Merge pull request #174 from firezone/fix-packaging

Simplify packaging

.ci/build_amazonlinux_2.base.sh

@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-platform="linux/arm64,linux/amd64"
-docker buildx build \
-  --no-cache \
-  --push \
-  --platform $platform \
-  --tag ghcr.io/firezone/amazonlinux:2 \
-  --build-arg BASE_IMAGE="amazonlinux:2" \
-  --progress plain \
-  -f pkg/Dockerfile.base.rpm \
-  .

.ci/build_amazonlinux_2.sh

@@ -1,4 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-.ci/build_rpm.sh amazonlinux_2 ghcr.io/firezone/amazonlinux:2

.ci/build_base.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+set -e
+
+case $MATRIX_IMAGE in
+  amazonlinux*)
+    format="rpm"
+    ;;
+  centos*)
+    format="rpm"
+    ;;
+  fedora*)
+    format="rpm"
+    ;;
+  debian*)
+    format="deb"
+    ;;
+  ubuntu*)
+    format="deb"
+    ;;
+esac
+
+docker buildx build \
+  --push \
+  --platform linux/amd64 \
+  --tag ghcr.io/firezone/$MATRIX_IMAGE \
+  --build-arg BASE_IMAGE=$MATRIX_IMAGE \
+  --progress plain \
+  -f pkg/Dockerfile.base.$format \
+  .

.ci/build_centos_7.base.sh

@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-platform="linux/arm64,linux/amd64,linux/arm/v7"
-docker buildx build \
-  --no-cache \
-  --push \
-  --platform $platform \
-  --tag ghcr.io/firezone/centos:7 \
-  --build-arg BASE_IMAGE="centos:7" \
-  --progress plain \
-  -f pkg/Dockerfile.base.rpm \
-  .

.ci/build_centos_7.sh

@@ -1,4 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-.ci/build_rpm.sh centos_7 ghcr.io/firezone/centos:7

.ci/build_centos_8.base.sh

@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-platform="linux/arm64,linux/amd64,linux/arm/v7"
-docker buildx build \
-  --no-cache \
-  --push \
-  --platform linux/arm64,linux/amd64 \
-  --tag ghcr.io/firezone/centos:8 \
-  --build-arg BASE_IMAGE="centos:8" \
-  --progress plain \
-  -f pkg/Dockerfile.base.rpm \
-  .

.ci/build_centos_8.sh

@@ -1,4 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-.ci/build_rpm.sh centos_8 ghcr.io/firezone/centos:8

.ci/build_debian_10.base.sh

@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-platform="linux/arm64,linux/amd64,linux/arm/v5,linux/arm/v7"
-docker buildx build \
-  --no-cache \
-  --push \
-  --platform $platform \
-  --tag ghcr.io/firezone/debian:10 \
-  --build-arg BASE_IMAGE="debian:10" \
-  --progress plain \
-  -f pkg/Dockerfile.base.deb \
-  .

.ci/build_debian_10.sh

@@ -1,4 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-.ci/build_deb.sh debian_10 ghcr.io/firezone/debian:10

.ci/build_fedora_33.base.sh

@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-platform="linux/arm64,linux/amd64,linux/arm/v7"
-docker buildx build \
-  --no-cache \
-  --push \
-  --platform $platform \
-  --tag ghcr.io/firezone/fedora:33 \
-  --build-arg BASE_IMAGE="fedora:33" \
-  --progress plain \
-  -f pkg/Dockerfile.base.rpm \
-  .

.ci/build_fedora_33.sh

@@ -1,4 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-.ci/build_rpm.sh fedora_33 ghcr.io/firezone/fedora:33

.ci/build_fedora_34.base.sh

@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-platform="linux/arm64,linux/amd64,linux/arm/v7"
-docker buildx build \
-  --no-cache \
-  --push \
-  --platform $platform \
-  --tag ghcr.io/firezone/fedora:34 \
-  --build-arg BASE_IMAGE="fedora:34" \
-  --progress plain \
-  -f pkg/Dockerfile.base.rpm \
-  .

.ci/build_fedora_34.sh

@@ -1,4 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-.ci/build_rpm.sh fedora_34 ghcr.io/firezone/fedora:34

.ci/build_fedora_35.base.sh

@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-platform="linux/arm64,linux/amd64,linux/arm/v7"
-docker buildx build \
-  --no-cache \
-  --push \
-  --platform $platform \
-  --tag ghcr.io/firezone/fedora:35 \
-  --build-arg BASE_IMAGE="fedora:35" \
-  --progress plain \
-  -f pkg/Dockerfile.base.rpm \
-  .

.ci/build_fedora_35.sh

@@ -1,4 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-.ci/build_rpm.sh fedora_35 ghcr.io/firezone/fedora:35

.ci/build_packages.sh

@@ -0,0 +1,76 @@
+#!/usr/bin/env bash
+set -e
+
+base_image="ghcr.io/firezone/${MATRIX_IMAGE}"
+tag=release-${MATRIX_IMAGE}
+
+case $MATRIX_IMAGE in
+  amazonlinux*)
+    format="rpm"
+    ;;
+  centos*)
+    format="rpm"
+    ;;
+  fedora*)
+    format="rpm"
+    ;;
+  debian*)
+    format="deb"
+    ;;
+  ubuntu*)
+    format="deb"
+    ;;
+esac
+
+
+# Build intermediate release image
+docker buildx build \
+  -f pkg/Dockerfile.release \
+  -t $tag \
+  --platform linux/amd64 \
+  --build-arg BASE_IMAGE=$base_image \
+  --progress plain \
+  .
+
+
+
+case $format in
+  deb)
+    pkg_dir="${MATRIX_IMAGE/:/_}_amd64"
+    pkg_file="${pkg_dir}.deb"
+    image="${pkg_dir}:latest"
+
+    docker buildx build \
+      -t $image \
+      -f pkg/Dockerfile.deb \
+      --platform linux/amd64 \
+      --build-arg PKG_DIR=$pkg_dir \
+      --build-arg BASE_IMAGE=$tag \
+      --progress plain \
+      .
+
+    cid=$(docker create $image)
+    mkdir -p _build
+    docker cp $cid:/root/pkg/$pkg_file ./_build/firezone_$pkg_file
+    ;;
+
+  rpm)
+    version=0.2.0-1
+    pkg_dir="firezone-${version}.amd64"
+    pkg_file="${pkg_dir}.rpm"
+    image="${MATRIX_IMAGE/:/_}_amd64:latest"
+
+    docker buildx build \
+      -t $image \
+      -f pkg/Dockerfile.rpm \
+      --platform linux/amd64 \
+      --build-arg PKG_DIR=$pkg_dir \
+      --build-arg BASE_IMAGE=$tag \
+      --progress plain \
+      .
+
+    cid=$(docker create $image)
+    mkdir -p _build
+    docker cp $cid:/root/rpmbuild/RPMS/amd64/$pkg_file ./_build/$pkg_file
+    ;;
+esac

.ci/build_ubuntu_18.04.base.sh

@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-platform="linux/arm64,linux/amd64,linux/arm/v7"
-docker buildx build \
-  --no-cache \
-  --push \
-  --platform $platform \
-  --tag ghcr.io/firezone/ubuntu:18.04 \
-  --build-arg BASE_IMAGE="ubuntu:18.04" \
-  --progress plain \
-  -f pkg/Dockerfile.base.deb \
-  .

.ci/build_ubuntu_18.04.sh

@@ -1,4 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-.ci/build_deb.sh ubuntu_18.04 ghcr.io/firezone/ubuntu:18.04

.ci/build_ubuntu_20.04.base.sh

@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-platform="linux/arm64,linux/amd64,linux/arm/v7"
-docker buildx build \
-  --no-cache \
-  --push \
-  --platform $platform \
-  --tag ghcr.io/firezone/ubuntu:20.04 \
-  --build-arg BASE_IMAGE="ubuntu:20.04" \
-  --progress plain \
-  -f pkg/Dockerfile.base.deb \
-  .

.ci/build_ubuntu_20.04.sh

@@ -1,4 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-.ci/build_deb.sh ubuntu_20.04 ghcr.io/firezone/ubuntu:20.04

.github/workflows/build_base_images.yml

@@ -6,18 +6,23 @@ on:
 
 jobs:
   build-and-push:
+    env:
+      MATRIX_IMAGE: ${{ matrix.image }}
+      MATRIX_PLATFORM: ${{ matrix.platform }}
     strategy:
       matrix:
-        os:
-          - amazonlinux_2
-          - centos_7
-          - centos_8
-          - fedora_33
-          - fedora_34
-          - fedora_35
-          - debian_10
-          - ubuntu_18.04
-          - ubuntu_20.04
+        image:
+          - amazonlinux:2
+          - centos:7
+          - centos:8
+          - fedora:33
+          - fedora:34
+          - fedora:35
+          - debian:10
+          - ubuntu:18.04
+          - ubuntu:20.04
+        platform:
+          - linux/amd64
     runs-on: ubuntu-20.04
     steps:
       - uses: docker/login-action@v1
@@ -32,4 +37,4 @@ jobs:
           docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
           docker buildx create --name multiarch --driver docker-container --use
           docker buildx inspect --bootstrap
-          .ci/build_${{ matrix.os }}.base.sh
+          .ci/build_base.sh

.github/workflows/ci.yml

@@ -13,7 +13,6 @@ jobs:
       POSTGRES_HOST: localhost
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       MATRIX_OS: ubuntu-18.04
-      MATRIX_ARCH: amd64
     strategy:
       matrix:
         os:
@@ -72,25 +71,23 @@ jobs:
     runs-on: ubuntu-20.04
     name: Build
     env:
-      MATRIX_ARCH: ${{ matrix.arch }}
-      MATRIX_OS: ${{ matrix.os }}
+      MATRIX_IMAGE: ${{ matrix.image }}
+      MATRIX_PLATFORM: ${{ matrix.platform }}
       MIX_ENV: prod
     strategy:
       matrix:
-        os:
-          - amazonlinux_2
-          - centos_7
-          - centos_8
-          - debian_10
-          - fedora_33
-          - fedora_34
-          - fedora_35
-          - ubuntu_18.04
-          - ubuntu_20.04
-        include:
-          - arch: amd64
-          # XXX: This currently takes upwards of 10 minutes or more. Disabling for now
-          # - arch: arm64
+        platform:
+          - linux/amd64
+        image:
+          - amazonlinux:2
+          - centos:7
+          - centos:8
+          - debian:10
+          - fedora:33
+          - fedora:34
+          - fedora:35
+          - ubuntu:18.04
+          - ubuntu:20.04
     steps:
       - uses: docker/login-action@v1
         with:
@@ -98,43 +95,13 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - uses: actions/checkout@v2
-
-      # amd64 build
-      - if: ${{ matrix.arch == 'amd64' }}
-        run: |
-          .ci/build_${{ matrix.os }}.sh
-
-      # arm64 build
-      - uses: uraimo/run-on-arch-action@v2.0.10
-        if: ${{ matrix.arch == 'arm64' }}
-        with:
-          arch: aarch64
-          install: |
-            # No obvious way to load a script file here, so needs inlining :-(
-            apt-get update -q -y
-            apt-get install -q -y gcc g++ make curl gdebi zstd
-
-            curl -O https://packages.erlang-solutions.com/erlang/debian/pool/esl-erlang_24.0.2-1~ubuntu~bionic_arm64.deb
-            curl -O https://packages.erlang-solutions.com/erlang/debian/pool/elixir_1.12.0-1~ubuntu~bionic_all.deb
-            gdebi --non-interactive esl-erlang_24.0.2-1~ubuntu~bionic_arm64.deb
-            gdebi --non-interactive elixir_1.12.0-1~ubuntu~bionic_all.deb
-
-            curl -sL https://deb.nodesource.com/setup_14.x | bash -
-            apt-get install -y -q nodejs
-          dockerRunArgs: |
-            --volume "${PWD}:/app"
-          distro: ubuntu18.04
-          env: |
-            arch: arm64
-          githubToken: ${{ github.token }}
-          run: |
-            cd /app
-            bash -c '.ci/build_release.sh'
+      - run: |
+          .ci/build_packages.sh
 
       - uses: actions/upload-artifact@v2
         with:
-          name: firezone_${{ matrix.os }}_${{ matrix.arch }}.deb
-          path: _build/firezone_${{ matrix.os }}_${{ matrix.arch }}.deb
+          name: firezone_${{ matrix.os }}_${{ matrix.platform }}
+          path: _build/firezone_${{ matrix.os }}_*.*
 
   functional-test:
     needs: build
@@ -151,18 +118,14 @@ jobs:
           # - fedora_35
           # - ubuntu_18.04
           - ubuntu_20.04
-        include:
-          - arch: amd64
-          # - arch: arm64
     env:
       MATRIX_OS: ${{ matrix.os }}
-      MATRIX_ARCH: ${{ matrix.arch }}
       DEBIAN_FRONTEND: noninteractive
     steps:
       - uses: actions/checkout@v2
       - uses: actions/download-artifact@v2
         with:
-          name: firezone_${{ matrix.os }}_${{ matrix.arch }}.deb
+          name: firezone_${{ matrix.os }}_amd64.deb
           path: ./
       - name: Test Install package
         run: .ci/functional_test.sh
@@ -182,9 +145,6 @@ jobs:
           - fedora_33
           - fedora_34
           - fedora_35
-        include:
-          - arch: amd64
-            # - arch: arm64
     if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
     steps:
       - name: Create Release
@@ -199,7 +159,7 @@ jobs:
           prerelease: true
       - uses: actions/download-artifact@v2
         with:
-          name: firezone_${{ matrix.os }}_${{ matrix.arch }}
+          name: firezone_${{ matrix.os }}_amd64
           path: ./
       - name: Upload Release Asset
         id: upload-release-asset
@@ -208,6 +168,6 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./firezone_${{ matrix.os }}_${{ matrix.arch }}.deb
-          asset_name: ${{ matrix.os }}_${{ matrix.arch }}
+          asset_path: ./firezone_${{ matrix.os }}_amd64.deb
+          asset_name: ${{ matrix.os }}_amd64
           asset_content_type: application/vnd.debian.binary-package

pkg/Dockerfile.deb

@@ -1,34 +1,7 @@
 ARG BASE_IMAGE
-ARG PLATFORM
-FROM --platform=${PLATFORM} ${BASE_IMAGE}
+FROM ${BASE_IMAGE}
 
 ARG PKG_DIR
-ENV MIX_ENV prod
-
-# Dockerfile-friendly build release
-RUN mix local.hex --force && \
-    mix local.rebar --force
-COPY mix.exs mix.lock ./
-COPY config config
-COPY apps/fz_http/mix.exs ./apps/fz_http/
-COPY apps/fz_wall/mix.exs ./apps/fz_wall/
-COPY apps/fz_vpn/mix.exs ./apps/fz_vpn/
-COPY apps/fz_common/mix.exs ./apps/fz_common/
-RUN mix do deps.get, deps.compile
-COPY apps/fz_http/assets/package.json apps/fz_http/assets/package-lock.json ./apps/fz_http/assets/
-RUN cd apps/fz_http/assets && npm ci --progress=false --no-audit --loglevel=error
-COPY apps/fz_http/priv apps/fz_http/priv
-COPY apps/fz_http/assets apps/fz_http/assets
-RUN npm run --prefix ./apps/fz_http/assets deploy && \
-    cd apps/fz_http && mix phx.digest
-# Copy remaining items for release
-COPY rel rel
-COPY deps deps
-COPY config config
-COPY apps apps
-RUN mix release
-
-# PACKAGING
 
 # Copy shared files
 COPY pkg pkg

pkg/Dockerfile.release

@@ -0,0 +1,27 @@
+ARG BASE_IMAGE
+FROM ${BASE_IMAGE}
+
+ENV MIX_ENV prod
+
+# Dockerfile-friendly build release
+RUN mix local.hex --force && \
+    mix local.rebar --force
+COPY mix.exs mix.lock ./
+COPY config config
+COPY apps/fz_http/mix.exs ./apps/fz_http/
+COPY apps/fz_wall/mix.exs ./apps/fz_wall/
+COPY apps/fz_vpn/mix.exs ./apps/fz_vpn/
+COPY apps/fz_common/mix.exs ./apps/fz_common/
+RUN mix do deps.get, deps.compile
+COPY apps/fz_http/assets/package.json apps/fz_http/assets/package-lock.json ./apps/fz_http/assets/
+RUN cd apps/fz_http/assets && npm ci --progress=false --no-audit --loglevel=error
+COPY apps/fz_http/priv apps/fz_http/priv
+COPY apps/fz_http/assets apps/fz_http/assets
+RUN npm run --prefix ./apps/fz_http/assets deploy && \
+    cd apps/fz_http && mix phx.digest
+# Copy remaining items for release
+COPY rel rel
+COPY deps deps
+COPY config config
+COPY apps apps
+RUN mix release

pkg/Dockerfile.rpm

@@ -1,37 +1,9 @@
 ARG BASE_IMAGE
-ARG PLATFORM
-FROM --platform=${PLATFORM} ${BASE_IMAGE}
+FROM ${BASE_IMAGE}
 
 ARG PKG_DIR
-ENV MIX_ENV prod
-
-# Dockerfile-friendly build release
-RUN mix local.hex --force && \
-    mix local.rebar --force
-COPY mix.exs mix.lock ./
-COPY config config
-COPY apps/fz_http/mix.exs ./apps/fz_http/
-COPY apps/fz_wall/mix.exs ./apps/fz_wall/
-COPY apps/fz_vpn/mix.exs ./apps/fz_vpn/
-COPY apps/fz_common/mix.exs ./apps/fz_common/
-RUN mix do deps.get, deps.compile
-COPY apps/fz_http/assets/package.json apps/fz_http/assets/package-lock.json ./apps/fz_http/assets/
-RUN cd apps/fz_http/assets && npm ci --progress=false --no-audit --loglevel=error
-COPY apps/fz_http/priv apps/fz_http/priv
-COPY apps/fz_http/assets apps/fz_http/assets
-RUN npm run --prefix ./apps/fz_http/assets deploy && \
-    cd apps/fz_http && mix phx.digest
-# Copy remaining items for release
-COPY rel rel
-COPY deps deps
-COPY config config
-COPY apps apps
-RUN mix release
-
-# Package into rpm
 
 # Copy shared files
-RUN echo $PKG_DIR
 COPY pkg/rpm_shared/rpmbuild rpmbuild
 COPY pkg/skel/ rpmbuild/BUILDROOT/$PKG_DIR/
 RUN rsync -az _build/prod/rel/firezone/* rpmbuild/BUILDROOT/$PKG_DIR/usr/lib/firezone/

scripts/ci.sh

@@ -1,6 +1,8 @@
 #!/bin/bash
 set -e
 
+# Mimics CI build action to test locally on developer machines
+
 # Required due to a buildx bug.
 # See https://github.com/docker/buildx/issues/495#issuecomment-761562905
 if [ `uname -m` = "amd64" ]; then
@@ -11,12 +13,21 @@ if [ `uname -m` = "amd64" ]; then
 elif [ `uname -m` = "arm64" ]; then
   docker buildx create --use
 fi
-.ci/build_amazonlinux_2.base.sh
-.ci/build_centos_7.base.sh
-.ci/build_centos_8.base.sh
-.ci/build_fedora_33.base.sh
-.ci/build_fedora_34.base.sh
-.ci/build_fedora_35.base.sh
-.ci/build_debian_10.base.sh
-.ci/build_ubuntu_18.04.base.sh
-.ci/build_ubuntu_20.04.base.sh
+
+matrix_images=(
+  amazonlinux:2
+  centos:7
+  centos:8
+  fedora:33
+  fedora:34
+  fedora:35
+  debian:10
+  ubuntu:18.04
+  ubuntu:20.04
+)
+
+for image in $matrix_images; do
+  export MATRIX_IMAGE=$image
+  .ci/build_base.sh
+  .ci/build_packages.sh
+done