.gitlab-ci.yml

@@ -10,7 +10,7 @@ stages:
   - tag
 
 variables:
-  CI_REGISTRY_IMAGE_VERSION: "2.0.0"
+  CI_REGISTRY_IMAGE_VERSION: "2.1.0"
   CI_CONTAINER_BUILD_ARCHS: "amd64:arm64"
 
 container-test:

Dockerfile

-FROM docker.io/library/fedora:34
+FROM docker.io/library/fedora:35
 
 COPY resources/storage.conf /etc/containers/
 
@@ -6,7 +6,7 @@ COPY resources/shell-tools/ /shell-tools
 
 RUN true\
    && dnf -y upgrade \
-   && dnf -y install podman buildah findutils git \
+   && dnf -y install podman buildah qemu-user-static findutils git \
    && dnf clean all \
    && sed -e 's/.* cgroup_manager =.*/cgroup_manager = "cgroupfs"/' /usr/share/containers/containers.conf > /etc/containers/containers.conf \
    && /shell-tools/install.sh \

README.md

+build-ah-engine
+===
+
+An opinionated utility container for building container images using podman together with gitlab-ci template(s) for reproducible CI/CD pipelines.
+
+The utility allows for multi-architecture builds of container images and their oci manifests. Either on real hardware or emulated using QEMU.
+
+*Note: while easier to use QEMU-based build might be substantially slower for certain types of builds.*
+
+Basic usage
+---
+
+The CI-pipeline of this project illustrates how the template and it's container are used. A minimal x86 
+
+```yaml
+include:
+  # On same gitlab instance
+  - local: /gitlab-ci-template.yml
+  # On remote gitlab instance
+  - remote: https://git.shivering-isles.com/container-library/build-ah-engine/-/raw/2.1.0/gitlab-ci-template.yml
+
+variables:
+  CI_REGISTRY_IMAGE_VERSION: "1.0.0"
+```
+
+Multi-arch example
+---
+
+The variable `CI_CONTAINER_BUILD_ARCHS` controls which architectures to include. It's a `:`-separated list of supported architectures. If the job is picked up by a runner of differing architectures, QEMU is used to cross-compile the container image. On matching architectures the build is done natively. Which runner executes a certain job can be controlled via the jobs `tags`.
+
+```yaml
+include:
+  # On same gitlab instance
+  - local: /gitlab-ci-template.yml
+  # On remote gitlab instance
+  - remote: https://git.shivering-isles.com/container-library/build-ah-engine/-/raw/2.1.0/gitlab-ci-template.yml
+
+variables:
+  CI_REGISTRY_IMAGE_VERSION: "1.0.0"
+  CI_CONTAINER_BUILD_ARCHS: "amd64:arm64"
+
+container-build-x86_64:
+  tags:
+    - x86_64
+
+container-build-arm64:
+  tags:
+    - arm64
+```

gitlab-ci-template.yml

@@ -13,7 +13,7 @@ variables:
   inherit:
     default: false
     variables: true
-  image: quay.io/sheogorath/build-ah-engine:2.0.0
+  image: quay.io/sheogorath/build-ah-engine:2.1.0
   before_script:
     - podman login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
     - export VCS_REF="$CI_COMMIT_SHA"
@@ -26,11 +26,13 @@ variables:
       --label "org.opencontainers.image.revision=$CI_COMMIT_SHA"
       --label "org.opencontainers.image.created=$(date --rfc-3339 ns)"
       --label "org.opencontainers.image.title=$CI_PROJECT_TITLE"
+      --arch $CI_REGISTRY_IMAGE_ARCH
       $CI_REGISTRY_BUILD_ARGS
       -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA-$CI_REGISTRY_IMAGE_ARCH"
       --format docker
       .
     - podman push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA-$CI_REGISTRY_IMAGE_ARCH"
+    - podman push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA-$CI_REGISTRY_IMAGE_ARCH" "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-latest-$CI_REGISTRY_IMAGE_ARCH"
 
 container-build-amd64:
   extends: .container-build
@@ -53,7 +55,7 @@ container-build-arm64:
 container-build-aarch64:
   extends: .container-build
   variables:
-    CI_REGISTRY_IMAGE_ARCH: aarch64
+    CI_REGISTRY_IMAGE_ARCH: arm64
   tags:
     - aaarch64
   rules:
@@ -64,7 +66,7 @@ container-tagging:
   inherit:
     default: false
     variables: true
-  image: quay.io/sheogorath/build-ah-engine:2.0.0
+  image: quay.io/sheogorath/build-ah-engine:2.1.0
   before_script:
     - podman login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
     - export BUILD_DATE="$(date --rfc-3339 ns)"

resources/shell-tools/bin/push.sh

@@ -26,14 +26,6 @@ printUsage() {
     exit 1
 }
 
-pushImageOrManifest() {
-    if podman manifest inspect "$1"; then
-        $CONTAINER_CMD manifest push --all --format v2s2 "$1" "docker://$1"
-    else
-        $CONTAINER_CMD push "$1"
-    fi
-}
-
 CONTAINER_CMD=podman
 
 if ! command -v "$CONTAINER_CMD" >/dev/null 2>&1; then
@@ -74,4 +66,4 @@ if [ "$CONTAINER_IMAGE_NAME" = "invalid" ]; then
 fi
 
 # shellcheck disable=SC2086
-$CONTAINER_CMD images --format "{{.Repository}}:{{.Tag}}" "$CONTAINER_IMAGE_NAME" | grep "$CONTAINER_IMAGE_NAME" | xargs -L 1 pushImageOrManifest
+$CONTAINER_CMD images --format "{{.Repository}}:{{.Tag}}" "$CONTAINER_IMAGE_NAME" | grep "$CONTAINER_IMAGE_NAME" | xargs -L 1 "$(dirname "$0")/../libexec/pushImageOrManifest.sh"

resources/shell-tools/install.sh

@@ -6,11 +6,14 @@ cp "$BASENAME"/./bin/tagging.sh /usr/local/bin/si-tagging
 cp "$BASENAME"/./bin/push.sh /usr/local/bin/si-push
 cp "$BASENAME"/./bin/pull.sh /usr/local/bin/si-pull
 cp "$BASENAME"/./bin/fix-dockerfile.sh /usr/local/bin/si-fix
+cp "$BASENAME"/./libexec/pushImageOrManifest.sh /usr/local/libexec/pushImageOrManifest.sh
 chown root:root /usr/local/bin/si-tagging
 chown root:root /usr/local/bin/si-push
 chown root:root /usr/local/bin/si-pull
 chown root:root /usr/local/bin/si-fix
+chown root:root /usr/local/libexec/pushImageOrManifest.sh
 chmod 0755 /usr/local/bin/si-tagging
 chmod 0755 /usr/local/bin/si-push
 chmod 0755 /usr/local/bin/si-pull
 chmod 0755 /usr/local/bin/si-fix
+chmod 0755 /usr/local/libexec/pushImageOrManifest.sh

resources/shell-tools/libexec/pushImageOrManifest.sh

+#!/bin/bash
+
+set -o pipefail
+set -u
+set -e
+
+if podman manifest exists "$1"; then
+    podman manifest push --all --format v2s2 "$1" "docker://$1"
+else
+    podman push "$1"
+fi