ci(docker): build single architecture instead of multi arch image man…

…ifest (#2781)

* ci(docker): use build with qemu instead of build

* ci(docker): allow conditionally building of arm64

* ci(docker): add option to build arm64 in workflow_dispatch

.github/workflows/docker-ecs-worker-image.yml

@@ -1,7 +1,12 @@
 name: Build & publish ECS/Fargate worker image to ECR
 
 on:
-  workflow_dispatch: 
+  workflow_dispatch:
+    inputs:
+      SHOULD_BUILD_ARM64:
+        description: 'Whether to build the ARM64 image.'
+        type: boolean
+        default: false
   workflow_call:
     inputs:
       COMMIT_SHA:
@@ -11,6 +16,10 @@ on:
       USE_COMMIT_SHA_IN_VERSION:
         description: 'Whether to use the commit sha in building the pkg version of the image.'
         type: boolean
+      SHOULD_BUILD_ARM64:
+        description: 'Whether to build the ARM64 image.'
+        type: boolean
+        default: false
     secrets:
       ECR_WORKER_IMAGE_PUSH_ROLE_ARN:
         description: 'ARN of the IAM role to assume to push the image to ECR.'
@@ -21,29 +30,14 @@ permissions:
   contents: read
 
 jobs:
-  build_docker_image:
+  build_docker_image_amd64:
     runs-on: ubuntu-latest
     env:
       # Set by the caller workflow, defaults to github.sha when not passed (e.g. workflow_dispatch against a branch)
       WORKER_VERSION: ${{ inputs.COMMIT_SHA || github.sha }}
     strategy:
       matrix:
-        platform: [ linux/amd64 , linux/arm64 ]
         registry: [ public, private ]
-        include:
-          # sets platform_name to match AWS convention
-          - platform: linux/amd64
-            registry: public
-            platform_name: x86_64
-          - platform: linux/amd64
-            registry: private
-            platform_name: x86_64
-          - platform: linux/arm64
-            registry: public
-            platform_name: arm64
-          - platform: linux/arm64
-            registry: private
-            platform_name: arm64
 
     steps:
       - uses: actions/checkout@v3
@@ -53,9 +47,6 @@ jobs:
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
 
       - name: Replace package version
         if: ${{ inputs.USE_COMMIT_SHA_IN_VERSION || false }}
@@ -95,19 +86,19 @@ jobs:
         with:
           registry-type: public
 
-      - name: Build and push Docker image (Public ECR)
+      - name: Build the Docker image (Public ECR)
         if: matrix.registry == 'public'
-        uses: docker/build-push-action@v4
-        env:
-          DOCKER_IMAGE_TAG: ${{ env.WORKER_VERSION }}-${{ matrix.platform_name }}
-        with:
-          context: .
-          file: ./packages/artillery/lib/platform/aws-ecs/worker/Dockerfile
-          push: true
-          tags: public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.DOCKER_IMAGE_TAG }}
-          platforms: ${{ matrix.platform }}
-          build-args: |
-            WORKER_VERSION=${{ env.WORKER_VERSION }}
+        env: 
+          DOCKER_TAG: ${{ env.WORKER_VERSION }}-x86_64
+        run: |
+          docker build . --platform linux/amd64 --build-arg="WORKER_VERSION=${{ env.WORKER_VERSION }}" --tag public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.DOCKER_TAG }} -f ./packages/artillery/lib/platform/aws-ecs/worker/Dockerfile
+      
+      - name: Push Docker image (Public ECR)
+        if: matrix.registry == 'public'
+        env: 
+          DOCKER_TAG: ${{ env.WORKER_VERSION }}-x86_64
+        run: |
+          docker push public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.DOCKER_TAG }}
 
       - name: Configure AWS Credentials (Private ECR)
         if: matrix.registry == 'private'
@@ -124,18 +115,118 @@ jobs:
         id: login-ecr-private
         uses: aws-actions/amazon-ecr-login@v1
 
-      - name: Build and push Docker image (Private ECR)
+      - name: Build the Docker image (Private ECR)
+        if: matrix.registry == 'private'
+        env: 
+          DOCKER_TAG: ${{ env.WORKER_VERSION }}-x86_64
+        run: |
+          docker build . --platform linux/amd64 --build-arg="WORKER_VERSION=${{ env.WORKER_VERSION }}" --tag 248481025674.dkr.ecr.eu-west-1.amazonaws.com/artillery-worker:${{ env.DOCKER_TAG }} -f ./packages/artillery/lib/platform/aws-ecs/worker/Dockerfile
+
+      - name: Push Docker image (Private ECR)
         if: matrix.registry == 'private'
-        uses: docker/build-push-action@v4
+        env: 
+          DOCKER_TAG: ${{ env.WORKER_VERSION }}-x86_64
+        run: |
+          docker push 248481025674.dkr.ecr.eu-west-1.amazonaws.com/artillery-worker:${{ env.DOCKER_TAG }}
+        
+  build_docker_image_arm64:
+    runs-on: ubuntu-latest
+    if: ${{ inputs.SHOULD_BUILD_ARM64 }}
+    env:
+      # Set by the caller workflow, defaults to github.sha when not passed (e.g. workflow_dispatch against a branch)
+      WORKER_VERSION: ${{ inputs.COMMIT_SHA || github.sha }}
+    strategy:
+      matrix:
+        registry: [ public, private ]
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ env.WORKER_VERSION }}
+          fetch-depth: 0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Replace package version
+        if: ${{ inputs.USE_COMMIT_SHA_IN_VERSION || false }}
+        run: node .github/workflows/scripts/replace-package-versions.js
         env:
-          DOCKER_IMAGE_TAG: ${{ env.WORKER_VERSION }}-${{ matrix.platform_name }}
+          COMMIT_SHA: ${{ env.WORKER_VERSION }}
+          REPLACE_MAIN_VERSION_ONLY: true # we don't need to replace dependencies, as docker image builds using workspaces
+
+      - name: Get Artillery version
+        # we only want to tag with an actual version from pkg.json outside of PRs and manual dispatches
+        # NOTE: can't check for refs/head/main because of pull_request_target used in some workflows
+        if: github.event.pull_request == null && github.event_name != 'workflow_dispatch'
+        run: |
+            echo "WORKER_VERSION=$(node -e 'console.log(require("./packages/artillery/package.json").version)')" >> $GITHUB_ENV
+
+      - name: Show git ref
+        run: |
+          echo GITHUB REF ${{ github.ref }}
+          echo GITHUB PR HEAD SHA ${{ github.event.pull_request.head.sha }}
+          echo GITHUB SHA ${{ github.sha }}
+          echo WORKER_VERSION ENV ${{ env.WORKER_VERSION }}
+      
+      - name: Configure AWS Credentials (Public ECR)
+        if: matrix.registry == 'public'
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-region: us-east-1
+          audience: sts.amazonaws.com
+          role-to-assume: ${{ secrets.ECR_WORKER_IMAGE_PUSH_ROLE_ARN }}
+          role-session-name: OIDCSession
+          mask-aws-account-id: true
+
+      - name: Login to Amazon (Public ECR)
+        if: matrix.registry == 'public'
+        id: login-ecr-public
+        uses: aws-actions/amazon-ecr-login@v1
         with:
-          context: .
-          file: ./packages/artillery/lib/platform/aws-ecs/worker/Dockerfile
-          push: true
-          tags: 248481025674.dkr.ecr.eu-west-1.amazonaws.com/artillery-worker:${{ env.DOCKER_IMAGE_TAG }}
-          platforms: ${{ matrix.platform }}
-          build-args: |
-            WORKER_VERSION=${{ env.WORKER_VERSION }}
+          registry-type: public
+
+      - name: Build the Docker image (Public ECR)
+        if: matrix.registry == 'public'
+        env: 
+          DOCKER_TAG: ${{ env.WORKER_VERSION }}-arm64
+        run: |
+          docker build . --platform linux/arm64 --build-arg="WORKER_VERSION=${{ env.WORKER_VERSION }}" --tag public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.DOCKER_TAG }} -f ./packages/artillery/lib/platform/aws-ecs/worker/Dockerfile
+      
+      - name: Push Docker image (Public ECR)
+        if: matrix.registry == 'public'
+        env: 
+          DOCKER_TAG: ${{ env.WORKER_VERSION }}-arm64
+        run: |
+          docker push public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.DOCKER_TAG }}
+
+      - name: Configure AWS Credentials (Private ECR)
+        if: matrix.registry == 'private'
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-region: eu-west-1
+          audience: sts.amazonaws.com
+          role-to-assume: ${{ secrets.ECR_WORKER_IMAGE_PUSH_ROLE_ARN }}
+          role-session-name: OIDCSession
+          mask-aws-account-id: true
+
+      - name: Login to Amazon (Private ECR)
+        if: matrix.registry == 'private'
+        id: login-ecr-private
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Build the Docker image (Private ECR)
+        if: matrix.registry == 'private'
+        env: 
+          DOCKER_TAG: ${{ env.WORKER_VERSION }}-arm64
+        run: |
+          docker build . --platform linux/arm64 --build-arg="WORKER_VERSION=${{ env.WORKER_VERSION }}" --tag 248481025674.dkr.ecr.eu-west-1.amazonaws.com/artillery-worker:${{ env.DOCKER_TAG }} -f ./packages/artillery/lib/platform/aws-ecs/worker/Dockerfile
+
+      - name: Push Docker image (Private ECR)
+        if: matrix.registry == 'private'
+        env: 
+          DOCKER_TAG: ${{ env.WORKER_VERSION }}-arm64
+        run: |
+          docker push 248481025674.dkr.ecr.eu-west-1.amazonaws.com/artillery-worker:${{ env.DOCKER_TAG }}
         
       

.github/workflows/npm-publish-all-packages-canary.yml

@@ -29,6 +29,7 @@ jobs:
     with:
       COMMIT_SHA: ${{ github.sha }}
       USE_COMMIT_SHA_IN_VERSION: true
+      SHOULD_BUILD_ARM64: true
     secrets:
       ECR_WORKER_IMAGE_PUSH_ROLE_ARN: ${{ secrets.ECR_WORKER_IMAGE_PUSH_ROLE_ARN }}
 

.github/workflows/npm-publish-all-packages.yml

@@ -19,6 +19,7 @@ jobs:
       id-token: write
     with:
       COMMIT_SHA: ${{ github.sha }}
+      SHOULD_BUILD_ARM64: true
     secrets:
       ECR_WORKER_IMAGE_PUSH_ROLE_ARN: ${{ secrets.ECR_WORKER_IMAGE_PUSH_ROLE_ARN }}
 

.github/workflows/npm-publish-specific-package.yml

@@ -22,6 +22,7 @@ jobs:
       id-token: write
     with:
       COMMIT_SHA: ${{ github.sha }}
+      SHOULD_BUILD_ARM64: true
     secrets:
       ECR_WORKER_IMAGE_PUSH_ROLE_ARN: ${{ secrets.ECR_WORKER_IMAGE_PUSH_ROLE_ARN }}