Multi arch Dockerfile and CI (#63)

* Modify Dockerfile - Use rustup from Docker image - Give up on cross compilation (ring issue) - Remove useless duplicate cargo install step - No need to specify target as it is built statically for the docker platform targeted - Shorten binary path output for shorter COPY * Github Actions to build for all ARM as well * Remove unneded musl-dev * Adapt build for all platforms - Use Debian based Rust for compilation - Cross compile on build platform - Compile static binaries using musl - Set variables correctly for all Docker supported platforms - Note: ppc64le, s390x and riscv64 do not support the Rust standard lib - Persist target platform variables through files - Define linkers in .cargo/config - Cache dependencies properly for target platform - Scratch stage to test the binary for target platform * Add 386 arch to CI * Use buildkit for docker build * Only build for amd64 on branches * Fix dependencies caching * Split dependencies fetching and compilation * Documentation * Build for all architectures on branch * Add STATIC build argument * Documentation
MindFlavor · Jul 8, 2021 · 3a74f8b · 3a74f8b
1 parent a07a3d0
commit 3a74f8b
Show file tree

Hide file tree

Showing 7 changed files with 141 additions and 18 deletions.
diff --git a/.cargo/config.toml b/.cargo/config.toml
@@ -0,0 +1,25 @@
+# This is used in the Docker build, you might need to adjust it for local usage.
+
+[target.x86_64-unknown-linux-musl]
+linker = "x86_64-linux-musl-gcc"
+
+[target.aarch64-unknown-linux-musl]
+linker = "aarch64-linux-musl-gcc"
+
+[target.armv7-unknown-linux-musleabi]
+linker = "armv7m-linux-musleabi-gcc"
+
+[target.arm-unknown-linux-musleabi]
+linker = "armv6-linux-musleabi-gcc"
+
+[target.i686-unknown-linux-musl]
+linker = "i686-linux-musl-gcc"
+
+[target.powerpc64le-unknown-linux-musl]
+linker = "powerpc64le-linux-musl-gcc"
+
+[target.s390x-unknown-linux-musl]
+linker = "s390x-linux-musl-gcc"
+
+[target.riscv64gc-unknown-linux-musl]
+linker = "riscv64-linux-musl-gcc"
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -19,6 +19,8 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    env:
+      DOCKER_BUILDKIT: "1"
     steps:
       - name: Checkout
         uses: actions/checkout@v2

diff --git a/.github/workflows/buildx-branch.yml b/.github/workflows/buildx-branch.yml
@@ -32,7 +32,7 @@ jobs:
         run: |
           docker buildx build \
             --progress plain \
-            --platform=linux/amd64 \
+            --platform=linux/amd64,linux/386,linux/arm64,linux/arm/v6,linux/arm/v7 \
             --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \
             --build-arg COMMIT=`git rev-parse --short HEAD` \
             --build-arg VERSION=${GITHUB_REF##*/} \

diff --git a/.github/workflows/buildx-latest.yml b/.github/workflows/buildx-latest.yml
@@ -29,7 +29,7 @@ jobs:
         run: |
           docker buildx build \
             --progress plain \
-            --platform=linux/amd64 \
+            --platform=linux/amd64,linux/386,linux/arm64,linux/arm/v6,linux/arm/v7 \
             --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \
             --build-arg COMMIT=`git rev-parse --short HEAD` \
             --build-arg VERSION=latest \

diff --git a/.github/workflows/buildx-release.yml b/.github/workflows/buildx-release.yml
@@ -29,7 +29,7 @@ jobs:
         run: |
           docker buildx build \
             --progress plain \
-            --platform=linux/amd64 \
+            --platform=linux/amd64,linux/386,linux/arm64,linux/arm/v6,linux/arm/v7 \
             --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \
             --build-arg COMMIT=`git rev-parse --short HEAD` \
             --build-arg VERSION=${GITHUB_REF##*/} \

diff --git a/Dockerfile b/Dockerfile
@@ -1,34 +1,116 @@
+ARG BUILDPLATFORM=linux/amd64
+
 ARG ALPINE_VERSION=3.12
-ARG RUST_VERSION=1-alpine${ALPINE_VERSION}
+ARG RUST_VERSION=1-slim-bullseye
 
-FROM rust:${RUST_VERSION} AS build
+FROM --platform=${BUILDPLATFORM} rust:${RUST_VERSION} AS build
 WORKDIR /usr/src/prometheus_wireguard_exporter
 
 # Setup
-ARG ARCH=x86_64
-RUN apk add --update -q --no-cache musl-dev
-RUN rustup target add ${ARCH}-unknown-linux-musl
+RUN apt-get update -y && \
+    apt-get install -y \
+    # to cross build with musl
+    musl-tools \
+    # to download the musl cross build tool
+    wget \
+    # for verifying the binary properties
+    file
 
-# Install dependencies
-COPY Cargo.toml Cargo.lock ./
+# Download dependencies
 RUN mkdir src && \
-    echo "fn main() {}" > src/main.rs
-RUN cargo build --release && \
-    rm -rf target/release/deps/prometheus_wireguard_exporter*
+    echo 'fn main() {}' > src/main.rs
+COPY Cargo.toml Cargo.lock ./
+RUN cargo fetch && \
+    rm src/main.rs
+
+ARG STATIC=yes
+RUN touch /tmp/rustflags && \
+    if [ "${STATIC}" != "yes" ]; then \
+      echo "-C target-feature=-crt-static" | tee /tmp/rustflags; \
+    fi
+
+ARG TARGETPLATFORM
+RUN echo "Setting variables for ${TARGETPLATFORM:=linux/amd64}" && \
+    case "${TARGETPLATFORM}" in \
+      linux/amd64) \
+        MUSL="x86_64-linux-musl"; \
+        RUSTTARGET="x86_64-unknown-linux-musl"; \
+        break;; \
+      linux/arm64) \
+        MUSL="aarch64-linux-musl"; \
+        RUSTTARGET="aarch64-unknown-linux-musl"; \
+        break;; \
+      linux/arm/v7) \
+        MUSL="armv7m-linux-musleabi"; \
+        RUSTTARGET="armv7-unknown-linux-musleabi"; \
+        break;; \
+      linux/arm/v6) \
+        MUSL="armv6-linux-musleabi"; \
+        RUSTTARGET="arm-unknown-linux-musleabi"; \
+        break;; \
+      linux/386) \
+        MUSL="i686-linux-musl"; \
+        RUSTTARGET="i686-unknown-linux-musl"; \
+        break;; \
+      linux/ppc64le) \
+        MUSL="powerpc64le-linux-musl"; \
+        RUSTTARGET="powerpc64le-unknown-linux-musl"; \
+        break;; \
+      linux/s390x) \
+        MUSL="s390x-linux-musl"; \
+        RUSTTARGET="s390x-unknown-linux-musl"; \
+        break;; \
+      linux/riscv64) \
+        MUSL="riscv64-linux-musl"; \
+        RUSTTARGET="riscv64gc-unknown-linux-musl"; \
+        break;; \
+      *) echo "unsupported platform ${TARGETPLATFORM}"; exit 1;; \
+    esac && \
+    echo "${MUSL}" | tee /tmp/musl && \
+    echo "${RUSTTARGET}" | tee /tmp/rusttarget
+
+RUN MUSL="$(cat /tmp/musl)" && \
+    wget -qO- "https://musl.cc/$MUSL-cross.tgz" | tar -xzC /tmp && \
+    rm "/tmp/$MUSL-cross/usr" && \
+    cp -fr /tmp/"$MUSL"-cross/* / && \
+    rm -rf "/tmp/$MUSL-cross"
+
+RUN rustup target add "$(cat /tmp/rusttarget)"
+
+# Copy .cargo/config for cross build configuration
+COPY .cargo ./.cargo
+
+# Install dependencies
+RUN echo 'fn main() {}' > src/main.rs && \
+    RUSTFLAGS="$(cat /tmp/rustflags)" \
+    CC="$(cat /tmp/musl)-gcc" \
+    cargo build --target "$(cat /tmp/rusttarget)" --release
+RUN rm -r \
+    target/*-linux-*/release/deps/prometheus_wireguard_exporter* \
+    target/*-linux-*/release/prometheus_wireguard_exporter* \
+    src/main.rs
 
-# Build the musl linked binary
+# Build static binary with musl built-in
 COPY . .
-RUN cargo build --release
-RUN cargo install --target ${ARCH}-unknown-linux-musl --path .
+RUN RUSTFLAGS="$(cat /tmp/rustflags)" \
+    CC="$(cat /tmp/musl)-gcc" \
+    cargo build --target "$(cat /tmp/rusttarget)" --release && \
+    mv target/*-linux-*/release/prometheus_wireguard_exporter /tmp/binary
+RUN description="$(file /tmp/binary)" && \
+    echo "$description" && \
+    if [ "${STATIC}" = "yes" ] && [ ! -z "$(echo $description | grep musl)" ]; then \
+      echo "binary is not statically built!" && exit 1; \
+    fi
 
 FROM alpine:${ALPINE_VERSION}
 EXPOSE 9586/tcp
+WORKDIR /usr/local/bin
 RUN adduser prometheus-wireguard-exporter -s /bin/sh -D -u 1000 1000 && \
     mkdir -p /etc/sudoers.d && \
     echo 'prometheus-wireguard-exporter ALL=(root) NOPASSWD:/usr/bin/wg show * dump' > /etc/sudoers.d/prometheus-wireguard-exporter && \
     chmod 0440 /etc/sudoers.d/prometheus-wireguard-exporter
 RUN apk add --update -q --no-cache wireguard-tools-wg sudo
 USER prometheus-wireguard-exporter
-ENTRYPOINT [ "prometheus_wireguard_exporter" ]
+ENTRYPOINT [ "/usr/local/bin/prometheus_wireguard_exporter" ]
 CMD [ "-a" ]
-COPY --from=build --chown=prometheus-wireguard-exporter /usr/local/cargo/bin/prometheus_wireguard_exporter /usr/local/bin/prometheus_wireguard_exporter
+COPY --from=build --chown=prometheus-wireguard-exporter /tmp/binary ./prometheus_wireguard_exporter
diff --git a/README.md b/README.md
@@ -43,6 +43,20 @@ docker run -it --rm --init --net=host --cap-add=NET_ADMIN mindflavor/prometheus-
 docker run -it --rm alpine:3.12 wget -qO- http://localhost:9586/metrics
 ```
 
+ℹ️ The Docker image is compatible with `amd64`, `386`, `arm64`, `armv7` and `armv6` CPUs.
+
+To update the image, you can use
+
+```sh
+docker pull mindflavor/prometheus_wireguard_exporter
+```
+
+You can also build it with:
+
+```sh
+docker build -t mindflavor/prometheus_wireguard_exporter https://github.com/MindFlavor/prometheus_wireguard_exporter.git
+```
+
 ## Compilation
 
 To compile the latest master version: