From 59d8d9d742d74bf4feeba8990b272de4287dd1b4 Mon Sep 17 00:00:00 2001 From: Raoul Scarazzini Date: Tue, 31 Oct 2023 19:13:06 +0100 Subject: [PATCH 1/3] Revisit the entire image with Debian This commit tries to optimize the Dockerfile so that it is more adaptable for diffent architectures like ARM. --- Dockerfile | 44 ++++++++++++++++++++------------------------ 1 file changed, 20 insertions(+), 24 deletions(-) diff --git a/Dockerfile b/Dockerfile index d530fa2..96708de 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,38 +12,34 @@ # # [1] https://github.com/mmul-it/kpa -# Start from ansible-core -FROM docker.io/ubuntu:22.04 +# We rely on Debian Stable +FROM docker.io/debian:stable-slim -# Update repo contents -RUN apt update - -# Install requiremets -RUN apt -y install python3-pip curl git - -# Upgrade pip & install ansible & ansible-lint -RUN pip3 install --upgrade pip && \ - pip3 install ansible ansible-lint +# Set specific apt bits +ARG DEBIAN_FRONTEND=noninteractive +ENV TZ=Etc/UTC -# Install yamllint (Yaml linter) -RUN pip3 install yamllint +# Install required system packages +RUN apt update &&\ + apt -y install curl git ansible ansible-lint yamllint rubygems ca-certificates curl gnupg && \ + apt clean # Install mdl (Mardown linter) -RUN apt -y install rubygems RUN gem install mdl # Install Marp with nodejs and chrome -RUN curl -sL https://deb.nodesource.com/setup_18.x | bash - -RUN echo "deb http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list && \ - curl -s https://dl.google.com/linux/linux_signing_key.pub -o - | apt-key add - && \ - gpg --refresh-keys && \ - apt update -RUN apt -y install nodejs google-chrome-stable -RUN npm install -g @marp-team/marp-cli +RUN mkdir -p /etc/apt/keyrings && \ + curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | \ + gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \ + echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" > \ + /etc/apt/sources.list.d/nodesource.list && \ + apt update && \ + apt install -y nodejs chromium && \ + npm install -g @marp-team/marp-cli && \ + apt clean # Install pandoc with texlive -ARG DEBIAN_FRONTEND=noninteractive -ENV TZ=Etc/UTC RUN apt -y install pandoc texlive texlive-base texlive-binaries \ texlive-fonts-recommended texlive-latex-base texlive-latex-extra \ - texlive-latex-recommended texlive-pictures texlive-plain-generic texlive-xetex + texlive-latex-recommended texlive-pictures texlive-plain-generic texlive-xetex && \ + apt clean From 23ba15e59f9e40b8959c4ac1c3e2575aec800777 Mon Sep 17 00:00:00 2001 From: Raoul Scarazzini Date: Tue, 31 Oct 2023 19:26:06 +0100 Subject: [PATCH 2/3] Integrate Actions with multiarch build This commit enables the multi architecture build for bot ARM64 and AMD64. --- .github/workflows/main.yml | 56 ++++++++++++++++++++++++-------------- 1 file changed, 35 insertions(+), 21 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index db08a0b..ff14ecc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,29 +1,43 @@ name: Create kpa-marp-pandoc container image -env: - REGISTRY_GHCR: ghcr.io/mmul-it - REGISTRY_QUAY: quay.io/mmul - CONTAINER_NAME: kpa-marp-pandoc - on: [push] jobs: build_and_push: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - name: Build the container image - run: docker build . - --file Dockerfile - --tag ${REGISTRY_GHCR}/${CONTAINER_NAME}:${{ github.ref_name }} - --tag ${REGISTRY_GHCR}/${CONTAINER_NAME}:latest - --tag ${REGISTRY_QUAY}/${CONTAINER_NAME}:${{ github.ref_name }} - --tag ${REGISTRY_QUAY}/${CONTAINER_NAME}:latest - - name: Login into the GitHub Container Registry - run: echo "${{ secrets.GHCR_TOKEN }}" | docker login ${REGISTRY_GHCR} --username "${{ vars.GHCR_USER }}" --password-stdin - - name: Login into the Quay Container Registry - run: echo "${{ secrets.QUAY_ROBOT_TOKEN }}" | docker login ${REGISTRY_QUAY} --username "${{ vars.QUAY_ROBOT_NAME }}" --password-stdin - - name: Push the image into the GitHub Container Registry - run: docker push --all-tags ${REGISTRY_GHCR}/${CONTAINER_NAME} - - name: Push the image into the Quay Container Registry - run: docker push --all-tags ${REGISTRY_QUAY}/${CONTAINER_NAME} + - uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to ghcr + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ vars.GHCR_USER }} + password: ${{ secrets.GHCR_TOKEN }} + + - name: Login to quay + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ vars.QUAY_ROBOT_NAME }} + password: ${{ secrets.QUAY_ROBOT_TOKEN }} + + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + platforms: linux/amd64,linux/arm64 + tags: | + ghcr.io/mmul-it/kpa-marp-pandoc:latest + ghcr.io/mmul-it/kpa-marp-pandoc:${{ github.ref_name }} + quay.io/mmul/kpa-marp-pandoc:latest + quay.io/mmul/kpa-marp-pandoc:${{ github.ref_name }} From 0890dbe762dd42e4a23f85fc6d67d52f321bef89 Mon Sep 17 00:00:00 2001 From: Raoul Scarazzini Date: Thu, 2 Nov 2023 14:00:08 +0100 Subject: [PATCH 3/3] Add provenance:false to prevent unknown archs Even if everything is working as expected, for each run an additional image related to an "unknow" architecture is created. This, extracted from [1], should avoid this. [1] https://github.com/docker/build-push-action/issues/820 --- .github/workflows/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ff14ecc..71872d4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -35,6 +35,8 @@ jobs: with: context: . push: ${{ github.event_name != 'pull_request' }} + # Check https://github.com/docker/build-push-action/issues/820 + provenance: false platforms: linux/amd64,linux/arm64 tags: | ghcr.io/mmul-it/kpa-marp-pandoc:latest