-
Notifications
You must be signed in to change notification settings - Fork 111
/
Copy pathdocker-multi-arch-template.yaml
195 lines (190 loc) · 6.18 KB
/
docker-multi-arch-template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: "docker-multi-arch-build-and-push"
spec:
params:
- name: gitRepository
description: The git repository that hosts context and Dockerfile
- name: gitRevision
description: The Git revision to be used.
- name: gitCloneDepth
description: Number of commits in the change + 1
- name: imageUrl
description: The url to push the built image to
- name: tags
description: Comma separated list of tags
- name: contextPath
description: Path to the context in the repo to use when building the image
- name: platforms
description: Comma separated list of platforms
workspaces:
- name: source
- name: secret
tasks:
- name: git-clone
taskRef:
name: git-clone
params:
- name: url
value: $(params.gitRepository)
- name: revision
value: $(params.gitRevision)
- name: depth
value: $(params.gitCloneDepth)
workspaces:
- name: output
workspace: source
- name: build-and-push
runAfter: [git-clone]
params:
- name: contextPath
value: $(params.contextPath)
- name: imageUrl
value: $(params.imageUrl)
- name: tags
value: $(params.tags)
- name: platforms
value: $(params.platforms)
workspaces:
- name: source
workspace: source
- name: secret
workspace: secret
taskSpec:
params:
- name: contextPath
- name: imageUrl
- name: tags
- name: platforms
workspaces:
- name: source
- name: secret
steps:
- env:
- name: DOCKER_HOST
value: tcp://localhost:2376
- name: DOCKER_TLS_VERIFY
value: "1"
- name: DOCKER_CERT_PATH
value: /certs/client
- name: IMAGE_REGISTRY_CREDENTIALS
value: $(workspaces.secret.path)/credentials
- name: PLATFORMS
value: $(params.platforms)
- name: CONTEXT_PATH
value: $(params.contextPath)
- name: TAGS
value: $(params.tags)
- name: IMAGE_URL
value: $(params.imageUrl)
image: ghcr.io/tektoncd/plumbing/buildx-gcloud:latest
name: build-image-multi-arch
script: |
#!/usr/bin/env sh
OIFS=$IFS
IFS=","
DESTINATIONS=""
# Docker buildx build supports a stringArray of destinations
for tag in ${TAGS}; do DESTINATIONS="${DESTINATIONS} --tag ${IMAGE_URL}:${tag}"; done
IFS=$OIFS
IMAGE_REGISTRY_USER=tekton-robot
docker login ghcr.io -u ${IMAGE_REGISTRY_USER} --password-stdin < "${IMAGE_REGISTRY_CREDENTIALS}"
docker run --rm --privileged tonistiigi/binfmt:latest --install all
ln -s /root/.docker/cli-plugins ~/.docker/cli-plugins
docker context create context1
docker buildx create context1 --name builder-buildx1 --driver docker-container --platform ${PLATFORMS} --use
docker buildx inspect --bootstrap --builder builder-buildx1
cd $(workspaces.source.path)
echo docker buildx build --push --platform ${PLATFORMS} ${DESTINATIONS} ${CONTEXT_PATH}
docker buildx build --push --platform ${PLATFORMS} ${DESTINATIONS} ${CONTEXT_PATH}
volumeMounts:
- mountPath: /certs/client
name: dind-certs
volumes:
- emptyDir: {}
name: dind-certs
sidecars:
- args:
- --storage-driver=vfs
- --userland-proxy=false
- --debug
env:
- name: DOCKER_TLS_CERTDIR
value: /certs
image: docker:dind
name: server-docker
readinessProbe:
exec:
command:
- ls
- /certs/client/ca.pem
periodSeconds: 1
securityContext:
privileged: true
volumeMounts:
- mountPath: /certs/client
name: dind-certs
---
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: docker-build-and-push-image-multi-arch
spec:
params:
- name: gitRepository
description: The git repository that hosts context and Dockerfile
- name: gitRevision
description: The Git revision to be used.
- name: contextPath
description: The path to the context within 'gitRepository'
- name: registry
description: The container registry *registry*/namespace/name tag
- name: namespace
description: The namespace (aka user, org, project) registry/*namespace*/name tag
- name: imageName
description: The image name (aka repository) registry/namespace/*name* tag
- name: imageTags
description: The image tag registry/namespace/name *tag*
- name: buildUUID
description: The build UUID is used for log collection
- name: platforms
description: Platforms for multi-arch build in form of `linux/amd64,linux/s390x`
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: build-and-push-$(tt.params.imageName)-
labels:
prow.k8s.io/build-id: $(tt.params.buildUUID)
plumbing.tekton.dev/image: $(tt.params.imageName)
spec:
pipelineRef:
name: docker-multi-arch-build-and-push
workspaces:
- name: source
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- name: secret
secret:
secretName: ghcr-creds
params:
- name: contextPath
value: $(tt.params.contextPath)
- name: gitRepository
value: "https://$(tt.params.gitRepository)"
- name: gitRevision
value: $(tt.params.gitRevision)
- name: gitCloneDepth
value: "2"
- name: imageUrl
value: "$(tt.params.registry)/$(tt.params.namespace)/$(tt.params.imageName)"
- name: tags
value: $(tt.params.imageTags)
- name: platforms
value: $(tt.params.platforms)