ci: Release on multiple distributions & fix Docker multiple-step build

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2023-11-20 18:37:35 +01:00
parent 797eb2334b
commit 262d1fcd4d
No known key found for this signature in database
GPG Key ID: A061B9DDE0CA0773
4 changed files with 85 additions and 20 deletions

View File

@ -6,8 +6,7 @@ stages:
- build-js - build-js
- sentry - sentry
- test - test
- docker - build
- package
- upload - upload
- deploy - deploy
@ -125,7 +124,7 @@ deps:
exunit: exunit:
stage: test stage: test
services: services:
- name: postgis/postgis:14-3.2 - name: postgis/postgis:16-3.4
alias: postgres alias: postgres
variables: variables:
MIX_ENV: test MIX_ENV: test
@ -164,7 +163,7 @@ vitest:
e2e: e2e:
stage: test stage: test
services: services:
- name: postgis/postgis:14-3.2 - name: postgis/postgis:16-3.4
alias: postgres alias: postgres
variables: variables:
MIX_ENV: "e2e" MIX_ENV: "e2e"
@ -206,7 +205,7 @@ pages:
- public - public
.docker: &docker .docker: &docker
stage: docker stage: build
image: docker:24 image: docker:24
variables: variables:
DOCKER_TLS_CERTDIR: "/certs" DOCKER_TLS_CERTDIR: "/certs"
@ -214,6 +213,7 @@ pages:
DOCKER_TLS_VERIFY: 1 DOCKER_TLS_VERIFY: 1
DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client" DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"
DOCKER_DRIVER: overlay2 DOCKER_DRIVER: overlay2
DOCKER_CLI_EXPERIMENTAL: enabled
services: services:
- docker:24-dind - docker:24-dind
cache: {} cache: {}
@ -229,6 +229,8 @@ pages:
# Install qemu/binfmt # Install qemu/binfmt
- docker pull tonistiigi/binfmt:latest - docker pull tonistiigi/binfmt:latest
- docker run --rm --privileged tonistiigi/binfmt:latest --install all - docker run --rm --privileged tonistiigi/binfmt:latest --install all
# Install jq
- apk --no-cache add jq
# Login to DockerHub # Login to DockerHub
- mkdir -p ~/.docker - mkdir -p ~/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$CI_REGISTRY_AUTH\",\"email\":\"$CI_REGISTRY_EMAIL\"}}}" > ~/.docker/config.json - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$CI_REGISTRY_AUTH\",\"email\":\"$CI_REGISTRY_EMAIL\"}}}" > ~/.docker/config.json
@ -242,9 +244,9 @@ build-docker-main:
when: never when: never
- if: '$CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_TRIGGERED == "true"' - if: '$CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_TRIGGERED == "true"'
script: script:
- docker buildx build --push --platform linux/amd64 -t framasoft/mobilizon:main -f docker/production/Dockerfile . - docker buildx build --platform linux/amd64 -t framasoft/mobilizon:main -f docker/production/Dockerfile .
build-and-push-to-latest-docker-tag: build-docker-tag:
<<: *docker <<: *docker
rules: &release-tag-rules rules: &release-tag-rules
- if: '$CI_PROJECT_NAMESPACE != "framasoft"' - if: '$CI_PROJECT_NAMESPACE != "framasoft"'
@ -257,9 +259,9 @@ build-and-push-to-latest-docker-tag:
docker buildx build docker buildx build
--push --push
--platform linux/${ARCH} --platform linux/${ARCH}
--provenance=false
--build-arg="${ERL_FLAGS}" --build-arg="${ERL_FLAGS}"
-t framasoft/mobilizon:$CI_COMMIT_TAG -t framasoft/mobilizon:${CI_COMMIT_TAG}-${ARCH}
-t framasoft/mobilizon:latest
-f docker/production/Dockerfile . -f docker/production/Dockerfile .
parallel: parallel:
matrix: matrix:
@ -280,15 +282,49 @@ build-and-push-docker-tag:
script: script:
- > - >
docker buildx build docker buildx build
--push
--platform linux/amd64 --platform linux/amd64
-t framasoft/mobilizon:$CI_COMMIT_TAG --provenance=false
-t framasoft/mobilizon:$CI_COMMIT_TAG-amd64
-f docker/production/Dockerfile . -f docker/production/Dockerfile .
# Create manifest and push
docker-manifest-push:
<<: *docker
needs: ["build-docker-tag"]
rules: &release-tag-rules
- if: '$CI_PROJECT_NAMESPACE != "framasoft"'
when: never
- if: $CI_COMMIT_TAG != null
when: on_success
script:
- >
docker manifest create framasoft/mobilizon:${CI_COMMIT_TAG}
--amend framasoft/mobilizon:${CI_COMMIT_TAG}-amd64
--amend framasoft/mobilizon:${CI_COMMIT_TAG}-arm64
- docker manifest push --purge framasoft/mobilizon:${CI_COMMIT_TAG}
###
# Simply creating an alias to the tag doesn't work:
# « xxx is a manifest list »
# https://joonas.fi/2021/02/docker-multi-arch-image-tooling-buildx/
###
docker-latest:
<<: *docker
needs: ["docker-manifest-push"]
rules: &release-tag-rules
- if: '$CI_PROJECT_NAMESPACE != "framasoft"'
when: never
- if: $CI_COMMIT_TAG != null && $CI_COMMIT_TAG !~ /alpha|beta|rc/
when: on_success
script:
- echo docker manifest create framasoft/mobilizon:latest $(docker manifest inspect framasoft/mobilizon:$CI_COMMIT_TAG | jq '.manifests[] | .digest' | xargs -I {} echo framasoft/mobilizon@{})
- docker manifest create framasoft/mobilizon:latest $(docker manifest inspect framasoft/mobilizon:$CI_COMMIT_TAG | jq -r '.manifests[] | .digest' | xargs -I {} echo framasoft/mobilizon@{})
- docker manifest push --purge framasoft/mobilizon:latest
# Packaging app for amd64 # Packaging app for amd64
package-app: package-app:
image: mobilizon/buildpack:1.15.5-erlang-26.0.2-debian-buster image: mobilizon/buildpack:1.15.7-erlang-26.1.2-${SYSTEM}
stage: package stage: build
variables: &release-variables variables: &release-variables
MIX_ENV: "prod" MIX_ENV: "prod"
DEBIAN_FRONTEND: noninteractive DEBIAN_FRONTEND: noninteractive
@ -312,9 +348,23 @@ package-app:
expire_in: 2 days expire_in: 2 days
paths: paths:
- ${APP_ASSET} - ${APP_ASSET}
parallel:
matrix:
- SYSTEM:
[
"debian-bookworm",
"debian-bullseye",
"ubuntu-jammy",
"ubuntu-focal",
"ubuntu-bionic",
"alpine-3.17.5",
"alpine-3.18.4",
"fedora-38",
"fedora-39",
]
package-app-dev: package-app-dev:
stage: package stage: build
variables: *release-variables variables: *release-variables
script: *release-script script: *release-script
except: except:
@ -326,7 +376,7 @@ package-app-dev:
# Packaging app for multi-arch # Packaging app for multi-arch
multi-arch-release: multi-arch-release:
stage: package stage: build
image: docker:24 image: docker:24
variables: variables:
DOCKER_TLS_CERTDIR: "/certs" DOCKER_TLS_CERTDIR: "/certs"
@ -366,6 +416,19 @@ multi-arch-release:
parallel: parallel:
matrix: matrix:
- ARCH: ["arm64"] - ARCH: ["arm64"]
## Currently not used as the hexpm base images do not have support for other architectures than amd64
# SYSTEM:
# [
# "debian-bookworm",
# "debian-bullseye",
# "ubuntu-jammy",
# "ubuntu-focal",
# "ubuntu-bionic",
# "alpine-3.17.5",
# "alpine-3.18.4",
# "fedora-38",
# "fedora-39",
# ]
rules: rules:
- if: '$CI_COMMIT_TAG != null || $CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_TRIGGERED == "true"' - if: '$CI_COMMIT_TAG != null || $CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_TRIGGERED == "true"'
timeout: 3h timeout: 3h

View File

@ -1,4 +1,6 @@
FROM elixir:1.15 as build ARG IMAGE="elixir:1.15"
FROM ${IMAGE} as build
SHELL ["/bin/bash", "-c"] SHELL ["/bin/bash", "-c"]
ENV MIX_ENV prod ENV MIX_ENV prod
# ENV LANG en_US.UTF-8 # ENV LANG en_US.UTF-8
@ -12,7 +14,7 @@ ENV ERL_FLAGS=$ERL_FLAGS
# Set the right versions # Set the right versions
ENV ELIXIR_VERSION latest ENV ELIXIR_VERSION latest
ENV ERLANG_VERSION latest ENV ERLANG_VERSION latest
ENV NODE_VERSION 18 ENV NODE_VERSION 20
# Install system dependencies # Install system dependencies
RUN apt-get update -yq && apt-get install -yq build-essential cmake postgresql-client git curl gnupg unzip exiftool webp imagemagick gifsicle RUN apt-get update -yq && apt-get install -yq build-essential cmake postgresql-client git curl gnupg unzip exiftool webp imagemagick gifsicle

View File

@ -1,5 +1,5 @@
# First build the application assets # First build the application assets
FROM node:18-alpine as assets FROM node:20-alpine as assets
RUN apk add --no-cache python3 build-base libwebp-tools bash imagemagick ncurses RUN apk add --no-cache python3 build-base libwebp-tools bash imagemagick ncurses
WORKDIR /build WORKDIR /build

View File

@ -1,7 +1,7 @@
FROM elixir:latest FROM elixir:latest
LABEL maintainer="Thomas Citharel <tcit@tcit.fr>" LABEL maintainer="Thomas Citharel <thomas.citharel@framasoft.org>"
ENV REFRESHED_AT=2023-08-17 ENV REFRESHED_AT=2023-11-20
RUN apt-get update -yq && apt-get install -yq build-essential inotify-tools postgresql-client git curl gnupg xvfb libgtk-3-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 cmake exiftool python3-pip python3-setuptools RUN apt-get update -yq && apt-get install -yq build-essential inotify-tools postgresql-client git curl gnupg xvfb libgtk-3-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 cmake exiftool python3-pip python3-setuptools
RUN curl -sL https://deb.nodesource.com/setup_20.x | bash && apt-get install nodejs -yq RUN curl -sL https://deb.nodesource.com/setup_20.x | bash && apt-get install nodejs -yq
RUN npm install -g wait-on RUN npm install -g wait-on