diff --git a/.arg b/.arg index 455a198..a9fbc5e 100644 --- a/.arg +++ b/.arg @@ -1,3 +1,4 @@ -DOCKERHUB_USER=earthly +CR_HOST=ghcr.io +CR_ORG=earthbuild IMAGE_NAME=dind EARTHLY_REPO_VERSION=0b28ef80785fd88df1ec7e674475b02e046d5b36 diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index e2d3d45..231659a 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,2 +1,2 @@ -# PRs require approval from the earthly core team -* @earthly/core +# PRs require approval from the EarthBuild admin team +* @EarthBuild/fork-admins diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2363f68..63d9827 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,35 +5,46 @@ on: # push: # branches: [ "main" ] pull_request: - branches: [ "main" ] + branches: ["main"] concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true - + jobs: test: name: test runs-on: ubuntu-latest + permissions: + contents: read + packages: write env: FORCE_COLOR: 1 EARTHLY_CONVERSION_PARALLELISM: "5" - EARTHLY_TOKEN: "${{ secrets.EARTHLY_TOKEN }}" - EARTHLY_INSTALL_ID: "earthly-dind-githubactions" + EARTHLY_INSTALL_ID: "earthbuild-dind-githubactions" steps: - - uses: earthly/actions/setup-earthly@v1 + # The dind (common+alpine-kind-test and common+ubuntu-kind-test) detects + # the host's IPv6 capability and then requires IPv6 NAT to create networks + # for kind. So we load it here. + # Ref: https://github.com/moby/moby/pull/47062 + - name: Load kernel module IPv6 NAT + run: sudo modprobe ip6table_nat + - name: Set up Docker Hub mirrors + run: | + sudo mkdir -p /etc/docker + echo '{"registry-mirrors": ["https://mirror.gcr.io", "https://public.ecr.aws"]}' | sudo tee /etc/docker/daemon.json + sudo systemctl restart docker + - name: Set up QEMU + run: | + sudo apt-get update + sudo apt-get install -y qemu-user-static binfmt-support + sudo update-binfmts --display + - uses: earthbuild/actions-setup@main with: version: v0.8.15 - uses: actions/checkout@v4 - - name: Docker login (non fork only) - run: |- - docker login --username "${{ secrets.DOCKERHUB_USERNAME }}" --password "${{ secrets.DOCKERHUB_TOKEN }}" - docker login registry-1.docker.io.mirror.corp.earthly.dev --username "${{ secrets.DOCKERHUB_MIRROR_USERNAME }}" --password "${{ secrets.DOCKERHUB_MIRROR_PASSWORD }}" - if: github.event.pull_request.head.repo.full_name == github.repository - - name: Configure Earthly to use mirror (non fork only) - run: |- - earthly config global.buildkit_additional_config "'[registry.\"docker.io\"] - mirrors = [\"registry-1.docker.io.mirror.corp.earthly.dev\"]'" + - name: Log in to GitHub Container Registry (non fork only) + run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin if: github.event.pull_request.head.repo.full_name == github.repository - name: Run tests - run: earthly --ci -P --push --org earthly-technologies --satellite dind +test + run: earthly --ci -P --push +test diff --git a/README.md b/README.md index 11c67ab..dba2302 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ For information on how to use these images, please refer to [docker in earthly]( ## Supported Distributions -There are currently 3 supported dind distributions available: +There are currently 4 supported dind distributions available: - `alpine` - `ubuntu:20.04` - `ubuntu:23.04` @@ -30,7 +30,7 @@ dependencies that will trigger new versions of the dind images such as the docke ```bash . -├── Earthfile // Targets that apply to all images (e.g. +test) +├── Earthfile // Targets that apply to all images (e.g. +test) ├── common │ └── Earthfile // A library of common helper targets └── os // Each directory contains an Earthfile with targets to maintain the specific os (e.g. +test, +build) @@ -65,7 +65,7 @@ earthly --push -P +test #### Community members -Community members do not have permissions to push a built image and run the tests against it. However, they can easily set a different dockerhub repository by changing the `DOCKERHUB_USER` ARG value in [.arg](.arg) to a private repository or by passing the arg in the earthly command, e.g. `earthly --push -P +test --DOCKERHUB_USER=`. +Community members do not have permissions to push a built image and run the tests against it. However, they can easily set a different container registry repository by changing the `CR_HOST` (default: ghcr.io) and `CR_ORG` ARG values in [.arg](.arg) to a private container registry repository or by passing the args in the earthly command, e.g. `earthly --push -P +test --CR_HOST= --CR_ORG=`. ## Deployment diff --git a/common/Earthfile b/common/Earthfile index 9a22e2e..1dc50df 100644 --- a/common/Earthfile +++ b/common/Earthfile @@ -6,14 +6,14 @@ FROM alpine # EARTHLY_REPO_VERSION specifies a branch and/or commit of earthly/earthly (it defaults to the earthly cli version if left empty) ARG EARTHLY_REPO_VERSION -IMPORT github.com/earthly/earthly/buildkitd:$EARTHLY_REPO_VERSION AS earthly -IMPORT github.com/earthly/earthly/tests/with-docker:$EARTHLY_REPO_VERSION AS with-docker -IMPORT github.com/earthly/earthly/tests/with-docker-compose:$EARTHLY_REPO_VERSION AS with-docker-compose -IMPORT github.com/earthly/earthly/tests/with-docker-kind:$EARTHLY_REPO_VERSION AS with-docker-kind -IMPORT github.com/earthly/earthly/tests/dind-auto-install:$EARTHLY_REPO_VERSION AS dind-auto-install +IMPORT github.com/EarthBuild/earthbuild/buildkitd:$EARTHLY_REPO_VERSION AS earthly +IMPORT github.com/EarthBuild/earthbuild/tests/with-docker:$EARTHLY_REPO_VERSION AS with-docker +IMPORT github.com/EarthBuild/earthbuild/tests/with-docker-compose:$EARTHLY_REPO_VERSION AS with-docker-compose +IMPORT github.com/EarthBuild/earthbuild/tests/with-docker-kind:$EARTHLY_REPO_VERSION AS with-docker-kind +IMPORT github.com/EarthBuild/earthbuild/tests/dind-auto-install:$EARTHLY_REPO_VERSION AS dind-auto-install -# DOCKERHUB_USER is the organization name in docker hub (default: earthly) -ARG --global DOCKERHUB_USER +# CR_ORG is the organization name in a container registry (default: earthbuild) +ARG --global CR_ORG # IMAGE_NAME is the image repository in docker hub (default: dind) ARG --global IMAGE_NAME @@ -26,14 +26,22 @@ build: # DOCKER_VERSION is the version of docker to use, e.g. 20.10.14 ARG --required DOCKER_VERSION FROM $OS_IMAGE:$OS_VERSION + # Ubuntu 23.04 has reached EOL + IF [ "$OS_VERSION" = "23.04" ] + RUN sed -i \ + -e 's/archive.ubuntu.com\/ubuntu/old-releases.ubuntu.com\/ubuntu/g' \ + -e 's/ports.ubuntu.com\/ubuntu-ports/old-releases.ubuntu.com\/ubuntu/g' \ + -e 's/security.ubuntu.com\/ubuntu/old-releases.ubuntu.com\/ubuntu/g' \ + /etc/apt/sources.list + END COPY earthly+export-docker-script/docker-auto-install.sh /usr/local/bin/docker-auto-install.sh RUN docker-auto-install.sh LET DOCKER_VERSION_TAG=$DOCKER_VERSION IF [ "$OS_IMAGE" = "alpine" ] RUN apk add iptables-legacy # required for older kernels END - # DOCKERHUB_USER is the organization name in docker hub (default: earthly) - ARG DOCKERHUB_USER + # CR_ORG is the organization name in container registry (default: earthbuild) + ARG CR_ORG # IMAGE_NAME is the image repository in docker hub (default: dind) ARG IMAGE_NAME COPY --dir --pass-args +get-image-info/image-info . @@ -41,7 +49,8 @@ build: LET image_tag=$(cat image-info/tag) RUN rm -rf image-info ENV OTEL_TRACES_EXPORTER=none # disabled for speed improvement; see https://github.com/earthly/earthly/issues/4066 - SAVE IMAGE --push $image_name:$image_tag + ARG --required CR_HOST + SAVE IMAGE --push $CR_HOST/$image_name:$image_tag # get-image-info generates the image name and tag as a saved artifact so it can be used by multiple targets get-image-info: @@ -59,11 +68,12 @@ get-image-info: RUN if echo $DOCKER_VERSION_TAG | grep "[^0-9.-]"; then echo "DOCKER_VERSION_TAG looks bad; got $DOCKER_VERSION_TAG" && exit 1; fi END LET TAG=$OS_IMAGE-$OS_VERSION-docker-$DOCKER_VERSION_TAG - # DOCKERHUB_USER is the organization name in docker hub (default: earthly) - ARG --required DOCKERHUB_USER + # CR_ORG is the organization name in container registry (default: earthbuild) + ARG --required CR_ORG # IMAGE_NAME is the image repository in docker hub (default: dind) ARG --required IMAGE_NAME - LET image_full_name=$DOCKERHUB_USER/$IMAGE_NAME + # image_full_name excludes container registry host + LET image_full_name=$CR_ORG/$IMAGE_NAME ARG SUFFIX IF [ -n "$SUFFIX" ] SET TAG="$TAG-$SUFFIX" @@ -75,7 +85,7 @@ get-image-info: # test runs tests against the specified image (DIND_IMAGE) or otherwise uses the image specified in earthly/earthly repo test: - # DIND_IMAGE is the full docker image name & tag to run the tests against. The image must exist in the remote docker registry + # DIND_IMAGE is the full container image name & tag to run the tests against. The image must exist in the remote container registry ARG DIND_IMAGE BUILD --pass-args with-docker+all --DIND_IMAGE=$DIND_IMAGE BUILD --pass-args dind-auto-install+test --BASE_IMAGE=$DIND_IMAGE @@ -95,11 +105,12 @@ build-and-test: COPY --dir --pass-args +get-image-info/image-info . LET image_name=$(cat image-info/name) LET image_tag=$(cat image-info/tag) + ARG --required CR_HOST WAIT # EARTHLY_PUSH is a builtin arg that helps determine if the tests should run ARG EARTHLY_PUSH IF [ "$EARTHLY_PUSH" = "true" ] - BUILD --pass-args ../os/$DIR_PATH+test --DIND_IMAGE=$image_name:$image_tag + BUILD --pass-args ../os/$DIR_PATH+test --DIND_IMAGE=$CR_HOST/$image_name:$image_tag END END @@ -114,12 +125,12 @@ push-new-tag: exit 1 END END - FROM $DOCKERHUB_USER/$IMAGE_NAME:$TAG_WITH_DATE + FROM $CR_ORG/$IMAGE_NAME:$TAG_WITH_DATE LET new_tag="$(echo ${TAG_WITH_DATE%-*})" IF [ "$new_tag" = "$TAG_WITH_DATE" ] RUN --no-cache echo "failed to remove date from tag $TAG_WITH_DATE" && exit 1 END - SAVE IMAGE --push $DOCKERHUB_USER/$IMAGE_NAME:$new_tag + SAVE IMAGE --push $CR_ORG/$IMAGE_NAME:$new_tag # push-new-tag-multi-platform builds push-new-tag using both amd64 & arm64 platforms. push-new-tag-multi-platform: