Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

#86 Build plugin and images for multiple architectures #87

Merged
merged 1 commit into from
Feb 15, 2024
Merged

#86 Build plugin and images for multiple architectures #87

merged 1 commit into from
Feb 15, 2024

Conversation

larhauga
Copy link
Contributor

@larhauga larhauga commented Feb 11, 2024
edited

This adds support for building and publishing linux-amd64 and linux-arm64 versions of the plugin.

This fixes #86

See https://github.com/larhauga/opa-docker-authz/actions for example run and https://github.com/larhauga/opa-docker-authz/pkgs/container/opa-docker-authz for published package

I have only gotten this to work by explicitly pinning to the tag edge-linux-arm64/edge-linux-amd64 and I think we can live with this solution in the interim.

Details regarding multi-arch manifest list

When trying to build a manifest list for a multi-arch tag, it does not work, and we get the following error that seems to be coming from here: https://github.com/moby/moby/blob/master/plugin/backend_linux.go#L203

msg="Handler for GET /v1.44/plugins/privileges returned error: did not find plugin config for specified reference ghcr.io/larhauga/opa-docker-authz:edge"
Error response from daemon: did not find plugin config for specified reference ghcr.io/larhauga/opa-docker-authz:edge

I have created a Q&A at the moby repo to get some input on this: moby/moby#47369

The manifests created with docker manifest does not create a manifest usable by the docker plugin system. For future references a custom manifest can be created in the following way:

curl -X PUT -H "Authorization: Bearer $(echo $GITHUB_TOKEN|base64)" -H "Content-Type: application/vnd.docker.distribution.manifest.v2+json" --data @manifest.json https://ghcr.io/v2/${{ github.repository }}/manifests/edge

This is the edge-linux-amd64 manifest.

{
        "schemaVersion": 2,
        "config": {
                "mediaType": "application/vnd.docker.plugin.v1+json",
                "digest": "sha256:f588fb1f8e38f38b53d49c1b79281b36c2ca64b2b16119c1c8c5b6019af7d6c6",
                "size": 836
        },
        "layers": [
                {
                        "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
                        "digest": "sha256:18eeb142bdc5e4d0b518e1b1321fa0a4863b21248ba614e07d4dcd87966e3d31",
                        "size": 13257330
                }
        ],
        "mediaType": "application/vnd.docker.distribution.manifest.v2+json"
}

The :edge manifest:

{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
   "manifests": [
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 419,
         "digest": "sha256:9b40bdeec15886807829ef61be7483bbc556758176944426965220cc2afe0f52",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 419,
         "digest": "sha256:aac32815a31f558589e17ed28deeb500c482d557d9038710f4e84177941d10a1",
         "platform": {
            "architecture": "arm64",
            "os": "linux"
         }
      }
   ]
}

@larhauga larhauga marked this pull request as draft February 11, 2024 14:16
@larhauga larhauga marked this pull request as ready for review February 11, 2024 16:06
anderseknert
anderseknert reviewed Feb 12, 2024
View reviewed changes
Copy link
Member

@anderseknert anderseknert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Just a few nits, but looks good 👍

.github/workflows/pull-request.yaml Show resolved Hide resolved
.github/workflows/main.yaml Outdated Show resolved Hide resolved
@larhauga
build plugin and images for multiple architectures
8f6cd60 
This adds support for building and publishing linux-amd64 and linux-arm64 versions of the plugin.
We only build new tags with os-arch naming since the docker plugin system does not seem
to have support for the manifest type: `application/vnd.docker.distribution.manifest.list.v2+json`.

Signed-off-by: Lars Haugan <lars.haugan@sparebank1.no>
anderseknert
anderseknert approved these changes Feb 15, 2024
View reviewed changes
Copy link
Member

@anderseknert anderseknert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Let's give it a try :)

@anderseknert anderseknert merged commit fa84033 into open-policy-agent:main Feb 15, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anderseknert anderseknert anderseknert approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Build docker images for arm64 architecture
2 participants
@larhauga @anderseknert