From c8d0b2df146742d7e07d04f6eb8e647ad939c301 Mon Sep 17 00:00:00 2001 From: me|kor Date: Tue, 9 May 2023 15:31:40 +0200 Subject: [PATCH] Feature: Docker multiarch image (amd64 & arm64) dynamic tags and ghcr repositoy (#400) * Enabled multiarch build with buildx, qemu and also enabled ghcr, improved tagging - Enabled multiarch build with buildx, qemu and also enabled ghcr - Improved image tagging - Getting rid unknown/unknonw architecture in ghcr - https://github.com/docker/build-push-action - https://docs.docker.com/build/attestations/slsa-provenance/ - https://github.com/docker/build-push-action/issues/820 * Switched to lukechannings/deno docke rimage as proposed in #136 - silverbulletmd/silverbullet/issues/136 (cherry picked from commit 176b70f5481dbbef9744818662f47617903de209) * Added tini, condensed Dockerfile Run to one step, cleaning up image - tini is missing in new base image, so I added it manually, as documented in https://github.com/krallin/tini (cherry picked from commit 4d549b8f5b45bcc9ea04a0e7a4fdc3c82cdd7f5c) * Using TARGETARCH for downloading tini (cherry picked from commit 23a6019da00115b34c3bd09eb0c733172edcebbc) --- .github/workflows/docker.yml | 65 +++++++++++++++++++++++++++++++----- Dockerfile | 26 ++++++++++++--- 2 files changed, 78 insertions(+), 13 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index edbc5a50..32f78c9e 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -2,9 +2,17 @@ name: Docker on: push: + branches: + - "main" tags: - - '*' - + - "**" +env: + DENO_VERSION: v1.32.5 + # Docker & Registries + ARCHITECTURES: linux/amd64,linux/arm64 + IMAGE_NAME: silverbullet + NAMESPACE_GITHUB: silverbulletmd + NAMESPACE_DOCKER: zefhemel jobs: docker-build-push: runs-on: ubuntu-latest @@ -13,10 +21,20 @@ jobs: - name: Setup repo uses: actions/checkout@v3 + - name: Set up QEMU for multi-arch builds with buildx + uses: docker/setup-qemu-action@v2 + with: + platforms: ${{ env.ARCHITECTURES }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + with: + platforms: ${{ env.ARCHITECTURES }} + - name: Setup Deno uses: denoland/setup-deno@d4873ceeec10de6275fecd1f94b6985369d40231 with: - deno-version: v1.32.5 + deno-version: ${{ env.DENO_VERSION }} - name: Run bundle build run: | @@ -29,11 +47,42 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Build and push - uses: docker/build-push-action@v3 + - name: Log in to the ghcr Container registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + # + # MetaData Extract Docu: + # + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v4.4.0 + with: + images: | + # Set the different image names(paces) for docker-hub & ghcr + ${{ env.NAMESPACE_DOCKER }}/${{ env.IMAGE_NAME }} + ghcr.io/${{ env.NAMESPACE_GITHUB }}/${{ env.IMAGE_NAME }} + tags: | + # + # minimal (short sha), enable f desired + # type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=short + # set latest tag for default branch + type=raw,value=latest,enable={{is_default_branch}} + # + # tag w/ full tag part of git tag: + # only present for `on.push.tags` ! + type=semver,pattern={{raw}},enable=true + # type=edge,branch=develop # usually this would be the develop branch + + - name: Build and push Docker images + uses: docker/build-push-action@v4.0.0 with: context: . + platforms: ${{ env.ARCHITECTURES }} push: true - tags: | - zefhemel/silverbullet:latest - zefhemel/silverbullet:${{ github.ref_name }} \ No newline at end of file + # Disable to get rid of unknown architecture in ghcr + provenance: false + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/Dockerfile b/Dockerfile index db283d8a..5059da4f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,4 @@ -FROM denoland/deno:alpine-1.33.2 - +FROM lukechannings/deno:v1.33.2 # The volume that will keep the space data # Create a volume first: # docker volume create myspace @@ -7,12 +6,29 @@ FROM denoland/deno:alpine-1.33.2 # docker run -v myspace:/space -it zefhemel/silverbullet VOLUME /space +# Accept TARGETARCH as argument +ARG TARGETARCH + +# Adding tini manually, as it's not included anymore in the new baseimage +ENV TINI_VERSION v0.19.0 +ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-${TARGETARCH} /tini + # Copy the bundled version of silverbullet into the container ADD ./dist/silverbullet.js /silverbullet.js # Make sure the deno user has access to the space volume -RUN mkdir -p /space -RUN chown -R deno:deno /space +RUN mkdir -p /space \ + && chown -R deno:deno /space \ + && chmod +x /tini \ + && echo "**** cleanup ****" \ + && apt-get -y autoremove \ + && apt-get clean \ + && rm -rf \ + /tmp/* \ + /var/lib/apt/lists/* \ + /var/tmp/* \ + /var/log/* \ + /usr/share/man # deno user id is 1000 in alpine image USER deno @@ -23,4 +39,4 @@ EXPOSE 3000 # Run the server, allowing to pass in additional argument at run time, e.g. # docker run -p 3002:3000 -v myspace:/space -it zefhemel/silverbullet --user me:letmein -ENTRYPOINT ["/tini", "--", "deno", "run", "-A", "--unstable", "/silverbullet.js", "--hostname", "0.0.0.0", "/space"] \ No newline at end of file +ENTRYPOINT ["/tini", "--", "deno", "run", "-A", "--unstable", "/silverbullet.js", "--hostname", "0.0.0.0", "/space"]