ci: publish multi-arch image manifest lists #4254
Conversation
There was a problem hiding this comment.
Thank you for looking into this!
I've got a few questions, please bear with me, I've never used buildx before.
- With the manifest list, can you still pull images by tag as before? I.e.
openpolicyagent/opa:0.36.1,openpolicyagent/opa:latest, ``openpolicyagent/opa:edge`? - What does it look like on dockerhub? I'm sure you've got some example of the desired end state...
- Our docker image smoke tests fail on the PR, it seems like we're missing something there: https://github.com/open-policy-agent/opa/runs/4879113973?check_suite_focus=true#step:4:59
Finally, do you have an idea how we could (smoke) test the produced binaries and images, preferable from github actions...? Are there any handy tools to emulate linux/arm64...?
ngraef
force-pushed
the
feature/arm64-images
branch
from
3791972
to
5560919
Compare
Yes! Clients continue to pull images the same way. If you're curious to see what a manifest list contains, run
You've probably seen it on most of the "official" images, like the example from
Already fixed it before seeing your review 😀
Docker has setup-quemu-action that is helpful. It allows you to build and run images for different architectures. We don't need it to build in this case because we're cross-compiling, but we could use it to test the built arm64 images. |
|
Thanks for your replies there, it's very helpful to me. 😃
Would you mind looking into that, too? It would be great if we had some assurance in our pipeline before publishing arm64 images. |
ngraef
force-pushed
the
feature/arm64-images
branch
from
ed8c28b
to
836d069
Compare
I added smoke tests for arm64 images. I also added the platform string to the |
|
Wow, this is an awesome contribution @ngraef 👏 Just tried it and for the first time I can run OPA containerized on my M1 without the dreaded: Nice! 👍 |
|
Could you please rebase and squash this, so we can get it merged? |
This change adds linux/arm64 binaries to the release. It also publishes an arm64 container image for all variants (standard, debug, rootless, static) and releases (dev, edge, latest). The build and push process uses buildx in order to push the individual images by digest (i.e. untagged) and reference them in a single, tagged manifest list. This avoids cluttering Docker Hub's tag list with `<tag>-<arch>` tags. Fixes open-policy-agent#2233 Signed-off-by: Nick Graef <[email protected]>
ngraef
force-pushed
the
feature/arm64-images
branch
from
b8404ae
to
51179a0
Compare
This change adds linux/arm64 binaries to the release. It also publishes an arm64 container image for all variants (standard, debug, rootless, static) and releases (dev, edge, latest). The build and push process uses buildx in order to push the individual images by digest (i.e. untagged) and reference them in a single, tagged manifest list. This avoids cluttering Docker Hub's tag list with `<tag>-<arch>` tags. Fixes open-policy-agent#2233 Signed-off-by: Nick Graef <[email protected]>
|
I don't think this is happening in practice? This image was released 25 days ago and is x86-only. |
|
@bencooper222 This was partially reverted. See #4282 for more context. |
|
Hi all, just wondering if #4282 will be reversed as it seems that the issue in #4280 regarding bytecodealliance/wasmtime#3183 has been closed as fixed? It would be nice to have the manifests for the non-static images also. |
|
We still have problems testing it. There are not arm64 runners in Github, and we don't have the bandwidth to maintain our own arm-based runners on any other hardware. So we'd either have to ship something untested; or don't ship it at all It could be worth retrying to test the images in Qemu. Last time I tried it, I ran into SIGILL exceptions. |
This change adds linux/arm64 binaries to the release. It also publishes an arm64 container image for all variants (standard, debug, rootless, static) and releases (dev, edge, latest).
The build and push process uses buildx to push the individual images by digest (i.e. untagged) and reference them in a single, tagged manifest list. This avoids cluttering Docker Hub's tag list with
<tag>-<arch>tags.Fixes #2233