Build images using Docker CE 19.03 and BuildKit (#293)

Switching to BuildKit has many advantages: * openHAB images are now based on the official Debian and Alpine Docker images instead of the multiarch images which: * fixes wrong architectures of non-amd64 images * improves security because these official images are reviewed by a dedicated team sponsored by Docker * allows for upgrading Alpine to 3.11 because of an issue the multiarch armhf image does not exist * makes it possible to use the Debian "slim" image to further reduce the size of Debian images * Multi architecture manifests are now generated automatically so we can remove the code for generating these and pushing them with manifest-tool * Further reduces build times because images for different architectures are build in parallel There is now a single Dockerfile per image instead of one for each architecture. BuildKit does not provide a way to also generate tags containing architectures so these tags will no longer be generated. Furthermore the Travis configuration has been updated so it will also automatically sync the README.md to Docker Hub. Fixes #184 Signed-off-by: Wouter Born <github@maindrain.net>
openhab · May 5, 2020 · df45177 · df45177
1 parent 1e5d325
commit df45177
Show file tree

Hide file tree

Showing 111 changed files with 433 additions and 6,705 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -11,29 +11,39 @@ language: shell
 branches:
   only:
     - master
-services:
-  - docker
 before_install:
   - set -e
-  - ./update-docker-files.sh
-  - ./install-manifest-tool.sh
+  # Configure environment so changes are picked up when the Docker daemon is restarted after upgrading
+  - echo '{"experimental":true}' | sudo tee /etc/docker/daemon.json
+  - export DOCKER_CLI_EXPERIMENTAL=enabled
+  - docker run --rm --privileged docker/binfmt:a7996909642ee92942dcd6cff44b9b95f08dad64
+  # Upgrade to Docker CE 19.03 for BuildKit support
+  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+  - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+  - sudo apt-get update
+  - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce=5:19.03.8~3-0~ubuntu-bionic # pin version for reproducibility
+  # Show info to simplify debugging and create a builder
   - docker info
-  - docker run --rm --privileged multiarch/qemu-user-static:register --reset
+  - docker buildx create --name builder --use
+  - docker buildx ls
+  # Prepare openHAB container build
+  - ./update-docker-files.sh
   - source ./update-functions.sh
   - validate_readme_constraints
-  - ARCHES="$(arches $VERSION $DIST)"
 install:
-  - for ARCH in $ARCHES; do
-        docker build --build-arg VCS_REF=$TRAVIS_COMMIT --build-arg BUILD_DATE=$(date +"%Y-%m-%dT%H:%M:%SZ") --build-arg VERSION=$VERSION -f $VERSION/$DIST/Dockerfile-$ARCH -t $DOCKER_REPO:$VERSION-$ARCH-$DIST $VERSION/$DIST;
-        docker run --rm $DOCKER_REPO:$VERSION-$ARCH-$DIST uname -a;
-    done
-after_success:
+  - build_arg_options="--build-arg BUILD_DATE=$(date +"%Y-%m-%dT%H:%M:%SZ") --build-arg VCS_REF=$TRAVIS_COMMIT --build-arg VERSION=$VERSION"
+  - tags=$(tags $VERSION $DIST)
+  - tag_options=${tags//$(docker_repo)/--tag $(docker_repo)}
+  - build_options="$build_arg_options --platform $(platforms $VERSION $DIST) $tag_options --progress plain"
+  - path="$VERSION/$DIST"
   - if [ "$TRAVIS_BRANCH" == "master" ] && [ "$TRAVIS_PULL_REQUEST" == "false" ]; then
         echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin;
-        for ARCH in $ARCHES; do
-            docker push $DOCKER_REPO:$VERSION-$ARCH-$DIST;
-        done;
-        manifest-tool push from-spec $VERSION/$DIST/manifest.yml;
+        docker buildx build $build_options --push $path;
+        if [ "${SYNC_README:=false}" == "true" ] && [ "$VERSION" == "$(last_stable_version)" ] && [ "$DIST" == "debian" ]; then
+            ./sync-docker-hub-readme.sh;
+        fi
+    else
+        docker buildx build $build_options $path;
     fi
 jobs:
   fast_finish: true

diff --git a/1.8.3/alpine/Dockerfile-amd64 → 1.8.3/alpine/Dockerfile b/1.8.3/alpine/Dockerfile-amd64 → 1.8.3/alpine/Dockerfile
@@ -6,11 +6,10 @@
 #                       PLEASE DO NOT EDIT IT DIRECTLY.
 # ------------------------------------------------------------------------------
 #
-FROM multiarch/alpine:amd64-v3.10
+FROM alpine:3.11.5
 
 # Set download urls
 ENV \
-    JAVA_URL="https://cdn.azul.com/zulu/bin/zulu8.42.0.23-ca-jdk8.0.232-linux_x64.tar.gz" \
     JAVA_VERSION="8" \
     OPENHAB_URL="https://bintray.com/artifact/download/openhab/bin/distribution-1.8.3-runtime.zip" \
     OPENHAB_VERSION="1.8.3"
@@ -53,7 +52,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \
     maintainer="openHAB <info@openhabfoundation.org>"
 
 # Install basepackages
-RUN apk upgrade --no-cache && \
+RUN apk update --no-cache && \
     apk add --no-cache \
         arping \
         bash \

diff --git a/1.8.3/alpine/Dockerfile-arm64 b/1.8.3/alpine/Dockerfile-arm64
diff --git a/1.8.3/alpine/Dockerfile-armhf b/1.8.3/alpine/Dockerfile-armhf
diff --git a/1.8.3/alpine/manifest.yml b/1.8.3/alpine/manifest.yml
diff --git a/1.8.3/debian/Dockerfile-arm64 → 1.8.3/debian/Dockerfile b/1.8.3/debian/Dockerfile-arm64 → 1.8.3/debian/Dockerfile
@@ -6,11 +6,10 @@
 #                       PLEASE DO NOT EDIT IT DIRECTLY.
 # ------------------------------------------------------------------------------
 #
-FROM multiarch/debian-debootstrap:arm64-buster
+FROM debian:10.3-slim
 
 # Set download urls
 ENV \
-    JAVA_URL="https://cdn.azul.com/zulu-embedded/bin/zulu8.42.0.195-ca-jdk1.8.0_232-linux_aarch64.tar.gz" \
     JAVA_VERSION="8" \
     OPENHAB_URL="https://bintray.com/artifact/download/openhab/bin/distribution-1.8.3-runtime.zip" \
     OPENHAB_VERSION="1.8.3"
@@ -77,8 +76,16 @@ RUN apt-get update && \
 # Install java
 ENV JAVA_HOME='/usr/lib/jvm/default-jvm'
 # Limit JDK crypto policy by default to comply with local laws which may prohibit use of unlimited strength cryptography
-RUN wget -nv -O /tmp/java.tar.gz "${JAVA_URL}" && \
-    mkdir -p "${JAVA_HOME}" && \
+RUN mkdir -p "${JAVA_HOME}" && \
+    zulu8_amd64_url='https://cdn.azul.com/zulu/bin/zulu8.42.0.23-ca-jdk8.0.232-linux_x64.tar.gz' && \
+    zulu8_armhf_url='https://cdn.azul.com/zulu-embedded/bin/zulu8.42.0.195-ca-jdk1.8.0_232-linux_aarch32hf.tar.gz' && \
+    zulu8_arm64_url='https://cdn.azul.com/zulu-embedded/bin/zulu8.42.0.195-ca-jdk1.8.0_232-linux_aarch64.tar.gz' && \
+    zulu11_amd64_url='https://cdn.azul.com/zulu/bin/zulu11.37.17-ca-jdk11.0.6-linux_x64.tar.gz' && \
+    zulu11_armhf_url='https://cdn.azul.com/zulu-embedded/bin/zulu11.37.48-ca-jdk11.0.6-linux_aarch32hf.tar.gz' && \
+    zulu11_arm64_url='https://cdn.azul.com/zulu-embedded/bin/zulu11.37.48-ca-jdk11.0.6-linux_aarch64.tar.gz' && \
+    url_var="zulu${JAVA_VERSION}_$(dpkg --print-architecture)_url" && \
+    eval "java_url=\$$url_var" && \
+    wget -nv -O /tmp/java.tar.gz "${java_url}" && \
     tar --exclude='demo' --exclude='sample' --exclude='src.zip' -xf /tmp/java.tar.gz --strip-components=1 -C "${JAVA_HOME}" && \
     if [ "${JAVA_VERSION}" = "8" ]; then \
         sed -i 's/^#crypto.policy=unlimited/crypto.policy=limited/' "${JAVA_HOME}/jre/lib/security/java.security"; \