chore: cross-compile docker images with buildx (#3503)

.github/workflows/ci.yaml

@@ -386,9 +386,10 @@ jobs:
       - name: Remove release packages and test artifacts
         run: rm -rf ./release-packages ./test/test-results
 
-  docker-amd64:
+  # Builds both amd64 and arm64 images
+  docker-images:
     runs-on: ubuntu-latest
-    needs: package-linux-amd64
+    needs: [package-linux-amd64, package-linux-arm64]
     steps:
       - uses: actions/checkout@v2
 
@@ -398,34 +399,16 @@ jobs:
           name: release-packages
           path: ./release-packages
 
-      - name: Run ./ci/steps/build-docker-image.sh
-        run: ./ci/steps/build-docker-image.sh
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
 
-      - name: Upload release image
-        uses: actions/upload-artifact@v2
-        with:
-          name: release-images
-          path: ./release-images
-
-  # TODO: this is the last place where we use our self-hosted arm64 runner.
-  # In the future, consider switching to docker buildx + qemu,
-  # thus removing the requirement for us to maintain the runner.
-  docker-arm64:
-    runs-on: ubuntu-arm64-latest
-    needs: package-linux-arm64
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Download release package
-        uses: actions/download-artifact@v2
-        with:
-          name: release-packages
-          path: ./release-packages
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
 
       - name: Run ./ci/steps/build-docker-image.sh
         run: ./ci/steps/build-docker-image.sh
 
-      - name: Upload release image
+      - name: Upload release images
         uses: actions/upload-artifact@v2
         with:
           name: release-images
@@ -433,7 +416,7 @@ jobs:
 
   trivy-scan-image:
     runs-on: ubuntu-20.04
-    needs: docker-amd64
+    needs: docker-images
     # NOTE@jsjoeio: disabling due to a memory issue upstream
     # See: https://github.com/github/codeql-action/issues/528
     if: 1 == 2
@@ -466,6 +449,7 @@ jobs:
         uses: github/codeql-action/upload-sarif@v1
         with:
           sarif_file: "trivy-image-results.sarif"
+
   # We have to use two trivy jobs
   # because GitHub only allows
   # codeql/upload-sarif action per job

CHANGELOG.md

@@ -54,7 +54,7 @@ VS Code v0.00.0
 
 ### Development
 
-- item
+- chore: cross-compile docker images with buildx #3166 @oxy
 
 ## 3.10.2
 

ci/README.md

@@ -100,8 +100,8 @@ You can disable minification by setting `MINIFY=`.
 
 This directory contains the release docker container image.
 
-- [./release-image/build.sh](./release-image/build.sh)
-  - Builds the release container with the tag `codercom/code-server-$ARCH:$VERSION`.
+- [./ci/steps/build-docker-image.sh](./ci/steps/build-docker-image.sh)
+  - Builds the release containers with tags `codercom/code-server-$ARCH:$VERSION` for amd64 and arm64 with `docker buildx`.
   - Assumes debian releases are ready in `./release-packages`.
 
 ## images

ci/release-image/build.sh

-#!/usr/bin/env bash
-set -euo pipefail
-
-main() {
-  cd "$(dirname "$0")/../.."
-  source ./ci/lib.sh
-
-  docker build -t "codercom/code-server-$ARCH:$VERSION" -f ./ci/release-image/Dockerfile .
-}
-
-main "$@"

ci/release-image/docker-bake.hcl

+# Use this file from the top of the repo, with `-f ci/release-image/docker-bake.hcl`
+
+# Uses env var VERSION if set;
+# normally, this is set by ci/lib.sh
+variable "VERSION" {
+    default = "latest"
+}
+
+group "default" {
+    targets = ["code-server-amd64", "code-server-arm64"]
+}
+
+target "code-server-amd64" {
+    dockerfile = "ci/release-image/Dockerfile"
+    tags = ["docker.io/codercom/code-server-amd64:${VERSION}"]
+    platforms = ["linux/amd64"]
+    output = ["type=tar,dest=./release-images/code-server-amd64-${VERSION}.tar"]
+}
+
+target "code-server-arm64" {
+    dockerfile = "ci/release-image/Dockerfile"
+    tags = ["docker.io/codercom/code-server-arm64:${VERSION}"]
+    platforms = ["linux/arm64"]
+    output = ["type=tar,dest=./release-images/code-server-arm64-${VERSION}.tar"]
+}

ci/steps/build-docker-image.sh

@@ -5,10 +5,8 @@ main() {
   cd "$(dirname "$0")/../.."
   source ./ci/lib.sh
 
-  ./ci/release-image/build.sh
-
   mkdir -p release-images
-  docker save "codercom/code-server-$ARCH:$VERSION" >"release-images/code-server-$ARCH-$VERSION.tar"
+  docker buildx bake -f ci/release-image/docker-bake.hcl
 }
 
 main "$@"