feat: self-contained container image build

Signed-off-by: Raphanus Lo <[email protected]>

.github/workflows/build.yml

@@ -8,6 +8,48 @@ on:
     - v*
   pull_request:
 jobs:
+  build_info:
+    name: Collect build info
+    runs-on: ubuntu-latest
+    outputs:
+      version_major: ${{ steps.build_info.outputs.version_major }}
+      version_minor: ${{ steps.build_info.outputs.version_minor }}
+      version_patch: ${{ steps.build_info.outputs.version_patch }}
+      image_tag: ${{ steps.build_info.outputs.image_tag }}
+
+    steps:
+    - id: build_info
+      name: Declare build info
+      run: |
+        version_major=''
+        version_minor=''
+        version_patch=''
+        image_tag=''
+
+        branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
+        ref=${{ github.ref }}
+        if [[ "$ref" =~ 'refs/tags/' ]]; then
+          version=$(sed -E 's/^v([0-9]*\.[0-9]*\.[0-9]*).*$/\1/' <<<${{ github.ref_name }} )
+          version_major=$(cut -d. -f1 <<<$version)
+          version_minor=$(cut -d. -f2 <<<$version)
+          version_patch=$(cut -d. -f3 <<<$version)
+          image_tag=${{ github.ref_name }}
+        elif [[ "$ref" =~ 'refs/heads/' ]]; then
+          image_tag="${branch}-head"
+        fi
+
+        echo "version_major=${version_major}" >>$GITHUB_OUTPUT
+        echo "version_minor=${version_minor}" >>$GITHUB_OUTPUT
+        echo "version_patch=${version_patch}" >>$GITHUB_OUTPUT
+        echo "image_tag=${image_tag}" >>$GITHUB_OUTPUT
+
+        cat <<EOF
+        version_major=${version_major}
+        version_minor=${version_minor}
+        version_patch=${version_patch}
+        image_tag=${image_tag}
+        EOF
+
   build-amd64-binaries:
     name: Build AMD64 binaries
     runs-on: ubuntu-latest
@@ -17,7 +59,7 @@ jobs:
 
     # Build binaries
     - name: Run make ci
-      run: make ci
+      run: SKIP_TASKS=package make ci
 
     - uses: codecov/codecov-action@v4
       with:
@@ -45,7 +87,7 @@ jobs:
 
     # Build binaries
     - name: Run make ci
-      run: sudo make ci
+      run: sudo SKIP_TASKS=package make ci
 
     - name: Upload binaries
       uses: actions/upload-artifact@v4
@@ -57,27 +99,16 @@ jobs:
     name: Build and push AMD64 images
     runs-on: ubuntu-latest
     if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }}
-    needs: build-amd64-binaries
+    needs: [build_info, build-amd64-binaries]
     steps:
     - name: Checkout code
       uses: actions/checkout@v4
 
-    - name: Get Dep-Versions Branch
-      id: get-branch
-      run: |
-        source .github/workflows/scripts/build.sh
-        deps_version_branch=$(get_branch)
-        echo "deps_version_branch=$deps_version_branch" >> "$GITHUB_ENV"
-
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
 
-    - name: Declare branch
-      run: |
-        echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV"
-
     - name: Download binaries
       uses: actions/download-artifact@v4
       with:
@@ -99,58 +130,32 @@ jobs:
         password: ${{ secrets.DOCKER_PASSWORD }}
 
     # longhornio/longhorn-instance-manager image
-    - name: docker-publish-longhorn-instance-manager
-      if: ${{ startsWith(github.ref, 'refs/heads/') }}
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        push: true
-        platforms: linux/amd64
-        tags: longhornio/longhorn-instance-manager:${{ env.branch }}-head-amd64
-        file: package/Dockerfile
-        sbom: true
-        build-args: |
-          ARCH=amd64
-          BRANCH=${{ env.deps_version_branch }}
-
-    - name: docker-publish-longhorn-instance-manager-with-tag
-      if: ${{ startsWith(github.ref, 'refs/tags/') }}
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        push: true
-        platforms: linux/amd64
-        tags: longhornio/longhorn-instance-manager:${{ github.ref_name }}-amd64
-        file: package/Dockerfile
-        sbom: true
-        build-args: |
-          ARCH=amd64
-          BRANCH=${{ env.deps_version_branch }}
+    - name: Build and publish image
+      env:
+        REPO: docker.io/longhornio
+        TAG: ${{ needs.build_info.outputs.image_tag }}-amd64
+        TARGET_PLATFORMS: linux/amd64
+      run: make workflow-image-build-push
 
   build-push-arm64-images:
     name: Build and push ARM64 images
     runs-on: longhorn-infra-oracle-arm64-runners
     if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }}
-    needs: build-arm64-binaries
+    needs: [build_info, build-arm64-binaries]
     steps:
+    - name: Install make curl git
+      run: |
+        sudo apt update
+        sudo apt-get -y install make curl git
+
     - name: Checkout code
       uses: actions/checkout@v4
 
-    - name: Get Dep-Versions Branch
-      id: get-branch
-      run: |
-        source .github/workflows/scripts/build.sh
-        deps_version_branch=$(get_branch)
-        echo "deps_version_branch=$deps_version_branch" >> "$GITHUB_ENV"
-
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
 
-    - name: Declare branch and sha_short
-      run: |
-        echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV"
     - name: Download binaries
       uses: actions/download-artifact@v4
       with:
@@ -172,70 +177,31 @@ jobs:
         password: ${{ secrets.DOCKER_PASSWORD }}
 
     # longhornio/longhorn-instance-manager image
-    - name: docker-publish-longhorn-instance-manager
-      if: ${{ startsWith(github.ref, 'refs/heads/') }}
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        push: true
-        platforms: linux/arm64
-        tags: longhornio/longhorn-instance-manager:${{ env.branch }}-head-arm64
-        file: package/Dockerfile
-        sbom: true
-        build-args: |
-          ARCH=arm64
-          BRANCH=${{ env.deps_version_branch }}
-    - name: docker-publish-longhorn-instance-manager-with-tag
-      if: ${{ startsWith(github.ref, 'refs/tags/') }}
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        push: true
-        platforms: linux/arm64
-        tags: longhornio/longhorn-instance-manager:${{ github.ref_name }}-arm64
-        file: package/Dockerfile
-        sbom: true
-        build-args: |
-          ARCH=arm64
-          BRANCH=${{ env.deps_version_branch }}
+    - name: Build and publish image
+      env:
+        REPO: docker.io/longhornio
+        TAG: ${{ needs.build_info.outputs.image_tag }}-arm64
+        TARGET_PLATFORMS: linux/arm64
+      run: make workflow-image-build-push
 
   manifest-image:
     name: Manifest images
     runs-on: ubuntu-latest
-    needs: [build-push-amd64-images, build-push-arm64-images]
+    needs: [build_info, build-push-amd64-images, build-push-arm64-images]
     if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }}
     steps:
     - name: Checkout code
       uses: actions/checkout@v4
 
-    - name: Declare branch and sha_short
-      run: |
-        echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV"
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-
     - name: Login to Docker Hub
       uses: docker/login-action@v3
       with:
         username: ${{ secrets.DOCKER_USERNAME }}
         password: ${{ secrets.DOCKER_PASSWORD }}
 
     # longhornio/longhorn-instance-manager image
-    - name: docker-pull-longhorn-instance-manager
-      if: ${{ startsWith(github.ref, 'refs/heads/') }}
-      run: |
-        docker pull --platform linux/amd64 longhornio/longhorn-instance-manager:${{ env.branch }}-head-amd64
-        docker pull --platform linux/arm64 longhornio/longhorn-instance-manager:${{ env.branch }}-head-arm64
-        docker buildx imagetools create -t longhornio/longhorn-instance-manager:${{ env.branch }}-head \
-          longhornio/longhorn-instance-manager:${{ env.branch }}-head-amd64 \
-          longhornio/longhorn-instance-manager:${{ env.branch }}-head-arm64
-    - name: docker-pull-longhorn-instance-manager-with-tag
-      if: ${{ startsWith(github.ref, 'refs/tags/') }}
-      run: |
-        docker pull --platform linux/amd64 longhornio/longhorn-instance-manager:${{ github.ref_name }}-amd64
-        docker pull --platform linux/arm64 longhornio/longhorn-instance-manager:${{ github.ref_name }}-arm64
-        docker buildx imagetools create -t longhornio/longhorn-instance-manager:${{ github.ref_name }} \
-          longhornio/longhorn-instance-manager:${{ github.ref_name }}-amd64 \
-          longhornio/longhorn-instance-manager:${{ github.ref_name }}-arm64
+    - name: docker-pull-manifest-longhorn-instance-manager
+      env:
+        REPO: docker.io/longhornio
+        TAG: ${{ needs.build_info.outputs.image_tag }}
+      run: make workflow-manifest-image

Dockerfile.dapper

@@ -8,7 +8,7 @@ ARG SRC_TAG
 
 ENV HOST_ARCH=${DAPPER_HOST_ARCH} ARCH=${DAPPER_HOST_ARCH}
 ENV DAPPER_DOCKER_SOCKET true
-ENV DAPPER_ENV TAG REPO DRONE_REPO DRONE_PULL_REQUEST DRONE_COMMIT_REF
+ENV DAPPER_ENV TAG REPO DRONE_REPO DRONE_PULL_REQUEST DRONE_COMMIT_REF SKIP_TASKS
 ENV DAPPER_OUTPUT bin coverage.out
 ENV DAPPER_RUN_ARGS --privileged --tmpfs /go/src/github.com/longhorn/longhorn-engine/integration/.venv:exec --tmpfs /go/src/github.com/longhorn/longhorn-engine/integration/.tox:exec -v /dev:/host/dev -v /proc:/host/proc
 ENV DAPPER_SOURCE /go/src/github.com/longhorn/longhorn-instance-manager
@@ -49,3 +49,8 @@ RUN curl -sSfL https://s3-us-west-1.amazonaws.com/rancher-longhorn/libqcow-alpha
     make -j$(nproc) && \
     make install && \
     ldconfig
+
+# Docker Builx: The docker version in dapper is too old to have buildx. Install it manually.
+RUN curl -sSfLO https://github.com/docker/buildx/releases/download/v0.13.1/buildx-v0.13.1.linux-${ARCH} && \
+    chmod +x buildx-v0.13.1.linux-${ARCH} && \
+    mv buildx-v0.13.1.linux-${ARCH} /usr/local/bin/buildx

Makefile

@@ -1,6 +1,11 @@
 TARGETS := $(shell ls scripts)
+MACHINE := longhorn
+# Define the target platforms that can be used across the ecosystem.
+# Note that what would actually be used for a given project will be
+# defined in TARGET_PLATFORMS, and must be a subset of the below:
+DEFAULT_PLATFORMS := linux/amd64,linux/arm64
 
-export SRC_BRANCH := $(shell bash -c 'wget -q "https://raw.githubusercontent.com/longhorn/dep-versions/main/scripts/common.sh" -O build-common.sh && source build-common.sh && get_branch')
+export SRC_BRANCH := $(shell bash -c 'source <(curl -s "https://raw.githubusercontent.com/longhorn/dep-versions/main/scripts/common.sh") && get_branch')
 export SRC_TAG := $(shell git tag --points-at HEAD | head -n 1)
 
 .dapper:
@@ -13,6 +18,28 @@ export SRC_TAG := $(shell git tag --points-at HEAD | head -n 1)
 $(TARGETS): .dapper
 	./.dapper $@
 
+.PHONY: buildx-machine
+buildx-machine:
+	@docker buildx create --name=$(MACHINE) --platform=$(DEFAULT_PLATFORMS) 2>/dev/null || true
+	docker buildx inspect $(MACHINE)
+
+# variables needed from GHA caller:
+# - REPO: image repo, include $registry/$repo_path
+# - TAG: image tag
+# - TARGET_PLATFORMS: optional, to be passed for buildx's --platform option
+# - IID_FILE_FLAG: optional, options to generate image ID file
+.PHONY: workflow-image-build-push workflow-image-build-push-secure workflow-manifest-image
+workflow-image-build-push: buildx-machine
+	MACHINE=$(MACHINE) PUSH='true' bash scripts/package
+workflow-image-build-push-secure: buildx-machine
+	MACHINE=$(MACHINE) PUSH='true' IS_SECURE=true bash scripts/package
+workflow-manifest-image:
+	docker pull --platform linux/amd64 ${REPO}/longhorn-instance-manager:${TAG}-amd64
+	docker pull --platform linux/arm64 ${REPO}/longhorn-instance-manager:${TAG}-arm64
+	docker buildx imagetools create -t ${REPO}/longhorn-instance-manager:${TAG} \
+	  ${REPO}/longhorn-instance-manager:${TAG}-amd64 \
+	  ${REPO}/longhorn-instance-manager:${TAG}-arm64
+
 trash: .dapper
 	./.dapper -m bind trash