docker/kea: kea 2.3

hanazuki · hanazuki · commit ec40b931cf0c · 2023-04-26T15:41:43.000Z
diff --git a/.github/workflows/docker-kea.jsonnet b/.github/workflows/docker-kea.jsonnet
@@ -1,74 +1 @@
-{
-  name: 'docker-kea',
-  on: {
-    push: {
-      branches: ['master', 'test'],
-      paths: ['docker/kea/**'],
-    },
-  },
-  jobs: {
-    build: {
-      name: 'build',
-      'runs-on': 'ubuntu-latest',
-      permissions: { 'id-token': 'write', contents: 'read' },
-      steps: [
-        { uses: 'actions/checkout@v3' },
-        {
-          name: 'setup docker multiarch',
-          run: |||
-            mkdir -p ~/.docker
-            sudo docker run --rm --privileged multiarch/qemu-user-static --reset --persistent yes --credential yes
-          |||,
-        },
-
-
-        {
-          uses: 'actions-rs/toolchain@v1',
-          with: {
-            profile: 'minimal',
-            toolchain: 'stable',
-            target: 'aarch64-unknown-linux-gnu',
-          },
-        },
-        {
-          uses: 'actions-rs/cargo@v1',
-          with: {
-            'use-cross': true,
-            command: 'build',
-            args: '--release --locked --manifest-path docker/kea/healthz/Cargo.toml --target aarch64-unknown-linux-gnu',
-          },
-        },
-
-
-        {
-          uses: 'docker/setup-buildx-action@v2',
-          with: { install: true },
-        },
-        {
-          uses: 'aws-actions/configure-aws-credentials@v1',
-          with: {
-            'aws-region': 'ap-northeast-1',
-            'role-to-assume': 'arn:aws:iam::005216166247:role/GhaDockerPush',
-            'role-skip-session-tagging': true,
-          },
-        },
-        {
-          uses: 'aws-actions/amazon-ecr-login@v1',
-          id: 'login-ecr',
-        },
-        {
-          uses: 'docker/build-push-action@v3',
-          with: {
-            context: 'docker/kea',
-            platforms: std.join(',', ['linux/arm64']),
-            tags: std.join(',', [
-              '${{ steps.login-ecr.outputs.registry }}/kea:${{ github.sha }}',
-              '${{ steps.login-ecr.outputs.registry }}/kea:latest',
-            ]),
-            push: true,
-          },
-        },
-      ],
-    },
-  },
-}
+(import './docker-build-simple.libsonnet')('kea')
diff --git a/.github/workflows/docker-kea.yml b/.github/workflows/docker-kea.yml
@@ -9,33 +9,10 @@
          "runs-on": "ubuntu-latest",
          "steps": [
             {
-               "uses": "actions/checkout@v3"
+               "uses": "docker/setup-qemu-action@v2"
             },
             {
-               "name": "setup docker multiarch",
-               "run": "mkdir -p ~/.docker\nsudo docker run --rm --privileged multiarch/qemu-user-static --reset --persistent yes --credential yes\n"
-            },
-            {
-               "uses": "actions-rs/toolchain@v1",
-               "with": {
-                  "profile": "minimal",
-                  "target": "aarch64-unknown-linux-gnu",
-                  "toolchain": "stable"
-               }
-            },
-            {
-               "uses": "actions-rs/cargo@v1",
-               "with": {
-                  "args": "--release --locked --manifest-path docker/kea/healthz/Cargo.toml --target aarch64-unknown-linux-gnu",
-                  "command": "build",
-                  "use-cross": true
-               }
-            },
-            {
-               "uses": "docker/setup-buildx-action@v2",
-               "with": {
-                  "install": true
-               }
+               "uses": "docker/setup-buildx-action@v2"
             },
             {
                "uses": "aws-actions/configure-aws-credentials@v1",
@@ -52,7 +29,7 @@
             {
                "uses": "docker/build-push-action@v3",
                "with": {
-                  "context": "docker/kea",
+                  "context": "{{defaultContext}}:docker/kea",
                   "platforms": "linux/arm64",
                   "push": true,
                   "tags": "${{ steps.login-ecr.outputs.registry }}/kea:${{ github.sha }},${{ steps.login-ecr.outputs.registry }}/kea:latest"
@@ -69,7 +46,8 @@
             "test"
          ],
          "paths": [
-            "docker/kea/**"
+            "docker/kea/**",
+            ".github/workflows/docker-kea.yml"
          ]
       }
    }
diff --git a/kea/Dockerfile b/kea/Dockerfile
@@ -1,38 +1,82 @@
-FROM public.ecr.aws/ubuntu/ubuntu:22.04 as config
-RUN apt-get update && apt-get install -y jsonnet
+# syntax=docker/dockerfile:1
+
+ARG BASE=public.ecr.aws/ubuntu/ubuntu:22.04
+
+# `~` is mangled as `.`
+ARG KEA_VERSION=2.3.6-1.rk1.jammy
+
+###
+
+FROM --platform=$BUILDPLATFORM public.ecr.aws/docker/library/rust:1.69-slim-bullseye as build
+RUN rustup target add aarch64-unknown-linux-gnu
+RUN apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y \
+      gcc-aarch64-linux-gnu
+
+WORKDIR /build/healthz
+COPY healthz/ ./
+
+RUN --mount=type=cache,target=/usr/local/cargo/registry \
+    --mount=type=cache,target=/build/healthz/target \
+    CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc \
+    cargo install --path . --root /app --locked --target=aarch64-unknown-linux-gnu
+
+###
+
+FROM --platform=$BUILDPLATFORM $BASE as config
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y jsonnet
 WORKDIR /app
 COPY kea-ctrl-agent.jsonnet /tmp/
 RUN jsonnet /tmp/kea-ctrl-agent.jsonnet > /app/kea-ctrl-agent.json
 
-FROM public.ecr.aws/ubuntu/ubuntu:22.04
+###
+
+FROM --platform=$BUILDPLATFORM $BASE as download
+
+RUN apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y \
+      curl \
+      ca-certificates
+
+ARG KEA_VERSION
+
+WORKDIR /download
+RUN curl -SsfL --remote-name-all \
+    https://github.com/hanazuki/isc-kea.deb/releases/download/debian%2F2.3.6-1_rk1_jammy/{kea-admin_${KEA_VERSION}_arm64.deb,kea-common_${KEA_VERSION}_arm64.deb,kea-ctrl-agent_${KEA_VERSION}_arm64.deb,kea-dhcp4-server_${KEA_VERSION}_arm64.deb} \
+    https://sorah-pkg.s3.dualstack.ap-northeast-1.amazonaws.com/misc/isc-stork-agent_1.5.0.220824140136_arm64.deb
+
+RUN sha384sum -c --strict <<EOF
+3da15d37c3edbaf670400c4221a7d116ebc306c4c573d3f3a6b8ace2ec1fb3782194b118c37a803b6696aa0340f45b17  kea-admin_2.3.6-1.rk1.jammy_arm64.deb
+8d4fadc507ce3a98199dceefd71f2da689cab40aa97753bdfb0f2facff0f5c734b968d86809c666dea5f01ec35eb04ac  kea-common_2.3.6-1.rk1.jammy_arm64.deb
+a735a6e6102defd5fadb20900fb92bbd769368c5c211be3f0f0e9ccab29d2d6e69ad65dd46fed22a016ed0b5a2e74c90  kea-ctrl-agent_2.3.6-1.rk1.jammy_arm64.deb
+525e1ba2c96929ce32385d4c240a43ce7c4daf96023810d167b9204ba680517e8557896d40ab1d387de996fce7a84e68  kea-dhcp4-server_2.3.6-1.rk1.jammy_arm64.deb
+1e8b67f2afe4404ea3091cbef14e93a23186633a3d571f9cb141d162350d2fe6235d7679e89bed5c2235433f203d706d  isc-stork-agent_1.5.0.220824140136_arm64.deb
+EOF
+
+###
+
+FROM $BASE
 
 RUN mkdir -p /run/kea /app
 VOLUME /run/kea
 
-RUN apt-get update && apt-get install -y \
+ARG KEA_VERSION
+
+RUN --mount=type=bind,from=download,src=/download,dst=/download \
+    apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y \
       ca-certificates \
       dumb-init \
       ruby3.0 \
       iproute2 \
-      curl \
+      /download/*.deb \
     && apt-get clean && rm -rf /var/lib/apt/lists/*
 
-ARG KEA_VERSION=2.0.2-1
-RUN apt-get update && apt-get install -y --no-install-recommends \
-      kea-dhcp4-server=${KEA_VERSION} \
-      kea-admin=${KEA_VERSION} \
-      kea-ctrl-agent=${KEA_VERSION} \
-    && apt-get clean && rm -rf /var/lib/apt/lists/*
-
-RUN curl -Ssf -o /tmp/stork.deb 'https://sorah-pkg.s3.dualstack.ap-northeast-1.amazonaws.com/misc/isc-stork-agent_1.5.0.220824140136_arm64.deb' \
- && ( echo '1e8b67f2afe4404ea3091cbef14e93a23186633a3d571f9cb141d162350d2fe6235d7679e89bed5c2235433f203d706d /tmp/stork.deb' | sha384sum -c --strict ) \
- && dpkg -i /tmp/stork.deb && rm /tmp/stork.deb
-COPY healthz/target/aarch64-unknown-linux-gnu/release/healthz /app/healthzd
-
+COPY --from=build /app/bin/healthz /app/healthzd
 COPY run.sh /app/run.sh
 COPY choose_dhcp_server_id.rb /app/choose_dhcp_server_id.rb
 COPY --from=config /app/kea-ctrl-agent.json /app/kea-ctrl-agent.json
 
-RUN kea-ctrl-agent -t /app/kea-ctrl-agent.json 
+RUN kea-ctrl-agent -t /app/kea-ctrl-agent.json
 
 CMD /app/run.sh
