diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 1f56dea723..288e5786dd 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -25,8 +25,12 @@ jobs: strategy: matrix: include: + - name: cilium-cli-ci + dockerfile: ./Dockerfile + platforms: linux/amd64 - name: cilium-cli dockerfile: ./Dockerfile + platforms: linux/amd64,linux/arm64 steps: - name: Set up Docker Buildx uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 @@ -63,18 +67,20 @@ jobs: context: . file: ${{ matrix.dockerfile }} push: true - platforms: linux/amd64 + platforms: ${{ matrix.platforms }} + build-args: | + FINAL_CONTAINER=${{ matrix.name }} tags: | - quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:latest - quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }} + quay.io/${{ github.repository_owner }}/${{ matrix.name }}:latest + quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }} - name: CI Image Releases digests if: ${{ github.event_name != 'pull_request_target' }} shell: bash run: | mkdir -p image-digest/ - echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:latest@${{ steps.docker_build_ci_main.outputs.digest }}" > image-digest/${{ matrix.name }}.txt - echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_main.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt + echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}:latest@${{ steps.docker_build_ci_main.outputs.digest }}" > image-digest/${{ matrix.name }}.txt + echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_main.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt # PR updates - name: CI Build ${{ matrix.name }} @@ -85,16 +91,18 @@ jobs: context: . file: ${{ matrix.dockerfile }} push: true - platforms: linux/amd64 + platforms: ${{ matrix.platforms }} + build-args: | + FINAL_CONTAINER=${{ matrix.name }} tags: | - quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }} + quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }} - name: CI Image Releases digests if: ${{ github.event_name == 'pull_request_target' }} shell: bash run: | mkdir -p image-digest/ - echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_pr.outputs.digest }}" > image-digest/${{ matrix.name }}.txt + echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_pr.outputs.digest }}" > image-digest/${{ matrix.name }}.txt # Upload artifact digests - name: Upload artifact digests diff --git a/Dockerfile b/Dockerfile index c8d4faaec0..702f977b84 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,15 +3,21 @@ # Copyright Authors of Cilium # SPDX-License-Identifier: Apache-2.0 +# FINAL_CONTAINER specifies the source for the output +# cilium-cli-ci (default) is based on ubuntu with cloud CLIs +# cilium-cli is from scratch only including cilium binaries +ARG FINAL_CONTAINER="cilium-cli-ci" + FROM docker.io/library/golang:1.23.1-alpine3.19@sha256:e0ea2a119ae0939a6d449ea18b2b1ba30b44986ec48dbb88f3a93371b4bf8750 AS builder WORKDIR /go/src/github.com/cilium/cilium-cli RUN apk add --no-cache git make ca-certificates COPY . . RUN make -FROM ubuntu:24.04@sha256:56a8952801afd93876eea675cae9ab861bf8d2e6a4f978e4b0237ce94e1c3b49 -LABEL maintainer="maintainer@cilium.io" -WORKDIR /root/app +FROM scratch AS cilium-cli +COPY --from=builder /go/src/github.com/cilium/cilium-cli/cilium /usr/local/bin/cilium + +FROM ubuntu:24.04@sha256:56a8952801afd93876eea675cae9ab861bf8d2e6a4f978e4b0237ce94e1c3b49 AS cilium-cli-ci COPY --from=builder /go/src/github.com/cilium/cilium-cli/cilium /usr/local/bin/cilium # Install cloud CLIs. Based on these instructions: @@ -19,16 +25,20 @@ COPY --from=builder /go/src/github.com/cilium/cilium-cli/cilium /usr/local/bin/c # - https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html # - https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt#install-azure-cli RUN apt-get update -y \ - && apt-get install -y curl gnupg unzip \ - && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg \ - && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - \ - && echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list \ - && apt-get update -y \ - && apt-get install -y google-cloud-cli google-cloud-sdk-gke-gcloud-auth-plugin kubectl \ - && curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \ - && unzip awscliv2.zip \ - && ./aws/install \ - && rm -r ./aws awscliv2.zip \ - && curl -sL https://aka.ms/InstallAzureCLIDeb | bash + && apt-get install -y curl gnupg unzip \ + && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg \ + && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - \ + && echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list \ + && apt-get update -y \ + && apt-get install -y google-cloud-cli google-cloud-sdk-gke-gcloud-auth-plugin kubectl \ + && curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \ + && unzip awscliv2.zip \ + && ./aws/install \ + && rm -r ./aws awscliv2.zip \ + && curl -sL https://aka.ms/InstallAzureCLIDeb | bash +# Select the layer to provide the final container image from +FROM ${FINAL_CONTAINER} +LABEL maintainer="maintainer@cilium.io" +WORKDIR /root/app ENTRYPOINT []