diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index df4f5143..66e3a9fd 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -18,6 +18,12 @@ jobs: - name: Check out code uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Log in to the Container registry uses: docker/login-action@v3 with: @@ -31,4 +37,8 @@ jobs: TAG_NAME: edge run: |- REPO=${{ env.REPO }} VERSION=${{ env.TAG_NAME }} make plugin + docker plugin push "${{ env.REPO }}:${{ env.TAG_NAME }}-linux-amd64" + docker plugin push "${{ env.REPO }}:${{ env.TAG_NAME }}-linux-arm64" docker plugin push "${{ env.REPO }}:${{ env.TAG_NAME }}" + + # docker does not currently support multi-arch plugins so we cannot create a list manifest \ No newline at end of file diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml index b1ceec50..b3072f4d 100644 --- a/.github/workflows/pull-request.yaml +++ b/.github/workflows/pull-request.yaml @@ -10,7 +10,11 @@ jobs: steps: - name: Check out code uses: actions/checkout@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - name: Build (Linux) run: make build diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index eccc3180..0af8d043 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -18,6 +18,12 @@ jobs: - name: Check out code uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Set TAG_NAME in Environment # Subsequent jobs will be have the computed tag name run: echo "TAG_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV @@ -34,4 +40,6 @@ jobs: REPO: ghcr.io/${{ github.repository }} run: |- REPO=${{ env.REPO }} VERSION=${{ env.TAG_NAME }} make plugin - docker plugin push "${{ env.REPO }}:${{ env.TAG_NAME }}" + docker plugin push "${{ env.REPO }}:${{ env.TAG_NAME }}-linux-amd64" + docker plugin push "${{ env.REPO }}:${{ env.TAG_NAME }}-linux-arm64" + docker plugin push "${{ env.REPO }}:${{ env.TAG_NAME }}" \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index f405697a..52d63f5b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,11 +2,13 @@ FROM alpine:latest as certs RUN apk --update add ca-certificates FROM scratch +ARG TARGETOS +ARG TARGETARCH LABEL maintainer="Torin Sandall " COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt -COPY opa-docker-authz /opa-docker-authz +COPY opa-docker-authz-${TARGETOS}-${TARGETARCH} /opa-docker-authz ENTRYPOINT ["/opa-docker-authz"] diff --git a/Makefile b/Makefile index 9c4bbcd7..77b404e3 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ .PHONY: all build VERSION ?= 0.8 -GO_VERSION := 1.21.4 +GO_VERSION := 1.22.0 GOLANGCI_LINT_VERSION := v1.55.2 REPO ?= openpolicyagent/opa-docker-authz-v2 diff --git a/build.sh b/build.sh index 27c44b4d..7674e7e2 100755 --- a/build.sh +++ b/build.sh @@ -7,10 +7,23 @@ OPA_VERSION=$(go list -m -f '{{.Version}}' github.com/open-policy-agent/opa) echo "Building opa-docker-authz version: $VERSION (OPA version: $OPA_VERSION)" -echo -e "\nBuilding opa-docker-authz ..." -CGO_ENABLED=0 go build -ldflags \ - "-X github.com/open-policy-agent/opa-docker-authz/version.Version=$VERSION -X github.com/open-policy-agent/opa-docker-authz/version.OPAVersion=$OPA_VERSION" \ - -buildvcs=false \ - -o opa-docker-authz + +platforms=("linux/amd64" "linux/arm64") +for platform in "${platforms[@]}" +do + platform_split=(${platform//\// }) + GOOS=${platform_split[0]} + GOARCH=${platform_split[1]} + + echo -e "\nBuilding opa-docker-authz for $platform ..." + CGO_ENABLED=0 GOOS=$GOOS GOARCH=$GOARCH go build -ldflags \ + "-X github.com/open-policy-agent/opa-docker-authz/version.Version=$VERSION -X github.com/open-policy-agent/opa-docker-authz/version.OPAVersion=$OPA_VERSION" \ + -buildvcs=false \ + -o opa-docker-authz-$GOOS-$GOARCH + if [ $? -ne 0 ]; then + echo 'An error has occurred! Aborting the script execution...' + exit 1 + fi +done echo -e "\n... done!" diff --git a/plugin.sh b/plugin.sh index eeda1383..6a7d1472 100755 --- a/plugin.sh +++ b/plugin.sh @@ -6,7 +6,7 @@ set -ex mkdir ./rootfs echo "Creating root filesystem for plugin ..." -docker image build -t rootfsimage . +docker image build --load -t rootfsimage . id=`docker container create rootfsimage true` docker container export "$id" | tar -x -C ./rootfs @@ -17,3 +17,29 @@ echo "Cleanup..." docker container rm -f "$id" > /dev/null docker image rm -f rootfsimage > /dev/null rm -rf ./rootfs + + +platforms=("linux/amd64" "linux/arm64") +for platform in "${platforms[@]}" +do + platform_split=(${platform//\// }) + GOOS=${platform_split[0]} + GOARCH=${platform_split[1]} + + [ -d ./rootfs ] && rm -rf ./rootfs + mkdir ./rootfs + + echo "Creating root filesystem for plugin ..." + docker buildx build --load --platform ${platform} -t rootfsimage-${GOOS}-${GOARCH} . + #docker image build -t rootfsimage . + id=`docker container create --platform ${platform} rootfsimage-${GOOS}-${GOARCH} true` + docker container export "$id" | tar -x -C ./rootfs + + echo "Creating plugin "${REPO}:${VERSION}-${GOOS}-${GOARCH}" ..." + docker plugin create "${REPO}:${VERSION}-${GOOS}-${GOARCH}" . + + echo "Cleanup..." + docker container rm -f "$id" > /dev/null + docker image rm -f rootfsimage-${GOOS}-${GOARCH} > /dev/null + rm -rf ./rootfs +done \ No newline at end of file