diff --git a/Dockerfile.arm64v8 b/Dockerfile.arm64v8 deleted file mode 100644 index f0ace77..0000000 --- a/Dockerfile.arm64v8 +++ /dev/null @@ -1,30 +0,0 @@ -FROM arm64v8/alpine:3.11.3 AS build - -COPY relay /relay - -RUN \ - apk add binutils && \ - strip /relay - -FROM arm64v8/alpine:3.11.3 - -ARG UID=991 -ARG GID=991 - -RUN \ - apk add tini && \ - echo "Etc/UTC" > /etc/localtime && \ - mkdir -p /opt/relay && \ - addgroup --gid $GID relay && \ - adduser -D -u $UID -G relay -h /opt/relay relay && \ - echo "relay:`head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 | mkpasswd -s -m sha-256`" | chpasswd && \ - chown -R relay:relay /opt/relay - -COPY --from=build /relay /usr/bin/relay - -USER relay - -EXPOSE 8080 - -ENTRYPOINT ["/sbin/tini", "--"] -CMD ["relay"] diff --git a/build.sh b/build.sh deleted file mode 100755 index 98a1346..0000000 --- a/build.sh +++ /dev/null @@ -1,80 +0,0 @@ -#!/usr/bin/env bash - -BUILD_DATE=$(date) -VERSION=$1 -MIGRATIONS=$2 - -function require() { - if [ "$1" = "" ]; then - echo "input '$2' required" - print_help - exit 1 - fi -} - -function print_help() { - echo "build.sh" - echo "" - echo "Usage:" - echo " build.sh [version] [migrations]" - echo "" - echo "Args:" - echo " version: The version of the current container" - echo " migrations: (optional) Whether to build the migrations container as well" -} - -require "$VERSION" "version" - -if ! docker run --rm -it arm64v8/ubuntu:19.10 /bin/bash -c 'echo "docker is configured correctly"'; then - echo "docker is not configured to run on qemu-emulated architectures, fixing will require sudo" - sudo docker run --rm --privileged multiarch/qemu-user-static --reset -p yes -fi - -if ! which cross; then - cargo intall cross -fi - -set -xe - -cross build \ - --target aarch64-unknown-linux-musl \ - --release - -mkdir -p artifacts -rm -rf artifacts/relay -cp ./target/aarch64-unknown-linux-musl/release/relay artifacts/relay - -docker build \ - --pull \ - --no-cache \ - --build-arg BUILD_DATE="${BUILD_DATE}" \ - --build-arg TAG="${TAG}" \ - -f Dockerfile.arm64v8 \ - -t "asonix/relay:${VERSION}-arm64v8" \ - -t "asonix/relay:latest-arm64v8" \ - -t "asonix/relay:latest" \ - ./artifacts - -docker push "asonix/relay:${VERSION}-arm64v8" -docker push "asonix/relay:latest-arm64v8" -docker push "asonix/relay:latest" - -if [ "${MIGRATIONS}" = "migrations" ]; then - rm -rf artifacts/migrations - cp -r ./migrations artifacts/migrations - - docker build \ - --pull \ - --no-cache \ - --build-arg BUILD_DATE="${BUILD_DATE}" \ - --build-arg TAG="${TAG}" \ - -f Dockerfile.migrations.arm64v8 \ - -t "asonix/relay-migrations:${VERSION}-arm64v8" \ - -t "asonix/relay-migrations:latest-arm64v8" \ - -t "asonix/relay-migrations:latest" \ - ./artifacts - - docker push "asonix/relay-migrations:${VERSION}-arm64v8" - docker push "asonix/relay-migrations:latest-arm64v8" - docker push "asonix/relay-migrations:latest" -fi diff --git a/docker/prod/Dockerfile.amd64 b/docker/prod/Dockerfile.amd64 new file mode 100644 index 0000000..062c874 --- /dev/null +++ b/docker/prod/Dockerfile.amd64 @@ -0,0 +1,72 @@ +FROM rustembedded/cross:x86_64-unknown-linux-musl AS amd64-builder + +ARG UID=991 +ARG GID=991 + +ENV TOOLCHAIN=stable +ENV TARGET=x86_64-unknown-linux-musl +ENV TOOL=x86_64-linux-musl + +RUN \ + apt-get update && \ + apt-get upgrade -y + +RUN \ + addgroup --gid "${GID}" build && \ + adduser \ + --disabled-password \ + --gecos "" \ + --ingroup build \ + --uid "${UID}" \ + --home /opt/build \ + build + +ADD https://sh.rustup.rs /opt/build/rustup.sh + +RUN \ + chown -R build:build /opt/build + +USER build +WORKDIR /opt/build + +ENV PATH="$PATH:/opt/build/.cargo/bin" + +RUN \ + chmod +x rustup.sh && \ + ./rustup.sh --default-toolchain $TOOLCHAIN --profile minimal -y && \ + rustup target add $TARGET + +FROM amd64-builder as builder + +ARG TAG=master +ARG REPOSITORY=https://git.asonix.dog/asonix/ap-relay +ARG BINARY=relay + +RUN \ + git clone -b $TAG $REPOSITORY repo + +WORKDIR /opt/build/repo + +RUN \ + cargo build --release --target $TARGET && \ + $TOOL-strip target/$TARGET/release/$BINARY + +FROM amd64/alpine:3.12 + +ARG UID=991 +ARG GID=991 +ARG BINARY=relay + +RUN \ + apk add tini && \ + addgroup --gid $GID relay && \ + adduser -D -G relay -u $UID -g "" -h /opt/relay relay && \ + chown -R relay:relay /opt/relay + +COPY --from=build /relay /usr/bin/relay + +EXPOSE 8080 +WORKDIR /opt/relay +USER relay +ENTRYPOINT ["/sbin/tini", "--"] +CMD ["relay"] diff --git a/docker/prod/Dockerfile.arm32v7 b/docker/prod/Dockerfile.arm32v7 new file mode 100644 index 0000000..32dd90f --- /dev/null +++ b/docker/prod/Dockerfile.arm32v7 @@ -0,0 +1,72 @@ +FROM rustembedded/cross:arm-unknown-linux-musleabihf AS arm32v7-builder + +ARG UID=991 +ARG GID=991 + +ENV TOOLCHAIN=stable +ENV TARGET=arm-unknown-linux-musleabihf +ENV TOOL=arm-linux-musleabihf + +RUN \ + apt-get update && \ + apt-get upgrade -y + +RUN \ + addgroup --gid "${GID}" build && \ + adduser \ + --disabled-password \ + --gecos "" \ + --ingroup build \ + --uid "${UID}" \ + --home /opt/build \ + build + +ADD https://sh.rustup.rs /opt/build/rustup.sh + +RUN \ + chown -R build:build /opt/build + +USER build +WORKDIR /opt/build + +ENV PATH="$PATH:/opt/build/.cargo/bin" + +RUN \ + chmod +x rustup.sh && \ + ./rustup.sh --default-toolchain $TOOLCHAIN --profile minimal -y && \ + rustup target add $TARGET + +FROM arm32v7-builder as builder + +ARG TAG=master +ARG REPOSITORY=https://git.asonix.dog/asonix/ap-relay +ARG BINARY=relay + +RUN \ + git clone -b $TAG $REPOSITORY repo + +WORKDIR /opt/build/repo + +RUN \ + cargo build --release --target $TARGET && \ + $TOOL-strip target/$TARGET/release/$BINARY + +FROM arm32v7/alpine:3.12 + +ARG UID=991 +ARG GID=991 +ARG BINARY=relay + +RUN \ + apk add tini && \ + addgroup --gid $GID relay && \ + adduser -D -G relay -u $UID -g "" -h /opt/relay relay && \ + chown -R relay:relay /opt/relay + +COPY --from=build /relay /usr/bin/relay + +EXPOSE 8080 +WORKDIR /opt/relay +USER relay +ENTRYPOINT ["/sbin/tini", "--"] +CMD ["relay"] diff --git a/docker/prod/Dockerfile.arm64v8 b/docker/prod/Dockerfile.arm64v8 new file mode 100644 index 0000000..5506091 --- /dev/null +++ b/docker/prod/Dockerfile.arm64v8 @@ -0,0 +1,72 @@ +FROM rustembedded/cross:aarch64-unknown-linux-musl AS aarch64-builder + +ARG UID=991 +ARG GID=991 + +ENV TOOLCHAIN=stable +ENV TARGET=aarch64-unknown-linux-musl +ENV TOOL=aarch64-linux-musl + +RUN \ + apt-get update && \ + apt-get upgrade -y + +RUN \ + addgroup --gid "${GID}" build && \ + adduser \ + --disabled-password \ + --gecos "" \ + --ingroup build \ + --uid "${UID}" \ + --home /opt/build \ + build + +ADD https://sh.rustup.rs /opt/build/rustup.sh + +RUN \ + chown -R build:build /opt/build + +USER build +WORKDIR /opt/build + +ENV PATH="PATH:/opt/build/.cargo/bin" + +RUN \ + chmod +x rustup.sh && \ + ./rustup.sh --default-toolchain $TOOLCHAIN --profile minimal -y && \ + rustup target add $TARGET + +FROM aarch64-builder as builder + +ARG TAG=master +ARG REPOSITORY=https://git.asonix.dog/asonix/ap-relay +ARG BINARY=relay + +RUN \ + git clone -b $TAG $REPOSITORY repo + +WORKDIR /opt/build/repo + +RUN \ + cargo build --release --target $TARGET && \ + $TOOL-strip target/$TARGET/release/$BINARY + +FROM arm64v8/alpine:3.12 + +ARG UID=991 +ARG GID=991 +ARG BINARY=relay + +RUN \ + apk add tini && \ + addgroup --gid $GID relay && \ + adduser -D -G relay -u $UID -g "" -h /opt/relay relay && \ + chown -R relay:relay /opt/relay + +COPY --from=build /relay /usr/bin/relay + +EXPOSE 8080 +WORKDIR /opt/relay +USER relay +ENTRYPOINT ["/sbin/tini", "--"] +CMD ["relay"] diff --git a/Dockerfile.migrations.arm64v8 b/docker/prod/Dockerfile.migrations.arm64v8 similarity index 100% rename from Dockerfile.migrations.arm64v8 rename to docker/prod/Dockerfile.migrations.arm64v8 diff --git a/docker/prod/deploy.sh b/docker/prod/deploy.sh new file mode 100755 index 0000000..505956c --- /dev/null +++ b/docker/prod/deploy.sh @@ -0,0 +1,72 @@ +#!/usr/bin/env bash + +TAG=$1 +MIGRATIONS=$2 + +function require() { + if [ "$1" = "" ]; then + echo "input '$2' required" + print_help + exit 1 + fi +} + +function print_help() { + echo "build.sh" + echo "" + echo "Usage:" + echo " build.sh [tag] [migrations]" + echo "" + echo "Args:" + echo " tag: The git tag to create and publish" + echo " migrations: (optional) Whether to build the migrations container as well" +} + +function build_image() { + repo=$1 + tag=$2 + arch=$3 + + docker build \ + --pull \ + --build-arg TAG="${tag}" \ + -f "Dockerfile.${arch}" \ + -t "${repo}:${tag}-${arch}" \ + -t "${repo}:latest-${arch}" \ + ./artifacts + + docker push "${repo}:${tag}-arm64v8" + docker push "${repo}:latest-arm64v8" +} + +require "$TAG" "tag" + +if ! docker run --rm -it arm64v8/ubuntu:19.10 /bin/bash -c 'echo "docker is configured correctly"'; then + echo "docker is not configured to run on qemu-emulated architectures, fixing will require sudo" + sudo docker run --rm --privileged multiarch/qemu-user-static --reset -p yes +fi + +set -xe + +git checkout master +git commit -m "Version $TAG" +git tag $TAG + +git push origin $TAG +git push + +build_image "asonix/relay" "$TAG" "arm64v8" +build_image "asonix/relay" "$TAG" "arm32v7" +build_image "asonix/relay" "$TAG" "amd64" + +./manifest.sh "asonix/relay" "$TAG" +./manifest.sh "asonix/relay" "latest" + +if [ "${MIGRATIONS}" = "migrations" ]; then + build_image "asonix/relay-migrations" "$TAG" arm64v8 + build_image "asonix/relay-migrations" "$TAG" arm32v7 + build_image "asonix/relay-migrations" "$TAG" amd64 + + ./manifest.sh "asonix/relay-migrations" "$TAG" + ./manifest.sh "asonix/relay-migrations" "latest" +fi diff --git a/docker/prod/manifest.sh b/docker/prod/manifest.sh new file mode 100755 index 0000000..1cf70ce --- /dev/null +++ b/docker/prod/manifest.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash + +function require() { + if [ "$1" = "" ]; then + echo "input '$2' required" + print_help + exit 1 + fi +} +function print_help() { + echo "deploy.sh" + echo "" + echo "Usage:" + echo " manifest.sh [tag]" + echo "" + echo "Args:" + echo " repo: The docker repository to push the manifest to" + echo " tag: The git tag to be applied to the image manifest" +} + +repo=$2 +tag=$2 + +require "$repo" "repo" +require "$tag" "tag" + +set -xe + +docker manifest create $repo:$tag \ + -a $repo:arm64v8-$tag \ + -a $repo:arm32v7-$tag \ + -a $repo:amd64-$tag + +docker manifest annotate $repo:$tag \ + $repo:arm64v8-$tag --os linux --arch arm64 --variant v8 + +docker manifest annotate $repo:$tag \ + $repo:arm32v7-$tag --os linux --arch arm --variant v7 + +docker manifest annotate $repo:$tag \ + $repo:amd64-$tag --os linux --arch amd64 + +docker manifest push $repo:$tag --purge