diff --git a/.drone/docker-manifest-build-image.tmpl b/.drone/docker-manifest-build-image.tmpl new file mode 100644 index 0000000000000..b870dd5c6165f --- /dev/null +++ b/.drone/docker-manifest-build-image.tmpl @@ -0,0 +1,17 @@ +image: grafana/{{config.target}} +tags: +{{#if build.tags}} +{{#each build.tags}} + - {{this}} +{{/each}} +{{/if}} +manifests: + - image: grafana/{{config.target}}-amd64 + platform: + architecture: amd64 + os: linux + - image: grafana/{{config.target}}-arm64 + platform: + architecture: arm64 + os: linux + variant: v8 diff --git a/.drone/drone.jsonnet b/.drone/drone.jsonnet index f76e756f58626..0a4d2c66ef9d0 100644 --- a/.drone/drone.jsonnet +++ b/.drone/drone.jsonnet @@ -496,41 +496,74 @@ local manifest_ecr(apps, archs) = pipeline('manifest-ecr') { ], }; +local build_image_tag = '0.32.0'; [ - pipeline('loki-build-image') { - local build_image_tag = '0.31.2', + pipeline('loki-build-image-' + arch) { workspace: { base: '/src', path: 'loki', }, + platform: { + os: 'linux', + arch: arch, + }, steps: [ { - name: 'test-image', + name: 'test', image: 'plugins/docker', when: onPRs + onPath('loki-build-image/**'), + environment: { + DOCKER_BUILDKIT: 1, + }, settings: { repo: 'grafana/loki-build-image', context: 'loki-build-image', dockerfile: 'loki-build-image/Dockerfile', - tags: [build_image_tag], + tags: [build_image_tag + '-' + arch], dry_run: true, }, }, { - name: 'push-image', + name: 'push', image: 'plugins/docker', when: onTagOrMain + onPath('loki-build-image/**'), + environment: { + DOCKER_BUILDKIT: 1, + }, settings: { repo: 'grafana/loki-build-image', context: 'loki-build-image', dockerfile: 'loki-build-image/Dockerfile', username: { from_secret: docker_username_secret.name }, password: { from_secret: docker_password_secret.name }, - tags: [build_image_tag], + tags: [build_image_tag + '-' + arch], dry_run: false, }, }, ], + } + for arch in ['amd64', 'arm64'] +] + [ + pipeline('loki-build-image-publish') { + steps: [ + { + name: 'manifest', + image: 'plugins/manifest:1.4.0', + when: onTagOrMain + onPath('loki-build-image/**'), + settings: { + // the target parameter is abused for the app's name, as it is unused in spec mode. + target: 'loki-build-image:' + build_image_tag, + spec: '.drone/docker-manifest-build-image.tmpl', + ignore_missing: false, + username: { from_secret: docker_username_secret.name }, + password: { from_secret: docker_password_secret.name }, + }, + }, + ], + depends_on: [ + 'loki-build-image-%s' % arch + for arch in ['amd64', 'arm64'] + ], }, pipeline('helm-test-image') { workspace: { diff --git a/.drone/drone.yml b/.drone/drone.yml index ca0c09c4c7391..eb6d9b8720e15 100644 --- a/.drone/drone.yml +++ b/.drone/drone.yml @@ -1,23 +1,30 @@ --- kind: pipeline -name: loki-build-image +name: loki-build-image-amd64 +platform: + arch: amd64 + os: linux steps: -- image: plugins/docker - name: test-image +- environment: + DOCKER_BUILDKIT: 1 + image: plugins/docker + name: test settings: context: loki-build-image dockerfile: loki-build-image/Dockerfile dry_run: true repo: grafana/loki-build-image tags: - - 0.31.2 + - 0.32.0-amd64 when: event: - pull_request paths: - loki-build-image/** -- image: plugins/docker - name: push-image +- environment: + DOCKER_BUILDKIT: 1 + image: plugins/docker + name: push settings: context: loki-build-image dockerfile: loki-build-image/Dockerfile @@ -26,7 +33,7 @@ steps: from_secret: docker_password repo: grafana/loki-build-image tags: - - 0.31.2 + - 0.32.0-amd64 username: from_secret: docker_username when: @@ -46,6 +53,88 @@ workspace: path: loki --- kind: pipeline +name: loki-build-image-arm64 +platform: + arch: arm64 + os: linux +steps: +- environment: + DOCKER_BUILDKIT: 1 + image: plugins/docker + name: test + settings: + context: loki-build-image + dockerfile: loki-build-image/Dockerfile + dry_run: true + repo: grafana/loki-build-image + tags: + - 0.32.0-arm64 + when: + event: + - pull_request + paths: + - loki-build-image/** +- environment: + DOCKER_BUILDKIT: 1 + image: plugins/docker + name: push + settings: + context: loki-build-image + dockerfile: loki-build-image/Dockerfile + dry_run: false + password: + from_secret: docker_password + repo: grafana/loki-build-image + tags: + - 0.32.0-arm64 + username: + from_secret: docker_username + when: + event: + - push + - tag + paths: + - loki-build-image/** +trigger: + ref: + - refs/heads/main + - refs/heads/k??? + - refs/tags/v* + - refs/pull/*/head +workspace: + base: /src + path: loki +--- +depends_on: +- loki-build-image-amd64 +- loki-build-image-arm64 +kind: pipeline +name: loki-build-image-publish +steps: +- image: plugins/manifest:1.4.0 + name: manifest + settings: + ignore_missing: false + password: + from_secret: docker_password + spec: .drone/docker-manifest-build-image.tmpl + target: loki-build-image:0.32.0 + username: + from_secret: docker_username + when: + event: + - push + - tag + paths: + - loki-build-image/** +trigger: + ref: + - refs/heads/main + - refs/heads/k??? + - refs/tags/v* + - refs/pull/*/head +--- +kind: pipeline name: helm-test-image steps: - image: plugins/docker @@ -2017,6 +2106,6 @@ kind: secret name: gpg_private_key --- kind: signature -hmac: a68ce0151ff769aa0731f120437450f0d9685c843cb3c5b046d4991f910aadd7 +hmac: caf375427f92f78711f801f56341357b67737330e906346ee908a796c61dd314 ... diff --git a/Makefile b/Makefile index 2fb1b515dcdc8..d86717ee160a6 100644 --- a/Makefile +++ b/Makefile @@ -42,7 +42,7 @@ BUILD_IMAGE_VERSION ?= 0.31.2 # Docker image info IMAGE_PREFIX ?= grafana -IMAGE_TAG := $(shell ./tools/image-tag) +IMAGE_TAG ?= $(shell ./tools/image-tag) # Version info for binaries GIT_REVISION := $(shell git rev-parse --short HEAD) @@ -102,16 +102,14 @@ RM := --rm TTY := --tty DOCKER_BUILDKIT=1 -OCI_PLATFORMS=--platform=linux/amd64 --platform=linux/arm64 --platform=linux/arm/7 BUILD_IMAGE = BUILD_IMAGE=$(IMAGE_PREFIX)/loki-build-image:$(BUILD_IMAGE_VERSION) +PUSH_OCI=docker push +TAG_OCI=docker tag ifeq ($(CI), true) - BUILD_OCI=img build --no-console $(OCI_PLATFORMS) --build-arg $(BUILD_IMAGE) - PUSH_OCI=img push - TAG_OCI=img tag + OCI_PLATFORMS=--platform=linux/amd64,linux/arm64 + BUILD_OCI=docker buildx build $(OCI_PLATFORMS) --build-arg $(BUILD_IMAGE) else BUILD_OCI=docker build --build-arg $(BUILD_IMAGE) - PUSH_OCI=docker push - TAG_OCI=docker tag endif binfmt: @@ -565,7 +563,6 @@ promtail-image: ## build the promtail docker image promtail-image-cross: $(SUDO) $(BUILD_OCI) -t $(IMAGE_PREFIX)/promtail:$(IMAGE_TAG) -f clients/cmd/promtail/Dockerfile.cross . -promtail-debug-image: OCI_PLATFORMS= promtail-debug-image: ## build the promtail debug docker image $(SUDO) $(BUILD_OCI) -t $(IMAGE_PREFIX)/promtail:$(IMAGE_TAG)-debug -f clients/cmd/promtail/Dockerfile.debug . @@ -578,7 +575,6 @@ loki-image: ## build the loki docker image loki-image-cross: $(SUDO) $(BUILD_OCI) -t $(IMAGE_PREFIX)/loki:$(IMAGE_TAG) -f cmd/loki/Dockerfile.cross . -loki-debug-image: OCI_PLATFORMS= loki-debug-image: ## build the debug loki docker image $(SUDO) $(BUILD_OCI) -t $(IMAGE_PREFIX)/loki:$(IMAGE_TAG)-debug -f cmd/loki/Dockerfile.debug . @@ -620,17 +616,23 @@ logql-analyzer-push: logql-analyzer-image ## push the LogQL Analyzer image $(call push-image,logql-analyzer) -# build-image (only amd64) -build-image: OCI_PLATFORMS= -build-image: ## build the docker build image +# build-image +ensure-buildx-builder: +ifeq ($(CI),true) + ./tools/ensure-buildx-builder.sh +else + @echo "skipping buildx setup" +endif + +build-image: ensure-buildx-builder $(SUDO) $(BUILD_OCI) -t $(IMAGE_PREFIX)/loki-build-image:$(IMAGE_TAG) ./loki-build-image build-image-push: build-image ## push the docker build image ifneq (,$(findstring WIP,$(IMAGE_TAG))) @echo "Cannot push a WIP image, commit changes first"; \ false; endif - $(call push,loki-build-image,$(BUILD_IMAGE_VERSION)) - $(call push,loki-build-image,latest) + echo ${DOCKER_PASSWORD} | docker login --username ${DOCKER_USERNAME} --password-stdin + $(SUDO) $(BUILD_OCI) -o type=registry -t $(IMAGE_PREFIX)/loki-build-image:$(IMAGE_TAG) ./loki-build-image # loki-operator loki-operator-image: diff --git a/docs/sources/community/maintaining/release/patch-go-version.md b/docs/sources/community/maintaining/release/patch-go-version.md index 3ce5bb8a0612f..b96c6fe271546 100644 --- a/docs/sources/community/maintaining/release/patch-go-version.md +++ b/docs/sources/community/maintaining/release/patch-go-version.md @@ -18,29 +18,8 @@ Update vulnerable Go version to non-vulnerable Go version to build Grafana Loki 1. Update Go version in the Grafana Loki build image (`loki-build-image/Dockerfile`) on the `main` branch. -1. [Backport]({{< relref "./backport-commits" >}}) it to `release-VERSION_PREFIX` branch. +1. [Release a new Loki Build Image]({{< relref "../release-loki-build-image.md" >}}) -1. Determine new Grafana Loki build image version. +1. [Backport]({{< relref "./backport-commits" >}}) the Dockerfile change to `release-VERSION_PREFIX` branch. - 1. Check current `BUILD_IMAGE_VERSION` from `Makefile`. - - 1. Increment 1 to the last digit. Example `v0.29.4` becomes `v0.29.5` - - 1. This will be your new `NEW_BUILD_IMAGE_VERSION`. - -1. Build and push new Grafana Loki build image. - - ```shell - BUILD_IMAGE_VERSION=$NEW_BUILD_IMAGE_VERSION make build-image-push - ``` - -1. Update build image versions on `main` branch. - - 1. Update `BUILD_IMAGE_VERSION` to `$NEW_BUILD_IMAGE_VERSION` in `Makefile` - - 1. Update drone file. - ```shell - make .drone/drone.yml - ``` - -1. [Backport]({{< relref "./backport-commits" >}}) it to `release-VERSION_PREFIX` branch. +1. [Backport]({{< relref "./backport-commits" >}}) the Loki Build Image version change from `main` to `release-VERSION_PREFIX` branch. diff --git a/loki-build-image/Dockerfile b/loki-build-image/Dockerfile index 5743af072f632..5dba1a33347d1 100644 --- a/loki-build-image/Dockerfile +++ b/loki-build-image/Dockerfile @@ -7,20 +7,22 @@ # Install helm (https://helm.sh/) and helm-docs (https://github.com/norwoodj/helm-docs) for generating Helm Chart reference. FROM golang:1.21.3-bullseye as helm +ARG TARGETARCH ARG HELM_VER="v3.2.3" -RUN curl -L -o /tmp/helm-$HELM_VER.tgz https://get.helm.sh/helm-${HELM_VER}-linux-amd64.tar.gz && \ - tar -xz -C /tmp -f /tmp/helm-$HELM_VER.tgz && \ - mv /tmp/linux-amd64/helm /usr/bin/helm && \ - rm -rf /tmp/linux-amd64 /tmp/helm-$HELM_VER.tgz -RUN GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0 +RUN curl -L "https://get.helm.sh/helm-${HELM_VER}-linux-$TARGETARCH.tar.gz" | tar zx && \ + install -t /usr/local/bin "linux-$TARGETARCH/helm" +RUN BIN=$([ "$TARGETARCH" = "arm64" ] && echo "helm-docs_Linux_arm64" || echo "helm-docs_Linux_x86_64") && \ + curl -L "https://github.com/norwoodj/helm-docs/releases/download/v1.11.2/$BIN.tar.gz" | tar zx && \ + install -t /usr/local/bin helm-docs FROM alpine:3.18.4 as lychee +ARG TARGETARCH ARG LYCHEE_VER="0.7.0" RUN apk add --no-cache curl && \ curl -L -o /tmp/lychee-$LYCHEE_VER.tgz https://github.com/lycheeverse/lychee/releases/download/${LYCHEE_VER}/lychee-${LYCHEE_VER}-x86_64-unknown-linux-gnu.tar.gz && \ tar -xz -C /tmp -f /tmp/lychee-$LYCHEE_VER.tgz && \ mv /tmp/lychee /usr/bin/lychee && \ - rm -rf /tmp/linux-amd64 /tmp/lychee-$LYCHEE_VER.tgz + rm -rf "/tmp/linux-$TARGETARCH" /tmp/lychee-$LYCHEE_VER.tgz FROM alpine:3.18.4 as golangci RUN apk add --no-cache curl && \ @@ -28,19 +30,17 @@ RUN apk add --no-cache curl && \ curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.55.1 FROM alpine:3.18.4 as buf - +ARG TARGETOS RUN apk add --no-cache curl && \ - curl -sSL "https://github.com/bufbuild/buf/releases/download/v1.4.0/buf-$(uname -s)-$(uname -m)" -o "/usr/bin/buf" && \ + curl -sSL "https://github.com/bufbuild/buf/releases/download/v1.4.0/buf-$TARGETOS-$(uname -m)" -o "/usr/bin/buf" && \ chmod +x "/usr/bin/buf" FROM alpine:3.18.4 as docker RUN apk add --no-cache docker-cli docker-cli-buildx -# TODO this should be fixed to download and extract the specific release binary from github as we do for golangci and helm above -# however we need a commit which hasn't been released yet: https://github.com/drone/drone-cli/commit/1fad337d74ca0ecf420993d9d2d7229a1c99f054 -# Read the comment below regarding GO111MODULE=on and why it is necessary FROM golang:1.21.3-bullseye as drone -RUN curl -L https://github.com/drone/drone-cli/releases/download/v1.4.0/drone_linux_amd64.tar.gz | tar zx && \ +ARG TARGETARCH +RUN curl -L "https://github.com/drone/drone-cli/releases/download/v1.7.0/drone_linux_$TARGETARCH".tar.gz | tar zx && \ install -t /usr/local/bin drone # Install faillint used to lint go imports in CI. @@ -97,8 +97,8 @@ RUN dpkg --add-architecture armhf && \ COPY --from=docker /usr/bin/docker /usr/bin/docker COPY --from=docker /usr/libexec/docker/cli-plugins/docker-buildx /usr/libexec/docker/cli-plugins/docker-buildx -COPY --from=helm /usr/bin/helm /usr/bin/helm -COPY --from=helm /go/bin/helm-docs /usr/bin/helm-docs +COPY --from=helm /usr/local/bin/helm /usr/bin/helm +COPY --from=helm /usr/local/bin/helm-docs /usr/bin/helm-docs COPY --from=lychee /usr/bin/lychee /usr/bin/lychee COPY --from=golangci /bin/golangci-lint /usr/local/bin COPY --from=buf /usr/bin/buf /usr/bin/buf