Multi Architecture images

.github/scripts/free-disk-space.sh

@@ -33,6 +33,7 @@ dpkg-query -Wf '${Installed-Size}\t${Package}\n' | sort -n | tail -n 100
 df -h
 
 echo "Removing large packages"
+sudo apt-get remove -y 'humanity-icon-theme'
 sudo apt-get remove -y '^dotnet-.*'
 sudo apt-get remove -y 'php.*'
 sudo apt-get remove -y '^mongodb-.*'

.github/workflows/docker.yml

@@ -45,7 +45,7 @@ on:
         type: string
 
 jobs:
-  container-build-and-push:
+  input-summary:
     runs-on: ubuntu-latest
     steps:
       - name: Inputs
@@ -62,6 +62,20 @@ jobs:
           echo "| registry | ${{ inputs.registry }} |" >> $GITHUB_STEP_SUMMARY
           echo "| registry-org-name | ${{ inputs.registry-org-name }} |" >> $GITHUB_STEP_SUMMARY
 
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
+    steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
       - name: Checkout
         uses: actions/checkout@v4
 
@@ -79,7 +93,7 @@ jobs:
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: ${{ inputs.registry }}/${{ inputs.registry-org-name }}/${{inputs.name}}
+          images: ${{ inputs.registry }}/${{ inputs.registry-org-name }}/${{ inputs.name }}
           tags: |
             type=ref,suffix=${{ inputs.tag-suffix }},event=branch
             type=ref,suffix=${{ inputs.tag-suffix }},event=pr
@@ -100,11 +114,27 @@ jobs:
           build-args: |
             ${{ inputs.build-args }}
             NEXT_PUBLIC_PRIVY_APP_ID=${{ secrets.NEXT_PUBLIC_PRIVY_APP_ID }}
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
+            # push: true
+          platforms: ${{ matrix.platform }}
+            # tags: ${{ steps.meta.outputs.tags }}
           context: ${{ inputs.context }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+          outputs: type=image,name=${{ inputs.registry }}/${{ inputs.registry-org-name }}/${{ inputs.name }},push-by-digest=true,name-canonical=true,push=true
+
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build-and-push.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ inputs.name }}-${{ inputs.tag-suffix }}-${{ env.PLATFORM_PAIR }}
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
 
       - name: Image output
         id: docker-build-and-push-outputs
@@ -121,6 +151,7 @@ jobs:
         id: deploy-to-ecs
         if: >-
           ${{
+            matrix.platform == 'linux/amd64' &&
             github.ref_name == 'main' &&
             (
               inputs.name == 'backend' ||
@@ -132,4 +163,47 @@ jobs:
         env:
           GH_TOKEN: ${{ github.token }}
         run: |
-          gh workflow run 'Deploy to ECS' -f "image=${{ steps.docker-build-and-push-outputs.outputs.IMAGE }}" -f "container=${{ inputs.name }}" -f "environment=${{ inputs.deploy-environment }}"
+          gh workflow run 'Deploy to ECS' -f "image=${{ steps.docker-build-and-push-outputs.outputs.IMAGE }}" -f "container=${{ inputs.name }}" -f "environment=${{ inputs.deploy-environment }}"
+
+  merge:
+    runs-on: ubuntu-latest
+    needs:
+      - build
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: /tmp/digests
+          pattern: digests-${{ inputs.name }}-${{ inputs.tag-suffix }}-*
+          merge-multiple: true
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ inputs.registry }}/${{ inputs.registry-org-name }}/${{ inputs.name }}
+          tags: |
+            type=ref,suffix=${{ inputs.tag-suffix }},event=branch
+            type=ref,suffix=${{ inputs.tag-suffix }},event=pr
+            type=ref,suffix=${{ inputs.tag-suffix }},event=tag
+            type=sha,suffix=${{ inputs.tag-suffix }}
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ inputs.registry }}
+          username: ${{ secrets.LABDAO_QUAY_USERNAME }}
+          password: ${{ secrets.LABDAO_QUAY_PASSWORD }}
+
+      - name: Create manifest list and push
+        working-directory: /tmp/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ inputs.registry }}/${{ inputs.registry-org-name }}/${{ inputs.name }}@sha256:%s ' *)
+
+      - name: Inspect image
+        run: |
+          docker buildx imagetools inspect ${{ inputs.registry }}/${{ inputs.registry-org-name }}/${{ inputs.name }}:${{ steps.meta.outputs.version }}

docker/images/ipfs/Dockerfile

@@ -1,4 +1,33 @@
 ARG IPFS_VERSION=0.18.0
+FROM golang:1.19.1-buster AS builder
+
+ARG IPFS_VERSION=0.18.0
+ARG IPFS_DS_S3_PLUGIN_VERSION=latest
+ARG IPFS_HEALTHCHECK_PLUGIN_VERSION=latest
+
+WORKDIR /
+
+# Kubo build process
+# See details: https://github.com/ipfs/go-ds-s3
+ENV GO111MODULE on
+ENV GOPROXY direct
+
+# We clone Kubo source code
+RUN git clone --depth 1 -b v${IPFS_VERSION} https://github.com/ipfs/kubo
+ENV SRC_DIR /kubo
+
+# Move to kubo folder
+WORKDIR $SRC_DIR
+
+# Install the plugin and build ipfs
+RUN go get github.com/ceramicnetwork/go-ipfs-healthcheck/plugin@${IPFS_HEALTHCHECK_PLUGIN_VERSION}
+RUN echo "\nhealthcheck github.com/ceramicnetwork/go-ipfs-healthcheck/plugin 0" >> plugin/loader/preload_list
+RUN go get github.com/3box/go-ds-s3/plugin@${IPFS_DS_S3_PLUGIN_VERSION}
+RUN echo "\ns3ds github.com/3box/go-ds-s3/plugin 0" >> plugin/loader/preload_list
+RUN make build
+RUN go mod tidy
+RUN CGO_ENABLED=0 make build
+RUN make install
 
 # IPFS container with all the utilities
 FROM ipfs/kubo:v${IPFS_VERSION} AS ipfs-with-utils
@@ -16,42 +45,13 @@ COPY container-init.d container-init.d
 RUN chown ipfs: /container-init.d/*.sh
 RUN chown ipfs: /data/ipfs
 
-# Copy custom IPFS binary with s3ds and healthcheck plugin
-COPY --from=ceramicnetwork/go-ipfs-daemon:daaf07a9dbd007a3a6378f34f2a404992ade5e93 /usr/local/bin/ipfs /usr/local/bin/ipfs
-
 USER ipfs
 
-FROM scratch
+# Final IPFS container with custom IPFS binary and utils
+FROM ipfs-with-utils
+ENV SRC_DIR /kubo
 
-COPY --from=ipfs-with-utils / /
+# We copy the new binaries we built in the 'builder' stage (--from=builder)
+COPY --from=builder $SRC_DIR/cmd/ipfs/ipfs /usr/local/bin/ipfs
 
-# Swarm TCP; should be exposed to the public
-EXPOSE 4001
-# Swarm UDP; should be exposed to the public
-EXPOSE 4001/udp
-# Daemon API; must not be exposed publicly but to client services under you control
-EXPOSE 5001
-# Web Gateway; can be exposed publicly with a proxy, e.g. as https://ipfs.example.org
-EXPOSE 8080
-# Swarm Websockets; must be exposed publicly when the node is listening using the websocket transport (/ipX/.../tcp/8081/ws).
-EXPOSE 8081
-
-ENV IPFS_PATH /data/ipfs
-
-ENV IPFS_PROFILE "server"
-
-# The default logging level
-ENV IPFS_LOGGING ""
-
-# This just makes sure that:
-# 1. There's an fs-repo, and initializes one if there isn't.
-# 2. The API and Gateway are accessible from outside the container.
-ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/start_ipfs"]
-
-# Healthcheck for the container
-# QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn is the CID of empty folder
-HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
-  CMD ipfs dag stat /ipfs/QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn || exit 1
-
-# Execute the daemon subcommand by default
-CMD ["daemon", "--migrate=true", "--agent-version-suffix=docker"]
+USER ipfs