From e76584a01ed45409d0aed76b3c2f6e9c108abadd Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Thu, 14 Aug 2025 16:13:32 +0200 Subject: [PATCH] hack: use bake to build buildkit images Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- .github/workflows/buildkit.yml | 104 ++++++++++++++++++----------- Makefile | 4 +- docker-bake.hcl | 29 +++++++++ hack/images | 115 --------------------------------- 4 files changed, 98 insertions(+), 154 deletions(-) delete mode 100755 hack/images diff --git a/.github/workflows/buildkit.yml b/.github/workflows/buildkit.yml index 47bc6a07eb48..93c3496aad62 100644 --- a/.github/workflows/buildkit.yml +++ b/.github/workflows/buildkit.yml @@ -37,8 +37,6 @@ jobs: prepare: runs-on: ubuntu-24.04 outputs: - tag: ${{ steps.prep.outputs.tag }} - push: ${{ steps.prep.outputs.push }} platforms: ${{ steps.prep.outputs.platforms }} steps: - @@ -48,25 +46,6 @@ jobs: name: Prepare id: prep run: | - TAG=pr - PUSH=false - if [ "${{ github.event_name }}" = "schedule" ]; then - TAG=nightly - PUSH=push - elif [[ $GITHUB_REF == refs/tags/v* ]]; then - TAG=${GITHUB_REF#refs/tags/} - PUSH=push - elif [[ $GITHUB_REF == refs/heads/* ]]; then - TAG=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') - if [ $GITHUB_REF = "refs/heads/${{ github.event.repository.default_branch }}" ]; then - PUSH=push - fi - fi - if [ "$GITHUB_REPOSITORY" != "moby/buildkit" ]; then - PUSH=false - fi - echo "tag=${TAG}" >>${GITHUB_OUTPUT} - echo "push=${PUSH}" >>${GITHUB_OUTPUT} platforms=$(docker buildx bake release --print | jq -cr '.target."release".platforms') echo "platforms=$platforms" >>${GITHUB_OUTPUT} @@ -183,21 +162,29 @@ jobs: image: runs-on: ubuntu-24.04 needs: - - prepare - test strategy: fail-fast: false matrix: - target-stage: + target: - '' - rootless steps: - - name: Checkout - uses: actions/checkout@v5 - - - name: Expose GitHub Runtime - uses: crazy-max/ghaction-github-runtime@v3 + name: Prepare + run: | + if [ -n "${{ matrix.target }}" ]; then + echo "TAG_SUFFIX=-${{ matrix.target }}" >> $GITHUB_ENV + fi + if [[ $GITHUB_REF == refs/tags/v* ]]; then + if [[ "${GITHUB_REF#refs/tags/}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + if [ -n "${{ matrix.target }}" ]; then + echo "TAG_LATEST=${{ matrix.target }}" >> $GITHUB_ENV + else + echo "TAG_LATEST=latest" >> $GITHUB_ENV + fi + fi + fi - name: Set up QEMU uses: docker/setup-qemu-action@v3 @@ -208,23 +195,66 @@ jobs: version: ${{ env.SETUP_BUILDX_VERSION }} driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }} buildkitd-flags: --debug + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.IMAGE_NAME }} + # versioning strategy + ## push semver tag v0.24.0 + ### moby/buildkit:v0.24.0 + ### moby/buildkit:latest + ### moby/buildkit:v0.24.0-rootless + ### moby/buildkit:rootless + ## push semver prerelease tag v0.24.0-rc1 + ### moby/buildkit:v0.24.0-rc1 + ### moby/buildkit:v0.24.0-rc1-rootless + ## push on master + ### moby/buildkit:master + ### moby/buildkit:master-rootless + ## scheduled event on master + ### moby/buildkit:nightly + ### moby/buildkit:nightly-rootless + tags: | + type=schedule,pattern=nightly,suffix=${{ env.TAG_SUFFIX }} + type=ref,event=branch,suffix=${{ env.TAG_SUFFIX }} + type=ref,event=pr,suffix=${{ env.TAG_SUFFIX }} + type=semver,pattern={{raw}},suffix=${{ env.TAG_SUFFIX }} + type=raw,value=${{ env.TAG_LATEST }} + flavor: | + latest=false + annotations: | + org.opencontainers.image.title=BuildKit + org.opencontainers.image.vendor=Moby + bake-target: meta-helper - name: Login to DockerHub - if: needs.prepare.outputs.push == 'push' + if: ${{ github.repository == 'moby/buildkit' && (github.event_name == 'schedule' || github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) }} uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Build ${{ needs.prepare.outputs.tag }} - run: | - ./hack/images "${{ needs.prepare.outputs.tag }}" "$IMAGE_NAME" "${{ needs.prepare.outputs.push }}" + name: Build + uses: docker/bake-action@v6 + with: + source: ${{ github.server_url }}/${{ github.repository }}.git#${{ github.ref }} + files: | + ./docker-bake.hcl + cwd://${{ steps.meta.outputs.bake-file-tags }} + cwd://${{ steps.meta.outputs.bake-file-annotations }} + targets: image-cross + push: ${{ github.repository == 'moby/buildkit' && (github.event_name == 'schedule' || github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) }} + provenance: mode=max + sbom: true + set: | + *.cache-from=type=gha,scope=image${{ matrix.target }} + *.cache-to=type=gha,scope=image${{ matrix.target }} + *.no-cache-filter=${{ (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) && 'buildkit-export,gobuild-base,rootless' || '' }} env: - RELEASE: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v') }} - TARGET: ${{ matrix.target-stage }} - CACHE_FROM: type=gha,scope=image${{ matrix.target-stage }} - CACHE_TO: type=gha,scope=image${{ matrix.target-stage }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + IMAGE_TARGET: ${{ matrix.target }} scout: runs-on: ubuntu-24.04 diff --git a/Makefile b/Makefile index 24ef2b1ff497..694ae86304cc 100644 --- a/Makefile +++ b/Makefile @@ -22,8 +22,8 @@ cross: .PHONY: images images: # moby/buildkit:local and moby/buildkit:local-rootless are created on Docker - hack/images local moby/buildkit - TARGET=rootless hack/images local moby/buildkit + $(BUILDX_CMD) bake image + IMAGE_TARGET=rootless $(BUILDX_CMD) bake image .PHONY: install install: diff --git a/docker-bake.hcl b/docker-bake.hcl index 9559e2075809..20626aaed92f 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -46,6 +46,10 @@ variable "ARCHUTIL_MULTIPLATFORM" { default = null } +variable "IMAGE_TARGET" { + default = null +} + # Defines the output folder variable "DESTDIR" { default = "" @@ -78,6 +82,11 @@ function "bindir" { result = DESTDIR != "" ? DESTDIR : "./bin/${defaultdir}" } +# Special target: https://github.com/docker/metadata-action#bake-definition +target "meta-helper" { + tags = [IMAGE_TARGET != null && IMAGE_TARGET != "" ? "moby/buildkit:local-${IMAGE_TARGET}" : "moby/buildkit:local"] +} + target "_common" { args = { ALPINE_VERSION = ALPINE_VERSION @@ -133,6 +142,26 @@ target "release" { output = [bindir("release")] } +target "image" { + inherits = ["_common", "meta-helper"] + target = IMAGE_TARGET + cache-to = ["type=inline"] + output = ["type=docker"] +} + +target "image-cross" { + inherits = ["image"] + output = ["type=image"] + platforms = [ + "linux/amd64", + "linux/arm/v7", + "linux/arm64", + "linux/s390x", + "linux/ppc64le", + "linux/riscv64" + ] +} + target "integration-tests-base" { inherits = ["_common"] target = "integration-tests-base" diff --git a/hack/images b/hack/images deleted file mode 100755 index 68341e050b09..000000000000 --- a/hack/images +++ /dev/null @@ -1,115 +0,0 @@ -#!/usr/bin/env bash - -TAG=$1 -REPO=$2 -PUSH=$3 - -. $(dirname $0)/util -set -eu -o pipefail - -: "${RELEASE=false}" -: "${PLATFORMS=}" -: "${TARGET=}" - -versionTag=$(git describe --always --tags --match "v[0-9]*") - -if [[ ! "$versionTag" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - versionTag="" -fi - -usage() { - echo "usage: $0 [push]" - exit 1 -} - -if [ -z "$TAG" ] || [ -z "$REPO" ]; then - usage -fi - -platformFlag="" -if [ -n "$PLATFORMS" ]; then - platformFlag="--platform=$PLATFORMS" -fi - -localmode="" -if [[ "$TAG" == "local" ]]; then - localmode="1" - if [ "$PUSH" = "push" ]; then - echo >&2 "local images cannot be pushed" - exit 1 - fi -fi - -attestFlags="$(buildAttestFlags)" - -outputFlag="--output=type=image,push=false" -if [ "$PUSH" = "push" ]; then - outputFlag="--output=type=image,push=true" -fi -if [ -n "$localmode" ]; then - outputFlag="--output=type=docker" - attestFlags="" -fi - -if [ -z "$localmode" ] && [ "$GITHUB_ACTIONS" = "true" ]; then - outputFlag="${outputFlag},annotation.org.opencontainers.image.title=BuildKit" - if [ -n "$GITHUB_SHA" ]; then - outputFlag="${outputFlag},annotation.org.opencontainers.image.revision=$GITHUB_SHA" - fi - if [ -n "$GITHUB_REPOSITORY" ] && [ -n "$GITHUB_SERVER_URL" ]; then - outputFlag="${outputFlag},annotation.org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" - outputFlag="${outputFlag},annotation.org.opencontainers.image.url=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" - fi - if [ -n "$versionTag" ]; then - outputFlag="${outputFlag},annotation.org.opencontainers.image.version=$versionTag" - fi -fi - -targetFlag="" -if [ -n "$TARGET" ]; then - targetFlag="--target=$TARGET" -fi - -tagNames="$REPO:$TAG" -if [ -n "$TARGET" ]; then - tagNames="$tagNames-$TARGET" -fi - -if [[ "$versionTag" == "$TAG" ]]; then - if [ -n "$TARGET" ]; then - tagNames="$tagNames $REPO:$TARGET" - else - tagNames="$tagNames $REPO:latest" - fi -fi - -importCacheFlags="" -for tagName in $tagNames; do - importCacheFlags="$importCacheFlags--cache-from=type=registry,ref=$tagName " -done -if [ -n "$cacheFromFlags" ]; then - importCacheFlags="$importCacheFlags$cacheFromFlags" -fi -if [ -n "$localmode" ]; then - importCacheFlags="" -fi - -exportCacheFlags="" -if [ -n "$cacheToFlags" ]; then - exportCacheFlags="$cacheToFlags" -elif [ "$PUSH" = "push" ]; then - exportCacheFlags="--cache-to=type=inline" -fi - -tagFlags="" -for tagName in $tagNames; do - tagFlags="$tagFlags--tag=$tagName " -done - -nocacheFilterFlag="" -if [[ "$RELEASE" = "true" ]] && [[ "$GITHUB_ACTIONS" = "true" ]]; then - nocacheFilterFlag="--no-cache-filter=buildkit-export,gobuild-base,rootless" -fi - -buildxCmd build --build-arg "BUILDKIT_CONTEXT_KEEP_GIT_DIR=1" --build-arg BUILDKITD_TAGS --build-arg BUILDKIT_DEBUG --build-arg EXPORT_BASE $platformFlag $targetFlag $importCacheFlags $exportCacheFlags $tagFlags $outputFlag $nocacheFilterFlag $attestFlags \ - $currentcontext