diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index db3ae6a..1d2ac61 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -10,12 +10,24 @@ on: permissions: {} env: - REGISTRY: ghcr.io/${{ github.repository }} - TAG: smoke-test + REGISTRY: 127.0.0.1:5000/qubesome + TAG: latest jobs: build-images: - runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: [ubuntu-latest, ubuntu-24.04-arm] + + runs-on: ${{ matrix.platform }} + + services: + registry: + image: registry:3 + ports: + - 5000:5000 + steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: @@ -26,10 +38,13 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + with: + name: qubesome + driver-opts: network=host + platforms: linux/amd64,linux/arm64 - - name: Build images - run: | - make build + - name: Test build and push of images + run: make push - name: Smoke test binaries run: | diff --git a/Makefile b/Makefile index 1e65cb5..320c93f 100644 --- a/Makefile +++ b/Makefile @@ -1,33 +1,52 @@ REGISTRY ?= workload-images TAG ?= latest -BUILDER ?= docker -RUNNER ?= docker +BUILDER ?= docker buildx WORKLOADS=$(shell find workloads -mindepth 2 -maxdepth 2 -type f -name 'Dockerfile' | sort -u | cut -f 2 -d'/') TOOLS=$(shell find tools -mindepth 2 -maxdepth 2 -type f -name 'Dockerfile' | sort -u | cut -f 2 -d'/') -build: +MACHINE = qubesome + +# ACTION can only be --load when TARGET_PLATFORM is the current platform: +# TARGET_PLATFORMS=linux/amd64 ACTION=--load make build-workload-xorg +ACTION ?= --load +TARGET_PLATFORMS ?= $(shell docker info --format '{{.ClientInfo.Os}}/{{.ClientInfo.Arch}}') +SUPPORTED_PLATFORMS = linux/amd64,linux/arm64 + +# Workloads that do not support arm64: +AMD64_ONLY = chrome slack obsidian +$(foreach w,$(AMD64_ONLY),$(eval build-workload-$(w): TARGET_PLATFORMS = linux/amd64)) + +build: build-workload-base $(MAKE) $(addprefix build-workload-, $(WORKLOADS)) $(MAKE) $(addprefix build-tool-, $(TOOLS)) -build-workload-%: +buildx-machine: + $(BUILDER) use $(MACHINE) >/dev/null 2>&1 || \ + $(BUILDER) create --name=$(MACHINE) --driver-opt network=host --platform=$(SUPPORTED_PLATFORMS) + +build-workload-%: buildx-machine cd workloads/$(subst :,/,$*); \ - $(BUILDER) build --build-arg=REGISTRY=$(REGISTRY) --build-arg=TAG=$(TAG) \ - --load -t $(REGISTRY)/$(subst :,/,$*):$(TAG) -f Dockerfile . + $(BUILDER) build --builder $(MACHINE) --platform="$(TARGET_PLATFORMS)" \ + --build-arg=REGISTRY=$(REGISTRY) --build-arg=TAG=$(TAG) \ + $(ACTION) -t $(REGISTRY)/$(subst :,/,$*):$(TAG) -f Dockerfile . -build-tool-%: +build-tool-%: buildx-machine cd tools/$(subst :,/,$*); \ - $(BUILDER) build --build-arg=REGISTRY=$(REGISTRY) --build-arg=TAG=$(TAG) \ - -t $(REGISTRY)/$(subst :,/,$*):$(TAG) -f Dockerfile . + $(BUILDER) build --builder $(MACHINE) --platform="$(TARGET_PLATFORMS)" \ + --build-arg=REGISTRY=$(REGISTRY) --build-arg=TAG=$(TAG) \ + $(ACTION) -t $(REGISTRY)/$(subst :,/,$*):$(TAG) -f Dockerfile . push: $(MAKE) $(addprefix push-workload-, $(WORKLOADS)) $(MAKE) $(addprefix push-tool-, $(TOOLS)) -push-workload-%: build-workload-% - cd workloads/$(subst :,/,$*); \ - $(BUILDER) push $(REGISTRY)/$(subst :,/,$*):$(TAG) +push-workload-%: + ACTION=--push \ + TARGET_PLATFORMS=$(SUPPORTED_PLATFORMS) \ + $(MAKE) build-workload-$(subst :,/,$*) + ifneq ($(TAG),latest) cosign sign --yes "$(REGISTRY)/$(subst :,/,$*):$(TAG)" endif diff --git a/workloads/chromium/Dockerfile b/workloads/chromium/Dockerfile new file mode 100644 index 0000000..7c42b2c --- /dev/null +++ b/workloads/chromium/Dockerfile @@ -0,0 +1,29 @@ +ARG TAG=latest +ARG REGISTRY=ghcr.io/qubesome +FROM ${REGISTRY}/base:${TAG} + +ARG TARGETARCH +RUN zypper -n refresh && \ + zypper -n install -y chromium && \ + zypper -n cc -a && \ + zypper -n rm zypper && \ + rm -rf /tmp/* /var/tmp/* /var/log/* /usr/share/doc/packages/* \ + /usr/lib/sysimage/rpm/* /var/cache/zypp/* \ + /var/log/zypp/* /usr/share/man/* /usr/share/doc/* + +RUN useradd --uid 1000 -m -U chromium && \ + usermod -aG render chromium +RUN mkdir -p /run/user/1000 && \ + chown -R 1000:1000 /run/user/1000 + +USER chromium + +ENV FONTCONFIG_PATH=/etc/fonts + +VOLUME /home/chromium/.config/ +VOLUME /run/user/1000/ + +LABEL org.opencontainers.image.source="https://github.com/qubesome/workload-images" \ + org.opencontainers.image.ref.name="chromium" \ + org.opencontainers.image.title="qubesome chromium workload" \ + org.opencontainers.image.description="Google chromium browser for qubesome."