diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..567609b1 --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +build/ diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml new file mode 100644 index 00000000..c8bc1fe9 --- /dev/null +++ b/.github/workflows/images.yml @@ -0,0 +1,83 @@ +name: Publish Container Images + +on: + push: + branches: + - main + tags: + - v[0-9]+.[0-9]+.[0-9]+ + pull_request: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: read + packages: write + +jobs: + build-and-push: + name: Build and Push (${{ matrix.image }}) + runs-on: ubuntu-latest + strategy: + matrix: + image: [ + device-injector, + differ, + hook-injector, + logger, + network-device-injector, + network-logger, + template, + ulimit-adjuster, + v010-adapter, + ] + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to registry + if: github.event_name == 'push' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Determine image tag name + id: tag + run: | + if [ "${{ github.ref_type }}" = "tag" ]; then + tag="${{ github.ref_name }}" + else + if [ "${{ github.event_name }}" = "pull_request" ]; then + tag="pr-${{ github.event.pull_request.number }}" + else + case "${{ github.ref_name }}" in + main) + tag="unstable" + ;; + esac + fi + fi + if [ -z "$tag" ]; then + echo "ERROR: failed to determine image tag" + exit 1 + fi + echo "TAG_NAME=$tag" >> $GITHUB_ENV + + - name: Build and push image + uses: docker/build-push-action@v6 + with: + context: . + file: ./plugins/Dockerfile + build-args: | + PLUGIN=${{ matrix.image }} + push: ${{ github.event_name == 'push' }} + platforms: ${{ github.event_name == 'push' && 'linux/amd64,linux/arm64' || 'linux/amd64' }} + tags: ghcr.io/${{ github.repository }}/plugins/${{ matrix.image }}:${{ env.TAG_NAME }} diff --git a/plugins/Dockerfile b/plugins/Dockerfile new file mode 100644 index 00000000..11f0b60f --- /dev/null +++ b/plugins/Dockerfile @@ -0,0 +1,41 @@ +# Copyright The containerd Authors. + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG GO_VERSION=1.24 + +FROM golang:${GO_VERSION}-bullseye AS builder +ARG PLUGIN + +WORKDIR /go/src + +# Cache dependencies in a separate layer +COPY go.mod go.sum . +RUN --mount=type=cache,target=/go/pkg/mod/ go mod download + +# Build +COPY . . + +RUN --mount=type=cache,target=/go/pkg/mod/ \ + make /go/src/build/bin/${PLUGIN} \ + GO_BUILD="CGO_ENABLED=0 go build -ldflags '-extldflags=-static'" + +# Construct final image +FROM scratch +ARG PLUGIN + +COPY --from=builder /go/src/build/bin/${PLUGIN} /bin/plugin + +ENV NRI_PLUGIN_NAME=${PLUGIN} + +ENTRYPOINT ["/bin/plugin"]