diff --git a/.github/workflows/docker_build_push.yml b/.github/workflows/docker_build_push.yml index 4c2b5b1..dbac31b 100644 --- a/.github/workflows/docker_build_push.yml +++ b/.github/workflows/docker_build_push.yml @@ -9,6 +9,12 @@ on: jobs: build_and_push: runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 env: IMAGE_NAME: rpxy @@ -44,7 +50,7 @@ jobs: file: ./docker/Dockerfile cache-from: type=gha cache-to: type=gha,mode=max - platforms: linux/amd64,linux/arm64 + platforms: ${{ matrix.platform }} - name: Release build and push slim if: ${{ env.BRANCH == 'main' }} @@ -54,10 +60,13 @@ jobs: push: true tags: | ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:slim, ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:latest-slim - file: ./docker/Dockerfile.amd64-slim + build-contexts: | + messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl + messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl + file: ./docker/Dockerfile.slim cache-from: type=gha cache-to: type=gha,mode=max - platforms: linux/amd64,linux/arm64 + platforms: ${{ matrix.platform }} - name: Nightly build and push if: ${{ env.BRANCH == 'develop' }} @@ -70,4 +79,20 @@ jobs: file: ./docker/Dockerfile cache-from: type=gha cache-to: type=gha,mode=max - platforms: linux/amd64,linux/arm64 + platforms: ${{ matrix.platform }} + + - name: Release build and push slim + if: ${{ env.BRANCH == 'develop' }} + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: | + ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:nightly-slim + build-contexts: | + messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl + messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl + file: ./docker/Dockerfile.slim + cache-from: type=gha + cache-to: type=gha,mode=max + platforms: ${{ matrix.platform }} diff --git a/README.md b/README.md index 85b3ab9..08d1270 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,7 @@ [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE) ![Unit Test](https://github.com/junkurihara/rust-rpxy/actions/workflows/ci.yml/badge.svg) -![Docker x86_64](https://github.com/junkurihara/rust-rpxy/actions/workflows/docker_build_push_amd64.yml/badge.svg) -![Docker aarch64](https://github.com/junkurihara/rust-rpxy/actions/workflows/docker_build_push_arm64.yml/badge.svg) +![Docker](https://github.com/junkurihara/rust-rpxy/actions/workflows/docker_build_push.yml/badge.svg) ![ShiftLeft Scan](https://github.com/junkurihara/rust-rpxy/actions/workflows/shift_left.yml/badge.svg) [![Docker Image Size (latest by date)](https://img.shields.io/docker/image-size/jqtype/rpxy)](https://hub.docker.com/r/jqtype/rpxy) diff --git a/docker/Dockerfile b/docker/Dockerfile index 95b76aa..7844c2f 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -15,6 +15,17 @@ WORKDIR /tmp COPY . /tmp/ +ARG TARGETARCH + +RUN if [ $TARGETARCH = "amd64" ]; then \ + echo "x86_64" > /arch; \ + elif [ $TARGETARCH = "arm64" ]; then \ + echo "aarch64" > /arch; \ + else \ + echo "Unsupported platform: $TARGETARCH"; \ + exit 1; \ + fi + ENV RUSTFLAGS "-C link-arg=-s" RUN update-ca-certificates 2> /dev/null || true @@ -22,9 +33,12 @@ RUN update-ca-certificates 2> /dev/null || true RUN apt-get update && apt-get install -qy --no-install-recommends $BUILD_DEPS && \ curl -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain stable && \ export PATH="$HOME/.cargo/bin:$PATH" && \ + echo "Install toolchain" && \ + rustup target add $(cat /arch)-unknown-linux-gnu &&\ echo "Building rpxy from source" && \ - cargo build --release && \ - strip --strip-all /tmp/target/release/rpxy + cargo build --release --target=$(cat /arch)-unknown-linux-gnu && \ + strip --strip-all /tmp/target/$(cat /arch)-unknown-linux-gnu/release/rpxy &&\ + cp /tmp/target/$(cat /arch)-unknown-linux-gnu/release/rpxy /tmp/target/release/rpxy ######################################## FROM --platform=$TARGETPLATFORM base AS runner diff --git a/docker/Dockerfile.arm64-slim b/docker/Dockerfile.arm64-slim deleted file mode 100644 index ff433a2..0000000 --- a/docker/Dockerfile.arm64-slim +++ /dev/null @@ -1,45 +0,0 @@ -######################################## -FROM --platform=$BUILDPLATFORM messense/rust-musl-cross:aarch64-musl AS builder - -ENV TARGET_DIR=aarch64-unknown-linux-musl -ENV CFLAGS=-Ofast - -WORKDIR /tmp - -COPY . /tmp/ - -ENV RUSTFLAGS "-C link-arg=-s" - -RUN echo "Building rpxy from source" && \ - cargo build --release && \ - musl-strip --strip-all /tmp/target/${TARGET_DIR}/release/rpxy - -######################################## -FROM --platform=$TARGETPLATFORM alpine:latest AS runner -LABEL maintainer="Jun Kurihara" - -ENV TARGET_DIR=aarch64-unknown-linux-musl -ENV RUNTIME_DEPS logrotate ca-certificates su-exec - -RUN apk add --no-cache ${RUNTIME_DEPS} && \ - update-ca-certificates && \ - find / -type d -path /proc -prune -o -type f -perm /u+s -exec chmod u-s {} \; && \ - find / -type d -path /proc -prune -o -type f -perm /g+s -exec chmod g-s {} \; && \ - mkdir -p /rpxy/bin &&\ - mkdir -p /rpxy/log - -COPY --from=builder /tmp/target/${TARGET_DIR}/release/rpxy /rpxy/bin/rpxy -COPY ./docker/run.sh /rpxy -COPY ./docker/entrypoint.sh /rpxy - -RUN chmod +x /rpxy/run.sh && \ - chmod +x /rpxy/entrypoint.sh - -ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt -ENV SSL_CERT_DIR=/etc/ssl/certs - -EXPOSE 80 443 - -CMD ["/rpxy/entrypoint.sh"] - -ENTRYPOINT ["/rpxy/entrypoint.sh"] diff --git a/docker/Dockerfile.amd64-slim b/docker/Dockerfile.slim similarity index 60% rename from docker/Dockerfile.amd64-slim rename to docker/Dockerfile.slim index 7d8c366..6f210c1 100644 --- a/docker/Dockerfile.amd64-slim +++ b/docker/Dockerfile.slim @@ -1,7 +1,17 @@ ######################################## -FROM --platform=$BUILDPLATFORM messense/rust-musl-cross:x86_64-musl AS builder +FROM --platform=$BUILDPLATFORM messense/rust-musl-cross:${TARGETARCH}-musl AS builder + +ARG TARGETARCH + +RUN if [ $TARGETARCH = "amd64" ]; then \ + echo "x86_64" > /arch; \ + elif [ $TARGETARCH = "arm64" ]; then \ + echo "aarch64" > /arch; \ + else \ + echo "Unsupported platform: $TARGETARCH"; \ + exit 1; \ + fi -ENV TARGET_DIR=x86_64-unknown-linux-musl ENV CFLAGS=-Ofast WORKDIR /tmp @@ -11,14 +21,14 @@ COPY . /tmp/ ENV RUSTFLAGS "-C link-arg=-s" RUN echo "Building rpxy from source" && \ - cargo build --release && \ - musl-strip --strip-all /tmp/target/${TARGET_DIR}/release/rpxy + cargo build --release --target $(cat /arch)-unknown-linux-musl && \ + musl-strip --strip-all /tmp/target/$(cat /arch)-unknown-linux-musl/release/rpxy && \ + cp /tmp/target/$(cat /arch)-unknown-linux-musl/release/rpxy /tmp/target/release/rpxy ######################################## FROM --platform=$TARGETPLATFORM alpine:latest AS runner LABEL maintainer="Jun Kurihara" -ENV TARGET_DIR=x86_64-unknown-linux-musl ENV RUNTIME_DEPS logrotate ca-certificates su-exec RUN apk add --no-cache ${RUNTIME_DEPS} && \ @@ -28,7 +38,7 @@ RUN apk add --no-cache ${RUNTIME_DEPS} && \ mkdir -p /rpxy/bin &&\ mkdir -p /rpxy/log -COPY --from=builder /tmp/target/${TARGET_DIR}/release/rpxy /rpxy/bin/rpxy +COPY --from=builder /tmp/target/release/rpxy /rpxy/bin/rpxy COPY ./docker/run.sh /rpxy COPY ./docker/entrypoint.sh /rpxy