diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f43a6184..50161ef2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,6 +24,13 @@ jobs: - name: Check out code uses: actions/checkout@v2 + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + - name: Check licenses env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -32,8 +39,66 @@ jobs: - name: Run verification run: make check - - name: Build Docker image - run: make docker + - name: Get current timestamp + id: timestamp + run: echo "::set-output name=timestamp::$(date -u +'%Y-%m-%dT%H:%M:%SZ')" + + - name: Build APIClarity + uses: docker/build-push-action@v2 + with: + context: . + platforms: linux/amd64,linux/arm64 + tags: ghcr.io/apiclarity/apiclarity:${{ github.sha }} + file: Dockerfile + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + build-args: | + VERSION=${{ github.sha }} + BUILD_TIMESTAMP=${{ steps.timestamp.outputs.timestamp }} + COMMIT_HASH=${{ github.sha }} + + - name: Build Kong plugin + uses: docker/build-push-action@v2 + with: + context: plugins + platforms: linux/amd64,linux/arm64 + tags: ghcr.io/apiclarity/kong-plugin:${{ github.sha }} + file: plugins/Dockerfile.kong + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + + - name: Fix Tyk Plugin API dep + id: tyk-dep + run: | + cd plugins/gateway/tyk/v3.2.2 + go mod edit -replace github.com/apiclarity/apiclarity/plugins/api@v0.0.0=./../api + go mod edit -replace github.com/apiclarity/apiclarity/plugins/common@v0.0.0=./../common + + - name: Build Tyk plugin + uses: docker/build-push-action@v2 + with: + context: plugins + platforms: linux/amd64 # tykio/tyk-plugin-compiler does not currently support other architectures + tags: ghcr.io/apiclarity/tyk-plugin-v3.2.2:${{ github.sha }} + file: plugins/Dockerfile.tyk.v3.2.2 + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + + - name: Undo Tyk Plugin API dep change + id: undo-tyk-dep + run: git checkout -- plugins/gateway/tyk/v3.2.2/go.mod + + - name: Build passive taper + uses: docker/build-push-action@v2 + with: + context: plugins + platforms: linux/amd64,linux/arm64 + tags: ghcr.io/apiclarity/passive-taper:${{ github.sha }} + file: plugins/Dockerfile.taper + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + build-args: | + VERSION=${{ github.sha }} lint_chart: name: Lint Helm Chart diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index ca3f7320..bc007dde 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -14,6 +14,9 @@ jobs: with: submodules: true + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 @@ -40,6 +43,7 @@ jobs: uses: docker/build-push-action@v2 with: context: . + platforms: linux/amd64,linux/arm64 tags: ghcr.io/apiclarity/apiclarity:latest file: Dockerfile push: true @@ -54,6 +58,7 @@ jobs: uses: docker/build-push-action@v2 with: context: plugins + platforms: linux/amd64,linux/arm64 tags: ghcr.io/apiclarity/kong-plugin:latest file: plugins/Dockerfile.kong push: true @@ -71,6 +76,7 @@ jobs: uses: docker/build-push-action@v2 with: context: plugins + platforms: linux/amd64 # tykio/tyk-plugin-compiler does not currently support other architectures tags: ghcr.io/apiclarity/tyk-plugin-v3.2.2:latest file: plugins/Dockerfile.tyk.v3.2.2 push: true @@ -81,6 +87,7 @@ jobs: uses: docker/build-push-action@v2 with: context: plugins + platforms: linux/amd64,linux/arm64 tags: ghcr.io/apiclarity/passive-taper:latest file: plugins/Dockerfile.taper push: true diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b979ca03..8fb74703 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -81,6 +81,9 @@ jobs: git tag --annotate --message "Tag for release $tag" "$tag" git push origin "refs/tags/$tag" + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 @@ -107,6 +110,7 @@ jobs: uses: docker/build-push-action@v2 with: context: . + platforms: linux/amd64,linux/arm64 tags: ghcr.io/apiclarity/apiclarity:${{ github.event.inputs.version }} file: Dockerfile push: true @@ -121,6 +125,7 @@ jobs: uses: docker/build-push-action@v2 with: context: plugins + platforms: linux/amd64,linux/arm64 tags: ghcr.io/apiclarity/kong-plugin:${{ github.event.inputs.version }} file: plugins/Dockerfile.kong push: true @@ -138,6 +143,7 @@ jobs: uses: docker/build-push-action@v2 with: context: plugins + platforms: linux/amd64 # tykio/tyk-plugin-compiler does not currently support other architectures tags: ghcr.io/apiclarity/tyk-plugin-v3.2.2:${{ github.event.inputs.version }} file: plugins/Dockerfile.tyk.v3.2.2 push: true @@ -152,6 +158,7 @@ jobs: uses: docker/build-push-action@v2 with: context: plugins + platforms: linux/amd64,linux/arm64 tags: ghcr.io/apiclarity/passive-taper:${{ github.event.inputs.version }} file: plugins/Dockerfile.taper push: true diff --git a/Dockerfile b/Dockerfile index 4dd26464..587861d4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,31 +1,40 @@ -FROM node:14-slim AS site-build +## Build Frontend +FROM --platform=$BUILDPLATFORM node:14-slim AS site-build WORKDIR /app/ui-build +# Cache optimization: Avoid npm install unless package.json changed +COPY ui/package-lock.json ui/package.json ./ +RUN npm ci + COPY ui . -RUN npm i RUN npm run build +## Build Backend +# Cross-compilation tools +FROM --platform=$BUILDPLATFORM tonistiigi/xx AS xx -FROM golang:1.16.6-alpine AS builder +FROM --platform=$BUILDPLATFORM golang:1.16.6-alpine AS builder -RUN apk add --update --no-cache gcc g++ +# Copy cross-compilation tools +COPY --from=xx / / WORKDIR /build COPY api ./api COPY plugins/api ./plugins/api +# Cache optimization: Avoid go module downloads unless go.mod/go.sum changed WORKDIR /build/backend COPY backend/go.* ./ RUN go mod download -ARG VERSION -ARG BUILD_TIMESTAMP -ARG COMMIT_HASH +ARG BUILD_TIMESTAMP COMMIT_HASH VERSION TARGETOS TARGETARCH # Copy and build backend code COPY backend . -RUN go build -ldflags="-s -w \ +ARG TARGETPLATFORM +ENV CGO_ENABLED=0 +RUN xx-go build -ldflags="-s -w \ -X 'github.com/apiclarity/apiclarity/backend/pkg/version.Version=${VERSION}' \ -X 'github.com/apiclarity/apiclarity/backend/pkg/version.CommitHash=${COMMIT_HASH}' \ -X 'github.com/apiclarity/apiclarity/backend/pkg/version.BuildTimestamp=${BUILD_TIMESTAMP}'" -o backend ./cmd/backend/main.go diff --git a/Makefile b/Makefile index a9bd23ad..b5239388 100644 --- a/Makefile +++ b/Makefile @@ -57,7 +57,8 @@ docker: docker-backend docker-plugins .PHONY: docker-backend docker-backend: ## Build Docker image @(echo "Building backend docker image ..." ) - docker build --build-arg VERSION=${VERSION} \ + docker buildx build --load \ + --build-arg VERSION=${VERSION} \ --build-arg BUILD_TIMESTAMP=$(shell date -u +"%Y-%m-%dT%H:%M:%SZ") \ --build-arg COMMIT_HASH=$(shell git rev-parse HEAD) \ -t ${DOCKER_IMAGE}:${DOCKER_TAG} . @@ -134,4 +135,4 @@ license-cache: bin/licensei ## Generate license cache bin/licensei cache .PHONY: check -check: lint test ## Run tests and linters \ No newline at end of file +check: lint test ## Run tests and linters diff --git a/plugins/Dockerfile.kong b/plugins/Dockerfile.kong index 957a1697..d66affb8 100644 --- a/plugins/Dockerfile.kong +++ b/plugins/Dockerfile.kong @@ -1,28 +1,39 @@ -FROM golang:1.16.6-alpine AS builder +## Common build steps for plugins +# Cross-compilation tools +FROM --platform=$BUILDPLATFORM tonistiigi/xx AS xx -## Note: this Dockerfile will only be built from the plugins context +FROM --platform=$BUILDPLATFORM golang:1.16.6-alpine AS builder -RUN apk add --update --no-cache gcc g++ +# Copy cross-compilation tools +COPY --from=xx / / -WORKDIR /plugins -COPY api ./api +# To optimize caching and multi-architecture we try to get in as much upfront +# work as possible before branching out using our actual source +WORKDIR /plugins/api +COPY api/go.* ./ +RUN go mod download WORKDIR /plugins/common - COPY common/go.* ./ RUN go mod download -COPY common ./ +WORKDIR /plugins +COPY api ./api +COPY common ./common +## Kong plugin build steps WORKDIR /plugins/gateway/kong -COPY gateway/kong/go.* ./ +# Cache optimization: Avoid go module downloads unless go.mod/go.sum changed +COPY gateway/kong/go.* ./ RUN go mod download COPY gateway/kong . # Build the plugin. -RUN go build -o bin/kong-plugin plugin.go +ARG TARGETPLATFORM +ENV CGO_ENABLED=0 +RUN xx-go build -o bin/kong-plugin plugin.go FROM busybox COPY --from=builder ["/plugins/gateway/kong/bin/kong-plugin", "/kong-plugin"] diff --git a/plugins/Dockerfile.taper b/plugins/Dockerfile.taper index fd7137c9..0783dfb7 100644 --- a/plugins/Dockerfile.taper +++ b/plugins/Dockerfile.taper @@ -1,33 +1,52 @@ -FROM golang:1.16.6-alpine AS builder +## Common build steps for plugins +# Cross-compilation tools +FROM --platform=$BUILDPLATFORM tonistiigi/xx AS xx -# Set necessary environment variables needed for our image. -ENV CGO_ENABLED=1 GOOS=linux GOARCH=amd64 +FROM --platform=$BUILDPLATFORM golang:1.16.6-alpine AS builder -RUN apk add libpcap-dev gcc g++ make bash +# Copy cross-compilation tools +COPY --from=xx / / -WORKDIR /plugins +# To optimize caching and multi-architecture we try to get in as much upfront +# work as possible before branching out using our actual source +WORKDIR /plugins/api +COPY api/go.* ./ +RUN go mod download +WORKDIR /plugins/common +COPY common/go.* ./ +RUN go mod download + +WORKDIR /plugins COPY api ./api COPY common ./common -WORKDIR /plugins/taper +## Taper plugin build steps +# Cache optimization: Avoid go module downloads unless go.mod/go.sum changed +WORKDIR /plugins/taper/extensions/http +COPY taper/extensions/http/go.* ./ +RUN go mod download +WORKDIR /plugins/taper COPY taper/go.* ./ RUN go mod download -ARG VERSION +ARG TARGETPLATFORM VERSION COPY taper . -RUN go build -ldflags="-s -w \ +RUN apk add --no-cache clang lld +RUN xx-apk add --no-cache binutils-gold gcc libpcap-dev musl-dev +ENV CGO_ENABLED=1 +RUN export QEMU_LD_PREFIX=/$(xx-info) && xx-go build -ldflags="-s -w \ -X 'github.com/apiclarity/apiclarity/plugins/taper/version.Version=${VERSION}'" -o agent . WORKDIR /plugins/taper/extensions/http COPY taper/extensions/http . -RUN go build -buildmode=plugin -o ../http.so . +RUN export QEMU_LD_PREFIX=/$(xx-info) && xx-go build -buildmode=plugin -o ../http.so . FROM alpine:3.14 -RUN apk add bash libpcap-dev tcpdump +RUN apk add --no-cache bash libpcap tcpdump WORKDIR /app # Copy binary and config files from /build to root folder of scratch container. diff --git a/plugins/Makefile b/plugins/Makefile index 128f45b1..4ef437fa 100644 --- a/plugins/Makefile +++ b/plugins/Makefile @@ -9,11 +9,11 @@ docker: docker-kong docker-tyk docker-taper .PHONY: docker-kong docker-kong: - @DOCKER_BUILDKIT=1 docker build -t ${DOCKER_REGISTRY}/kong-plugin:${DOCKER_TAG} --file Dockerfile.kong . + @DOCKER_BUILDKIT=1 docker buildx build --load -t ${DOCKER_REGISTRY}/kong-plugin:${DOCKER_TAG} --file Dockerfile.kong . .PHONY: docker-taper docker-taper: - @DOCKER_BUILDKIT=1 docker build --build-arg VERSION=${VERSION} -t ${DOCKER_REGISTRY}/passive-taper:${DOCKER_TAG} --file Dockerfile.taper . + @DOCKER_BUILDKIT=1 docker buildx build --load --build-arg VERSION=${VERSION} -t ${DOCKER_REGISTRY}/passive-taper:${DOCKER_TAG} --file Dockerfile.taper . .PHONY: docker-tyk docker-tyk: @@ -21,7 +21,7 @@ docker-tyk: go mod edit -replace github.com/apiclarity/apiclarity/plugins/api@v0.0.0=./../api && \ go mod edit -replace github.com/apiclarity/apiclarity/plugins/common@v0.0.0=./../common && \ cd -) - @DOCKER_BUILDKIT=1 docker build -t ${DOCKER_REGISTRY}/tyk-plugin-${TYK_VERSION}:${DOCKER_TAG} --file Dockerfile.tyk.${TYK_VERSION} . + @DOCKER_BUILDKIT=1 docker buildx build --load -t ${DOCKER_REGISTRY}/tyk-plugin-${TYK_VERSION}:${DOCKER_TAG} --file Dockerfile.tyk.${TYK_VERSION} . @(cd gateway/tyk/${TYK_VERSION} && \ go mod edit -replace github.com/apiclarity/apiclarity/plugins/api@v0.0.0=./../../../api && \ go mod edit -replace github.com/apiclarity/apiclarity/plugins/common@v0.0.0=./../../../common && \