwAa5kcY5ny
-ymhRY6BM6ciK+iwtE8SiJUFxwD0c00fSQRWQlqNRqc7JN4b/PLSssEU0IoRH3+XT
-v/MZuo4bxQKBgQC/3Kip/yMF3inFBfh4DAGjhBf43L758G5x0INLlzbBsuE7CKLY
-jFA92+IQjMC56UG9C1xFlg43SHjwh1KYTvBNrc0UhfXPJRmQSqEv7olpSPFMpJwZ
-Kxyj7edWfQLBwqjOxYz5Pfv70ytOgTrMuczUq8eWL6Nj2IxMhC0Ly6G4AQKBgBzt
-aHrHdCsLHL4VAqD6kVeoBqQUCRoJI9nf+ttfj8o6C+DB5bIYakn9UEJSebtd/Fzm
-t4cQIIlGi2kRJGvTyNPudsKGv75UsutMhjRRsbp2T3tDVXCDXtiMnN7PJ90KmaXI
-DhENGIwUKaYRlp1M3dIgf0/AVaNAdPZUzwyX42eRAoGAXRNc6+k9ZBXFriCNGX13
-ynWKyJkTzFEZk7kkxbKdukc+wP8FBQcO1K6m79ddo8AEao8W1/3ApD9WTDgBNKAU
-eYqrL9L67AWtNf9RlzY3EsohZZYkZJeia+u7czPOfHy2xfQLJfaHEEkwwIS3q+r6
-o4ofAuctHFrpxsxEYBt55pc=
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCYYxkHSVZfeAo6
+YX+Prj0iQKNr6OXgg9Zk1NKoAP9Dmq/WduyEtu+FjF7/n4mIk0oCAq0gT7vK6pyj
+7BPKbN5jLCu2Qr8yl93cEv1y96nbaKrvme2jLehG8kdD3XaQKVkx7nJkdmRZbiG8
+bfgRiWm7Sy2m6A1yvLd+77NN+psIysZ9en52lSLKmbW6ZhZ8V4HvLiazB7nzK6sO
+C/+KFZdGqydidHiX8hOnzzsZMHOyDVHJyD+WahJ+cSa0yOw48HxPzPagK3aInjqP
+uFDRKcYXWMJvfSAyxpCslVBCGCkexRvX5nnXAqnc/iSkKEf4ARQJtj9l12UFHGHN
+zHYQdeJfAgMBAAECggEAANoj8NJKOnyz84njXVEutSGXiFkCDFR7EDnxw+EANxQ6
+SkkvScs6NreP5G3m0QuxRFE2DBZoL2uO9mg6I9Y74GH06jeo7nEG0uauaqrCqnVa
+ggJ736FAr9q9gL4/JnpI+sxuVzCKBel2vim6ubdx/dgN+X8nWwfkUbe5jJ5HQnRz
+eiuUUhaaIZ6KUYLgyduqdXNR3B9NGWYjTp6E8gEjP7WegGA+els91UxYHTalhhm1
+GGT44MyefbPaT3iroZZf4ex+a2wW82eexzpMmMi+ax6TTsqlmWRWdbd6jY9nSQeb
+EyNue6RGmJ3ePijeqogtNuvorWX/ZBVUo0hn7jvFOQKBgQDKbfLoM3KEWDjsL3HY
+Ogi0m00o4hTjsPF5DDRSvP/Cn8d6n9heGHAImTn0q1fvUDM1AQYRd+a71PZ/8xDK
+HTb//q0At2QZTAFkJnYzGiH91FN/v7VJ6MfsS6FA6OWZcj8wCpBmbzQ0djoy0RWj
+fOq61tq6mnQ3sIHkh2J7ZvDycwKBgQDAtumOHJT7tpnVYeGLkI4yTh57J9SY8rR2
+fw2VDoGDBt72q+vXe3dK5rALdBEw6u9OH/BH/GbeAU3vLkoPrCMDTb3gFGLKPWDF
+5D6PPjhybyCgCaXA7rabfgKKmCUp5LeV9uVz2WADPP41tJVZUHHxsjxXIGuFSvi1
+8UB5oiMZZQKBgGlQqn+DxKB2BadbR69nAgB0i8ApXxTWicqgPtiM28M1vWJepwLN
+U/wlO7G/MxCeeQWqcq3D45b1RQlsO9/rMyIcLYWh48IFePPRzsznW6fjP03HP1ok
+cV7OOia7BDjA537nABlK4a4plD276bYU10o9Xa6XjL8sZWevx9zLwa9hAoGAITRi
+8ZWDJgvEXbvLvNxfY9OJ9PZb7y6CYZhqorApKIZajG366NnhKAqvconBHIieSvu9
+zulyX/Yhk4CKSkECl2MhwCZDD02cCvzUuqGh4DW9jVWcNa3r0MbZcT/dx2YdK72q
+s1dU77nmoyJGSWlO+LIZK3nujLzqNY8n6M1C9vECgYB01R0KZZxYmHRRoLSywWqg
+1XHGk7YDXuWW7BNc4Ury023od6W+C07XEmw0rN7deubLZ+8oa7NEPKJid0K1q4HZ
+f8oGTIYA0y7lLjCbYNhHafjr/iOyY/ElaHAKHtnD/EGwP2V3JLw4VTm6Jx4HtR9U
+hpS4211uPw+qovrzCulLuA==
 -----END PRIVATE KEY-----
diff --git a/compose/test.yml b/compose/test.yml
@@ -1,19 +1,11 @@
 version: '2.4'
 services:
-  docker:
-    privileged: true
-    image: docker:stable-dind
-    environment:
-      DOCKER_TLS_CERTDIR: ''
-    command: [
-      "--insecure-registry=registry:5000"
-    ]
-
   semantic-release:
     build:
       context: ../
     environment:
       DOCKER_HOST: tcp://docker:2375
+      DOCKER_BUILDKIT: 1
       TEST_DOCKER_REGISTRY: registry:5000
     command: npm run tap
     depends_on:

diff --git a/lib/build-config.js b/lib/build-config.js
@@ -21,6 +21,7 @@ async function buildConfig(build_id, config, context) {
   , dockerRegistry: registry = null
   , dockerLogin: login = true
   , dockerImage: image
+  , dockerPlatform: platform = null
   , dockerPublish: publish = true
   , dockerContext = '.'
   , dockerVerifyCmd: verifycmd = null
@@ -75,5 +76,6 @@ async function buildConfig(build_id, config, context) {
   , network: network
   , quiet: typeCast(quiet) === true
   , clean: typeCast(clean) === true
+  , platform: array.toArray(platform)
   }
 }