generate multiarch images for non-architecture tags

2026-05-28 04:34:11 -04:00 · 2023-02-13 21:09:18 -05:00 · 2023-02-13 21:09:18 -05:00 · 43e89aee00
commit 43e89aee00
parent 23090198bf
3 changed files with 58 additions and 26 deletions
--- a/.azure-pipelines/templates/stages/deploy-stage.yml
+++ b/.azure-pipelines/templates/stages/deploy-stage.yml
@ -11,7 +11,7 @@ stages:
      - template: ../jobs/snap-deploy-job.yml
        parameters:
          snapReleaseChannel: ${{ parameters.snapReleaseChannel }}
-      - job: publish_docker
+      - job: publish_docker_by_arch
        pool:
          vmImage: ubuntu-22.04
        strategy:
@ -51,4 +51,10 @@ stages:
              containerRegistry: docker-hub
            displayName: Login to Docker Hub
          - bash: set -e && tools/docker/deploy.sh $(dockerTag) $DOCKER_ARCH
-            displayName: Deploy the Docker images
+            displayName: Deploy the Docker images by architecture
+      - job: publish_docker_multiarch
+        pool:
+          vmImage: ubuntu-22.04
+        steps:
+          - bash: set -e && tools/docker/deploy_multiarch.sh $(dockerTag)
+            displayName: Deploy the Docker multiarch manifests
--- a/tools/docker/deploy.sh
+++ b/tools/docker/deploy.sh
@ -21,25 +21,25 @@ fi
 source "$WORK_DIR/lib/common"
 ParseRequestedArch "${2}"

+
+
+
 # Creates and pushes all Docker images aliases for the requested architectures
 # set in the environment variable ALL_REQUESTED_ARCH.  If the value of the
 # global variable TAG_BASE is a 2.0.0 or greater version tag such as v2.1.0,
-# the "latest" tag is also updated. Tags without the architecture part are also
-# created for the default architecture.
-# As an example, for amd64 (the default architecture) and the tag v0.35.0, the
-# following tags would be created:
-#  - certbot/certbot:v0.35.0
-#  - certbot/certbot:latest
-#  - certbot/certbot:amd64-latest
-# For the architecture arm32v6 and the tag v0.35.0, only the following tag
-# would be created:
-#  - certbot/certbot:arm32v6-latest
-# For other tags such as "nightly", aliases are only created for the default
-# architecture where the tag "nightly" would be used without an architecture
-# part.
+# tags for "latest" are also created. Tags such as "nightly" do not recieve 
+# "latest" tags.
+# As an example, for the tag v2.2.0 and the default set of all target 
+# architectures, the following tags would be created:
+#  - certbot/certbot:amd64-v2.2.0       <- image
+#  - certbot/certbot:arm32v6-v2.2.0     <- image
+#  - certbot/certbot:arm64v8-v2.2.0     <- image
+#  - certbot/certbot:amd64-latest       <- image
+#  - certbot/certbot:arm32v6-latest     <- image
+#  - certbot/certbot:arm64v8-latest     <- image
 # Usage: TagAndPushForAllRequestedArch [IMAGE NAME]
 #   where [IMAGE NAME] is the name of the Docker image in the Docker repository
-#   such as "certbot" or "dns-cloudflare".
+#   such as "certbot" or "dns-cloudflare". 
 # Read globals:
 # * TAG_BASE
 # * ALL_REQUESTED_ARCH
@ -51,19 +51,9 @@ TagAndPushForAllRequestedArch() {
        # added them, we haven't had another timeout, so until we experience
        # another timeout & can get the deubg logs, we're leaving them in.
        docker --debug push "${DOCKER_REPO}:${TARGET_ARCH}-${TAG_BASE}"
-
-        # If TAG_BASE is a valid tag for version 2.0.0 or greater
        if [[ "${TAG_BASE}" =~ ^v([2-9]|[1-9][0-9]+)\.[0-9]+\.[0-9]+$ ]]; then
            docker tag "${DOCKER_REPO}:${TARGET_ARCH}-${TAG_BASE}" "${DOCKER_REPO}:${TARGET_ARCH}-latest"
            docker --debug push "${DOCKER_REPO}:${TARGET_ARCH}-latest"
-            if [ "${TARGET_ARCH}" == "${DEFAULT_ARCH}" ]; then
-                docker tag "${DOCKER_REPO}:${TARGET_ARCH}-${TAG_BASE}" "${DOCKER_REPO}:latest"
-                docker --debug push "${DOCKER_REPO}:latest"
-            fi
-        fi
-        if [ "${TARGET_ARCH}" == "${DEFAULT_ARCH}" ]; then
-            docker tag "${DOCKER_REPO}:${TARGET_ARCH}-${TAG_BASE}" "${DOCKER_REPO}:${TAG_BASE}"
-            docker --debug push "${DOCKER_REPO}:${TAG_BASE}"
        fi
    done
 }
--- a/tools/docker/deploy_multiarch.sh
+++ b/tools/docker/deploy_multiarch.sh
@ -0,0 +1,36 @@
+#!/bin/bash
+set -euxo pipefail
+
+WORK_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
+
+TAG_BASE="$1"  # Eg. v0.35.0 or nightly
+if [ -z "$TAG_BASE" ]; then
+    echo "We cannot tag Docker images with an empty string!" >&2
+    exit 1
+fi
+source "$WORK_DIR/lib/common"
+
+# Creates multiarch manifests for TAG_BASE, and 'latest' if TAG_BASE > 2.0.0
+#  - certbot/certbot:v2.2.0             <- multiarch manifest 
+#  - certbot/certbot:latest             <- multiarch manifest
+MakeMultiarchManifestForAllTargetArch() {
+    DOCKER_REPO="${DOCKER_HUB_ORG}/${1}"
+    SRC_IMAGES=""
+    for TARGET_ARCH in "${ALL_TARGET_ARCH[@]}"; do
+        SRC_IMAGES+=" ${DOCKER_REPO}:${TARGET_ARCH}-${TAG_BASE}"
+    done
+    echo ${SRC_IMAGES}
+    docker buildx imagetools create -t ${DOCKER_REPO}:${TAG_BASE}${SRC_IMAGES}
+    if [[ "${TAG_BASE}" =~ ^v([2-9]|[1-9][0-9]+)\.[0-9]+\.[0-9]+$ ]]; then
+        docker buildx imagetools create -t "${DOCKER_REPO}:latest" "${SRC_IMAGES}"
+    fi
+}
+
+
+# Step 1: Certbot core Docker
+MakeMultiarchManifestForAllTargetArch "certbot"
+
+# Step 2: Certbot DNS plugins Docker images
+for plugin in "${CERTBOT_PLUGINS[@]}"; do
+    MakeMultiarchManifestForAllTargetArch "${plugin}"
+done