From 7f4ef1caaa91cf8266ed9536f856d4860362557c Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Wed, 17 Jan 2024 15:34:55 +0300 Subject: [PATCH 01/12] ci: build a multi-arch main image --- .github/workflows/ci.yaml | 80 ++++++++++++++++++++++++++------------- 1 file changed, 54 insertions(+), 26 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index cf2445b6774b4..469ce3373fc98 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -656,11 +656,9 @@ jobs: # are for amd64) needs: changes if: github.ref == 'refs/heads/main' && needs.changes.outputs.docs-only == 'false' - runs-on: ${{ github.repository_owner == 'coder' && 'buildjet-8vcpu-ubuntu-2204' || 'ubuntu-latest' }} - env: - DOCKER_CLI_EXPERIMENTAL: "enabled" + runs-on: ubuntu-latest outputs: - IMAGE: ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }} + IMAGE: ghcr.io/coder/coder-preview:${{ steps.build.outputs.tag }} steps: - name: Checkout uses: actions/checkout@v4 @@ -687,6 +685,7 @@ jobs: run: sudo apt-get install -y zstd - name: Build + id: build run: | set -euxo pipefail go mod download @@ -694,31 +693,60 @@ jobs: version="$(./scripts/version.sh)" make gen/mark-fresh make -j \ - build/coder_linux_amd64 \ + build/coder_linux_{amd64,arm64,armv7} \ build/coder_"$version"_windows_amd64.zip \ build/coder_"$version"_linux_amd64.{tar.gz,deb} - - - name: Build and Push Linux amd64 Docker Image - id: build-docker - run: | - set -euxo pipefail - version="$(./scripts/version.sh)" - tag="main-$(echo "$version" | sed 's/+/-/g')" - - export CODER_IMAGE_BUILD_BASE_TAG="$(CODER_IMAGE_BASE=coder-base ./scripts/image_tag.sh --version "$version")" - ./scripts/build_docker.sh \ - --arch amd64 \ - --target "ghcr.io/coder/coder-preview:$tag" \ - --version $version \ - --push \ - build/coder_linux_amd64 - - # Tag as main - docker tag "ghcr.io/coder/coder-preview:$tag" ghcr.io/coder/coder-preview:main - docker push ghcr.io/coder/coder-preview:main - - # Store the tag in an output variable so we can use it in other jobs + + # create base image tag + base_tag="coder-base:$version" + + # replace + with - in tag + base_tag="${base_tag/+/-}" + + # create image tag + tag="main-$version" + + # replace + with - in tag + tag="${tag/+/-}" + + # create an empty build directory + mkdir -p tmp + + # export version, base_tag, and tag as outputs + echo "version=$version" >> $GITHUB_OUTPUT + echo "base_tag=$base_tag" >> $GITHUB_OUTPUT echo "tag=$tag" >> $GITHUB_OUTPUT + + - name: Set up Depot + uses: depot/setup-action@v1 + + - name: Build multi arch base image + uses: depot/build-push-action@v1 + with: + project: 9rcqzb56rm + context: ./tmp + platforms: linux/amd64,linux/arm64,linux/arm/v7 + tags: ${{ steps.build.outputs.base_tag }} + file: ./scripts/Dockerfile.base + push: false + save: true + + - name: Build and push multi arch image + uses: depot/build-push-action@v1 + with: + project: 9rcqzb56rm + context: ./tmp + platforms: linux/amd64,linux/arm64,linux/arm/v7 + file: ./scripts/Dockerfile + push: ${{ github.event_name != 'pull_request' }} + pull: true + tags: | + ghcr.io/coder/coder-preview:${{ steps.build.outputs.tag }} + ghcr.io/coder/coder-preview:main + ghcr.io/coder/coder-preview:latest + build-args: | + BASE_IMAGE=${{ steps.build.outputs.base_tag }} + CODER_VERSION=${{ steps.build.outputs.version }} - name: Prune old images uses: vlaurin/action-ghcr-prune@v0.5.0 From 0d9c1f13f5341953310a2d4b0b10f4ef9ab341ff Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Wed, 17 Jan 2024 15:36:35 +0300 Subject: [PATCH 02/12] fix permission --- .github/workflows/ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 469ce3373fc98..143c12aabd47e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -13,6 +13,7 @@ permissions: checks: none contents: read deployments: none + id-token: write issues: none packages: write pull-requests: none From ce46f71b7f9f5ee33bad138abbfae46840dae8c0 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Wed, 17 Jan 2024 15:37:46 +0300 Subject: [PATCH 03/12] always build --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 143c12aabd47e..ba6bc2cce5897 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -656,7 +656,7 @@ jobs: # to main branch. We are only building this for amd64 platform. (>95% pulls # are for amd64) needs: changes - if: github.ref == 'refs/heads/main' && needs.changes.outputs.docs-only == 'false' + if: needs.changes.outputs.docs-only == 'false' runs-on: ubuntu-latest outputs: IMAGE: ghcr.io/coder/coder-preview:${{ steps.build.outputs.tag }} From 7762e8be58531e97fcef32097ea698446cb21acb Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Wed, 17 Jan 2024 15:42:01 +0300 Subject: [PATCH 04/12] use buildjet --- .github/workflows/ci.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ba6bc2cce5897..ca4e2efa9c59a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -657,7 +657,7 @@ jobs: # are for amd64) needs: changes if: needs.changes.outputs.docs-only == 'false' - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'coder' && 'buildjet-8vcpu-ubuntu-2204' || 'ubuntu-latest' }} outputs: IMAGE: ghcr.io/coder/coder-preview:${{ steps.build.outputs.tag }} steps: @@ -700,16 +700,16 @@ jobs: # create base image tag base_tag="coder-base:$version" - + # replace + with - in tag base_tag="${base_tag/+/-}" - + # create image tag tag="main-$version" - + # replace + with - in tag tag="${tag/+/-}" - + # create an empty build directory mkdir -p tmp @@ -717,10 +717,10 @@ jobs: echo "version=$version" >> $GITHUB_OUTPUT echo "base_tag=$base_tag" >> $GITHUB_OUTPUT echo "tag=$tag" >> $GITHUB_OUTPUT - + - name: Set up Depot uses: depot/setup-action@v1 - + - name: Build multi arch base image uses: depot/build-push-action@v1 with: @@ -731,7 +731,7 @@ jobs: file: ./scripts/Dockerfile.base push: false save: true - + - name: Build and push multi arch image uses: depot/build-push-action@v1 with: @@ -747,7 +747,7 @@ jobs: ghcr.io/coder/coder-preview:latest build-args: | BASE_IMAGE=${{ steps.build.outputs.base_tag }} - CODER_VERSION=${{ steps.build.outputs.version }} + CODER_VERSION=${{ steps.build.outputs.version }} - name: Prune old images uses: vlaurin/action-ghcr-prune@v0.5.0 From 6e136e19fda3981e6aa4e3bab33c0e345dea59b5 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Wed, 17 Jan 2024 15:50:14 +0300 Subject: [PATCH 05/12] Remove pull --- .github/workflows/ci.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ca4e2efa9c59a..3ece5dfdb1fc8 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -740,7 +740,6 @@ jobs: platforms: linux/amd64,linux/arm64,linux/arm/v7 file: ./scripts/Dockerfile push: ${{ github.event_name != 'pull_request' }} - pull: true tags: | ghcr.io/coder/coder-preview:${{ steps.build.outputs.tag }} ghcr.io/coder/coder-preview:main From b6ee23bf4755e751a34c21ecbde5abd8ea960cda Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Wed, 17 Jan 2024 17:50:38 +0300 Subject: [PATCH 06/12] experiment --- .github/workflows/ci.yaml | 12 ++++++++---- scripts/Dockerfile.multi | 21 +++++++++++++++++++++ 2 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 scripts/Dockerfile.multi diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3ece5dfdb1fc8..1d62abea05f89 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -710,8 +710,12 @@ jobs: # replace + with - in tag tag="${tag/+/-}" - # create an empty build directory - mkdir -p tmp + # create an empty build context directory + mkdir -p build-context + mkdir -p base-build-context + + # copy the build artifacts to the build context + cp build/coder_*_linux_* build-context # export version, base_tag, and tag as outputs echo "version=$version" >> $GITHUB_OUTPUT @@ -725,7 +729,7 @@ jobs: uses: depot/build-push-action@v1 with: project: 9rcqzb56rm - context: ./tmp + context: ./base-build-context platforms: linux/amd64,linux/arm64,linux/arm/v7 tags: ${{ steps.build.outputs.base_tag }} file: ./scripts/Dockerfile.base @@ -736,7 +740,7 @@ jobs: uses: depot/build-push-action@v1 with: project: 9rcqzb56rm - context: ./tmp + context: ./build-context platforms: linux/amd64,linux/arm64,linux/arm/v7 file: ./scripts/Dockerfile push: ${{ github.event_name != 'pull_request' }} diff --git a/scripts/Dockerfile.multi b/scripts/Dockerfile.multi new file mode 100644 index 0000000000000..7bd965d292c18 --- /dev/null +++ b/scripts/Dockerfile.multi @@ -0,0 +1,21 @@ +# This is the multi-arch Dockerfile used for Coder. Since it's multi-arch and +# cross-compiled, it cannot have ANY "RUN" commands. All binaries are built +# using the go toolchain on the host and then copied into the build context manullay. +ARG BASE_IMAGE +FROM $BASE_IMAGE + +# LABEL doesn't add any real layers so it's fine (and easier) to do it here than +# in the build script. +ARG CODER_VERSION +LABEL \ + org.opencontainers.image.title="Coder" \ + org.opencontainers.image.description="A tool for provisioning self-hosted development environments with Terraform." \ + org.opencontainers.image.url="https://github.com/coder/coder" \ + org.opencontainers.image.source="https://github.com/coder/coder" \ + org.opencontainers.image.version="$CODER_VERSION" + + +# The coder binary is available in the build context. +COPY --chown=1000:1000 --chmod=755 coder_*_linux_${TARGETARCH} /opt/coder + +ENTRYPOINT [ "/opt/coder", "server" ] From 7058a63ee5e48655ce32d0b5536237c0de7bf995 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Wed, 17 Jan 2024 18:00:06 +0300 Subject: [PATCH 07/12] Update Dockerfile path in CI workflow --- .github/workflows/ci.yaml | 2 +- scripts/{Dockerfile.multi => Dockerfile.multiarch} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename scripts/{Dockerfile.multi => Dockerfile.multiarch} (100%) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1d62abea05f89..e8a9e306a2cc9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -742,7 +742,7 @@ jobs: project: 9rcqzb56rm context: ./build-context platforms: linux/amd64,linux/arm64,linux/arm/v7 - file: ./scripts/Dockerfile + file: ./scripts/Dockerfile.multiarch push: ${{ github.event_name != 'pull_request' }} tags: | ghcr.io/coder/coder-preview:${{ steps.build.outputs.tag }} diff --git a/scripts/Dockerfile.multi b/scripts/Dockerfile.multiarch similarity index 100% rename from scripts/Dockerfile.multi rename to scripts/Dockerfile.multiarch From 6c8c282b115cf3abc84f4466031f486e3972cf93 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Wed, 17 Jan 2024 18:09:48 +0300 Subject: [PATCH 08/12] Fix file paths in Dockerfile and CI workflow --- .github/workflows/ci.yaml | 2 +- scripts/Dockerfile.multiarch | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e8a9e306a2cc9..852b89ba47f2a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -715,7 +715,7 @@ jobs: mkdir -p base-build-context # copy the build artifacts to the build context - cp build/coder_*_linux_* build-context + cp build/coder_linux_* build-context/ # export version, base_tag, and tag as outputs echo "version=$version" >> $GITHUB_OUTPUT diff --git a/scripts/Dockerfile.multiarch b/scripts/Dockerfile.multiarch index 7bd965d292c18..e8ec69576fb9b 100644 --- a/scripts/Dockerfile.multiarch +++ b/scripts/Dockerfile.multiarch @@ -16,6 +16,6 @@ LABEL \ # The coder binary is available in the build context. -COPY --chown=1000:1000 --chmod=755 coder_*_linux_${TARGETARCH} /opt/coder +COPY --chown=1000:1000 --chmod=755 coder_linux_${TARGETARCH} /opt/coder ENTRYPOINT [ "/opt/coder", "server" ] From e617f33bb6e77baeca1b823e2515e140915fecd0 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Wed, 17 Jan 2024 18:27:01 +0300 Subject: [PATCH 09/12] do not build base --- .github/workflows/ci.yaml | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 852b89ba47f2a..f4157d96895b9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -712,7 +712,6 @@ jobs: # create an empty build context directory mkdir -p build-context - mkdir -p base-build-context # copy the build artifacts to the build context cp build/coder_linux_* build-context/ @@ -725,17 +724,6 @@ jobs: - name: Set up Depot uses: depot/setup-action@v1 - - name: Build multi arch base image - uses: depot/build-push-action@v1 - with: - project: 9rcqzb56rm - context: ./base-build-context - platforms: linux/amd64,linux/arm64,linux/arm/v7 - tags: ${{ steps.build.outputs.base_tag }} - file: ./scripts/Dockerfile.base - push: false - save: true - - name: Build and push multi arch image uses: depot/build-push-action@v1 with: @@ -749,7 +737,7 @@ jobs: ghcr.io/coder/coder-preview:main ghcr.io/coder/coder-preview:latest build-args: | - BASE_IMAGE=${{ steps.build.outputs.base_tag }} + BASE_IMAGE=ghcr.io/coder/coder-base CODER_VERSION=${{ steps.build.outputs.version }} - name: Prune old images From e0d28a2a286580d305c161936bc06ffa9605b40c Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Wed, 17 Jan 2024 18:43:26 +0300 Subject: [PATCH 10/12] set `ARG TARGETARCH` --- scripts/Dockerfile.multiarch | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/Dockerfile.multiarch b/scripts/Dockerfile.multiarch index e8ec69576fb9b..4665e42bd2413 100644 --- a/scripts/Dockerfile.multiarch +++ b/scripts/Dockerfile.multiarch @@ -1,6 +1,5 @@ -# This is the multi-arch Dockerfile used for Coder. Since it's multi-arch and -# cross-compiled, it cannot have ANY "RUN" commands. All binaries are built -# using the go toolchain on the host and then copied into the build context manullay. +# This is the multi-arch Dockerfile used for Coder. All binaries are built +# using the go toolchain on the host and then copied into the build context. ARG BASE_IMAGE FROM $BASE_IMAGE @@ -16,6 +15,7 @@ LABEL \ # The coder binary is available in the build context. +ARG TARGETARCH COPY --chown=1000:1000 --chmod=755 coder_linux_${TARGETARCH} /opt/coder ENTRYPOINT [ "/opt/coder", "server" ] From d6a47541a753d651d15f5ae2aa7d905c72349948 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Wed, 17 Jan 2024 18:54:26 +0300 Subject: [PATCH 11/12] Refactor build artifacts and update Dockerfile for armv7 architecture --- .github/workflows/ci.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f4157d96895b9..e4cdbd4fe988f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -715,6 +715,9 @@ jobs: # copy the build artifacts to the build context cp build/coder_linux_* build-context/ + # We use TARGETARCH to determine the architecture of the binary + # in the Dockerfile. This is arm for armv7. + mv build-context/coder_linux_armv7 build-context/coder_linux_arm # export version, base_tag, and tag as outputs echo "version=$version" >> $GITHUB_OUTPUT From ea40b0f7184054f55e8b83601018a1d8f70a6f6f Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Wed, 17 Jan 2024 18:55:24 +0300 Subject: [PATCH 12/12] cleanup --- .github/workflows/ci.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e4cdbd4fe988f..41b30a51ab168 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -719,9 +719,8 @@ jobs: # in the Dockerfile. This is arm for armv7. mv build-context/coder_linux_armv7 build-context/coder_linux_arm - # export version, base_tag, and tag as outputs + # export version, and tag as outputs echo "version=$version" >> $GITHUB_OUTPUT - echo "base_tag=$base_tag" >> $GITHUB_OUTPUT echo "tag=$tag" >> $GITHUB_OUTPUT - name: Set up Depot