cilium · leppeK · Aug 20, 2024 · Aug 22, 2024 · Aug 23, 2024 · joestringer
@@ -25,8 +25,12 @@ jobs:
     strategy:
       matrix:
         include:
+          - name: cilium-cli-ci
+            dockerfile: ./Dockerfile
+            platforms: linux/amd64
           - name: cilium-cli
             dockerfile: ./Dockerfile
+            platforms: linux/amd64,linux/arm64
     steps:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
@@ -63,18 +67,20 @@ jobs:
           context: .
           file: ${{ matrix.dockerfile }}
           push: true
-          platforms: linux/amd64
+          platforms: ${{ matrix.platforms }}
+          build-args: |
+            FINAL_CONTAINER=${{ matrix.name }}
           tags: |
-            quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:latest
-            quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}
+            quay.io/${{ github.repository_owner }}/${{ matrix.name }}:latest
+            quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}
 include: 
   - name: cilium-cli-ci 
     dockerfile: ./Dockerfile 
     platforms: linux/amd64 
   - name: cilium-cli 
     dockerfile: ./Dockerfile 
     platforms: linux/amd64,linux/arm64 
       # main branch or tag pushes 
       - name: CI Build ${{ matrix.name }} 
         if: ${{ github.event_name != 'pull_request_target' }} 
         uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 
         id: docker_build_ci_main 
         with: 
           context: . 
           file: ${{ matrix.dockerfile }} 
           push: true 
           platforms: ${{ matrix.platforms }} 
           build-args: | 
             FINAL_CONTAINER=${{ matrix.name }} 
           tags: | 
             quay.io/${{ github.repository_owner }}/${{ matrix.name }}:latest 
             quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }} 
 include: 
   - name: cilium-cli-ci 
     dockerfile: ./Dockerfile 
     platforms: linux/amd64 
   - name: cilium-cli 
     dockerfile: ./Dockerfile 
     platforms: linux/amd64,linux/arm64 
       # main branch or tag pushes 
       - name: CI Build ${{ matrix.name }} 
         if: ${{ github.event_name != 'pull_request_target' }} 
         uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 
         id: docker_build_ci_main 
         with: 
           context: . 
           file: ${{ matrix.dockerfile }} 
           push: true 
           platforms: ${{ matrix.platforms }} 
           build-args: | 
             FINAL_CONTAINER=${{ matrix.name }} 
           tags: | 
             quay.io/${{ github.repository_owner }}/${{ matrix.name }}:latest 
             quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }} 
 
       - name: CI Image Releases digests
         if: ${{ github.event_name != 'pull_request_target' }}
         shell: bash
         run: |
           mkdir -p image-digest/
-          echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:latest@${{ steps.docker_build_ci_main.outputs.digest }}" > image-digest/${{ matrix.name }}.txt
-          echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_main.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
+          echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}:latest@${{ steps.docker_build_ci_main.outputs.digest }}" > image-digest/${{ matrix.name }}.txt
+          echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_main.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
 
       # PR updates
       - name: CI Build ${{ matrix.name }}
@@ -85,16 +91,18 @@ jobs:
           context: .
           file: ${{ matrix.dockerfile }}
           push: true
-          platforms: linux/amd64
+          platforms: ${{ matrix.platforms }}
+          build-args: |
+            FINAL_CONTAINER=${{ matrix.name }}
           tags: |
-            quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}
+            quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}
 
       - name: CI Image Releases digests
         if: ${{ github.event_name == 'pull_request_target' }}
         shell: bash
         run: |
           mkdir -p image-digest/
-          echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_pr.outputs.digest }}" > image-digest/${{ matrix.name }}.txt
+          echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_pr.outputs.digest }}" > image-digest/${{ matrix.name }}.txt
 
       # Upload artifact digests
       - name: Upload artifact digests

@@ -3,32 +3,42 @@
 # Copyright Authors of Cilium
 # SPDX-License-Identifier: Apache-2.0
 
+# FINAL_CONTAINER specifies the source for the output
+# cilium-cli-ci (default) is based on ubuntu with cloud CLIs
+# cilium-cli is from scratch only including cilium binaries
+ARG FINAL_CONTAINER="cilium-cli-ci"
+
 FROM docker.io/library/golang:1.23.1-alpine3.19@sha256:e0ea2a119ae0939a6d449ea18b2b1ba30b44986ec48dbb88f3a93371b4bf8750 AS builder
 WORKDIR /go/src/github.com/cilium/cilium-cli
 RUN apk add --no-cache git make ca-certificates
 COPY . .
 RUN make
 
-FROM ubuntu:24.04@sha256:56a8952801afd93876eea675cae9ab861bf8d2e6a4f978e4b0237ce94e1c3b49
-LABEL maintainer="[email protected]"
-WORKDIR /root/app
+FROM scratch AS cilium-cli
+COPY --from=builder /go/src/github.com/cilium/cilium-cli/cilium /usr/local/bin/cilium
+
+FROM ubuntu:24.04@sha256:56a8952801afd93876eea675cae9ab861bf8d2e6a4f978e4b0237ce94e1c3b49 AS cilium-cli-ci
 COPY --from=builder /go/src/github.com/cilium/cilium-cli/cilium /usr/local/bin/cilium
 
 # Install cloud CLIs. Based on these instructions:
 # - https://cloud.google.com/sdk/docs/install#deb
 # - https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
 # - https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt#install-azure-cli
 RUN apt-get update -y \
- && apt-get install -y curl gnupg unzip \
- && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg \
- && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - \
- && echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list \
- && apt-get update -y \
- && apt-get install -y google-cloud-cli google-cloud-sdk-gke-gcloud-auth-plugin kubectl \
- && curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
- && unzip awscliv2.zip \
- && ./aws/install \
- && rm -r ./aws awscliv2.zip \
- && curl -sL https://aka.ms/InstallAzureCLIDeb | bash
+  && apt-get install -y curl gnupg unzip \
+  && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg \
+  && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - \
+  && echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list \
+  && apt-get update -y \
+  && apt-get install -y google-cloud-cli google-cloud-sdk-gke-gcloud-auth-plugin kubectl \
+  && curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
+  && unzip awscliv2.zip \
+  && ./aws/install \
+  && rm -r ./aws awscliv2.zip \
+  && curl -sL https://aka.ms/InstallAzureCLIDeb | bash
 
+# Select the layer to provide the final container image from
+FROM ${FINAL_CONTAINER}
+LABEL maintainer="[email protected]"
+WORKDIR /root/app
 ENTRYPOINT []