From fb9967ceb75b1e680a8420637ebbcc87a3f8f1a2 Mon Sep 17 00:00:00 2001 From: Alexandre Chapellon Date: Wed, 4 Sep 2024 17:51:13 +0200 Subject: [PATCH 1/7] force pushing to registry when defined --- Makefile | 46 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index d157c5ce..a7b14aa2 100644 --- a/Makefile +++ b/Makefile @@ -1,54 +1,76 @@ +DOCKER_BAKE_ARGS := --progress=plain + +setenv: +ifdef REGISTRY + @echo "Checking for REGISTRY authentication" + @if docker login ${REGISTRY}; then \ + echo "Images will be pushed to ${REGISTRY}"; \ + else \ + echo "Failed to login to ${REGISTRY}. Stopping build."; \ + exit 1; \ + fi +DOCKER_BAKE_ARGS += --set *.output=type=registry,push=true +else + @echo "REGISTRY is not set. Images will be build & loaded locally" +endif +ifdef BAKE_NO_CACHE +DOCKER_BAKE_ARGS += --no-cache +endif +ifdef BAKE_NO_PROVENANCE +DOCKER_BAKE_ARGS += --provenance=false +endif + clean: @echo "Cleaning up Artifacts" @find . \( -name "*.jar" -o -name "*.zip" -o -name "*.gz" -o -name "*.tgz" -o -name "*.rpm" -o -name "*.deb" \) -type f -delete -prepare_repo: scripts/fetch-artifacts.sh +prepare_repo: scripts/fetch-artifacts.sh setenv @echo "Fetching all artifacts for repository target" @./scripts/fetch-artifacts.sh repository -prepare_tengines: scripts/fetch-artifacts.sh +prepare_tengines: scripts/fetch-artifacts.sh setenv @echo "Fetching all artifacts for tengines targets" @./scripts/fetch-artifacts.sh tengine -prepare_ats: scripts/fetch-artifacts.sh +prepare_ats: scripts/fetch-artifacts.sh setenv @echo "Fetching all artifacts for ats targets" @./scripts/fetch-artifacts.sh ats -prepare_search_enterprise: scripts/fetch-artifacts.sh +prepare_search_enterprise: scripts/fetch-artifacts.sh setenv @echo "Fetching all artifacts for Search Enterprise targets" @./scripts/fetch-artifacts.sh search/enterprise -prepare_connectors: scripts/fetch-artifacts.sh +prepare_connectors: scripts/fetch-artifacts.sh setenv @echo "Fetching all artifacts for Connectors targets" @./scripts/fetch-artifacts.sh connector -prepare_all: scripts/fetch-artifacts.sh +prepare_all: scripts/fetch-artifacts.sh setenv @echo "Fetching all artifacts" @./scripts/fetch-artifacts.sh repo: prepare_repo @echo "Building repository image" - @docker buildx bake --no-cache --progress=plain repository + docker buildx bake ${DOCKER_BAKE_ARGS} repository tengines: prepare_tengines @echo "Building Transform Egnine images" - @docker buildx bake --no-cache --progress=plain tengines + docker buildx bake ${DOCKER_BAKE_ARGS} tengines ats: prepare_ats prepare_tengines @echo "Building Transform Service images" - @docker buildx bake --no-cache --progress=plain ats tengines + docker buildx bake ${DOCKER_BAKE_ARGS} ats tengines search_enterprise: prepare_search_enterprise @echo "Building Search Enterprise images" - @docker buildx bake --no-cache --progress=plain enterprise-search + docker buildx bake ${DOCKER_BAKE_ARGS} enterprise-search connectors: prepare_connectors @echo "Building Connectors images" - @docker buildx bake --no-cache --progress=plain connectors + docker buildx bake ${DOCKER_BAKE_ARGS} connectors all: docker-bake.hcl prepare_all @echo "Building all images" - @docker buildx bake --no-cache --progress=plain + docker buildx bake ${DOCKER_BAKE_ARGS} all_ci: repo tengines ats search_enterprise clean connectors @echo "Building all images using individual targets for Continuous Integration" From 96a64186c960bc0de728197272de407ae31fa65e Mon Sep 17 00:00:00 2001 From: Alexandre Chapellon Date: Wed, 4 Sep 2024 18:16:12 +0200 Subject: [PATCH 2/7] document multi-arch builds --- README.md | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 72 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index d44c7798..13db1798 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,10 @@ At the time of writing, these are: * Alfresco Search Enterprise 4.4.0 * Alfresco Transformation Services 4.1.3 +The `make` wrapper provides other targets to build a subset of the images. +To get a list of all available targets, just type `make` and press TAB key +twice. + ## Building the specific images If you want to build a specific image, you can run one of the following make target: @@ -41,17 +45,81 @@ types of files in the right locations: ## Architecture choice -The image architecture defaults to the building system's architecture. To modify -it, you need to adjust an environment variable when running bake command. +Depending on the environment where you plan to run the docker images you build, +it is possible to build Alfresco images the following architectures: + +* X86_64 (linux/amd64): Regular intel processor based systems +* ARM64 (linux/arm64): ARM processor based systems (e.g. Apple Silicon or AWS + Graviton) + +Other architectures are not suported. + +By default, the images are built for the architecture of the system where the +build is run. + +### Targeting a specific architecture + +To build images for a specific architecture, you can set the `TARGETARCH` +environment variable to the desired architecture. +For example, to build all Alfresco images for ARM64, you can run the following +command: ```sh export TARGETARCH=linux/arm64 -docker buildx bake +make all ``` -To build just a specific image use e.g.: +To build just a specific image use you'll need to use `docker buildx bake` +directly, but the `TARGETARCH` environment variable also works: ```sh export TARGETARCH=linux/arm64 docker buildx bake tengine_imagemagick ``` + +### Multi-arch images + +Images can be built with multi-arch support. This is done by using the +same environment variable as above, and passing target architectures as a +comma-separated list. +By doing so, you're not solely build an image and its manifest, but a list of +manifests for each target architecture. That makes it possible to reference the +same image name and tag, and have the right image pulled for the right +architecture. + +```sh +export TARGETARCH=linux/amd64,linux/arm64 +make all +``` + +It's important to note that building multi-arch images requires the use of +Docker BuildKit, which is enabled by default in Docker 20.10 and later and +also requires images to be pushed to a registry that supports multi-arch. + +:warning: Multi-arch build cannot be loaded into the local docker image cache. +This is due to a limitation of the `docker` exporter in BuildKit. +Concretely, it means in order to produce multi-arch images one needs to: + +* Set the REGISTRY environment variable to the target registry +* Set the REGISTRY_NAMESPACE environment variable to the target namespace +* Ensure docker daemon is able to login to the target registry +* Enforce pushing resulting images to the target registry + +The `make` wrapper would handle the authentication part for you: + +```sh +export REGISTRY=myecr.domain.tld REGISTRY_NAMESPACE=myorg TARGETARCH=linux/amd64,linux/arm64 +make repo +``` + +> Enter username and password when/if prompted + +If you're not using the `make wrapper` you need to first initiate the registry +authentication before running the `docker buildx bake` command with an +additional argument to tell the tool to push the images to the registry: + +```sh +export REGISTRY=myecr.domain.tld REGISTRY_NAMESPACE=myorg TARGETARCH=linux/amd64,linux/arm64 +docker login $REGISTRY +docker buildx bake repo --set *.output=type=registry,push=true +``` From f37ce7eaa970f6eed77ba7fc1378da4fb22ff355 Mon Sep 17 00:00:00 2001 From: Alexandre Chapellon Date: Wed, 4 Sep 2024 18:40:04 +0200 Subject: [PATCH 3/7] document make specific vars --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 13db1798..0b137c39 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,13 @@ The `make` wrapper provides other targets to build a subset of the images. To get a list of all available targets, just type `make` and press TAB key twice. +Bellow are some environment variables dedicated to the `make` wrapper which +can be used to customize the build process: + +* BAKE_NO_CACHE: Set to `1` to disable the cache during the build process +* BAKE_NO_PROVENANCE: Set to `1` to not add provenance metadata during the build + process. This is mostly useful if your registry do not support it. + ## Building the specific images If you want to build a specific image, you can run one of the following make target: From 2fe1c5611662dd58b8600c9926d93ce41ecc3c37 Mon Sep 17 00:00:00 2001 From: Alexandre Chapellon Date: Wed, 4 Sep 2024 19:01:43 +0200 Subject: [PATCH 4/7] add a warning message before pushing --- Makefile | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index a7b14aa2..e8d02bb5 100644 --- a/Makefile +++ b/Makefile @@ -1,10 +1,19 @@ +SHELL := /bin/bash DOCKER_BAKE_ARGS := --progress=plain setenv: ifdef REGISTRY @echo "Checking for REGISTRY authentication" @if docker login ${REGISTRY}; then \ - echo "Images will be pushed to ${REGISTRY}"; \ + echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'; \ + echo "Images will be pushed to ${REGISTRY}/$${REGISTRY_NAMESPACE:-alfresco}"; \ + echo "Do make sure this location is safe to push to!"; \ + echo "In particular, make sure you are not pushing to a public registry"; \ + echo "without paying attention to the security & legal implications."; \ + echo "If you are not sure, please stop the build and check"; \ + echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'; \ + read -p "Do you want to continue? [y/N] " -n 1 -r; \ + [[ $$REPLY =~ ^[Yy]$$ ]] && echo -e '\n' || (echo -e "\nStopping build"; exit 1); \ else \ echo "Failed to login to ${REGISTRY}. Stopping build."; \ exit 1; \ From a1d202b7e88488141d0944e8faec4a46c96867e5 Mon Sep 17 00:00:00 2001 From: Alexandre Chapellon Date: Thu, 5 Sep 2024 16:47:25 +0200 Subject: [PATCH 5/7] some more doc --- README.md | 35 ++++++++++++++++++++++++++++++++--- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0b137c39..748e72ac 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,30 @@ This projects aims at providing a quick and easy to build and maintain Alfresco Docker images. +## Prerequisites + +Using this tool to build Alfresco images requires: + +* A recent enough Docker isntallation (with buildx support) +* Credentials to access the Alfresco artifactories (Nexus server) that may + require authentication +* Some Unix tools: `jq`, `wget`, `make` + +Configuring the authentication to Alfresco NExus server must be dopne using the +wget rc file `~/.wgetrc` or `~/.netrc`: + +```sh +echo -e "user=myuser\npassword=mypassword" > ~/.wgetrc +chmod 600 ~/.wgetrc +``` + +or + +```sh +echo -e "machine nexus.alfresco.com\nlogin myuser\npassword mypassword" > ~/.netrc +chmod 600 ~/.netrc +``` + ## Getting started quickly If you do not plan on applying specific customizations but just want to get @@ -20,9 +44,14 @@ At the time of writing, these are: * Alfresco Search Enterprise 4.4.0 * Alfresco Transformation Services 4.1.3 -The `make` wrapper provides other targets to build a subset of the images. -To get a list of all available targets, just type `make` and press TAB key -twice. +Currently available make offers the following targets in order tobuild images: + +* all: build all images +* repo: build the Alfresco Content Repository image +* search_enterprise: build the Alfresco Search Enterprise images +* ats: build the Alfresco Transformation Service images +* tengines: build the Alfresco Transform engine images +* connectors: build the Alfresco Connectors images (MS-Teams & MS-Office365) Bellow are some environment variables dedicated to the `make` wrapper which can be used to customize the build process: From 8a470b9455c16272037021841ac51161adc4da36 Mon Sep 17 00:00:00 2001 From: Alexandre Chapellon Date: Thu, 5 Sep 2024 16:51:29 +0200 Subject: [PATCH 6/7] noninteractive make in CI --- .github/workflows/test-make.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-make.yml b/.github/workflows/test-make.yml index ce8a8d39..fe9c3719 100644 --- a/.github/workflows/test-make.yml +++ b/.github/workflows/test-make.yml @@ -42,7 +42,7 @@ jobs: - name: Make Docker images id: make run: | - make all_ci + yes | make all_ci - name: Check Images are loaded run: | From 89d5807425f8c6e8920fffe377605c61aabe093f Mon Sep 17 00:00:00 2001 From: Alex Chapellon Date: Mon, 9 Sep 2024 09:55:13 +0200 Subject: [PATCH 7/7] Update README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Paweł Maciusiak <158472457+pmacius@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 748e72ac..c1c81b7d 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Docker images. Using this tool to build Alfresco images requires: -* A recent enough Docker isntallation (with buildx support) +* A recent enough Docker installation (with buildx support) * Credentials to access the Alfresco artifactories (Nexus server) that may require authentication * Some Unix tools: `jq`, `wget`, `make`