forked from docker-library/official-images
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add new "bashbrew-buildkit-env-setup.sh" script for setting up bashbr…
…ew+buildkit environment variables This script is intended to be invoked in order to generate values for `BASHBREW_BUILDKIT_SYNTAX`, `BUILDX_BUILDER`, and `BASHBREW_BUILDKIT_SBOM_GENERATOR` appropriately (including creating/updating the appropriate "builder" if necessary from the pinned buildkit image). For now, this _only_ sets up `BUILDX_BUILDER` and `BASHBREW_BUILDKIT_SBOM_GENERATOR` for `amd64` and `arm64v8` as we test things out and ensure better ways to detect which architectures are supported by the relevant infrastructure-related images those features rely on (and gauge user interest in expanding that list). This adds a new `.bin` directory for these scripts that I'd like to eventually move most of our scripts into so they're not polluting the top-level directory listing. This also includes an update of `docker/dockerfile` from 1.4.3 to 1.5.2 (now using our same `.external-pins` scaffolding so we can more easily keep that up-to-date). See https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.5.0, https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.5.1, and https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.5.2 for relevant release notes/changes between 1.4.3 and 1.5.2. For now, I have left (and updated) the `.bashbrew-buildkit-syntax` so we can move things using it over before removing it, which will likely _also_ include a new release of bashbrew (since the GHA scripts use it, I think).
- Loading branch information
Showing
7 changed files
with
151 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| docker/dockerfile:1.4.3@sha256:9ba7531bd80fb0a858632727cf7a112fbfd19b17e94c4e84ced81e24ef1a0dbc | ||
| docker/dockerfile:1@sha256:39b85bbfa7536a5feceb7372a0817649ecb2724562a38360f4d6a7782a409b14 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| #!/usr/bin/env bash | ||
|
|
||
| # this file is intended to be sourced before invocations of "bashbrew build" which might invoke "docker buildx" / BuildKit ("Builder: buildkit") | ||
|
|
||
| _resolve_external_pins() { | ||
| local - | ||
| set -Eeuo pipefail | ||
|
|
||
| local binDir oiDir | ||
| binDir="$(dirname "$BASH_SOURCE")" | ||
| oiDir="$(dirname "$binDir")" | ||
|
|
||
| local image | ||
| for image; do | ||
| [ -n "$image" ] | ||
| local wc | ||
| wc="$(wc -l <<<"$image")" | ||
| [ "$wc" -eq 1 ] | ||
|
|
||
| local file digest | ||
| if [ -n "${BASHBREW_ARCH:-}" ]; then | ||
| digest="$("$oiDir/.buildkit-build-contexts.sh" "$image")" | ||
| image="${digest#*=docker-image://}" | ||
| [ "$image" != "$digest" ] | ||
| else | ||
| file="$("$oiDir/.external-pins/file.sh" "$image")" | ||
| digest="$(< "$file")" | ||
| [ -n "$digest" ] | ||
| image+="@$digest" | ||
| fi | ||
|
|
||
| echo "$image" | ||
| done | ||
| } | ||
|
|
||
| _jq_setenv() { | ||
| local env="$1"; shift | ||
| local val="$1"; shift | ||
| jq -c --arg env "$env" --arg val "$val" '.[$env] = $val' | ||
| } | ||
|
|
||
| _bashbrew_buildkit_env_setup() { | ||
| local - | ||
| set -Eeuo pipefail | ||
|
|
||
| local binDir oiDir | ||
| binDir="$(dirname "$BASH_SOURCE")" | ||
| oiDir="$(dirname "$binDir")" | ||
|
|
||
| local externalPins | ||
| externalPins="$("$oiDir/.external-pins/list.sh")" | ||
|
|
||
| local vars='{}' | ||
|
|
||
| local dockerfileTag | ||
| dockerfileTag="$(grep <<<"$externalPins" -m1 '^docker/dockerfile:')" | ||
| dockerfileTag="$(_resolve_external_pins "$dockerfileTag")" | ||
| vars="$(_jq_setenv <<<"$vars" BASHBREW_BUILDKIT_SYNTAX "$dockerfileTag")" | ||
|
|
||
| case "${BASHBREW_ARCH:-}" in | ||
| amd64 | arm64v8) # TODO add more architectures | ||
| BASHBREW_BUILDKIT_IMAGE="$(grep <<<"$externalPins" -m1 '^moby/buildkit:')" | ||
| BASHBREW_BUILDKIT_IMAGE="$(_resolve_external_pins "$BASHBREW_BUILDKIT_IMAGE")" | ||
| export BASHBREW_BUILDKIT_IMAGE | ||
|
|
||
| local buildxBuilder | ||
| buildxBuilder="$("$binDir/docker-buildx-ensure.sh")" # reminder: this script *requires* BASHBREW_ARCH (to avoid "accidental amd64" mistakes) | ||
| vars="$(_jq_setenv <<<"$vars" BUILDX_BUILDER "$buildxBuilder")" | ||
|
|
||
| local sbomTag | ||
| sbomTag="$(grep <<<"$externalPins" -m1 '^docker/buildkit-syft-scanner:')" | ||
| sbomTag="$(_resolve_external_pins "$sbomTag")" | ||
| vars="$(_jq_setenv <<<"$vars" BASHBREW_BUILDKIT_SBOM_GENERATOR "$sbomTag")" | ||
| ;; | ||
| esac | ||
|
|
||
| if [ -t 1 ]; then | ||
| jq <<<"$vars" | ||
| else | ||
| cat <<<"$vars" | ||
| fi | ||
| } | ||
| _bashbrew_buildkit_env_setup |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| #!/usr/bin/env bash | ||
| set -Eeuo pipefail | ||
|
|
||
| : "${BASHBREW_ARCH:?missing explicit BASHBREW_ARCH}" | ||
| : "${BASHBREW_BUILDKIT_IMAGE:?missing explicit BASHBREW_BUILDKIT_IMAGE (moby/buildkit:buildx-stable-1 ?)}" | ||
|
|
||
| builderName="bashbrew-$BASHBREW_ARCH" | ||
| container="buildx_buildkit_$builderName" | ||
|
|
||
| # make sure the buildx builder name is the only thing that we print to stdout (so this script's output can be captured and used to set BUILDX_BUILDER) | ||
| echo "$builderName" | ||
| exec >&2 | ||
|
|
||
| if docker buildx inspect "$builderName" &> /dev/null; then | ||
| if containerImage="$(docker container inspect --format '{{ .Config.Image }}' "$container" 2>/dev/null)" && [ "$containerImage" = "$BASHBREW_BUILDKIT_IMAGE" ]; then | ||
| echo >&2 | ||
| echo >&2 "note: '$container' container already exists and is running the correct image ('$BASHBREW_BUILDKIT_IMAGE'); bailing instead of recreating the '$builderName' builder (to avoid unnecessary churn)" | ||
| echo >&2 | ||
| exit 0 | ||
| fi | ||
|
|
||
| docker buildx rm --keep-state "$builderName" | ||
| fi | ||
|
|
||
| platform="$(bashbrew cat --format '{{ ociPlatform arch }}' <(echo 'Maintainers: empty hack (@example)'))" | ||
|
|
||
| hubMirrors="$(docker info --format '{{ json .RegistryConfig.Mirrors }}' | jq -c ' | ||
| [ env.DOCKERHUB_PUBLIC_PROXY // empty, .[] ] | ||
| | map(rtrimstr("/")) | ||
| | reduce .[] as $item ( # "unique" but order-preserving (we want DOCKERHUB_PUBLIC_PROXY first followed by everything else set in the dockerd mirrors config without duplication) | ||
| []; | ||
| if index($item) then . else . + [ $item ] end | ||
| ) | ||
| ')" | ||
|
|
||
| read -r -d '' buildkitdConfig <<-EOF || : | ||
| # https://github.com/moby/buildkit/blob/v0.11.4/docs/buildkitd.toml.md | ||
| [worker.oci] | ||
| platforms = [ "$platform" ] | ||
| [worker.containerd] | ||
| platforms = [ "$platform" ] | ||
| [registry."docker.io"] | ||
| mirrors = $hubMirrors | ||
| EOF | ||
|
|
||
| # https://docs.docker.com/engine/reference/commandline/buildx_create/ | ||
| docker buildx create \ | ||
| --name "$builderName" \ | ||
| --node "$builderName" \ | ||
| --config <(printf '%s' "$buildkitdConfig") \ | ||
| --platform "$platform" \ | ||
| --driver docker-container \ | ||
| --driver-opt image="$BASHBREW_BUILDKIT_IMAGE" \ | ||
| --bootstrap | ||
|
|
||
| # 👀 | ||
| docker update --restart=always "$container" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| sha256:3397098bd8d3f22d626ccea8c55bd153dc6939c14087d03681f46ef10960241d |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| sha256:39b85bbfa7536a5feceb7372a0817649ecb2724562a38360f4d6a7782a409b14 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| sha256:990e55e71c16281ed72f00b0308980865dae03d598b2cb8316da023d80336543 |