Add new "bashbrew-buildkit-env-setup.sh" script for setting up bashbrew+buildkit environment variables
This script is intended to be invoked in order to generate values for `BASHBREW_BUILDKIT_SYNTAX`, `BUILDX_BUILDER`, and `BASHBREW_BUILDKIT_SBOM_GENERATOR` appropriately (including creating/updating the appropriate "builder" if necessary from the pinned buildkit image). For now, this _only_ sets up `BUILDX_BUILDER` and `BASHBREW_BUILDKIT_SBOM_GENERATOR` for `amd64` and `arm64v8` as we test things out and ensure better ways to detect which architectures are supported by the relevant infrastructure-related images those features rely on (and gauge user interest in expanding that list). This adds a new `.bin` directory for these scripts that I'd like to eventually move most of our scripts into so they're not polluting the top-level directory listing. This also includes an update of `docker/dockerfile` from 1.4.3 to 1.5.2 (now using our same `.external-pins` scaffolding so we can more easily keep that up-to-date). See https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.5.0, https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.5.1, and https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.5.2 for relevant release notes/changes between 1.4.3 and 1.5.2. For now, I have left (and updated) the `.bashbrew-buildkit-syntax` so we can move things using it over before removing it, which will likely _also_ include a new release of bashbrew (since the GHA scripts use it, I think).
This commit is contained in:
Tianon Gravi
parent
b1e3f24fd2
commit
e28a1ee385
|
|
@ -1 +1 @@
|
|||
docker/dockerfile:1.4.3@sha256:9ba7531bd80fb0a858632727cf7a112fbfd19b17e94c4e84ced81e24ef1a0dbc
|
||||
docker/dockerfile:1@sha256:39b85bbfa7536a5feceb7372a0817649ecb2724562a38360f4d6a7782a409b14
|
||||
|
|
|
|||
|
|
@ -0,0 +1,83 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# this file is intended to be sourced before invocations of "bashbrew build" which might invoke "docker buildx" / BuildKit ("Builder: buildkit")
|
||||
|
||||
_resolve_external_pins() {
|
||||
local -
|
||||
set -Eeuo pipefail
|
||||
|
||||
local binDir oiDir
|
||||
binDir="$(dirname "$BASH_SOURCE")"
|
||||
oiDir="$(dirname "$binDir")"
|
||||
|
||||
local image
|
||||
for image; do
|
||||
[ -n "$image" ]
|
||||
local wc
|
||||
wc="$(wc -l <<<"$image")"
|
||||
[ "$wc" -eq 1 ]
|
||||
|
||||
local file digest
|
||||
if [ -n "${BASHBREW_ARCH:-}" ]; then
|
||||
digest="$("$oiDir/.buildkit-build-contexts.sh" "$image")"
|
||||
image="${digest#*=docker-image://}"
|
||||
[ "$image" != "$digest" ]
|
||||
else
|
||||
file="$("$oiDir/.external-pins/file.sh" "$image")"
|
||||
digest="$(< "$file")"
|
||||
[ -n "$digest" ]
|
||||
image+="@$digest"
|
||||
fi
|
||||
|
||||
echo "$image"
|
||||
done
|
||||
}
|
||||
|
||||
_jq_setenv() {
|
||||
local env="$1"; shift
|
||||
local val="$1"; shift
|
||||
jq -c --arg env "$env" --arg val "$val" '.[$env] = $val'
|
||||
}
|
||||
|
||||
_bashbrew_buildkit_env_setup() {
|
||||
local -
|
||||
set -Eeuo pipefail
|
||||
|
||||
local binDir oiDir
|
||||
binDir="$(dirname "$BASH_SOURCE")"
|
||||
oiDir="$(dirname "$binDir")"
|
||||
|
||||
local externalPins
|
||||
externalPins="$("$oiDir/.external-pins/list.sh")"
|
||||
|
||||
local vars='{}'
|
||||
|
||||
local dockerfileTag
|
||||
dockerfileTag="$(grep <<<"$externalPins" -m1 '^docker/dockerfile:')"
|
||||
dockerfileTag="$(_resolve_external_pins "$dockerfileTag")"
|
||||
vars="$(_jq_setenv <<<"$vars" BASHBREW_BUILDKIT_SYNTAX "$dockerfileTag")"
|
||||
|
||||
case "${BASHBREW_ARCH:-}" in
|
||||
amd64 | arm64v8) # TODO add more architectures
|
||||
BASHBREW_BUILDKIT_IMAGE="$(grep <<<"$externalPins" -m1 '^moby/buildkit:')"
|
||||
BASHBREW_BUILDKIT_IMAGE="$(_resolve_external_pins "$BASHBREW_BUILDKIT_IMAGE")"
|
||||
export BASHBREW_BUILDKIT_IMAGE
|
||||
|
||||
local buildxBuilder
|
||||
buildxBuilder="$("$binDir/docker-buildx-ensure.sh")" # reminder: this script *requires* BASHBREW_ARCH (to avoid "accidental amd64" mistakes)
|
||||
vars="$(_jq_setenv <<<"$vars" BUILDX_BUILDER "$buildxBuilder")"
|
||||
|
||||
local sbomTag
|
||||
sbomTag="$(grep <<<"$externalPins" -m1 '^docker/buildkit-syft-scanner:')"
|
||||
sbomTag="$(_resolve_external_pins "$sbomTag")"
|
||||
vars="$(_jq_setenv <<<"$vars" BASHBREW_BUILDKIT_SBOM_GENERATOR "$sbomTag")"
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -t 1 ]; then
|
||||
jq <<<"$vars"
|
||||
else
|
||||
cat <<<"$vars"
|
||||
fi
|
||||
}
|
||||
_bashbrew_buildkit_env_setup
|
||||
|
|
@ -0,0 +1,60 @@
|
|||
#!/usr/bin/env bash
|
||||
set -Eeuo pipefail
|
||||
|
||||
: "${BASHBREW_ARCH:?missing explicit BASHBREW_ARCH}"
|
||||
: "${BASHBREW_BUILDKIT_IMAGE:?missing explicit BASHBREW_BUILDKIT_IMAGE (moby/buildkit:buildx-stable-1 ?)}"
|
||||
|
||||
builderName="bashbrew-$BASHBREW_ARCH"
|
||||
container="buildx_buildkit_$builderName"
|
||||
|
||||
# make sure the buildx builder name is the only thing that we print to stdout (so this script's output can be captured and used to set BUILDX_BUILDER)
|
||||
echo "$builderName"
|
||||
exec >&2
|
||||
|
||||
if docker buildx inspect "$builderName" &> /dev/null; then
|
||||
if containerImage="$(docker container inspect --format '{{ .Config.Image }}' "$container" 2>/dev/null)" && [ "$containerImage" = "$BASHBREW_BUILDKIT_IMAGE" ]; then
|
||||
echo >&2
|
||||
echo >&2 "note: '$container' container already exists and is running the correct image ('$BASHBREW_BUILDKIT_IMAGE'); bailing instead of recreating the '$builderName' builder (to avoid unnecessary churn)"
|
||||
echo >&2
|
||||
exit 0
|
||||
fi
|
||||
|
||||
docker buildx rm --keep-state "$builderName"
|
||||
fi
|
||||
|
||||
platform="$(bashbrew cat --format '{{ ociPlatform arch }}' <(echo 'Maintainers: empty hack (@example)'))"
|
||||
|
||||
hubMirrors="$(docker info --format '{{ json .RegistryConfig.Mirrors }}' | jq -c '
|
||||
[ env.DOCKERHUB_PUBLIC_PROXY // empty, .[] ]
|
||||
| map(rtrimstr("/"))
|
||||
| reduce .[] as $item ( # "unique" but order-preserving (we want DOCKERHUB_PUBLIC_PROXY first followed by everything else set in the dockerd mirrors config without duplication)
|
||||
[];
|
||||
if index($item) then . else . + [ $item ] end
|
||||
)
|
||||
')"
|
||||
|
||||
read -r -d '' buildkitdConfig <<-EOF || :
|
||||
# https://github.com/moby/buildkit/blob/v0.11.4/docs/buildkitd.toml.md
|
||||
|
||||
[worker.oci]
|
||||
platforms = [ "$platform" ]
|
||||
|
||||
[worker.containerd]
|
||||
platforms = [ "$platform" ]
|
||||
|
||||
[registry."docker.io"]
|
||||
mirrors = $hubMirrors
|
||||
EOF
|
||||
|
||||
# https://docs.docker.com/engine/reference/commandline/buildx_create/
|
||||
docker buildx create \
|
||||
--name "$builderName" \
|
||||
--node "$builderName" \
|
||||
--config <(printf '%s' "$buildkitdConfig") \
|
||||
--platform "$platform" \
|
||||
--driver docker-container \
|
||||
--driver-opt image="$BASHBREW_BUILDKIT_IMAGE" \
|
||||
--bootstrap
|
||||
|
||||
# 👀
|
||||
docker update --restart=always "$container"
|
||||
|
|
@ -40,6 +40,10 @@ for img; do
|
|||
digests="$(jq <<<"$json" -r '.arches[env.BASHBREW_ARCH] // [] | map(.digest | @sh) | join(" ")')"
|
||||
eval "digests=( $digests )"
|
||||
|
||||
if [ "${#digests[@]}" -gt 1 ]; then
|
||||
echo >&2 "warning: '$lookup' has ${#digests[@]} images for '$BASHBREW_ARCH'; returning only the first"
|
||||
fi
|
||||
|
||||
for digest in "${digests[@]}"; do
|
||||
echo "$img=docker-image://${lookup%@*}@$digest"
|
||||
continue 2
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
sha256:3397098bd8d3f22d626ccea8c55bd153dc6939c14087d03681f46ef10960241d
|
||||
|
|
@ -0,0 +1 @@
|
|||
sha256:39b85bbfa7536a5feceb7372a0817649ecb2724562a38360f4d6a7782a409b14
|
||||
|
|
@ -0,0 +1 @@
|
|||
sha256:990e55e71c16281ed72f00b0308980865dae03d598b2cb8316da023d80336543
|
||||
Loading…
Reference in New Issue