ci: build docker from arm64

.github/workflows/dev.yml

@@ -112,7 +112,7 @@ jobs:
         with:
           context: .
           platforms: linux/amd64,linux/arm64
-          file: ./deployment/docker/dev/buildx.Dockerfile
+          file: ./deployment/docker/prod/buildx.Dockerfile
           push: true
           tags: semaphoreui/semaphore:develop
 

.github/workflows/release.yml

@@ -5,31 +5,31 @@ on:
       - v*
 
 jobs:
-#  release:
-#    runs-on: [ubuntu-latest]
-#    steps:
-#      - uses: actions/setup-go@v3
-#        with: { go-version: 1.18 }
-#
-#      - uses: actions/setup-node@v3
-#        with: { node-version: '16' }
-#
-#      - run: go install github.com/go-task/task/v3/cmd/task@latest
-#
-#      - run: sudo apt update && sudo apt-get install rpm
-#
-#      - uses: actions/checkout@v3
-#
-#      - run: task deps
-#
-#      - run: |
-#          echo ${{ secrets.GPG_KEY }} | tr " " "\n" | base64 -d | gpg --import --batch
-#          gpg --sign -u "58A7 CC3D 8A9C A2E5 BB5C 141D 4064 23EA F814 63CA" --pinentry-mode loopback --yes --batch --passphrase "${{ secrets.GPG_PASS }}" --output unlock.sig --detach-sign README.md
-#          rm -f unlock.sig
-#
-#      - run:  git reset --hard
-#
-#      - run: GITHUB_TOKEN=${{ secrets.GH_TOKEN }} task release:prod
+  release:
+    runs-on: [ubuntu-latest]
+    steps:
+      - uses: actions/setup-go@v3
+        with: { go-version: 1.18 }
+
+      - uses: actions/setup-node@v3
+        with: { node-version: '16' }
+
+      - run: go install github.com/go-task/task/v3/cmd/task@latest
+
+      - run: sudo apt update && sudo apt-get install rpm
+
+      - uses: actions/checkout@v3
+
+      - run: task deps
+
+      - run: |
+          echo ${{ secrets.GPG_KEY }} | tr " " "\n" | base64 -d | gpg --import --batch
+          gpg --sign -u "58A7 CC3D 8A9C A2E5 BB5C 141D 4064 23EA F814 63CA" --pinentry-mode loopback --yes --batch --passphrase "${{ secrets.GPG_PASS }}" --output unlock.sig --detach-sign README.md
+          rm -f unlock.sig
+
+      - run:  git reset --hard
+
+      - run: GITHUB_TOKEN=${{ secrets.GH_TOKEN }} task release:prod
 
 
   deploy-prod:
@@ -42,7 +42,7 @@ jobs:
 
       - uses: actions/checkout@v3
 
-      - run: context=prod task docker:test
+#      - run: context=prod task docker:test
 
       - uses: docker/setup-qemu-action@v2
 

Taskfile.yml

@@ -127,7 +127,7 @@ tasks:
     desc: Build a binary for the current architecture
     dir: cli
     cmds:
-      - go build -o ../bin/semaphore{{ if eq OS "windows" }}.exe{{ end }}
+      - env GOOS={{ .GOOS }} GOARCH={{ .GOARCH }} go build -o ../bin/semaphore{{ if eq OS "windows" }}.exe{{ end }}
 
   release:
     desc: creates a release without performing validations or publishing artifacts
@@ -249,7 +249,6 @@ tasks:
           prefix: -dredd
           args: up
 
-
   docker:build:
     desc: Build an image for Semaphore, requires context
     vars:
@@ -262,18 +261,6 @@ tasks:
           tag: "{{ .tag }}"
           args: -t "{{ .docker_namespace }}/{{ .docker_image }}:{{ .tag }}" .
 
-  docker:buildx:
-    desc: Build a multiarch image for Semaphore, requires context
-    vars:
-      tag: "{{ if .tag }}{{ .tag }}{{ else }}latest{{ end }}"
-    cmds:
-      - task: docker
-        vars:
-          context: "{{ .context }}"
-          action: buildx build
-          tag: "{{ .tag }}"
-          args: --platform=linux/amd64,linux/arm64 -t "{{ .docker_namespace }}/{{ .docker_image }}:{{ .tag }}" .
-
   deps:docker:
     desc: Install docker testing dependencies. These must be installed explicitly and are not included in the general deps task.
     status:

deployment/docker/dev/buildx.Dockerfile

@@ -1,47 +0,0 @@
-ARG BUILDPLATFORM=linux/amd64
-
-FROM --platform=$BUILDPLATFORM golang:1.18.3-alpine3.16
-
-ARG TARGETOS=linux
-ARG TARGETARCH=amd64
-ENV GOOS="${TARGETOS}"
-ENV GOARCH="${TARGETARCH}"
-
-ENV SEMAPHORE_VERSION="development" SEMAPHORE_ARCH="${TARGETOS}_${TARGETARCH}" \
-    SEMAPHORE_CONFIG_PATH="${SEMAPHORE_CONFIG_PATH:-/etc/semaphore}" \
-    APP_ROOT="/go/src/github.com/ansible-semaphore/semaphore/"
-
-# hadolint ignore=DL3013
-RUN apk add --no-cache sshpass git mysql-client python3 py3-pip py-openssl openssl ca-certificates curl curl-dev openssh-client-default tini nodejs npm bash rsync && \
-    apk --update add --virtual build-dependencies python3-dev libffi-dev openssl-dev build-base &&\
-    rm -rf /var/cache/apk/*
-
-RUN pip3 install --upgrade pip cffi   && \
-    pip3 install ansible &&\
-    apk del build-dependencies
-
-RUN adduser -D -u 1002 -g 0 semaphore && \
-    mkdir -p /go/src/github.com/ansible-semaphore/semaphore && \
-    mkdir -p /tmp/semaphore && \
-    mkdir -p /etc/semaphore && \
-    mkdir -p /var/lib/semaphore && \
-    chown -R semaphore:0 /go && \
-    chown -R semaphore:0 /tmp/semaphore && \
-    chown -R semaphore:0 /etc/semaphore && \
-    chown -R semaphore:0 /var/lib/semaphore && \
-    ssh-keygen -t rsa -q -f "/root/.ssh/id_rsa" -N ""       && \
-    ssh-keyscan -H github.com > /root/.ssh/known_hosts
-
-RUN cd $(go env GOPATH) && curl -sL https://taskfile.dev/install.sh | sh
-
-RUN git config --global --add safe.directory /go/src/github.com/ansible-semaphore/semaphore
-
-# Copy in app source
-WORKDIR ${APP_ROOT}
-COPY . ${APP_ROOT}
-RUN deployment/docker/dev/bin/install
-
-USER semaphore
-EXPOSE 3000
-ENTRYPOINT ["/usr/local/bin/semaphore-wrapper"]
-CMD ["./bin/semaphore", "server", "--config", "/etc/semaphore/config.json"]

deployment/docker/prod/Dockerfile

@@ -1,23 +1,13 @@
-ARG BUILDPLATFORM=linux/amd64
-
 # ansible-semaphore production image
-FROM --platform=$BUILDPLATFORM golang:1.18.3-alpine3.16 as builder
-
+FROM golang:1.18.3-alpine3.16 as builder
 
 COPY ./ /go/src/github.com/ansible-semaphore/semaphore
 WORKDIR /go/src/github.com/ansible-semaphore/semaphore
 
-ARG TARGETOS=linux
-ARG TARGETARCH=amd64
-ENV GOOS="${TARGETOS}" 
-ENV GOARCH="${TARGETARCH}"
-
 RUN apk add --no-cache -U libc-dev curl nodejs npm git && \
   ./deployment/docker/prod/bin/install
 
-# Uses frolvlad alpine so we have access to glibc which is needed for golang
-# and when deploying in openshift
-FROM frolvlad/alpine-glibc:alpine-3.16 as runner
+FROM alpine:3.16 as runner
 LABEL maintainer="Tom Whiston <tom.whiston@gmail.com>"
 
 RUN apk add --no-cache sshpass git curl ansible mysql-client openssh-client-default tini py3-aiohttp && \

deployment/docker/prod/bin/install

@@ -10,7 +10,8 @@ task deps
 set +e
 task compile
 set -e
-task build:local
+
+task build:local GOOS=$GOOS GOARCH=$GOARCH
 
 mv ./bin/semaphore /usr/local/bin/
 chown 1001:0 /usr/local/bin/semaphore

deployment/docker/prod/buildx.Dockerfile

@@ -1,23 +1,16 @@
-ARG BUILDPLATFORM=linux/amd64
-
 # ansible-semaphore production image
 FROM --platform=$BUILDPLATFORM golang:1.18.3-alpine3.16 as builder
 
-
 COPY ./ /go/src/github.com/ansible-semaphore/semaphore
 WORKDIR /go/src/github.com/ansible-semaphore/semaphore
 
-ARG TARGETOS=linux
-ARG TARGETARCH=amd64
-ENV GOOS="${TARGETOS}" 
-ENV GOARCH="${TARGETARCH}"
+ARG TARGETOS
+ARG TARGETARCH
 
-RUN apk add --no-cache -U libc-dev curl nodejs npm git && \
-  ./deployment/docker/prod/bin/install
+RUN apk add --no-cache -U libc-dev curl nodejs npm git
+RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} ./deployment/docker/prod/bin/install
 
-# Uses frolvlad alpine so we have access to glibc which is needed for golang
-# and when deploying in openshift
-FROM frolvlad/alpine-glibc:alpine-3.16 as runner
+FROM alpine:3.16 as runner
 LABEL maintainer="Tom Whiston <tom.whiston@gmail.com>"
 
 RUN apk add --no-cache sshpass git curl ansible mysql-client openssh-client-default tini py3-aiohttp && \
@@ -33,7 +26,9 @@ COPY --from=builder /usr/local/bin/semaphore-wrapper /usr/local/bin/
 COPY --from=builder /usr/local/bin/semaphore /usr/local/bin/
 
 RUN chown -R semaphore:0 /usr/local/bin/semaphore-wrapper &&\
-    chown -R semaphore:0 /usr/local/bin/semaphore
+    chown -R semaphore:0 /usr/local/bin/semaphore &&\
+    chmod +x /usr/local/bin/semaphore-wrapper &&\
+    chmod +x /usr/local/bin/semaphore
 
 WORKDIR /home/semaphore
 USER 1001