diff --git a/.changelog/1467.added.txt b/.changelog/1467.added.txt new file mode 100644 index 0000000000..491c82e5f5 --- /dev/null +++ b/.changelog/1467.added.txt @@ -0,0 +1 @@ +feat: build windows containers \ No newline at end of file diff --git a/.github/workflows/dev_builds.yml b/.github/workflows/dev_builds.yml index 92681b4ed4..805b955165 100644 --- a/.github/workflows/dev_builds.yml +++ b/.github/workflows/dev_builds.yml @@ -191,11 +191,60 @@ jobs: PLATFORM=${{ matrix.arch_os }} \ BUILD_TYPE_SUFFIX="-ubi" + build-windows-container-images: + name: Build Windows container + runs-on: ${{ matrix.runs-on }} + needs: + - build + strategy: + matrix: + include: + - arch_os: windows_amd64 + base_image_tag: ltsc2022 + runs-on: windows-2022 + - arch_os: windows_amd64 + base_image_tag: ltsc2019 + runs-on: windows-2019 + steps: + - uses: actions/checkout@v4 + + - name: Extract tag + id: extract_tag + run: echo "tag=$(git rev-parse HEAD)" > $GITHUB_OUTPUT + + - name: Print tag + run: echo "Running dev build for ${{ steps.extract_tag.outputs.tag }}" + + - name: Login to Open Source ECR + run: | + USERNAME=$(powershell.exe "echo \$Env:UserName") + # remove wincred entry and fix json format by replacing }, with } + cat "C:\\Users\\${USERNAME}\\.docker\\config.json" | grep -v "wincred" | sed 's/},$/}/' > "C:\\Users\\${USERNAME}\\.docker\\config.json.tmp" + mv "C:\\Users\\${USERNAME}\\.docker\\config.json.tmp" "C:\\Users\\${USERNAME}\\.docker\\config.json" + make login + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_DEV }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_DEV }} + + - name: Download binary action artifact from build phase + uses: actions/download-artifact@v4 + with: + name: otelcol-sumo-${{matrix.arch_os}}.exe + path: artifacts/ + + - name: Build and push images to Open Source ECR + run: | + cp artifacts/otelcol-sumo-${{matrix.arch_os}}.exe otelcol-sumo.exe + make build-push-container-windows-dev \ + BUILD_TAG=${{ steps.extract_tag.outputs.tag }} \ + PLATFORM=${{ matrix.arch_os }}_${{ matrix.base_image_tag }} + push-docker-manifest: name: Push joint container manifest runs-on: ubuntu-20.04 needs: - build-container-images + - build-windows-container-images steps: - uses: actions/checkout@v4 @@ -240,7 +289,7 @@ jobs: run: | make push-container-manifest-dev \ BUILD_TAG=${{ steps.extract_tag.outputs.tag }} \ - PLATFORMS="linux/amd64 linux/arm64" + PLATFORMS="linux/amd64 linux/arm64 windows/amd64/ltsc2022 windows/amd64/ltsc2019" - name: Push joint UBI-based container manifest for all platforms to Open Source ECR run: | diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml index 46a6b81071..850006a92f 100644 --- a/.github/workflows/pull_requests.yml +++ b/.github/workflows/pull_requests.yml @@ -359,3 +359,54 @@ jobs: - name: Test built FIPS image if: steps.changed-files.outputs.any_changed == 'true' && matrix.arch_os == 'linux_amd64' run: make test-built-image BUILD_TAG="latest-fips" + + build-windows-container: + name: Build windows container + needs: + - build + runs-on: ${{ matrix.runs-on }} + strategy: + matrix: + include: + - arch_os: windows_amd64 + base_image_tag: ltsc2022 + runs-on: windows-2022 + - arch_os: windows_amd64 + base_image_tag: ltsc2019 + runs-on: windows-2019 + steps: + - uses: actions/checkout@v4 + + - name: Check if build related files changed + id: changed-files + uses: tj-actions/changed-files@v41 + with: + files: | + **/go.mod + **/go.sum + **/*.go + **/*.yaml + **/*.yml + **/Makefile + **/Makefile.common + **/Dockerfile* + + - name: Download binary action artifact from build phase + if: steps.changed-files.outputs.any_changed == 'true' + uses: actions/download-artifact@v4 + with: + name: otelcol-sumo-${{matrix.arch_os}}.exe + path: artifacts/ + + - name: Build the container image + if: steps.changed-files.outputs.any_changed == 'true' + run: | + cp artifacts/otelcol-sumo-${{matrix.arch_os}}.exe otelcol-sumo.exe + make build-container-windows \ + PLATFORM=${{ matrix.arch_os }}_${{ matrix.base_image_tag }} + + - name: Test built image + if: steps.changed-files.outputs.any_changed == 'true' + run: make test-built-image + + # ToDo: build windows FIPS image diff --git a/Dockerfile_windows b/Dockerfile_windows new file mode 100644 index 0000000000..87887b953a --- /dev/null +++ b/Dockerfile_windows @@ -0,0 +1,8 @@ +ARG BASE_IMAGE_TAG=ltsc2022 +FROM mcr.microsoft.com/windows/servercore:${BASE_IMAGE_TAG} +ARG BUILD_TAG=latest +ENV TAG $BUILD_TAG + +ADD /otelcol-sumo.exe /otelcol-sumo.exe +ENTRYPOINT ["/otelcol-sumo.exe"] +CMD ["--config", "/etc/otel/config.yaml"] diff --git a/Makefile b/Makefile index 56b658b50e..2c2c9c228e 100644 --- a/Makefile +++ b/Makefile @@ -243,6 +243,7 @@ OPENSOURCE_ECR_URL = public.ecr.aws/sumologic OPENSOURCE_REPO_URL = $(OPENSOURCE_ECR_URL)/$(IMAGE_NAME) OPENSOURCE_REPO_URL_DEV = $(OPENSOURCE_ECR_URL)/$(IMAGE_NAME_DEV) REPO_URL = $(OPENSOURCE_REPO_URL) +BASE_IMAGE_TAG ?= "" DOCKERFILE = Dockerfile @@ -280,6 +281,10 @@ build-container-multiplatform-dev: build-container-multiplatform build-push-container-multiplatform-dev: REPO_URL = "$(OPENSOURCE_REPO_URL_DEV)" build-push-container-multiplatform-dev: build-push-container-multiplatform +.PHONY: build-push-container-windows-dev +build-push-container-windows-dev: DOCKERFILE = Dockerfile_windows +build-push-container-windows-dev: build-push-container-multiplatform-dev + .PHONY: push-container-manifest-dev push-container-manifest-dev: REPO_URL = "$(OPENSOURCE_REPO_URL_DEV)" push-container-manifest-dev: push-container-manifest @@ -298,11 +303,26 @@ _build-container-multiplatform: REPO_URL="$(REPO_URL)" \ DOCKERFILE="$(DOCKERFILE)" \ PLATFORM="$(PLATFORM)" \ + BASE_IMAGE_TAG="${BASE_IMAGE_TAG}" \ ./ci/build-push-multiplatform.sh $(PUSH) .PHONY: build-container-multiplatform build-container-multiplatform: _build-container-multiplatform +.PHONY: build-container-windows +build-container-windows: + $(MAKE) _build-container-multiplatform \ + DOCKERFILE=Dockerfile_windows \ + BASE_IMAGE_TAG=ltsc2022 + + $(MAKE) _build-container-multiplatform \ + DOCKERFILE=Dockerfile_windows \ + BASE_IMAGE_TAG=ltsc2019 + +.PHONY: build-push-container-windows +build-push-container-windows: PUSH = --push +build-push-container-windows: build-container-windows + .PHONY: build-push-container-multiplatform build-push-container-multiplatform: PUSH = --push build-push-container-multiplatform: _build-container-multiplatform diff --git a/ci/build-push-multiplatform.sh b/ci/build-push-multiplatform.sh index f2844e23d0..39b59a15a2 100755 --- a/ci/build-push-multiplatform.sh +++ b/ci/build-push-multiplatform.sh @@ -2,21 +2,19 @@ set -eo pipefail -while ! docker buildx ls; do - echo "Cannot connect to docker daemon" - sleep 1 -done +if echo "${PLATFORM}" | grep -v windows; then -DOCKER_BUILDX_LS_OUT=$(docker buildx ls <<-END + DOCKER_BUILDX_LS_OUT=$(docker buildx ls <<-END END -) -readonly DOCKER_BUILDX_LS_OUT + ) + readonly DOCKER_BUILDX_LS_OUT -# check for arm support only if we try to build it -if echo "${PLATFORM}" | grep -q arm && ! grep -q arm <<< "${DOCKER_BUILDX_LS_OUT}"; then - echo "Your Buildx seems to lack ARM architecture support" - echo "${DOCKER_BUILDX_LS_OUT}" - exit 1 + # check for arm support only if we try to build it + if echo "${PLATFORM}" | grep -q arm && ! grep -q arm <<< "${DOCKER_BUILDX_LS_OUT}"; then + echo "Your Buildx seems to lack ARM architecture support" + echo "${DOCKER_BUILDX_LS_OUT}" + exit 1 + fi fi if [[ -z "${BUILD_TAG}" ]]; then @@ -33,6 +31,10 @@ if [[ -z "${REPO_URL}" ]]; then exit 1 fi +if [[ ! -z "${BASE_IMAGE_TAG}" ]]; then + BASE_IMAGE_TAG="-${BASE_IMAGE_TAG}" +fi + if [[ -z "${PLATFORM}" ]]; then echo "No PLATFORM passed in" exit 1 @@ -52,19 +54,44 @@ fi # linux/arm/v7, linux/arm/v6 function build_push() { local BUILD_ARCH + local BASE_IMAGE_TAG_SUFFIX set -x case "${PLATFORM}" in "linux/amd64"|"linux_amd64") readonly BUILD_ARCH="amd64" + readonly BUILD_PLATFORM="linux" PLATFORM="linux/amd64" ;; "linux/arm64"|"linux_arm64") readonly BUILD_ARCH="arm64" + readonly BUILD_PLATFORM="linux" PLATFORM="linux/arm64" ;; + "windows/amd64"|"windows_amd64") + readonly BUILD_ARCH="amd64" + readonly BASE_IMAGE_TAG_SUFFIX="windows" + PLATFORM="windows/amd64" + ;; + + "windows/amd64/ltsc2022"|"windows_amd64_ltsc2022") + readonly BUILD_ARCH="amd64" + readonly BUILD_PLATFORM="windows" + readonly BASE_IMAGE_TAG_SUFFIX="-ltsc2022" + readonly BASE_IMAGE_TAG="ltsc2022" + PLATFORM="windows/amd64" + ;; + + "windows/amd64/ltsc2019"|"windows_amd64_ltsc2019") + readonly BUILD_ARCH="amd64" + readonly BUILD_PLATFORM="windows" + readonly BASE_IMAGE_TAG_SUFFIX="-ltsc2019" + readonly BASE_IMAGE_TAG="ltsc2019" + PLATFORM="windows/amd64" + ;; + # Can't really enable it for now because: # !shopify/sarama@v1.29.0/gssapi_kerberos.go:62:10: constant 4294967295 overflows int # ref: https://github.com/SumoLogic/sumologic-otel-collector/runs/2805247906 @@ -82,33 +109,66 @@ function build_push() { esac local TAG - readonly TAG="${REPO_URL}:${BUILD_TAG}${BUILD_TYPE_SUFFIX}-${BUILD_ARCH}" + readonly TAG="${REPO_URL}:${BUILD_TAG}${BUILD_TYPE_SUFFIX}-${BUILD_PLATFORM}-${BUILD_ARCH}${BASE_IMAGE_TAG_SUFFIX}" local LATEST_TAG - readonly LATEST_TAG="${REPO_URL}:latest${BUILD_TYPE_SUFFIX}-${BUILD_ARCH}" + readonly LATEST_TAG="${REPO_URL}:latest${BUILD_TYPE_SUFFIX}-${BUILD_PLATFORM}-${BUILD_ARCH}${BASE_IMAGE_TAG_SUFFIX}" + # --provenance=false for docker buildx ensures that we create manifest instead of manifest list if [[ "${PUSH}" == true ]]; then echo "Building tags: ${TAG}, ${LATEST_TAG}" - docker buildx build \ - --push \ - --file "${DOCKERFILE}" \ - --build-arg BUILD_TAG="${BUILD_TAG}" \ - --build-arg BUILDKIT_INLINE_CACHE=1 \ - --platform="${PLATFORM}" \ - --tag "${LATEST_TAG}" \ - --tag "${TAG}" \ - . + + if [[ "${BUILD_PLATFORM}" == "windows" ]]; then + docker build \ + --file "${DOCKERFILE}" \ + --build-arg BUILD_TAG="${BUILD_TAG}" \ + --build-arg BASE_IMAGE_TAG="${BASE_IMAGE_TAG}" \ + --build-arg BUILDKIT_INLINE_CACHE=1 \ + --platform="${PLATFORM}" \ + --tag "${LATEST_TAG}" \ + . + + docker tag "${LATEST_TAG}" "${TAG}" + + docker push "${LATEST_TAG}" + docker push "${TAG}" + else + docker buildx build \ + --push \ + --file "${DOCKERFILE}" \ + --build-arg BUILD_TAG="${BUILD_TAG}" \ + --build-arg BASE_IMAGE_TAG="${BASE_IMAGE_TAG}" \ + --build-arg BUILDKIT_INLINE_CACHE=1 \ + --platform="${PLATFORM}" \ + --tag "${LATEST_TAG}" \ + --tag "${TAG}" \ + --provenance=false \ + . + fi else echo "Building tag: latest${BUILD_TYPE_SUFFIX}" - # load flag is needed so that docker loads this image - # for subsequent steps on github actions - docker buildx build \ - --file "${DOCKERFILE}" \ - --build-arg BUILD_TAG="latest${BUILD_TYPE_SUFFIX}" \ - --build-arg BUILDKIT_INLINE_CACHE=1 \ - --platform="${PLATFORM}" \ - --load \ - --tag "${REPO_URL}:latest${BUILD_TYPE_SUFFIX}" \ - . + if [[ "${BUILD_PLATFORM}" == "windows" ]]; then + docker build \ + --file "${DOCKERFILE}" \ + --build-arg BUILD_TAG="latest${BUILD_TYPE_SUFFIX}" \ + --build-arg BASE_IMAGE_TAG="${BASE_IMAGE_TAG}" \ + --build-arg BUILDKIT_INLINE_CACHE=1 \ + --platform="${PLATFORM}" \ + --tag "${REPO_URL}:latest${BUILD_TYPE_SUFFIX}" \ + . + else + # load flag is needed so that docker loads this image + # for subsequent steps on github actions + docker buildx build \ + --file "${DOCKERFILE}" \ + --build-arg BUILD_TAG="latest${BUILD_TYPE_SUFFIX}" \ + --build-arg BASE_IMAGE_TAG="${BASE_IMAGE_TAG}" \ + --build-arg BUILDKIT_INLINE_CACHE=1 \ + --platform="${PLATFORM}" \ + --load \ + --tag "${REPO_URL}:latest${BUILD_TYPE_SUFFIX}" \ + --provenance=false \ + . + fi fi } diff --git a/ci/push_docker_multiplatform_manifest.sh b/ci/push_docker_multiplatform_manifest.sh index 13003900d1..d495b4cfa2 100755 --- a/ci/push_docker_multiplatform_manifest.sh +++ b/ci/push_docker_multiplatform_manifest.sh @@ -40,23 +40,37 @@ function push_manifest() { case "${platform}" in "linux/amd64") BUILD_ARCH="amd64" + BUILD_PLATFORM="linux" ;; "linux/arm64") BUILD_ARCH="arm64" + BUILD_PLATFORM="linux" ;; "linux/arm/v7") BUILD_ARCH="arm_v7" + BUILD_PLATFORM="linux" ;; + "windows/amd64/ltsc2022") + BUILD_ARCH="amd64" + BUILD_PLATFORM="windows" + BASE_IMAGE_TAG_SUFFIX="-ltsc2022" + ;; + + "windows/amd64/ltsc2019") + BUILD_ARCH="amd64" + BUILD_PLATFORM="windows" + BASE_IMAGE_TAG_SUFFIX="-ltsc2019" + ;; *) echo "Unsupported platform ${platform}" exit 1 ;; esac - TAGS_IN_MANIFEST+=("${REPO_URL}:${BUILD_TAG}-${BUILD_ARCH}") + TAGS_IN_MANIFEST+=("${REPO_URL}:${BUILD_TAG}${BUILD_TYPE_SUFFIX}-${BUILD_PLATFORM}-${BUILD_ARCH}${BASE_IMAGE_TAG_SUFFIX}") done echo "Tags in the manifest:" @@ -67,13 +81,20 @@ function push_manifest() { echo set -x - docker buildx imagetools create --tag \ - "${REPO_URL}:${BUILD_TAG}" \ + # Use docker manifest as docker buildx didn't create "${REPO_URL}:${BUILD_TAG}" correctly. It was containing only linux/amd64 image + docker manifest create \ + "${REPO_URL}:${BUILD_TAG}${BUILD_TYPE_SUFFIX}" \ "${TAGS_IN_MANIFEST[@]}" - docker buildx imagetools create --tag \ + docker manifest push \ + "${REPO_URL}:${BUILD_TAG}${BUILD_TYPE_SUFFIX}" + + docker manifest create \ "${REPO_URL}:latest${BUILD_TYPE_SUFFIX}" \ "${TAGS_IN_MANIFEST[@]}" + + docker manifest push \ + "${REPO_URL}:latest${BUILD_TYPE_SUFFIX}" } push_manifest