From 262d1fcd4d67051c607c66046bf1db7fa2842979 Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Mon, 20 Nov 2023 18:37:35 +0100 Subject: [PATCH] ci: Release on multiple distributions & fix Docker multiple-step build Signed-off-by: Thomas Citharel --- .gitlab-ci.yml | 93 ++++++++++++++++++++++++++++++------ docker/multiarch/Dockerfile | 6 ++- docker/production/Dockerfile | 2 +- docker/tests/Dockerfile | 4 +- 4 files changed, 85 insertions(+), 20 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7ce24fa31..045ca95c2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,8 +6,7 @@ stages: - build-js - sentry - test - - docker - - package + - build - upload - deploy @@ -125,7 +124,7 @@ deps: exunit: stage: test services: - - name: postgis/postgis:14-3.2 + - name: postgis/postgis:16-3.4 alias: postgres variables: MIX_ENV: test @@ -164,7 +163,7 @@ vitest: e2e: stage: test services: - - name: postgis/postgis:14-3.2 + - name: postgis/postgis:16-3.4 alias: postgres variables: MIX_ENV: "e2e" @@ -206,7 +205,7 @@ pages: - public .docker: &docker - stage: docker + stage: build image: docker:24 variables: DOCKER_TLS_CERTDIR: "/certs" @@ -214,6 +213,7 @@ pages: DOCKER_TLS_VERIFY: 1 DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client" DOCKER_DRIVER: overlay2 + DOCKER_CLI_EXPERIMENTAL: enabled services: - docker:24-dind cache: {} @@ -229,6 +229,8 @@ pages: # Install qemu/binfmt - docker pull tonistiigi/binfmt:latest - docker run --rm --privileged tonistiigi/binfmt:latest --install all + # Install jq + - apk --no-cache add jq # Login to DockerHub - mkdir -p ~/.docker - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$CI_REGISTRY_AUTH\",\"email\":\"$CI_REGISTRY_EMAIL\"}}}" > ~/.docker/config.json @@ -242,9 +244,9 @@ build-docker-main: when: never - if: '$CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_TRIGGERED == "true"' script: - - docker buildx build --push --platform linux/amd64 -t framasoft/mobilizon:main -f docker/production/Dockerfile . + - docker buildx build --platform linux/amd64 -t framasoft/mobilizon:main -f docker/production/Dockerfile . -build-and-push-to-latest-docker-tag: +build-docker-tag: <<: *docker rules: &release-tag-rules - if: '$CI_PROJECT_NAMESPACE != "framasoft"' @@ -257,9 +259,9 @@ build-and-push-to-latest-docker-tag: docker buildx build --push --platform linux/${ARCH} + --provenance=false --build-arg="${ERL_FLAGS}" - -t framasoft/mobilizon:$CI_COMMIT_TAG - -t framasoft/mobilizon:latest + -t framasoft/mobilizon:${CI_COMMIT_TAG}-${ARCH} -f docker/production/Dockerfile . parallel: matrix: @@ -280,15 +282,49 @@ build-and-push-docker-tag: script: - > docker buildx build - --push --platform linux/amd64 - -t framasoft/mobilizon:$CI_COMMIT_TAG + --provenance=false + -t framasoft/mobilizon:$CI_COMMIT_TAG-amd64 -f docker/production/Dockerfile . +# Create manifest and push +docker-manifest-push: + <<: *docker + needs: ["build-docker-tag"] + rules: &release-tag-rules + - if: '$CI_PROJECT_NAMESPACE != "framasoft"' + when: never + - if: $CI_COMMIT_TAG != null + when: on_success + script: + - > + docker manifest create framasoft/mobilizon:${CI_COMMIT_TAG} + --amend framasoft/mobilizon:${CI_COMMIT_TAG}-amd64 + --amend framasoft/mobilizon:${CI_COMMIT_TAG}-arm64 + - docker manifest push --purge framasoft/mobilizon:${CI_COMMIT_TAG} + +### +# Simply creating an alias to the tag doesn't work: +# « xxx is a manifest list » +# https://joonas.fi/2021/02/docker-multi-arch-image-tooling-buildx/ +### +docker-latest: + <<: *docker + needs: ["docker-manifest-push"] + rules: &release-tag-rules + - if: '$CI_PROJECT_NAMESPACE != "framasoft"' + when: never + - if: $CI_COMMIT_TAG != null && $CI_COMMIT_TAG !~ /alpha|beta|rc/ + when: on_success + script: + - echo docker manifest create framasoft/mobilizon:latest $(docker manifest inspect framasoft/mobilizon:$CI_COMMIT_TAG | jq '.manifests[] | .digest' | xargs -I {} echo framasoft/mobilizon@{}) + - docker manifest create framasoft/mobilizon:latest $(docker manifest inspect framasoft/mobilizon:$CI_COMMIT_TAG | jq -r '.manifests[] | .digest' | xargs -I {} echo framasoft/mobilizon@{}) + - docker manifest push --purge framasoft/mobilizon:latest + # Packaging app for amd64 package-app: - image: mobilizon/buildpack:1.15.5-erlang-26.0.2-debian-buster - stage: package + image: mobilizon/buildpack:1.15.7-erlang-26.1.2-${SYSTEM} + stage: build variables: &release-variables MIX_ENV: "prod" DEBIAN_FRONTEND: noninteractive @@ -312,9 +348,23 @@ package-app: expire_in: 2 days paths: - ${APP_ASSET} + parallel: + matrix: + - SYSTEM: + [ + "debian-bookworm", + "debian-bullseye", + "ubuntu-jammy", + "ubuntu-focal", + "ubuntu-bionic", + "alpine-3.17.5", + "alpine-3.18.4", + "fedora-38", + "fedora-39", + ] package-app-dev: - stage: package + stage: build variables: *release-variables script: *release-script except: @@ -326,7 +376,7 @@ package-app-dev: # Packaging app for multi-arch multi-arch-release: - stage: package + stage: build image: docker:24 variables: DOCKER_TLS_CERTDIR: "/certs" @@ -366,6 +416,19 @@ multi-arch-release: parallel: matrix: - ARCH: ["arm64"] + ## Currently not used as the hexpm base images do not have support for other architectures than amd64 + # SYSTEM: + # [ + # "debian-bookworm", + # "debian-bullseye", + # "ubuntu-jammy", + # "ubuntu-focal", + # "ubuntu-bionic", + # "alpine-3.17.5", + # "alpine-3.18.4", + # "fedora-38", + # "fedora-39", + # ] rules: - if: '$CI_COMMIT_TAG != null || $CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_TRIGGERED == "true"' timeout: 3h diff --git a/docker/multiarch/Dockerfile b/docker/multiarch/Dockerfile index 5f751c582..391507d76 100644 --- a/docker/multiarch/Dockerfile +++ b/docker/multiarch/Dockerfile @@ -1,4 +1,6 @@ -FROM elixir:1.15 as build +ARG IMAGE="elixir:1.15" + +FROM ${IMAGE} as build SHELL ["/bin/bash", "-c"] ENV MIX_ENV prod # ENV LANG en_US.UTF-8 @@ -12,7 +14,7 @@ ENV ERL_FLAGS=$ERL_FLAGS # Set the right versions ENV ELIXIR_VERSION latest ENV ERLANG_VERSION latest -ENV NODE_VERSION 18 +ENV NODE_VERSION 20 # Install system dependencies RUN apt-get update -yq && apt-get install -yq build-essential cmake postgresql-client git curl gnupg unzip exiftool webp imagemagick gifsicle diff --git a/docker/production/Dockerfile b/docker/production/Dockerfile index 66db683e0..385056bbb 100644 --- a/docker/production/Dockerfile +++ b/docker/production/Dockerfile @@ -1,5 +1,5 @@ # First build the application assets -FROM node:18-alpine as assets +FROM node:20-alpine as assets RUN apk add --no-cache python3 build-base libwebp-tools bash imagemagick ncurses WORKDIR /build diff --git a/docker/tests/Dockerfile b/docker/tests/Dockerfile index 6288c41b1..835295eb2 100644 --- a/docker/tests/Dockerfile +++ b/docker/tests/Dockerfile @@ -1,7 +1,7 @@ FROM elixir:latest -LABEL maintainer="Thomas Citharel " +LABEL maintainer="Thomas Citharel " -ENV REFRESHED_AT=2023-08-17 +ENV REFRESHED_AT=2023-11-20 RUN apt-get update -yq && apt-get install -yq build-essential inotify-tools postgresql-client git curl gnupg xvfb libgtk-3-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 cmake exiftool python3-pip python3-setuptools RUN curl -sL https://deb.nodesource.com/setup_20.x | bash && apt-get install nodejs -yq RUN npm install -g wait-on