Merge pull request #46289 from thaJeztah/24.0_backport_ci-bin-image-repo-origin

[24.0 backport] ci(bin-image): GHA and metadata improvements

.github/workflows/bin-image.yml

@@ -16,10 +16,11 @@ on:
 
 env:
   MOBYBIN_REPO_SLUG: moby/moby-bin
-  PLATFORM: Moby Engine
-  PRODUCT: Moby
-  DEFAULT_PRODUCT_LICENSE: Moby
-  PACKAGER_NAME: Moby
+  DOCKER_GITCOMMIT: ${{ github.sha }}
+  VERSION: ${{ github.ref }}
+  PLATFORM: Moby Engine - Nightly
+  PRODUCT: moby-bin
+  PACKAGER_NAME: The Moby Project
 
 jobs:
   validate-dco:
@@ -104,7 +105,7 @@ jobs:
         uses: docker/setup-buildx-action@v2
       -
         name: Login to Docker Hub
-        if: github.event_name != 'pull_request'
+        if: github.event_name != 'pull_request' && github.repository == 'moby/moby'
         uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_MOBYBIN_USERNAME }}
@@ -113,8 +114,6 @@ jobs:
         name: Build
         id: bake
         uses: docker/bake-action@v3
-        env:
-          DOCKER_GITCOMMIT: ${{ github.sha }}
         with:
           files: |
             ./docker-bake.hcl
@@ -122,18 +121,18 @@ jobs:
           targets: bin-image
           set: |
             *.platform=${{ matrix.platform }}
-            *.output=type=image,name=${{ env.MOBYBIN_REPO_SLUG }},push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }}
+            *.output=type=image,name=${{ env.MOBYBIN_REPO_SLUG }},push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' && github.repository == 'moby/moby' }}
             *.tags=
       -
         name: Export digest
-        if: github.event_name != 'pull_request'
+        if: github.event_name != 'pull_request' && github.repository == 'moby/moby'
         run: |
           mkdir -p /tmp/digests
           digest="${{ fromJSON(steps.bake.outputs.metadata)['bin-image']['containerimage.digest'] }}"
           touch "/tmp/digests/${digest#sha256:}"
       -
         name: Upload digest
-        if: github.event_name != 'pull_request'
+        if: github.event_name != 'pull_request' && github.repository == 'moby/moby'
         uses: actions/upload-artifact@v3
         with:
           name: digests
@@ -143,7 +142,7 @@ jobs:
 
   merge:
     runs-on: ubuntu-20.04
-    if: github.event_name != 'pull_request'
+    if: github.event_name != 'pull_request' && github.repository == 'moby/moby'
     needs:
       - build
     steps:

Dockerfile.e2e

@@ -1,84 +0,0 @@
-ARG GO_VERSION=1.20.4
-
-FROM golang:${GO_VERSION}-alpine AS base
-ENV GO111MODULE=off
-RUN apk --no-cache add \
-    bash \
-    build-base \
-    curl \
-    lvm2-dev \
-    jq
-
-RUN mkdir -p /build/
-RUN mkdir -p /go/src/github.com/docker/docker/
-WORKDIR /go/src/github.com/docker/docker/
-
-FROM base AS frozen-images
-# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
-COPY contrib/download-frozen-image-v2.sh /
-RUN /download-frozen-image-v2.sh /build \
-        busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
-        busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
-        debian:bullseye-slim@sha256:dacf278785a4daa9de07596ec739dbc07131e189942772210709c5c0777e8437 \
-        hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \
-        arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1
-# See also frozenImages in "testutil/environment/protect.go" (which needs to be updated when adding images to this list)
-
-FROM base AS dockercli
-COPY hack/dockerfile/install/install.sh ./install.sh
-COPY hack/dockerfile/install/dockercli.installer ./
-RUN PREFIX=/build ./install.sh dockercli
-
-# TestDockerCLIBuildSuite dependency
-FROM base AS contrib
-COPY contrib/syscall-test           /build/syscall-test
-COPY contrib/httpserver/Dockerfile  /build/httpserver/Dockerfile
-COPY contrib/httpserver             contrib/httpserver
-RUN CGO_ENABLED=0 go build -buildmode=pie -o /build/httpserver/httpserver github.com/docker/docker/contrib/httpserver
-
-# Build the integration tests and copy the resulting binaries to /build/tests
-FROM base AS builder
-
-# Set tag and add sources
-COPY . .
-# Copy test sources tests that use assert can print errors
-RUN mkdir -p /build${PWD} && find integration integration-cli -name \*_test.go -exec cp --parents '{}' /build${PWD} \;
-# Build and install test binaries
-ARG DOCKER_GITCOMMIT=undefined
-RUN hack/make.sh build-integration-test-binary
-RUN mkdir -p /build/tests && find . -name test.main -exec cp --parents '{}' /build/tests \;
-
-## Generate testing image
-FROM alpine:3.10 as runner
-
-ENV DOCKER_REMOTE_DAEMON=1
-ENV DOCKER_INTEGRATION_DAEMON_DEST=/
-ENTRYPOINT ["/scripts/run.sh"]
-
-# Add an unprivileged user to be used for tests which need it
-RUN addgroup docker && adduser -D -G docker unprivilegeduser -s /bin/ash
-
-# GNU tar is used for generating the emptyfs image
-RUN apk --no-cache add \
-    bash \
-    ca-certificates \
-    g++ \
-    git \
-    inetutils-ping \
-    iptables \
-    libcap2-bin \
-    pigz \
-    tar \
-    xz
-
-COPY hack/test/e2e-run.sh           /scripts/run.sh
-COPY hack/make/.build-empty-images  /scripts/build-empty-images.sh
-
-COPY integration/testdata       /tests/integration/testdata
-COPY integration/build/testdata /tests/integration/build/testdata
-COPY integration-cli/fixtures   /tests/integration-cli/fixtures
-
-COPY --from=frozen-images /build/ /docker-frozen-images
-COPY --from=dockercli     /build/ /usr/bin/
-COPY --from=contrib       /build/ /tests/contrib/
-COPY --from=builder       /build/ /

Makefile

@@ -7,11 +7,7 @@ BUILDX ?= $(DOCKER) buildx
 DOCKER_GRAPHDRIVER := $(if $(DOCKER_GRAPHDRIVER),$(DOCKER_GRAPHDRIVER),$(shell docker info 2>&1 | grep "Storage Driver" | sed 's/.*: //'))
 export DOCKER_GRAPHDRIVER
 
-# get OS/Arch of docker engine
-DOCKER_OSARCH := $(shell bash -c 'source hack/make/.detect-daemon-osarch && echo $${DOCKER_ENGINE_OSARCH}')
-DOCKERFILE := $(shell bash -c 'source hack/make/.detect-daemon-osarch && echo $${DOCKERFILE}')
-
-DOCKER_GITCOMMIT := $(shell git rev-parse --short HEAD || echo unsupported)
+DOCKER_GITCOMMIT := $(shell git rev-parse HEAD)
 export DOCKER_GITCOMMIT
 
 # allow overriding the repository and branch that validation scripts are running
@@ -150,7 +146,7 @@ ifdef DOCKER_SYSTEMD
 DOCKER_BUILD_ARGS += --build-arg=SYSTEMD=true
 endif
 
-BUILD_OPTS := ${BUILD_APT_MIRROR} ${DOCKER_BUILD_ARGS} ${DOCKER_BUILD_OPTS} -f "$(DOCKERFILE)"
+BUILD_OPTS := ${BUILD_APT_MIRROR} ${DOCKER_BUILD_ARGS} ${DOCKER_BUILD_OPTS}
 BUILD_CMD := $(BUILDX) build
 BAKE_CMD := $(BUILDX) bake
 

docker-bake.hcl

@@ -47,18 +47,6 @@ variable "PACKAGER_NAME" {
   default = ""
 }
 
-# GITHUB_REF is the actual ref that triggers the workflow and used as version
-# when tag is pushed: https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
-variable "GITHUB_REF" {
-  default = ""
-}
-
-# GITHUB_SHA is the commit SHA that triggered the workflow and used as commit.
-# https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
-variable "GITHUB_SHA" {
-  default = ""
-}
-
 # Special target: https://github.com/docker/metadata-action#bake-definition
 target "docker-metadata-action" {
   tags = ["moby-bin:local"]
@@ -81,8 +69,8 @@ target "_common" {
     DOCKER_STATIC = DOCKER_STATIC
     DOCKER_LDFLAGS = DOCKER_LDFLAGS
     DOCKER_BUILDTAGS = DOCKER_BUILDTAGS
-    DOCKER_GITCOMMIT = DOCKER_GITCOMMIT != null ? DOCKER_GITCOMMIT : GITHUB_SHA
-    VERSION = VERSION != "" ? VERSION : GITHUB_REF
+    DOCKER_GITCOMMIT = DOCKER_GITCOMMIT
+    VERSION = VERSION
     PLATFORM = PLATFORM
     PRODUCT = PRODUCT
     DEFAULT_PRODUCT_LICENSE = DEFAULT_PRODUCT_LICENSE

hack/make.sh

@@ -51,7 +51,7 @@ fi
 if [ "$DOCKER_GITCOMMIT" ]; then
 	GITCOMMIT="$DOCKER_GITCOMMIT"
 elif command -v git &> /dev/null && [ -e .git ] && git rev-parse &> /dev/null; then
-	GITCOMMIT=$(git rev-parse --short HEAD)
+	GITCOMMIT=$(git rev-parse HEAD)
 	if [ -n "$(git status --porcelain --untracked-files=no)" ]; then
 		GITCOMMIT="$GITCOMMIT-unsupported"
 		echo "#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
@@ -66,8 +66,8 @@ elif command -v git &> /dev/null && [ -e .git ] && git rev-parse &> /dev/null; t
 else
 	echo >&2 'error: .git directory missing and DOCKER_GITCOMMIT not specified'
 	echo >&2 '  Please either build with the .git directory accessible, or specify the'
-	echo >&2 '  exact (--short) commit hash you are building using DOCKER_GITCOMMIT for'
-	echo >&2 '  future accountability in diagnosing build issues.  Thanks!'
+	echo >&2 '  exact commit hash you are building using DOCKER_GITCOMMIT for future'
+	echo >&2 '  accountability in diagnosing build issues.  Thanks!'
 	exit 1
 fi
 

hack/make/.detect-daemon-osarch

@@ -1,43 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-docker-version-osarch() {
-	if ! type docker &> /dev/null; then
-		# docker is not installed
-		return
-	fi
-	local target="$1" # "Client" or "Server"
-	local fmtStr="{{.${target}.Os}}/{{.${target}.Arch}}"
-	if docker version -f "$fmtStr" 2> /dev/null; then
-		# if "docker version -f" works, let's just use that!
-		return
-	fi
-	docker version | awk '
-		$1 ~ /^(Client|Server):$/ { section = 0 }
-		$1 == "'"$target"':" { section = 1; next }
-		section && $1 == "OS/Arch:" { print $2 }
-
-		# old versions of Docker
-		$1 == "OS/Arch" && $2 == "('"${target,,}"'):" { print $3 }
-	'
-}
-
-# Retrieve OS/ARCH of docker daemon, e.g. linux/amd64
-export DOCKER_ENGINE_OSARCH="${DOCKER_ENGINE_OSARCH:=$(docker-version-osarch 'Server')}"
-export DOCKER_ENGINE_GOOS="${DOCKER_ENGINE_OSARCH%/*}"
-export DOCKER_ENGINE_GOARCH="${DOCKER_ENGINE_OSARCH##*/}"
-DOCKER_ENGINE_GOARCH=${DOCKER_ENGINE_GOARCH:=amd64}
-
-# and the client, just in case
-export DOCKER_CLIENT_OSARCH="$(docker-version-osarch 'Client')"
-export DOCKER_CLIENT_GOOS="${DOCKER_CLIENT_OSARCH%/*}"
-export DOCKER_CLIENT_GOARCH="${DOCKER_CLIENT_OSARCH##*/}"
-DOCKER_CLIENT_GOARCH=${DOCKER_CLIENT_GOARCH:=amd64}
-
-DOCKERFILE='Dockerfile'
-
-if [ "${DOCKER_ENGINE_GOOS:-$DOCKER_CLIENT_GOOS}" = "windows" ]; then
-	DOCKERFILE='Dockerfile.windows'
-fi
-
-export DOCKERFILE

hack/make/.integration-daemon-setup

@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-source "$MAKEDIR/.detect-daemon-osarch"
-if [ "$DOCKER_ENGINE_GOOS" != "windows" ]; then
-	bundle .build-empty-images
-fi

hack/make/.integration-daemon-start

@@ -151,3 +151,7 @@ while ! ${TEST_CLIENT_BINARY} version &> /dev/null; do
 	sleep 2
 done
 printf "\n"
+
+if [ "$(docker version --format '{{ .Server.Os }}')" != 'windows' ]; then
+	bundle .build-empty-images
+fi

hack/make/.integration-test-helpers

@@ -181,7 +181,6 @@ test_env() {
 			DOCKER_REMAP_ROOT="$DOCKER_REMAP_ROOT" \
 			DOCKER_REMOTE_DAEMON="$DOCKER_REMOTE_DAEMON" \
 			DOCKER_ROOTLESS="$DOCKER_ROOTLESS" \
-			DOCKERFILE="$DOCKERFILE" \
 			GITHUB_ACTIONS="$GITHUB_ACTIONS" \
 			GOCACHE="$GOCACHE" \
 			GOPATH="$GOPATH" \

hack/make/build-integration-test-binary

@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-# required by https://github.com/AkihiroSuda/kube-moby-integration
-set -e
-
-source hack/make/.integration-test-helpers
-
-build_test_suite_binaries

hack/make/test-integration

@@ -12,7 +12,6 @@ fi
 	env
 	build_test_suite_binaries
 	bundle .integration-daemon-start
-	bundle .integration-daemon-setup
 
 	testexit=0
 	(repeat run_test_integration) || testexit=$?

hack/make/test-integration-cli

@@ -1,6 +0,0 @@
-#!/usr/bin/env bash
-set -e
-echo "WARNING: test-integration-cli is DEPRECATED. Use test-integration." >&2
-
-# TODO: remove this and exit 1 once CI has changed to use test-integration
-bundle test-integration

hack/make/test-integration-shell

@@ -1,7 +1,6 @@
 #!/usr/bin/env bash
 
 bundle .integration-daemon-start
-bundle .integration-daemon-setup
 
 export ABS_DEST
 bash +e

hack/test/e2e-run.sh

@@ -59,7 +59,6 @@ test_env() {
 			DOCKER_HOST="$DOCKER_HOST" \
 			DOCKER_REMAP_ROOT="$DOCKER_REMAP_ROOT" \
 			DOCKER_REMOTE_DAEMON="$DOCKER_REMOTE_DAEMON" \
-			DOCKERFILE="$DOCKERFILE" \
 			GOPATH="$GOPATH" \
 			GOTRACEBACK=all \
 			HOME="$ABS_DEST/fake-HOME" \