diff --git a/Dockerfile b/Dockerfile index 0d0f4ab8..00416fdf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,15 @@ -FROM golang:1.16.3-alpine3.13 AS build-env +FROM golang:1.16-alpine AS build-env -COPY . maddy/ -WORKDIR maddy/ +RUN set -ex ;\ + apk upgrade --no-cache --available ;\ + apk add --no-cache bash git build-base +WORKDIR /maddy +ADD go.mod go.sum ./ ENV LDFLAGS -static -RUN apk --no-cache add bash git gcc musl-dev - -RUN mkdir /pkg/ +RUN go mod download +ADD . ./ +RUN mkdir -p /pkg/data COPY maddy.conf /pkg/data/maddy.conf # Monkey-patch config to use environment. RUN sed -Ei 's!\$\(hostname\) = .+!$(hostname) = {env:MADDY_HOSTNAME}!' /pkg/data/maddy.conf @@ -18,10 +21,11 @@ RUN ./build.sh --builddir /tmp --destdir /pkg/ --tags docker build install FROM alpine:3.13.4 LABEL maintainer="fox.cpp@disroot.org" -RUN apk --no-cache add ca-certificates +RUN set -ex ;\ + apk upgrade --no-cache --available ;\ + apk --no-cache add ca-certificates COPY --from=build-env /pkg/data/maddy.conf /data/maddy.conf -COPY --from=build-env /pkg/usr/local/bin/maddy /bin/maddy -COPY --from=build-env /pkg/usr/local/bin/maddyctl /bin/maddyctl +COPY --from=build-env /pkg/usr/local/bin/maddy /pkg/usr/local/bin/maddyctl /bin/ EXPOSE 25 143 993 587 465 VOLUME ["/data"] diff --git a/docker-build-multiarch.sh b/docker-build-multiarch.sh new file mode 100755 index 00000000..cd7bb60c --- /dev/null +++ b/docker-build-multiarch.sh @@ -0,0 +1,37 @@ +#!/bin/bash + +set -eEuo pipefail + +AMD64_DOCKER_HOST=${AMD64_DOCKER_HOST:-"unix:///var/run/docker.sock"} +ARM_DOCKER_HOST=${ARM_DOCKER_HOST:-"tcp://raspberrypi.local:2375"} + +if [ ! -x ${HOME}/.docker/cli-plugins/docker-buildx ]; then + mkdir -p ${HOME}/.docker/cli-plugins/ + wget https://github.com/docker/buildx/releases/download/v0.7.0/buildx-v0.7.0.linux-amd64 -O ${HOME}/.docker/cli-plugins/docker-buildx + chmod +x ${HOME}/.docker/cli-plugins/docker-buildx +fi + +docker buildx version + +BUILDER="multiarch-builder" +CONFIG=${PWD}/multiarch/buildkitd.toml +docker buildx create --name ${BUILDER} --buildkitd-flags '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host' --config=${CONFIG} --driver=docker-container --driver-opt image=moby/buildkit:latest,network=host --platform=linux/amd64 --use ${AMD64_DOCKER_HOST} +docker buildx create --name ${BUILDER} --buildkitd-flags '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host' --config=${CONFIG} --driver=docker-container --driver-opt image=moby/buildkit:latest,network=host --platform=linux/arm64,linux/arm/v7,linux/arm/v6 --append ${ARM_DOCKER_HOST} +stopbuilders() { + set +x + echo stopping builders + docker buildx stop ${BUILDER} + docker buildx rm ${BUILDER} +} +trap stopbuilders INT TERM EXIT + +docker buildx inspect --bootstrap --builder=${BUILDER} + +PLATFORM="${PLATFORM:-"linux/amd64,linux/arm/v7,linux/arm64"}" + +docker --log-level=debug \ + buildx build ${PWD} \ + --builder=${BUILDER} \ + --allow security.insecure \ + --platform=${PLATFORM} \ + $@ \ No newline at end of file diff --git a/multiarch/README.md b/multiarch/README.md new file mode 100644 index 00000000..5accdf36 --- /dev/null +++ b/multiarch/README.md @@ -0,0 +1,15 @@ +# Mutliarch builds + +## Requirements + +An ARM64 server with docker daemon exposed (for example, a raspberry pi 4 with Raspberry Pi OS 64bits) + +## Build + +At repository root, launch : + +``` +./docker-build-multiarch.sh --tag=TAG --push +``` + +It will build and push multi-arch docker images as TAG. diff --git a/multiarch/buildkitd.toml b/multiarch/buildkitd.toml new file mode 100644 index 00000000..becff42b --- /dev/null +++ b/multiarch/buildkitd.toml @@ -0,0 +1,7 @@ +################### +## https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md + +debug = true + +# insecure-entitlements allows insecure entitlements, disabled by default. +insecure-entitlements = [ "network.host", "security.insecure" ]