Merge pull request #36 from openebs/containers

    ci: update to accommodate new images
    
    Signed-off-by: Tiago Castro <[email protected]>

---

    feat: add new tiny container images
    
    Adds alpine-sh and alpine-bash which are minimalist images
    These can be useful for small init containers
    
    Signed-off-by: Tiago Castro <[email protected]>

---

    feat: support multiple images
    
    Support for multiple images (dockerfiles) during the make process
    Ensures make test does not leave exited containers
    Add make clean to delete buildx builder
    Removes the push scripts as those are no longer used
    
    Signed-off-by: Tiago Castro <[email protected]>

Author: tiagolobocastro

.github/workflows/build.yml

@@ -13,11 +13,21 @@
 # limitations under the License.
 name: build
 
-on: ['push']
+on:
+  push:
+    branches:
+      - 'main'
 
 jobs:
-  linux-utils:
+  images:
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - image: linux-utils
+          - image: alpine-sh
+          - image: alpine-bash
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -48,9 +58,9 @@ jobs:
         with:
           # add each registry to which the image needs to be pushed here
           images: |
-            ${{ env.IMAGE_ORG }}/linux-utils
-            quay.io/${{ env.IMAGE_ORG }}/linux-utils
-            ghcr.io/${{ env.IMAGE_ORG }}/linux-utils
+            ${{ env.IMAGE_ORG }}/${{ matrix.image }}
+            quay.io/${{ env.IMAGE_ORG }}/${{ matrix.image }}
+            ghcr.io/${{ env.IMAGE_ORG }}/${{ matrix.image }}
           tags: |
             type=raw,value=latest,enable=false
             type=raw,value=${{ env.TAG }}
@@ -93,7 +103,7 @@ jobs:
       - name: Build & Push Image
         uses: docker/build-push-action@v5
         with:
-          file: ./Dockerfile
+          file: ./dockerfiles/${{ matrix.image }}/Dockerfile
           push: true
           platforms: linux/amd64, linux/arm64, linux/arm/v7, linux/ppc64le
           tags: |
@@ -102,20 +112,27 @@ jobs:
             DBUILD_DATE=${{ steps.date.outputs.DATE }}
             DBUILD_REPO_URL=https://github.com/openebs/linux-utils
             DBUILD_SITE_URL=https://openebs.io
-        
+
   trivy:
     runs-on: ubuntu-latest
-    needs: ['linux-utils']
+    needs: ['images']
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - image: linux-utils
+          - image: alpine-sh
+          - image: alpine-bash
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-        
+
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
           # the tag will be always ci since only main branch is present
           # in this repository
-          image-ref: 'openebs/linux-utils:ci'
+          image-ref: 'openebs/${{ matrix.image }}:ci'
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true

.github/workflows/pull_request.yml

@@ -24,6 +24,13 @@ on:
 jobs:
   linux-utils:
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - image: linux-utils
+          - image: alpine-sh
+          - image: alpine-bash
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -42,17 +49,17 @@ jobs:
       - name: Build Image
         uses: docker/build-push-action@v5
         with:
-          file: ./Dockerfile
+          file: ./dockerfiles/${{ matrix.image }}/Dockerfile
           push: false
           load: true
           platforms: linux/amd64
           tags: |
-            openebs/linux-utils:ci
-        
+            openebs/${{ matrix.image }}:ci
+
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: 'openebs/linux-utils:ci'
+          image-ref: 'openebs/${{ matrix.image }}:ci'
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true

.github/workflows/release.yml

@@ -19,8 +19,15 @@ on:
       - 'created'
 
 jobs:
-  linux-utils:
+  images:
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - image: linux-utils
+          - image: alpine-sh
+          - image: alpine-bash
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -47,9 +54,9 @@ jobs:
         with:
           # add each registry to which the image needs to be pushed here
           images: |
-            ${{ env.IMAGE_ORG }}/linux-utils
-            quay.io/${{ env.IMAGE_ORG }}/linux-utils
-            ghcr.io/${{ env.IMAGE_ORG }}/linux-utils
+            ${{ env.IMAGE_ORG }}/${{ matrix.image }}
+            quay.io/${{ env.IMAGE_ORG }}/${{ matrix.image }}
+            ghcr.io/${{ env.IMAGE_ORG }}/${{ matrix.image }}
           tags: |
             type=semver,pattern={{version}}
 
@@ -92,7 +99,7 @@ jobs:
       - name: Build & Push Image
         uses: docker/build-push-action@v5
         with:
-          file: ./Dockerfile
+          file: ./dockerfiles/${{ matrix.image }}/Dockerfile
           push: true
           platforms: linux/amd64, linux/arm64, linux/arm/v7, linux/ppc64le
           tags: |
@@ -105,20 +112,27 @@ jobs:
 
   trivy:
     runs-on: ubuntu-latest
-    needs: ['linux-utils']
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - image: linux-utils
+          - image: alpine-sh
+          - image: alpine-bash
+    needs: ['images']
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-        
+
       - name: Set Release Tag
         run: |
           TAG="${GITHUB_REF#refs/*/v}"
           echo "RELEASE_TAG=${TAG}" >> $GITHUB_ENV
-        
+
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: openebs/linux-utils:${{ env.RELEASE_TAG }}
+          image-ref: openebs/${{ matrix.image }}:${{ env.RELEASE_TAG }}
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true

Makefile

@@ -22,15 +22,13 @@ SHELL:=/bin/bash
 BUILDX:=false
 
 ifeq (${IMAGE_ORG}, )
-  IMAGE_ORG="openebs"
+  IMAGE_ORG=openebs
   export IMAGE_ORG
 endif
 
-# Determine the DIMAGE associated with given arch/os 
-ifeq (${DIMAGE}, )
-  #Default image name
-  DIMAGE:=openebs/linux-utils
-  export DIMAGE
+ifeq (${DIMAGES}, )
+  DIMAGES:=linux-utils alpine-sh alpine-bash
+  export DIMAGES
 endif
 
 #Initialize Docker build arguments. Each of these
@@ -60,27 +58,38 @@ build: image push
 .PHONY: header
 header:
 	@echo "------------------------------------"
-	@echo "--> Building linux utils image      "
+	@echo "--> Building linux utils images     "
 	@echo "------------------------------------"
 	@echo
 
 .PHONY: image
 image: header
-	@sudo docker build -t "${DIMAGE}:ci" -f Dockerfile . ${DBUILD_ARGS}
-	@echo
-
+	@for image in $$DIMAGES; do \
+		sudo docker build -t "$$IMAGE_ORG/$$image:ci" -f ./dockerfiles/$$image/Dockerfile . ${DBUILD_ARGS}; \
+	done
+	@echo "Done"
 
 .PHONY: test
 test:
 	@echo "---------------------------------------"
 	@echo "--> Test required tools are available  "
 	@echo "---------------------------------------"
-	@sudo docker run "${DIMAGE}:ci" which mkdir
-	@sudo docker run "${DIMAGE}:ci" which rm
-	@sudo docker run "${DIMAGE}:ci" which wipefs
-
-.PHONY: push
-push: 
-	./buildscripts/push;
-
-include Makefile.buildx.mk
+	@sudo docker run --rm "$$IMAGE_ORG/linux-utils:ci" which mkdir
+	@sudo docker run --rm "$$IMAGE_ORG/linux-utils:ci" which rm
+	@sudo docker run --rm "$$IMAGE_ORG/linux-utils:ci" which wipefs
+	@sudo docker run --rm "$$IMAGE_ORG/alpine-sh:ci" which /bin/sh
+	@sudo docker run --rm "$$IMAGE_ORG/alpine-sh:ci" which nc
+	@sudo docker run --rm "$$IMAGE_ORG/alpine-sh:ci" which chown
+	@sudo docker run --rm "$$IMAGE_ORG/alpine-bash:ci" which /bin/sh
+	@sudo docker run --rm "$$IMAGE_ORG/alpine-bash:ci" which /bin/bash
+	@sudo docker run --rm "$$IMAGE_ORG/alpine-bash:ci" which nc
+	@sudo docker run --rm "$$IMAGE_ORG/alpine-bash:ci" which chown
+
+.PHONY: clobber
+clobber:
+	@for image in $$DIMAGES; do \
+	    docker rmi $$IMAGE_ORG/$$image:$$TAG || true; \
+	done
+	docker image prune -f
+
+include Makefile.buildx.mk

Makefile.buildx.mk

@@ -33,19 +33,32 @@ else
 	export PUSH_ARG="--push"
 endif
 
-DOCKERX_IMAGE=${IMAGE_ORG}/linux-utils:${TAG}
-
 .PHONY: buildx.image
 buildx.image:
 	@if ! docker buildx ls | grep -q container-builder; then\
 		docker buildx create --platform ${PLATFORMS} --name container-builder --use;\
 	fi
-	@docker buildx build --platform ${PLATFORMS} \
-		-t "$(DOCKERX_IMAGE)" ${DBUILD_ARGS} -f Dockerfile \
-		. ${PUSH_ARG}
-	@echo "--> Build docker image: $(DOCKERX_IMAGE)"
+	@echo "Building $$DIMAGES for platforms ${PLATFORMS}"
+	@for image in $$DIMAGES; do \
+	    DOCKERX_IMAGE=$$IMAGE_ORG/$$image:$$TAG; \
+		echo "--> Building $$DOCKERX_IMAGE"; \
+		docker buildx build --platform ${PLATFORMS} \
+			-t "$$DOCKERX_IMAGE" ${DBUILD_ARGS} -f ./dockerfiles/$$image/Dockerfile \
+			. ${PUSH_ARG}; \
+		echo "--> Built docker image: $$DOCKERX_IMAGE"; \
+		echo; \
+	done
+	@echo "Built $$DIMAGES for platforms ${PLATFORMS}"
+	@docker buildx stop --builder container-builder
 	@echo
 
-.PHONY: buildx.push
-buildx.push:
-	BUILDX=true DIMAGE=${IMAGE_ORG}/linux-utils ./buildscripts/push
+.PHONY: buildx.clean
+buildx.clean:
+	docker buildx rm --builder container-builder || true
+
+.PHONY: buildx.clobber
+buildx.clobber: buildx.clean
+	@for image in $$DIMAGES; do \
+	    docker rmi $$IMAGE_ORG/$$image:$$TAG || true; \
+	done
+	docker rmi moby/buildkit:buildx-stable-1