feat: docker multiplatform

kristof-mattei · kristof-mattei · commit c1f922116dd2 · 2024-12-24T11:08:12.000-07:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -410,7 +410,7 @@ jobs:
           args: --workspace --all-targets --all-features --no-deps
 
   docker-build:
-    name: Build Docker container for ${{ matrix.platform.docker }}-${{ matrix.platform.rust }}
+    name: Build Docker container
     runs-on: ubuntu-latest
     needs:
       - calculate-version
@@ -419,27 +419,13 @@ jobs:
     env:
       APPLICATION_NAME: PLACEHOLDER # overridden in step 'Set application name', this is merely to satisfy the linter
       PATH_TO_TAR: PLACEHOLDER # same ^
-      PLATFORM_PAIR: PLACEHOLDER # same ^
-      PLATFORM_UNIQUE_TAG: PLACEHOLDER # same ^
-    strategy:
-      fail-fast: false
-      matrix:
-        platform:
-          - docker: linux/amd64
-            rust: x86_64-unknown-linux-musl
-          - docker: linux/arm64
-            rust: aarch64-unknown-linux-musl
+      UNIQUE_TAG: PLACEHOLDER # same ^
     steps:
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           show-progress: false
 
-      - name: Prepare name
-        run: |
-          platform=${{ matrix.platform.docker }}-${{ matrix.platform.rust }}
-          echo "PLATFORM_PAIR=${platform//\//-}" >> ${GITHUB_ENV}
-
       - name: Set the Cargo.toml version before we copy in the data into the Docker container
         shell: bash
         run: |
@@ -458,8 +444,8 @@ jobs:
       - name: Set Docker tag
         shell: bash
         run: |
-          PLATFORM_UNIQUE_TAG=pr-${{ github.event.pull_request.base.sha }}-${{ github.event.pull_request.head.sha }}-${{ env.PLATFORM_PAIR }}
-          echo "PLATFORM_UNIQUE_TAG=${PLATFORM_UNIQUE_TAG##*/}" >> ${GITHUB_ENV}
+          UNIQUE_TAG=pr-${{ github.event.pull_request.base.sha }}-${{ github.event.pull_request.head.sha }}
+          echo "UNIQUE_TAG=${UNIQUE_TAG##*/}" >> ${GITHUB_ENV}
 
       # Extract metadata (tags, labels) for Docker
       # https://github.com/docker/metadata-action
@@ -469,7 +455,7 @@ jobs:
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
-            type=raw,value=${{ env.PLATFORM_UNIQUE_TAG }}
+            type=raw,value=${{ env.UNIQUE_TAG }}
           labels: |
             org.opencontainers.image.version=pr-${{ github.event.number }}
             org.opencontainers.image.source=${{ github.event.pull_request.html_url }}
@@ -492,38 +478,35 @@ jobs:
         with:
           build-args: |
             APPLICATION_NAME=${{ env.APPLICATION_NAME }}
-            TARGET=${{ matrix.platform.rust }}
           context: .
           # this container is THE PR's artifact, and we will re-tag it
           # once the PR has been accepted
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache-${{ env.PLATFORM_PAIR }}
-          cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache-${{ env.PLATFORM_PAIR }},mode=max
-          platforms: ${{ matrix.platform.docker }}
-          outputs: type=docker,dest=/tmp/${{ env.PLATFORM_UNIQUE_TAG }}.tar
+          cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache-${{ env.APPLICATION_NAME }}
+          cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache-${{ env.APPLICATION_NAME }},mode=max
+          platforms: linux/amd64, linux/arm64
+          outputs: type=oci,dest=/tmp/${{ env.UNIQUE_TAG }}.tar
 
       - name: Upload artifact
         uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
-          name: containers-${{ env.PLATFORM_PAIR }}
-          path: /tmp/${{ env.PLATFORM_UNIQUE_TAG }}.tar
+          name: containers-${{ env.APPLICATION_NAME }}
+          path: /tmp/${{ env.UNIQUE_TAG }}.tar
           if-no-files-found: error
           retention-days: 1
 
   docker-publish:
     name: Publish Docker container
     runs-on: ubuntu-latest
     needs:
-      - cargo-build
-      - cargo-fmt
-      - cargo-test-and-report
-      - cargo-clippy-and-report
       - docker-build
     # Check if the event is not triggered by a fork
     if: |
       github.event.pull_request.head.repo.full_name == github.repository &&
       github.event_name == 'pull_request'
+    env:
+      APPLICATION_NAME: PLACEHOLDER # overridden in step 'Set application name', this is merely to satisfy the linter
     steps:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
@@ -542,22 +525,31 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Set application name
+        shell: bash
+        run: |
+          APPLICATION_NAME=${{ github.repository }}
+          echo "APPLICATION_NAME=${APPLICATION_NAME##*/}" >> ${GITHUB_ENV}
+
       - name: Lowercase the image name
         shell: bash
         run: |
           echo "IMAGE_NAME=${IMAGE_NAME,,}" >> ${GITHUB_ENV}
 
       - name: Load images from artifacts
         shell: bash
+        id: image
+        working-directory: /tmp/containers
         run: |
-          ls -l /tmp/containers/
+          echo "${{ secrets.GITHUB_TOKEN }}" | oras login -u "${{ github.actor }}" --password-stdin ${{ env.REGISTRY }}
+
+          ls -l /tmp/containers
           for container in /tmp/containers/*
           do
-            echo $container
-            docker load --input $container
+            echo "Found ${container}"
             tag=$(basename -- $container .tar)
-            echo ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:${tag}
-            docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${tag}
+
+            oras copy --from-oci-layout "${container}:${tag}" "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${tag}"
           done
 
       - name: Extract Docker metadata
@@ -574,18 +566,13 @@ jobs:
         working-directory: /tmp/containers
         run: |
           # all files in dir
-          platform_tags=(*)
-
+          containers=(*)
           # yeet extension
-          platform_tags=${platform_tags[@]%.tar}
-
+          containers=${containers[@]%.tar}
           new_tags="${{ join(steps.meta.outputs.tags, ' ') }}"
           new_tags=$(printf -- '--tag %s ' $new_tags)
-
-          expanded_platform_tags=$(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:%s ' $platform_tags)
-
-          docker buildx imagetools create $new_tags $expanded_platform_tags
-
+          expanded_containters_tags=$(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:%s ' ${containers})
+          docker buildx imagetools create $new_tags $expanded_containters_tags
           for new_tag in $(echo "${{ join(steps.meta.outputs.tags, ' ') }}"); do
             docker buildx imagetools inspect --raw $new_tag
           done
diff --git a/Cargo.toml b/Cargo.toml
@@ -47,5 +47,5 @@ color-eyre = "0.6.3"
 # BUT that means that we need to include openssl
 # Documentation on the syntax:
 # https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#platform-specific-dependencies
-[target.'cfg(all(target_arch = "x86_64", target_os="linux", target_env="musl"))'.dependencies]
+[target.'cfg(all(any(target_arch="x86_64", target_arch="aarch64"), target_os="linux", target_env="musl"))'.dependencies]
 # openssl = { version = "0.10.36", features = ["vendored"] }
diff --git a/Dockerfile b/Dockerfile
@@ -1,24 +1,37 @@
-FROM --platform=$BUILDPLATFORM rust:1.83.0@sha256:39a313498ed0d74ccc01efb98ec5957462ac5a43d0ef73a6878f745b45ebfd2c AS builder
+FROM --platform=${BUILDPLATFORM} rust:1.83.0@sha256:f5375f865a8a5a734b9b9a38d58cd322d6a2eb8bb1aea8def32b89837258e7f8 AS rust-base
 
-ARG TARGET=x86_64-unknown-linux-musl
 ARG APPLICATION_NAME
 
-RUN rustup target add ${TARGET}
-
-RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
+RUN rm -f /etc/apt/apt.conf.d/docker-clean \
+    && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache
 
 # borrowed (Ba Dum Tss!) from
 # https://github.com/pablodeymo/rust-musl-builder/blob/7a7ea3e909b1ef00c177d9eeac32d8c9d7d6a08c/Dockerfile#L48-L49
-RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \
-    dpkg --add-architecture arm64 && \
+RUN --mount=type=cache,id=apt-cache-amd64,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,id=apt-lib-amd64,target=/var/lib/apt,sharing=locked \
     apt-get update && \
     apt-get --no-install-recommends install -y \
     build-essential \
     musl-dev \
-    musl-tools \
+    musl-tools
+
+FROM rust-base AS rust-linux-amd64
+ARG TARGET=x86_64-unknown-linux-musl
+
+FROM rust-base AS rust-linux-arm64
+ARG TARGET=aarch64-unknown-linux-musl
+RUN --mount=type=cache,id=apt-cache-arm64,from=rust-base,source=/var/cache/apt,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,id=apt-lib-arm64,from=rust-base,source=/var/lib/apt,target=/var/lib/apt,sharing=locked \
+    dpkg --add-architecture arm64 && \
+    apt-get update && \
+    apt-get --no-install-recommends install -y \
     libc6-dev-arm64-cross \
     gcc-aarch64-linux-gnu
 
+FROM rust-${TARGETPLATFORM//\//-} AS rust-cargo-build
+
+RUN rustup target add ${TARGET} && rustup component add clippy rustfmt
+
 # The following block
 # creates an empty app, and we copy in Cargo.toml and Cargo.lock as they represent our dependencies
 # This allows us to copy in the source in a different layer which in turn allows us to leverage Docker's layer caching
@@ -28,14 +41,26 @@ RUN cargo new ${APPLICATION_NAME}
 WORKDIR /build/${APPLICATION_NAME}
 COPY .cargo ./.cargo
 COPY Cargo.toml Cargo.lock ./
-RUN --mount=type=cache,id=cargo-dependencies,target=/build/${APPLICATION_NAME}/target \
+
+RUN --mount=type=cache,target=/build/${APPLICATION_NAME}/target \
+    --mount=type=cache,id=cargo-git,target=/usr/local/cargo/git/db,sharing=locked \
+    --mount=type=cache,id=cargo-registery,target=/usr/local/cargo/registry/,sharing=locked \
     cargo build --release --target ${TARGET}
 
+FROM rust-cargo-build AS rust-build
+
+WORKDIR /build/${APPLICATION_NAME}
+
 # now we copy in the source which is more prone to changes and build it
 COPY src ./src
 
+# ensure cargo picks up on the change
+RUN touch ./src/main.rs
+
 # --release not needed, it is implied with install
-RUN --mount=type=cache,id=full-build,target=/build/${APPLICATION_NAME}/target \
+RUN --mount=type=cache,target=/build/${APPLICATION_NAME}/target \
+    --mount=type=cache,id=cargo-git,target=/usr/local/cargo/git/db,sharing=locked \
+    --mount=type=cache,id=cargo-registery,target=/usr/local/cargo/registry/,sharing=locked \
     cargo install --path . --target ${TARGET} --root /output
 
 FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
@@ -46,7 +71,8 @@ RUN addgroup -S appgroup && adduser -S appuser -G appgroup
 USER appuser
 
 WORKDIR /app
-COPY --from=builder /output/bin/${APPLICATION_NAME} /app/entrypoint
+
+COPY --from=rust-build /output/bin/* /app/entrypoint
 
 ENV RUST_BACKTRACE=full
 ENTRYPOINT ["/app/entrypoint"]
