refactor(dockerfiles/bases): support build multi-arch base image with…

… different dockerfiles (#355) Signed-off-by: wuhuizuo <[email protected]> --------- Signed-off-by: wuhuizuo <[email protected]>
PingCAP-QE · Jul 26, 2024 · bf5d9a4 · bf5d9a4
1 parent 2b57f31
commit bf5d9a4
Show file tree

Hide file tree

Showing 49 changed files with 273 additions and 204 deletions.
diff --git a/.github/workflows/pull-prod-runtime-images.yaml b/.github/workflows/pull-prod-runtime-images.yaml
@@ -23,13 +23,16 @@ jobs:
 
     strategy:
       matrix:
-        module: [default, fips]
+        module: [default, fips, release-6-5]
         builder-profile: [local-docker]
         platform: [linux/amd64, linux/arm64]
 
     steps:
       - name: Checkout sources
         uses: actions/checkout@v4
+        with:
+          fetch-depth: '0'
+          fetch-tags: 'true'
 
       # https://github.com/docker/setup-qemu-action
       - name: Set up QEMU
@@ -51,6 +54,11 @@ jobs:
           curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/v2.8.0/skaffold-linux-amd64 && \
           sudo install skaffold /usr/local/bin/
 
+      - name: Setup manifest-tool
+        run: |
+          curl -L https://github.com/estesp/manifest-tool/releases/download/v2.1.7/binaries-manifest-tool-2.1.7.tar.gz | tar -zxvf - manifest-tool-linux-amd64
+          sudo install manifest-tool-linux-amd64 /usr/local/bin/manifest-tool
+      
       - name: Cache layers
         uses: actions/cache@v4
         with:

diff --git a/.github/workflows/release-prod-runtime-images.yaml b/.github/workflows/release-prod-runtime-images.yaml
@@ -20,7 +20,7 @@ jobs:
 
     strategy:
       matrix:
-        module: [default, fips]
+        module: [default, fips, release-6-5]
         builder-profile: [local-docker]
 
     steps:
@@ -50,6 +50,11 @@ jobs:
           curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/v2.8.0/skaffold-linux-amd64 && \
           sudo install skaffold /usr/local/bin/
 
+      - name: Setup manifest-tool
+        run: |
+          curl -L https://github.com/estesp/manifest-tool/releases/download/v2.1.7/binaries-manifest-tool-2.1.7.tar.gz | tar -zxvf - manifest-tool-linux-amd64
+          sudo install manifest-tool-linux-amd64 /usr/local/bin/manifest-tool
+
       - name: Cache layers
         uses: actions/cache@v4
         with:

diff --git a/dockerfiles/bases/build-old.sh b/dockerfiles/bases/build-old.sh
@@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+build() {
+    dockerfile="${1:-Dockerfile}"
+
+    case "${PLATFORMS}" in
+    linux/amd64)
+        echo "building for linux/amd64 platform..."
+        docker build --tag=$IMAGE --platform=$PLATFORMS --target amd64 . -f "$dockerfile"
+        if $PUSH_IMAGE; then
+            docker push $IMAGE
+        fi
+        ;;
+    linux/arm64)
+        echo "building for linux/arm64 platform..."
+        docker build --tag=$IMAGE --platform=$PLATFORMS --target arm64 . -f "$dockerfile"
+        if $PUSH_IMAGE; then
+            docker push $IMAGE
+        fi
+        ;;
+    linux/arm64,linux/amd64 | linux/amd64,linux/arm64)
+        echo "building for linux/arm64 and linux/amd64 platforms..."
+        docker build --tag=${IMAGE}_linux_amd64 --platform=linux/amd64 --target amd64 . -f "$dockerfile"
+        docker build --tag=${IMAGE}_linux_arm64 --platform=linux/arm64 --target arm64 . -f "$dockerfile"
+        if $PUSH_IMAGE; then
+            docker push ${IMAGE}_linux_amd64
+            docker push ${IMAGE}_linux_arm64
+
+            # compose manifest for multi-arch image.
+            pushed_repo="${IMAGE%:*}"
+            tag="${IMAGE#*:}"
+            yq -n ".image = \"$pushed_repo\"" >manifest.yaml
+            yq -i ".tags = [\"$tag\"]" manifest.yaml
+
+            # linux/amd64
+            manifest-tool inspect --raw ${IMAGE}_linux_amd64 >manifest_linux_amd64.json
+            yq -i '.manifests += [{}]' manifest.yaml
+            digest=$(jq -r '.digest' manifest_linux_amd64.json)
+            yq -i ".manifests[-1].image = \"${pushed_repo}@${digest}\"" manifest.yaml
+            yq -i '.manifests[-1].platform.os = "linux"' manifest.yaml
+            yq -i '.manifests[-1].platform.architecture = "amd64"' manifest.yaml
+            # linux/arm64
+            manifest-tool inspect --raw ${IMAGE}_linux_arm64 >manifest_linux_arm64.json
+            yq -i '.manifests += [{}]' manifest.yaml
+            digest=$(jq -r '.digest' manifest_linux_arm64.json)
+            yq -i ".manifests[-1].image = \"${pushed_repo}@${digest}\"" manifest.yaml
+            yq -i '.manifests[-1].platform.os = "linux"' manifest.yaml
+            yq -i '.manifests[-1].platform.architecture = "arm64"' manifest.yaml
+
+            # push multi-arch image
+            manifest-tool push from-spec manifest.yaml
+        fi
+        ;;
+    *)
+        echo "default (none of above)"
+        ;;
+    esac
+}
+
+echo "image: $IMAGE"
+echo "platforms: $PLATFORMS"
+context_dir="${1:-.}"
+dockerfile="${2:-Dockerfile}"
+cd "$context_dir"
+build "$dockerfile"
diff --git a/dockerfiles/bases/ng-monitoring-base/release-6.5.Dockerfile b/dockerfiles/bases/ng-monitoring-base/release-6.5.Dockerfile
@@ -0,0 +1,10 @@
+############## linux/amd64 ##################
+FROM pingcap/alpine-glibc:alpine-3.14.6 AS amd64
+
+############## linux/arm64 ##################
+FROM pingcap/centos-stream:8 AS arm64
+# CentOS 7,8 has reached EOL
+RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo \
+    && sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo \
+    && sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo
+ADD https://github.com/golang/go/raw/go1.22.5/lib/time/zoneinfo.zip /usr/local/go/lib/time/zoneinfo.zip
diff --git a/dockerfiles/bases/pd-base/release-6.5.Dockerfile b/dockerfiles/bases/pd-base/release-6.5.Dockerfile
@@ -0,0 +1,10 @@
+############## linux/amd64 ##################
+FROM pingcap/alpine-glibc:alpine-3.14.6 AS amd64
+RUN apk add --no-cache jq
+
+############## linux/arm64 ##################
+FROM pingcap/centos-stream:8 AS arm64
+# CentOS 7,8 has reached EOL
+RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo \
+    && sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo \
+    && sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo
diff --git a/dockerfiles/bases/skaffold.yaml b/dockerfiles/bases/skaffold.yaml
@@ -5,8 +5,8 @@ metadata:
   name: default
 build:
   artifacts:
-    - image: pingcap-base      
-      platforms: [linux/amd64, linux/arm64]      
+    - image: pingcap-base
+      platforms: [linux/amd64, linux/arm64]
       kaniko:
         dockerfile: pingcap-base/Dockerfile
         cache: {}
@@ -79,7 +79,7 @@ profiles:
     build:
       local:
         useDockerCLI: true
-        useBuildkit: true        
+        useBuildkit: true
         concurrency: 0
         tryImportMissing: true
     patches:
@@ -137,7 +137,7 @@ profiles:
     build:
       local:
         useDockerCLI: true
-        useBuildkit: true        
+        useBuildkit: true
         concurrency: 0
         tryImportMissing: true
     patches:
@@ -151,45 +151,60 @@ metadata:
   name: release-6-5
 build:
   artifacts:
-    - image: tidb-base-old-amd64
-      platforms: [linux/amd64]
-      kaniko:
-        dockerfile: tidb-base/release-6.5.Dockerfile
-        cache: {}
-        target: amd64
-        skipUnusedStages: true
-    - image: tidb-base-old-arm64
-      platforms: [linux/arm64]
-      kaniko:
-        dockerfile: tidb-base/release-6.5.Dockerfile
-        cache: {}
-        target: arm64
-        skipUnusedStages: true
+    - image: ng-monitoring-base
+      platforms: [linux/amd64,linux/arm64]
+      custom:
+        buildCommand: ./build-old.sh ng-monitoring-base release-6.5.Dockerfile
+        dependencies:
+          dockerfile:
+            path: ng-monitoring-base/release-6.5.Dockerfile
+    - image: pd-base
+      platforms: [linux/amd64,linux/arm64]
+      custom:
+        buildCommand: ./build-old.sh pd-base release-6.5.Dockerfile
+        dependencies:
+          dockerfile:
+            path: pd-base/release-6.5.Dockerfile
+    - image: tidb-base
+      platforms: [linux/amd64,linux/arm64]
+      custom:
+        buildCommand: ./build-old.sh tidb-base release-6.5.Dockerfile
+        dependencies:
+          dockerfile:
+            path: tidb-base/release-6.5.Dockerfile
+    - image: tiflash-base
+      platforms: [linux/amd64,linux/arm64]
+      docker:
+        dockerfile: tiflash-base/release-6.5.Dockerfile
+        noCache: false
+        pullParent: false
+        squash: false
+    - image: tiflow-base
+      platforms: [linux/amd64,linux/arm64]
+      custom:
+        buildCommand: ./build-old.sh tiflow-base release-6.5.Dockerfile
+        dependencies:
+          dockerfile:
+            path: tiflow-base/release-6.5.Dockerfile
+    - image: tikv-base
+      platforms: [linux/amd64,linux/arm64]
+      custom:
+        buildCommand: ./build-old.sh tikv-base release-6.5.Dockerfile
+        dependencies:
+          dockerfile:
+            path: tikv-base/release-6.5.Dockerfile
+    - image: tools-base
+      platforms: [linux/amd64,linux/arm64]
+      custom:
+        buildCommand: ./build-old.sh tools-base release-6.5.Dockerfile
+        dependencies:
+          dockerfile:
+            path: tools-base/release-6.5.Dockerfile
   tagPolicy:
     customTemplate:
-      template: "v1.8.0-release-6.5"
-  cluster:
+      template: "v1.0.0-old"
+  local:
+    useDockerCLI: true
+    useBuildkit: true
     concurrency: 0
-    randomDockerConfigSecret: false
-    randomPullSecret: false
-    dockerConfig:
-      secretName: hub-pingcap-net
-    resources:
-      requests:
-        cpu: "1"
-        memory: 4Gi
-      limits:
-        cpu: "2"
-        memory: 8Gi
-profiles:
-  - name: local-docker
-    build:
-      local:
-        useDockerCLI: true
-        useBuildkit: true        
-        concurrency: 0
-        tryImportMissing: true
-    patches:
-      - op: move
-        from: /build/artifacts/0/kaniko
-        path: /build/artifacts/0/docker
+    tryImportMissing: true
diff --git a/dockerfiles/bases/tidb-base/release-6.5.Dockerfile b/dockerfiles/bases/tidb-base/release-6.5.Dockerfile
@@ -1,11 +1,14 @@
-# linux/amd64: https://github.com/PingCAP-QE/ci-dockerfile/blob/master/jenkins/amd64/alpine-3.14.6
-# TODO: compose a multi-arch image.
+############## linux/amd64 ##################
 FROM pingcap/alpine-glibc:alpine-3.14.6 AS amd64
 RUN apk add --no-cache curl
 
-# linux/arm64:
-# base: https://github.com/PingCAP-QE/artifacts/blob/main/dockerfiles/old-bases/arm64/centos-stream.Dockerfile
+############## linux/arm64 ##################
 FROM pingcap/centos-stream:8 AS arm64
+# CentOS 7,8 has reached EOL
+RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo \
+    && sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo \
+    && sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo
+
 RUN set -e && \
     dnf install bind-utils curl nmap-ncat -y && \
     dnf clean all
diff --git a/dockerfiles/bases/tiflash-base/release-6.5.Dockerfile b/dockerfiles/bases/tiflash-base/release-6.5.Dockerfile
@@ -0,0 +1,14 @@
+FROM centos:7.9.2009
+
+# CentOS 7 has reached EOL
+RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo \
+    && sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo \
+    && sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo
+
+# Update packages
+RUN yum update -y bind-license cyrus-sasl-lib expat glib2 gzip krb5-libs openssl-libs systemd systemd-libs xz xz-libs zlib nss nss-sysinit nss-tools
+
+# Set timezone
+ENV TZ Asia/Shanghai
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && \
+    echo $TZ > /etc/timezone
diff --git a/dockerfiles/bases/tiflow-base/release-6.5.Dockerfile b/dockerfiles/bases/tiflow-base/release-6.5.Dockerfile
@@ -0,0 +1,7 @@
+############## linux/amd64 ##################
+FROM pingcap/alpine-glibc:alpine-3.14.6 as amd64
+RUN apk add --no-cache tzdata bash curl socat
+
+############## linux/arm64 ##################
+FROM alpine:3.12 as arm64
+RUN apk add --no-cache tzdata bash curl socat
diff --git a/dockerfiles/bases/tikv-base/release-6.5.Dockerfile b/dockerfiles/bases/tikv-base/release-6.5.Dockerfile
@@ -0,0 +1,16 @@
+############## linux/amd64 ##################
+FROM pingcap/alpine-glibc:alpine-3.14.6 AS amd64
+# set timezone
+ENV TZ=/etc/localtime
+ENV TZDIR=/usr/share/zoneinfo
+
+############## linux/arm64 ##################
+FROM pingcap/centos-stream:8 AS arm64
+# CentOS 7,8 has reached EOL
+RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo \
+    && sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo \
+    && sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo
+# set timezone
+ENV TZ=/etc/localtime
+ENV TZDIR=/usr/share/zoneinfo
+
diff --git a/dockerfiles/bases/tools-base/release-6.5.Dockerfile b/dockerfiles/bases/tools-base/release-6.5.Dockerfile
@@ -0,0 +1,11 @@
+############## linux/amd64 ##################
+FROM pingcap/alpine-glibc:alpine-3.14.6 AS amd64
+ADD https://github.com/golang/go/raw/go1.22.5/lib/time/zoneinfo.zip /usr/local/go/lib/time/zoneinfo.zip
+
+############## linux/arm64 ##################
+FROM pingcap/centos-stream:8 AS arm64
+# CentOS 7,8 has reached EOL
+RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo \
+    && sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo \
+    && sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo
+ADD https://github.com/golang/go/raw/go1.22.5/lib/time/zoneinfo.zip /usr/local/go/lib/time/zoneinfo.zip
diff --git a/dockerfiles/products/le6.5-linux-amd64-debug/br b/dockerfiles/products/le6.5-linux-amd64-debug/br
@@ -1,3 +1,3 @@
 FROM pingcap/alpine-glibc:alpine-3.14.6
-COPY zoneinfo.zip /usr/local/go/lib/time/zoneinfo.zip
-COPY br /br
+ADD https://github.com/golang/go/raw/go1.22.5/lib/time/zoneinfo.zip /usr/local/go/lib/time/zoneinfo.zip
+COPY br /br
diff --git a/dockerfiles/products/le6.5-linux-amd64-debug/dumpling b/dockerfiles/products/le6.5-linux-amd64-debug/dumpling
@@ -1,3 +1,3 @@
 FROM pingcap/alpine-glibc:alpine-3.14.6
-COPY zoneinfo.zip /usr/local/go/lib/time/zoneinfo.zip
-COPY dumpling /dumpling
+ADD https://github.com/golang/go/raw/go1.22.5/lib/time/zoneinfo.zip /usr/local/go/lib/time/zoneinfo.zip
+COPY dumpling /dumpling
diff --git a/dockerfiles/products/le6.5-linux-amd64-debug/tidb-binlog b/dockerfiles/products/le6.5-linux-amd64-debug/tidb-binlog
@@ -1,9 +1,9 @@
 FROM pingcap/alpine-glibc:alpine-3.14.6
-COPY zoneinfo.zip /usr/local/go/lib/time/zoneinfo.zip
+ADD https://github.com/golang/go/raw/go1.22.5/lib/time/zoneinfo.zip /usr/local/go/lib/time/zoneinfo.zip
 COPY pump /pump
 COPY drainer /drainer
 COPY reparo /reparo
 COPY binlogctl /binlogctl
 EXPOSE 4000
 EXPOSE 8249 8250
-CMD ["/pump"]
+CMD ["/pump"]
diff --git a/dockerfiles/products/le6.5-linux-amd64-debug/tidb-lightning b/dockerfiles/products/le6.5-linux-amd64-debug/tidb-lightning
@@ -1,5 +1,5 @@
 FROM pingcap/alpine-glibc:alpine-3.14.6
-COPY zoneinfo.zip /usr/local/go/lib/time/zoneinfo.zip
+ADD https://github.com/golang/go/raw/go1.22.5/lib/time/zoneinfo.zip /usr/local/go/lib/time/zoneinfo.zip
 COPY tidb-lightning /tidb-lightning
 COPY tidb-lightning-ctl /tidb-lightning-ctl
 COPY br /br
diff --git a/...ucts/ng-monitoring/le6.5/arm64.Dockerfile → ...s/products/ng-monitoring/le6.5/Dockerfile b/...ucts/ng-monitoring/le6.5/arm64.Dockerfile → ...s/products/ng-monitoring/le6.5/Dockerfile
@@ -1,5 +1,5 @@
-FROM pingcap/centos-stream:8
-COPY zoneinfo.zip /usr/local/go/lib/time/zoneinfo.zip
+ARG BASE_IMG=ghcr.io/pingcap-qe/bases/ng-monitoring-base:v1.0.0-old
+FROM $BASE_IMG
 COPY ng-monitoring-server /ng-monitoring-server
 EXPOSE 12020
 ENTRYPOINT ["/ng-monitoring-server"]
diff --git a/dockerfiles/products/ng-monitoring/le6.5/amd64.Dockerfile b/dockerfiles/products/ng-monitoring/le6.5/amd64.Dockerfile
diff --git a/...les/products/pd/le6.5/pd.amd64.Dockerfile → dockerfiles/products/pd/le6.5/Dockerfile b/...les/products/pd/le6.5/pd.amd64.Dockerfile → dockerfiles/products/pd/le6.5/Dockerfile
@@ -1,6 +1,5 @@
-FROM pingcap/alpine-glibc:alpine-3.14.6
-RUN apk add --no-cache jq
-
+ARG BASE_IMG=ghcr.io/pingcap-qe/bases/pd-base:v1.0.0-old
+FROM $BASE_IMG
 COPY pd-server /pd-server
 COPY pd-ctl /pd-ctl
 COPY pd-recover /pd-recover