From 06e70b2206fe5229514cff0c601d7f6609cfe771 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Thu, 11 Sep 2025 14:31:00 +0200 Subject: [PATCH 01/11] attempt to run docker build on AWS --- .github/workflows/build-docker.yml | 38 +++++++++++++++++++++--------- .github/workflows/current.yml | 1 + 2 files changed, 28 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index 3f4cd5f6..d716c931 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -18,22 +18,38 @@ env: jobs: build-docker: runs-on: - - self-hosted - - Linux - - ${{ matrix.runner }} - + - codebuild-defguard-gateway-runner-${{ github.run_id }}-${{ github.run_attempt }} + image:${{ matrix.os }} + instance-size:${{ matrix.size }} + buildspec-override:true + # - self-hosted + # - Linux + # - ${{ matrix.runner }} + + # strategy: + # matrix: + # cpu: [arm64, amd64, arm/v7] + # include: + # - cpu: arm64 + # runner: ARM64 + # tag: arm64 + # - cpu: amd64 + # runner: X64 + # tag: amd64 + # - cpu: arm/v7 + # runner: ARM + # tag: armv7 strategy: matrix: - cpu: [arm64, amd64, arm/v7] include: - - cpu: arm64 - runner: ARM64 + - os: arm-3.0 + size: xlarge tag: arm64 - - cpu: amd64 - runner: X64 + - os: ubuntu-7.0 + size: xlarge tag: amd64 - - cpu: arm/v7 - runner: ARM + - os: arm-ec2 + size: large tag: armv7 permissions: diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml index 1587da18..db6c89cc 100644 --- a/.github/workflows/current.yml +++ b/.github/workflows/current.yml @@ -5,6 +5,7 @@ on: - main - dev - 'release/**' + - aws_docker_build paths-ignore: - "*.md" - "LICENSE" From 0c91d41baa283d4ef04e9d32e1f06d9d5115cfc8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Thu, 11 Sep 2025 14:34:21 +0200 Subject: [PATCH 02/11] add missing parameter --- .github/workflows/build-docker.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index d716c931..11ac093c 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -44,12 +44,15 @@ jobs: include: - os: arm-3.0 size: xlarge + cpu: arm64 tag: arm64 - os: ubuntu-7.0 size: xlarge + cpu: amd64 tag: amd64 - os: arm-ec2 size: large + cpu: arm/v7 tag: armv7 permissions: From 9d2c3bb471de29e4df918219d96c5d6d8ab757d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Thu, 11 Sep 2025 14:44:08 +0200 Subject: [PATCH 03/11] remove buildspec override --- .github/workflows/build-docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index 11ac093c..8254171e 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -21,7 +21,7 @@ jobs: - codebuild-defguard-gateway-runner-${{ github.run_id }}-${{ github.run_attempt }} image:${{ matrix.os }} instance-size:${{ matrix.size }} - buildspec-override:true + # buildspec-override:true # - self-hosted # - Linux # - ${{ matrix.runner }} From 7609cea83a3e2ffde0abdd5160a92b3a0b7a4817 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Thu, 11 Sep 2025 19:57:29 +0200 Subject: [PATCH 04/11] try adjusting token permissions --- .github/workflows/build-docker.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index 8254171e..ca824600 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -58,6 +58,7 @@ jobs: permissions: contents: read packages: write + actions: write steps: - name: Checkout From 3d18bb1bbdd64dc73218eaf575fe539699b50c07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Fri, 12 Sep 2025 08:00:39 +0200 Subject: [PATCH 05/11] disable legacy mirror --- .github/workflows/build-docker.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index ca824600..26eb95a9 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -75,10 +75,10 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - with: - buildkitd-config-inline: | - [registry."docker.io"] - mirrors = ["dockerhub-proxy.teonite.net"] + # with: + # buildkitd-config-inline: | + # [registry."docker.io"] + # mirrors = ["dockerhub-proxy.teonite.net"] - name: Build container uses: docker/build-push-action@v5 From 3f909bcd4d0c6eb09df13f20a3c48f3de1bcf2be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Fri, 12 Sep 2025 08:13:53 +0200 Subject: [PATCH 06/11] try using registry cache --- .github/workflows/build-docker.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index 26eb95a9..ef4d4bdb 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -75,10 +75,6 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - # with: - # buildkitd-config-inline: | - # [registry."docker.io"] - # mirrors = ["dockerhub-proxy.teonite.net"] - name: Build container uses: docker/build-push-action@v5 @@ -88,8 +84,10 @@ jobs: provenance: false push: true tags: "${{ env.GHCR_REPO }}:${{ github.sha }}-${{ matrix.tag }}" - cache-from: type=gha - cache-to: type=gha,mode=max + cache-from: | + type=registry,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.cpu }} + type=registry,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.cpu }}-${{ github.ref_name }} + cache-to: type=registry,mode=max,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.cpu }}-${{ github.ref_name }} - name: Scan image with Trivy uses: aquasecurity/trivy-action@0.32.0 From 6cde2682f6351bc8b58958b8c6ff798dc9e44c40 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Fri, 12 Sep 2025 08:17:54 +0200 Subject: [PATCH 07/11] fix cache key --- .github/workflows/build-docker.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index ef4d4bdb..6dd49805 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -85,8 +85,8 @@ jobs: push: true tags: "${{ env.GHCR_REPO }}:${{ github.sha }}-${{ matrix.tag }}" cache-from: | - type=registry,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.cpu }} - type=registry,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.cpu }}-${{ github.ref_name }} + type=registry,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.tag }} + type=registry,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.tag }}-${{ github.ref_name }} cache-to: type=registry,mode=max,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.cpu }}-${{ github.ref_name }} - name: Scan image with Trivy From e18ef9b999834b90150a182d593c49af4cb7aa0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Fri, 12 Sep 2025 08:22:04 +0200 Subject: [PATCH 08/11] fix cache key --- .github/workflows/build-docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index 6dd49805..a100f5c3 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -87,7 +87,7 @@ jobs: cache-from: | type=registry,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.tag }} type=registry,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.tag }}-${{ github.ref_name }} - cache-to: type=registry,mode=max,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.cpu }}-${{ github.ref_name }} + cache-to: type=registry,mode=max,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.tag }}-${{ github.ref_name }} - name: Scan image with Trivy uses: aquasecurity/trivy-action@0.32.0 From 852a00d92f8763b24f4c93cb6dd2dbe053b602b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Fri, 12 Sep 2025 09:24:03 +0200 Subject: [PATCH 09/11] try out another arm image --- .github/workflows/build-docker.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index a100f5c3..88cbb1a9 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -50,8 +50,8 @@ jobs: size: xlarge cpu: amd64 tag: amd64 - - os: arm-ec2 - size: large + - os: arm-3.0 + size: xlarge cpu: arm/v7 tag: armv7 From ad06b7f7ce6de56a9906ad5c719cabd595a04253 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Fri, 12 Sep 2025 09:35:16 +0200 Subject: [PATCH 10/11] cleanup --- .github/workflows/build-docker.yml | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index 88cbb1a9..1f21aa95 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -21,24 +21,6 @@ jobs: - codebuild-defguard-gateway-runner-${{ github.run_id }}-${{ github.run_attempt }} image:${{ matrix.os }} instance-size:${{ matrix.size }} - # buildspec-override:true - # - self-hosted - # - Linux - # - ${{ matrix.runner }} - - # strategy: - # matrix: - # cpu: [arm64, amd64, arm/v7] - # include: - # - cpu: arm64 - # runner: ARM64 - # tag: arm64 - # - cpu: amd64 - # runner: X64 - # tag: amd64 - # - cpu: arm/v7 - # runner: ARM - # tag: armv7 strategy: matrix: include: @@ -58,7 +40,6 @@ jobs: permissions: contents: read packages: write - actions: write steps: - name: Checkout From b7116f8d05cec53a1ed02c16a484e2c93edc6497 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Fri, 12 Sep 2025 09:48:45 +0200 Subject: [PATCH 11/11] remove temporary override --- .github/workflows/current.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml index db6c89cc..1587da18 100644 --- a/.github/workflows/current.yml +++ b/.github/workflows/current.yml @@ -5,7 +5,6 @@ on: - main - dev - 'release/**' - - aws_docker_build paths-ignore: - "*.md" - "LICENSE"