Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[1.15] Add more image build jobs #598

Merged
merged 1 commit into from
Feb 5, 2025
Merged

[1.15] Add more image build jobs #598

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
161 changes: 118 additions & 43 deletions .gitlab-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,99 +2,174 @@ stages:
- trigger
- build

default:
tags: ["arch:amd64"]
image: registry.ddbuild.io/images/docker:24.0.4-gbi-focal

variables:
CI_DOCKER_IMAGE: registry.ddbuild.io/images/docker:24.0.4-gbi-focal
DOCKER_CTX: "."
DOCKER_BUILD_ARGS: ""

ALPINE_IMAGE: registry.ddbuild.io/images/mirror/library/alpine:3.19.6@sha256:6380aa6b04faa579332d4c9d1f65bd7093012ba6e01d9bbcd5e2d8a4f9fae38f
BASE_IMAGE: registry.ddbuild.io/images/base/gbi-distroless:release
CILIUM_BPFTOOL_IMAGE: registry.ddbuild.io/images/mirror/cilium/cilium-bpftool:0db3a73729ceb42e947d826bb96a655be79e5317@sha256:de23c9546c4eafab33f75d6f5d129947bbbafc132dbd113c0cecc9a61929e6b0
CILIUM_BUILDER_IMAGE: registry.ddbuild.io/images/mirror/cilium/cilium-builder:28af50e6eba2a75cfc2479fd09a086b750dabd2d@sha256:8698148b447871c87217b4ac5b94926bf4c2493e896ce0abe752f46a17c725fb
CILIUM_ENVOY_IMAGE: registry.ddbuild.io/images/mirror/cilium/cilium-envoy:v1.30.9-1734953328-6db0e437ba7ed2169f032ceec25922dd06e0b12b@sha256:5c6d21a908235b697e41951d7aa59cc250642b5b54827e8d13e1bdd345a139f9
CILIUM_IPTABLES_IMAGE: registry.ddbuild.io/images/mirror/cilium/iptables:67f517af50e18f64cd12625021f1c39246bb4f92@sha256:d075f03e89aacf51908346ec8ed5d251b8d3ad528ce30a710fcd074cdf91f11d
CILIUM_LLVM_IMAGE: registry.ddbuild.io/images/mirror/cilium/cilium-llvm:a8c542efc076b62ba683e7699c0013adb6955f0f@sha256:38e8941107bd19eb30bdde6e478760a22325f38d1f2771dfd1b9af81d74235e7
FIPS_BASE_IMAGE: registry.ddbuild.io/images/base/gbi-ubuntu_2204-fips:release
GOLANG_IMAGE: registry.ddbuild.io/images/mirror/library/golang:1.22.10@sha256:7761eeedd113a5751a7e1c135c89c4656a661ad73065dd09035ed3770b063c19
TESTER_IMAGE: registry.ddbuild.io/images/mirror/cilium/image-tester:dd09c8d3ef349a909fbcdc99279516baef153f22@sha256:c056d064cb47c97acd607343db5457e1d49d9338d6d8a87e93e23cc93f052c73
UBUNTU_IMAGE: registry.ddbuild.io/images/base/gbi-ubuntu_2204:release

# Force git to remove any reference to the local disk copy of the repository
before_script:
- git repack -a -d && rm -f .git/objects/info/alternates

.build-docker-image: &build-docker-image
.build-docker-image:
stage: build
image: $CI_DOCKER_IMAGE
tags: ["arch:arm64"]
rules:
# Run the pipeline for all pushed tags + triggered pipelines
- if: $CI_COMMIT_TAG
- if: $CI_PIPELINE_SOURCE == "pipeline"
id_tokens:
DDSIGN_ID_TOKEN:
aud: image-integrity
script:
- .gitlab/build-image.sh
script: .gitlab/build-image.sh

build-docker-image-operator:
<<: *build-docker-image
cilium-operator:
extends: .build-docker-image
variables:
IMAGE_NAME: cilium-operator
DOCKERFILE_PATH: images/operator/Dockerfile
DOCKER_BUILD_ARGS: |
OPERATOR_VARIANT=operator
BASE_IMAGE=registry.ddbuild.io/images/base/gbi-distroless:release
GOLANG_IMAGE=registry.ddbuild.io/images/mirror/library/golang:1.22.10@sha256:7761eeedd113a5751a7e1c135c89c4656a661ad73065dd09035ed3770b063c19
ALPINE_IMAGE=registry.ddbuild.io/images/mirror/library/alpine:3.19.6@sha256:6380aa6b04faa579332d4c9d1f65bd7093012ba6e01d9bbcd5e2d8a4f9fae38f
CILIUM_BUILDER_IMAGE=registry.ddbuild.io/images/mirror/cilium/cilium-builder:28af50e6eba2a75cfc2479fd09a086b750dabd2d@sha256:8698148b447871c87217b4ac5b94926bf4c2493e896ce0abe752f46a17c725fb
BASE_IMAGE=$BASE_IMAGE
GOLANG_IMAGE=$GOLANG_IMAGE
ALPINE_IMAGE=$ALPINE_IMAGE
CILIUM_BUILDER_IMAGE=$CILIUM_BUILDER_IMAGE
TARGET: release

build-docker-image-runtime:
<<: *build-docker-image
cilium-operator-fips:
extends: .build-docker-image
variables:
DOCKERFILE_PATH: images/operator/Dockerfile
DOCKER_BUILD_ARGS: |
OPERATOR_VARIANT=operator
BASE_IMAGE=$FIPS_BASE_IMAGE
GOLANG_IMAGE=$GOLANG_IMAGE
ALPINE_IMAGE=$ALPINE_IMAGE
CILIUM_BUILDER_IMAGE=$CILIUM_BUILDER_IMAGE
TARGET: release

cilium-operator-generic:
extends: .build-docker-image
variables:
DOCKERFILE_PATH: images/operator/Dockerfile
DOCKER_BUILD_ARGS: |
OPERATOR_VARIANT=operator-generic
BASE_IMAGE=$BASE_IMAGE
GOLANG_IMAGE=$GOLANG_IMAGE
ALPINE_IMAGE=$ALPINE_IMAGE
CILIUM_BUILDER_IMAGE=$CILIUM_BUILDER_IMAGE
TARGET: release

cilium-operator-aws:
extends: .build-docker-image
variables:
DOCKERFILE_PATH: images/operator/Dockerfile
DOCKER_BUILD_ARGS: |
OPERATOR_VARIANT=operator-aws
BASE_IMAGE=$BASE_IMAGE
GOLANG_IMAGE=$GOLANG_IMAGE
ALPINE_IMAGE=$ALPINE_IMAGE
CILIUM_BUILDER_IMAGE=$CILIUM_BUILDER_IMAGE
TARGET: release

cilium-operator-aws-fips:
extends: .build-docker-image
variables:
DOCKERFILE_PATH: images/operator/Dockerfile
DOCKER_BUILD_ARGS: |
OPERATOR_VARIANT=operator-aws
BASE_IMAGE=$FIPS_BASE_IMAGE
GOLANG_IMAGE=$GOLANG_IMAGE
ALPINE_IMAGE=$ALPINE_IMAGE
CILIUM_BUILDER_IMAGE=$CILIUM_BUILDER_IMAGE
TARGET: release

cilium-operator-azure:
extends: .build-docker-image
variables:
DOCKERFILE_PATH: images/operator/Dockerfile
DOCKER_BUILD_ARGS: |
OPERATOR_VARIANT=operator-azure
BASE_IMAGE=$BASE_IMAGE
GOLANG_IMAGE=$GOLANG_IMAGE
ALPINE_IMAGE=$ALPINE_IMAGE
CILIUM_BUILDER_IMAGE=$CILIUM_BUILDER_IMAGE
TARGET: release

cilium-runtime:
extends: .build-docker-image
variables:
IMAGE_NAME: cilium-runtime
DOCKERFILE_PATH: images/runtime/Dockerfile
DOCKER_BUILD_ARGS: |
TESTER_IMAGE=registry.ddbuild.io/images/mirror/cilium/image-tester:dd09c8d3ef349a909fbcdc99279516baef153f22@sha256:c056d064cb47c97acd607343db5457e1d49d9338d6d8a87e93e23cc93f052c73
GOLANG_IMAGE=registry.ddbuild.io/images/mirror/library/golang:1.22.10@sha256:7761eeedd113a5751a7e1c135c89c4656a661ad73065dd09035ed3770b063c19
UBUNTU_IMAGE=registry.ddbuild.io/images/base/gbi-ubuntu_2204:release
CILIUM_LLVM_IMAGE=registry.ddbuild.io/images/mirror/cilium/cilium-llvm:a8c542efc076b62ba683e7699c0013adb6955f0f@sha256:38e8941107bd19eb30bdde6e478760a22325f38d1f2771dfd1b9af81d74235e7
CILIUM_BPFTOOL_IMAGE=registry.ddbuild.io/images/mirror/cilium/cilium-bpftool:0db3a73729ceb42e947d826bb96a655be79e5317@sha256:de23c9546c4eafab33f75d6f5d129947bbbafc132dbd113c0cecc9a61929e6b0
CILIUM_IPTABLES_IMAGE=registry.ddbuild.io/images/mirror/cilium/iptables:67f517af50e18f64cd12625021f1c39246bb4f92@sha256:d075f03e89aacf51908346ec8ed5d251b8d3ad528ce30a710fcd074cdf91f11d
TESTER_IMAGE=$TESTER_IMAGE
GOLANG_IMAGE=$GOLANG_IMAGE
UBUNTU_IMAGE=$UBUNTU_IMAGE
CILIUM_LLVM_IMAGE=$CILIUM_LLVM_IMAGE
CILIUM_BPFTOOL_IMAGE=$CILIUM_BPFTOOL_IMAGE
CILIUM_IPTABLES_IMAGE=$CILIUM_IPTABLES_IMAGE
DOCKER_CTX: "./images/runtime"

# Caveats:
# * The build image is single-arch amd64 and we're doing cross-compilation, so the dlv copy is only valid on amd64. In
# other words, the arm64 image does not work.
build-docker-image-cilium:
<<: *build-docker-image
cilium:
extends: .build-docker-image
needs:
# The cilium image depends on the runtime image
- build-docker-image-runtime
- cilium-runtime
variables:
IMAGE_NAME: cilium
DOCKERFILE_PATH: images/cilium/Dockerfile
DOCKER_BUILD_ARGS: |
CILIUM_BUILDER_IMAGE=registry.ddbuild.io/images/mirror/cilium/cilium-builder:28af50e6eba2a75cfc2479fd09a086b750dabd2d@sha256:8698148b447871c87217b4ac5b94926bf4c2493e896ce0abe752f46a17c725fb
CILIUM_ENVOY_IMAGE=registry.ddbuild.io/images/mirror/cilium/cilium-envoy:v1.30.9-1734953328-6db0e437ba7ed2169f032ceec25922dd06e0b12b@sha256:5c6d21a908235b697e41951d7aa59cc250642b5b54827e8d13e1bdd345a139f9
CILIUM_BUILDER_IMAGE=$CILIUM_BUILDER_IMAGE
CILIUM_ENVOY_IMAGE=$CILIUM_ENVOY_IMAGE
TARGET: release
NOSTRIP: 0

build-docker-image-hubble-relay:
<<: *build-docker-image
hubble-relay:
extends: .build-docker-image
variables:
IMAGE_NAME: hubble-relay
DOCKERFILE_PATH: images/hubble-relay/Dockerfile
DOCKER_BUILD_ARGS: |
BASE_IMAGE=registry.ddbuild.io/images/base/gbi-distroless:release
GOLANG_IMAGE=registry.ddbuild.io/images/mirror/library/golang:1.22.10@sha256:7761eeedd113a5751a7e1c135c89c4656a661ad73065dd09035ed3770b063c19
CILIUM_BUILDER_IMAGE=registry.ddbuild.io/images/mirror/cilium/cilium-builder:28af50e6eba2a75cfc2479fd09a086b750dabd2d@sha256:8698148b447871c87217b4ac5b94926bf4c2493e896ce0abe752f46a17c725fb
BASE_IMAGE=$BASE_IMAGE
GOLANG_IMAGE=$GOLANG_IMAGE
CILIUM_BUILDER_IMAGE=$CILIUM_BUILDER_IMAGE
TARGET: release

# This job is a duplicate of the clustermesh-apiserver one
# We keep it until we replaced all image references from kvstoremesh to clustermesh-apiserver
kvstoremesh:
extends: .build-docker-image
variables:
DOCKERFILE_PATH: images/clustermesh-apiserver/Dockerfile
DOCKER_BUILD_ARGS: |
BASE_IMAGE=$BASE_IMAGE
GOLANG_IMAGE=$GOLANG_IMAGE
TARGET: release

build-docker-image-clustermesh-apiserver:
<<: *build-docker-image
cilium-clustermesh-apiserver:
extends: .build-docker-image
variables:
IMAGE_NAME: kvstoremesh
DOCKERFILE_PATH: images/clustermesh-apiserver/Dockerfile
DOCKER_BUILD_ARGS: |
BASE_IMAGE=registry.ddbuild.io/images/base/gbi-distroless:release
GOLANG_IMAGE=registry.ddbuild.io/images/mirror/library/golang:1.22.10@sha256:7761eeedd113a5751a7e1c135c89c4656a661ad73065dd09035ed3770b063c19
BASE_IMAGE=$BASE_IMAGE
GOLANG_IMAGE=$GOLANG_IMAGE
TARGET: release

trigger-builds:
stage: trigger
image: $CI_DOCKER_IMAGE
tags: ["arch:arm64"]
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
script:
- .gitlab/trigger-builds.sh
script: .gitlab/trigger-builds.sh
6 changes: 3 additions & 3 deletions .gitlab/build-image.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ IMAGE_TAG="$CI_COMMIT_TAG"
if [ "$TARGET" = "debug" ]; then
IMAGE_TAG="${IMAGE_TAG}-debug"
fi
IMAGE_REF="registry.ddbuild.io/$IMAGE_NAME:$IMAGE_TAG"
IMAGE_REF="registry.ddbuild.io/$CI_JOB_NAME:$IMAGE_TAG"

# Find the right Cilium Runtime image to use for the main Cilium image build
if [ "$IMAGE_NAME" == "cilium" ]; then
if [ "$CI_JOB_NAME" == "cilium" ]; then
CILIUM_RUNTIME_IMAGE="registry.ddbuild.io/cilium-runtime:$IMAGE_TAG"
BUILD_ARGS+=" --build-arg CILIUM_RUNTIME_IMAGE=$CILIUM_RUNTIME_IMAGE"
fi
Expand All @@ -41,7 +41,7 @@ docker buildx build --platform linux/amd64,linux/arm64 \
ddsign sign "$IMAGE_REF" --docker-metadata-file "$METADATA_FILE"

# Always build the debug version of the Cilium image
if [ "$IMAGE_NAME" == "cilium" ]; then
if [ "$CI_JOB_NAME" == "cilium" ]; then
METADATA_FILE_DEBUG=$(mktemp)
docker buildx build --platform linux/amd64,linux/arm64 \
--tag "$IMAGE_REF"-debug \
Expand Down
Loading