feat: build the Docker image on multiple architectures

Specifically for: amd64, arm64 and armv7 (armhf). Fixes #289.
pitkley · Feb 6, 2022 · cd9901d · cd9901d
1 parent 5957082
commit cd9901d
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 5 deletions.
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -16,6 +16,32 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@v1
+
+    - name: Setup connection to arm64-capable runner
+      run: |
+        echo "::group::ssh-agent: launch and export"
+        eval "$(ssh-agent)"
+        echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> $GITHUB_ENV
+        echo "SSH_AGENT_PID=$SSH_AGENT_PID" >> $GITHUB_ENV
+        echo "::endgroup::"
+
+        echo "::group::ssh-agent: load private key"
+        ssh-add - <<< "${{ secrets.ARMRUNNER1_SSH_PRIVATE_KEY }}"
+        echo "::endgroup::"
+
+        echo "::group::ssh: pin runner public key"
+        mkdir ~/.ssh && chmod 0700 ~/.ssh || :
+        echo "[${{ secrets.ARMRUNNER1_HOSTNAME }}]:${{ secrets.ARMRUNNER1_SSH_PORT }} ${{ secrets.ARMRUNNER1_SSH_HOSTKEY }}" > ~/.ssh/known_hosts
+        echo "::endgroup::"
+
+    - name: Register arm64-capable runner with Buildx
+      env:
+        DOCKER_HOST: ssh://github-actions@${{ secrets.ARMRUNNER1_HOSTNAME }}:${{ secrets.ARMRUNNER1_SSH_PORT }}
+      run: docker buildx create --append --name ${{ steps.buildx.outputs.name }} --bootstrap
+
     - name: Checkout
       uses: actions/checkout@v2
 
@@ -58,6 +84,7 @@ jobs:
       uses: docker/build-push-action@v2
       with:
         context: .
+        platforms: linux/amd64,linux/arm64,linux/arm/v7
         push: true
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,10 @@
 
   (Required after updating dependencies.)
 
+* Build Docker images for multiple architectures: `amd64`, `arm64`, `arm/v7`.
+
+    This allows users to pull the image from Docker Hub or GHCR for any of the mentioned architectures (from the same tag).
+
 <sub>Internal changes: dependency updates, CI updates.</sub>
 
 ## 1.2.1 (2020-12-13)

diff --git a/Dockerfile b/Dockerfile
@@ -2,13 +2,23 @@
 # SPDX-License-Identifier: MIT OR Apache-2.0
 
 # Stage 0: builder image
-FROM ekidd/rust-musl-builder:stable as builder
+FROM rust:latest as builder
 
-COPY . /home/rust/src
+COPY . /app
 
+WORKDIR /app
 RUN set -ex ;\
-    cargo build --target x86_64-unknown-linux-musl --release ;\
-    cargo test --target x86_64-unknown-linux-musl --release -- --nocapture ;\
+    dpkgArch="$(dpkg --print-architecture)"; \
+    case "${dpkgArch##*-}" in \
+        amd64) rustArch='x86_64-unknown-linux-musl' ;; \
+        armhf) rustArch='armv7-unknown-linux-musleabihf' ;; \
+        arm64) rustArch='aarch64-unknown-linux-musl' ;; \
+        *) echo >&2 "unsupported architecture: ${dpkgArch}"; exit 1 ;; \
+    esac; \
+    rustup target add "$rustArch" ;\
+    cargo build --target "$rustArch" --release ;\
+    cargo test --target "$rustArch" --release -- --nocapture ;\
+    mv target/"$rustArch"/release/dfw dfw ;\
     :
 
 # Stage 1: final image
@@ -20,5 +30,5 @@ RUN apk add --no-cache \
     nftables \
     ;
 
-COPY --from=builder /home/rust/src/target/x86_64-unknown-linux-musl/release/dfw /dfw
+COPY --from=builder /app/dfw /dfw
 ENTRYPOINT ["/dfw"]