Add multi-arch Docker image support

Signed-off-by: Marco Franssen <marco.franssen@philips.com>
philips-labs · Mar 5, 2024 · 627190b · 627190b
1 parent 292d5e0
commit 627190b
Show file tree

Hide file tree

Showing 5 changed files with 91 additions and 18 deletions.
diff --git a/.github/workflows/golang.yml b/.github/workflows/golang.yml
@@ -103,6 +103,9 @@ jobs:
         run: |
           echo '${{ secrets.COSIGN_PRIVATE_KEY }}' > cosign.key
 
+      - name: Buildx builder
+        run: make container-builder
+
       - name: Release ${{ (!startsWith(github.ref, 'refs/tags/') && 'snapshot') || '' }}
         uses: goreleaser/goreleaser-action@v5
         with:

diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -39,10 +39,12 @@ dockers:
   - goos: linux
     goarch: amd64
     image_templates:
-      - "ghcr.io/philips-labs/{{ .ProjectName }}:v{{ .Version }}"
-      - "ghcr.io/philips-labs/{{ .ProjectName }}:{{ .FullCommit }}"
+      - "ghcr.io/philips-labs/{{ .ProjectName }}:v{{ .Version }}-amd64"
+      - "ghcr.io/philips-labs/{{ .ProjectName }}:{{ .FullCommit }}-amd64"
+    use: buildx
     build_flag_templates:
       - "--pull"
+      - "--platform=linux/amd64"
       - "--label=org.opencontainers.image.created={{.Date}}"
       - "--label=org.opencontainers.image.title={{.ProjectName}}"
       - "--label=org.opencontainers.image.description={{.ProjectName}}"
@@ -58,6 +60,41 @@ dockers:
       - ".gitignore"
       - "cmd"
       - "pkg"
+  - goos: linux
+    goarch: arm64
+    image_templates:
+      - "ghcr.io/philips-labs/{{ .ProjectName }}:v{{ .Version }}-arm64"
+      - "ghcr.io/philips-labs/{{ .ProjectName }}:{{ .FullCommit }}-arm64"
+    use: buildx
+    build_flag_templates:
+      - "--pull"
+      - "--platform=linux/arm64"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.description={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.licenses=MIT"
+      - "--label=org.opencontainers.image.vendor=Koninklijke Philips N.V."
+    extra_files:
+      - "Makefile"
+      - "go.mod"
+      - "go.sum"
+      - ".git"
+      - ".gitignore"
+      - "cmd"
+      - "pkg"
+
+docker_manifests:
+  - name_template: 'ghcr.io/philips-labs/{{ .ProjectName }}:v{{ .Version }}'
+    image_templates:
+    - 'ghcr.io/philips-labs/{{ .ProjectName }}:v{{ .Version }}-amd64'
+    - 'ghcr.io/philips-labs/{{ .ProjectName }}:v{{ .Version }}-arm64'
+  - name_template: 'ghcr.io/philips-labs/{{ .ProjectName }}:{{ .FullCommit }}'
+    image_templates:
+    - 'ghcr.io/philips-labs/{{ .ProjectName }}:{{ .FullCommit }}-amd64'
+    - 'ghcr.io/philips-labs/{{ .ProjectName }}:{{ .FullCommit }}-arm64'
+
 checksum:
   name_template: 'checksums.txt'
 

diff --git a/Dockerfile b/Dockerfile
@@ -1,23 +1,31 @@
-FROM golang:1.22-alpine AS builder
+ARG goversion=1.22
+FROM --platform=${BUILDPLATFORM} golang:${goversion}-alpine AS base
 RUN mkdir build
 WORKDIR /build
-COPY go.mod go.sum ./
-RUN go mod download
+RUN apk add --update --no-cache make git
+COPY go.* ./
+RUN --mount=type=cache,target=/go/pkg/mod go mod download
 COPY . .
-RUN apk add --no-cache make git
-RUN make build
 
-FROM vault:1.13.3 AS vault-binary
 
-FROM alpine:3.19.1 AS certs
-RUN apk add --no-cache ca-certificates
+FROM --platform=${BUILDPLATFORM} base AS builder
+ARG TARGETPLATFORM
+ARG TARGETARCH
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    make build
+
+FROM --platform=${BUILDPLATFORM} vault:1.13.3 AS vault-binary
+
+FROM --platform=${BUILDPLATFORM} alpine:3.19.1 AS certs
+RUN apk add --update --no-cache ca-certificates
 
 FROM busybox:1.36.1
+ENTRYPOINT [ "/usr/local/bin/spiffe-vault" ]
+ENV VAULT_ADDR=
 LABEL maintainer="marco.franssen@philips.com"
 RUN mkdir -p /app
 WORKDIR /app
-ENV VAULT_ADDR=
-COPY --from=certs /etc/ssl/certs /etc/ssl/certs
-COPY --from=builder build/bin/spiffe-vault /usr/local/bin/spiffe-vault
-COPY --from=vault-binary bin/vault /usr/local/bin/vault
-ENTRYPOINT [ "/usr/local/bin/spiffe-vault" ]
+COPY --link --from=certs /etc/ssl/certs /etc/ssl/certs
+COPY --link --from=builder build/bin/spiffe-vault /usr/local/bin/spiffe-vault
+COPY --link --from=vault-binary bin/vault /usr/local/bin/vault
diff --git a/Makefile b/Makefile
@@ -22,6 +22,9 @@ GO_BUILD_FLAGS := -trimpath -ldflags $(LDFLAGS)
 COMMANDS       := spiffe-vault
 
 GHCR_REPO := ghcr.io/philips-labs/spiffe-vault
+PLATFORMS ?= linux/amd64,linux/arm64
+DOCKER_HOST ?= unix:///var/run/docker.sock
+GO_VERSION ?= 1.22
 
 .PHONY: help
 help:
@@ -39,9 +42,15 @@ download: ## download dependencies via go mod
 .PHONY: build
 build: $(addprefix bin/,$(COMMANDS)) ## builds binaries
 
+.PHONY: container-builder
+container-builder:
+	@docker buildx create --platform $(PLATFORMS) --name container-builder --node container-builder0 --use --bootstrap
+
 .PHONY: image
-image: ## build the binary in a docker image
-	docker build \
+image: container-builder ## build the binary in a docker image
+	docker buildx build \
+		--platform $(PLATFORMS) \
+		--build-arg goversion=$(GO_VERSION) \
 		-t "$(GHCR_REPO):$(GIT_TAG)" \
 		-t "$(GHCR_REPO):$(GIT_HASH)" \
 		.

diff --git a/README.md b/README.md
@@ -15,12 +15,28 @@ Integrates [SPIFFE][spiffe] SVID authentication with [Hashicorp Vault][hashivaul
 [hashivault]: https://vaultproject.org "hashicorp Vault"
 [spiffe]: https://spiffe.io "SPIFFE"
 
-## Compile
+## Build
+
+### Compile
 
 ```bash
 make build
 ```
 
+### Docker
+
+Using the default `DOCKER_HOST` on your system (usually `unix:///var/run/docker.sock`), you can build the docker image with:
+
+```bash
+make image
+```
+
+Using e.g. the colima `DOCKER_HOST` (usually `unix:///Users/marco/.colima/default/docker.sock`), you can build the docker image with:
+
+```bash
+DOCKER_HOST=unix:///Users/marco/.colima/default/docker.sock make image
+```
+
 ## Use
 
 ### Basic