From 9f018ef857f7ba3d52b2452e9d7aca861b5c1562 Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Thu, 12 Jun 2025 12:57:25 +0100 Subject: [PATCH 01/24] chore: fix CI workflow --- .github/workflows/ci.yml | 12 +++--------- common/Earthfile | 18 +++++++++++++----- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2363f68..2ae753e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,12 +5,12 @@ on: # push: # branches: [ "main" ] pull_request: - branches: [ "main" ] + branches: ["main"] concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true - + jobs: test: name: test @@ -28,12 +28,6 @@ jobs: - name: Docker login (non fork only) run: |- docker login --username "${{ secrets.DOCKERHUB_USERNAME }}" --password "${{ secrets.DOCKERHUB_TOKEN }}" - docker login registry-1.docker.io.mirror.corp.earthly.dev --username "${{ secrets.DOCKERHUB_MIRROR_USERNAME }}" --password "${{ secrets.DOCKERHUB_MIRROR_PASSWORD }}" - if: github.event.pull_request.head.repo.full_name == github.repository - - name: Configure Earthly to use mirror (non fork only) - run: |- - earthly config global.buildkit_additional_config "'[registry.\"docker.io\"] - mirrors = [\"registry-1.docker.io.mirror.corp.earthly.dev\"]'" if: github.event.pull_request.head.repo.full_name == github.repository - name: Run tests - run: earthly --ci -P --push --org earthly-technologies --satellite dind +test + run: earthly --ci -P dind +test diff --git a/common/Earthfile b/common/Earthfile index 9a22e2e..7c2ad25 100644 --- a/common/Earthfile +++ b/common/Earthfile @@ -6,11 +6,11 @@ FROM alpine # EARTHLY_REPO_VERSION specifies a branch and/or commit of earthly/earthly (it defaults to the earthly cli version if left empty) ARG EARTHLY_REPO_VERSION -IMPORT github.com/earthly/earthly/buildkitd:$EARTHLY_REPO_VERSION AS earthly -IMPORT github.com/earthly/earthly/tests/with-docker:$EARTHLY_REPO_VERSION AS with-docker -IMPORT github.com/earthly/earthly/tests/with-docker-compose:$EARTHLY_REPO_VERSION AS with-docker-compose -IMPORT github.com/earthly/earthly/tests/with-docker-kind:$EARTHLY_REPO_VERSION AS with-docker-kind -IMPORT github.com/earthly/earthly/tests/dind-auto-install:$EARTHLY_REPO_VERSION AS dind-auto-install +IMPORT github.com/EarthBuild/earthbuild/buildkitd:$EARTHLY_REPO_VERSION AS earthly +IMPORT github.com/EarthBuild/earthbuild/tests/with-docker:$EARTHLY_REPO_VERSION AS with-docker +IMPORT github.com/EarthBuild/earthbuild/tests/with-docker-compose:$EARTHLY_REPO_VERSION AS with-docker-compose +IMPORT github.com/EarthBuild/earthbuild/tests/with-docker-kind:$EARTHLY_REPO_VERSION AS with-docker-kind +IMPORT github.com/EarthBuild/earthbuild/tests/dind-auto-install:$EARTHLY_REPO_VERSION AS dind-auto-install # DOCKERHUB_USER is the organization name in docker hub (default: earthly) ARG --global DOCKERHUB_USER @@ -26,6 +26,14 @@ build: # DOCKER_VERSION is the version of docker to use, e.g. 20.10.14 ARG --required DOCKER_VERSION FROM $OS_IMAGE:$OS_VERSION + # Ubuntu 23.04 has reached EOL + IF [ "$OS_VERSION" = "23.04" ] + RUN sed -i \ + -e 's/archive.ubuntu.com\/ubuntu/old-releases.ubuntu.com\/ubuntu/g' \ + -e 's/ports.ubuntu.com\/ubuntu-ports/old-releases.ubuntu.com\/ubuntu/g' \ + -e 's/security.ubuntu.com\/ubuntu/old-releases.ubuntu.com\/ubuntu/g' \ + /etc/apt/sources.list + END COPY earthly+export-docker-script/docker-auto-install.sh /usr/local/bin/docker-auto-install.sh RUN docker-auto-install.sh LET DOCKER_VERSION_TAG=$DOCKER_VERSION From 874b5f2b123eaf6be1a4f4287165dde4f555e9c3 Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Thu, 12 Jun 2025 13:08:19 +0100 Subject: [PATCH 02/24] fix: remove satellite name --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2ae753e..1df9f19 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -30,4 +30,4 @@ jobs: docker login --username "${{ secrets.DOCKERHUB_USERNAME }}" --password "${{ secrets.DOCKERHUB_TOKEN }}" if: github.event.pull_request.head.repo.full_name == github.repository - name: Run tests - run: earthly --ci -P dind +test + run: earthly --ci -P +test From 93d3ae0b9e153c5b9e2aecfd101fde9db1a98c4e Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Sat, 14 Jun 2025 13:19:33 +0100 Subject: [PATCH 03/24] chore: try with older ubuntu --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1df9f19..587e9dd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,7 +14,7 @@ concurrency: jobs: test: name: test - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 env: FORCE_COLOR: 1 EARTHLY_CONVERSION_PARALLELISM: "5" From 32521f9c06f63665094cb83ff79263c9886f0424 Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Thu, 19 Jun 2025 16:45:58 +0100 Subject: [PATCH 04/24] chore: set up QEMU --- .github/workflows/ci.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 587e9dd..1380e19 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,13 +14,19 @@ concurrency: jobs: test: name: test - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest env: FORCE_COLOR: 1 EARTHLY_CONVERSION_PARALLELISM: "5" EARTHLY_TOKEN: "${{ secrets.EARTHLY_TOKEN }}" EARTHLY_INSTALL_ID: "earthly-dind-githubactions" steps: + - name: Set up QEMU + id: qemu + uses: docker/setup-qemu-action@v1 + with: + image: tonistiigi/binfmt:latest + platforms: all - uses: earthly/actions/setup-earthly@v1 with: version: v0.8.15 From 2e7b435737aba781bcfa8f47f520a885e65fec03 Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Thu, 19 Jun 2025 17:20:25 +0100 Subject: [PATCH 05/24] chore: update DOCKERHUB_USER and push images to registry --- .arg | 2 +- .github/workflows/ci.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.arg b/.arg index 455a198..73dc6f0 100644 --- a/.arg +++ b/.arg @@ -1,3 +1,3 @@ -DOCKERHUB_USER=earthly +DOCKERHUB_USER=earthbuild IMAGE_NAME=dind EARTHLY_REPO_VERSION=0b28ef80785fd88df1ec7e674475b02e046d5b36 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1380e19..04c763c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,4 +36,4 @@ jobs: docker login --username "${{ secrets.DOCKERHUB_USERNAME }}" --password "${{ secrets.DOCKERHUB_TOKEN }}" if: github.event.pull_request.head.repo.full_name == github.repository - name: Run tests - run: earthly --ci -P +test + run: earthly --ci -P --push +test From c7612435e8a0d6bd87d472b8acd3821c712fcfcd Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Thu, 19 Jun 2025 21:15:12 +0100 Subject: [PATCH 06/24] chore: set up docker hub mirrors --- .github/workflows/ci.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 04c763c..6d082d9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,9 +21,14 @@ jobs: EARTHLY_TOKEN: "${{ secrets.EARTHLY_TOKEN }}" EARTHLY_INSTALL_ID: "earthly-dind-githubactions" steps: + - name: Set up Docker Hub mirrors + run: | + sudo mkdir -p /etc/docker + echo '{"registry-mirrors": ["https://mirror.gcr.io"]}' | sudo tee /etc/docker/daemon.json + sudo systemctl restart docker - name: Set up QEMU id: qemu - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v3 with: image: tonistiigi/binfmt:latest platforms: all From 788c85239e7e0509373057238b5bf78976e378f9 Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Fri, 20 Jun 2025 09:54:14 +0100 Subject: [PATCH 07/24] chore: docker system info --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6d082d9..9396dfd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,6 +32,7 @@ jobs: with: image: tonistiigi/binfmt:latest platforms: all + - run: docker system info - uses: earthly/actions/setup-earthly@v1 with: version: v0.8.15 From caee71c3de195fc4f2f49770658bbcefc2751b5e Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Fri, 20 Jun 2025 12:13:39 +0100 Subject: [PATCH 08/24] chore: remove docker system info --- .github/workflows/ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9396dfd..6d082d9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,7 +32,6 @@ jobs: with: image: tonistiigi/binfmt:latest platforms: all - - run: docker system info - uses: earthly/actions/setup-earthly@v1 with: version: v0.8.15 From a95a13002c149dc9b86238cc3e7a1a76f0b2b3f1 Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Fri, 20 Jun 2025 13:10:20 +0100 Subject: [PATCH 09/24] chore: pass +test without mirroring and pushing --- .github/workflows/ci.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6d082d9..cdeaaa3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,11 +21,11 @@ jobs: EARTHLY_TOKEN: "${{ secrets.EARTHLY_TOKEN }}" EARTHLY_INSTALL_ID: "earthly-dind-githubactions" steps: - - name: Set up Docker Hub mirrors - run: | - sudo mkdir -p /etc/docker - echo '{"registry-mirrors": ["https://mirror.gcr.io"]}' | sudo tee /etc/docker/daemon.json - sudo systemctl restart docker + # - name: Set up Docker Hub mirrors + # run: | + # sudo mkdir -p /etc/docker + # echo '{"registry-mirrors": ["https://mirror.gcr.io"]}' | sudo tee /etc/docker/daemon.json + # sudo systemctl restart docker - name: Set up QEMU id: qemu uses: docker/setup-qemu-action@v3 @@ -41,4 +41,5 @@ jobs: docker login --username "${{ secrets.DOCKERHUB_USERNAME }}" --password "${{ secrets.DOCKERHUB_TOKEN }}" if: github.event.pull_request.head.repo.full_name == github.repository - name: Run tests - run: earthly --ci -P --push +test + run: earthly --ci -P +test + # run: earthly --ci -P --push +test From de504258c600b4bb799d896ed0fc66faf88d0a5e Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Fri, 20 Jun 2025 13:54:27 +0100 Subject: [PATCH 10/24] chore: set up docker hub mirrors --- .github/workflows/ci.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cdeaaa3..fc58adf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,11 +21,11 @@ jobs: EARTHLY_TOKEN: "${{ secrets.EARTHLY_TOKEN }}" EARTHLY_INSTALL_ID: "earthly-dind-githubactions" steps: - # - name: Set up Docker Hub mirrors - # run: | - # sudo mkdir -p /etc/docker - # echo '{"registry-mirrors": ["https://mirror.gcr.io"]}' | sudo tee /etc/docker/daemon.json - # sudo systemctl restart docker + - name: Set up Docker Hub mirrors + run: | + sudo mkdir -p /etc/docker + echo '{"registry-mirrors": ["https://mirror.gcr.io"]}' | sudo tee /etc/docker/daemon.json + sudo systemctl restart docker - name: Set up QEMU id: qemu uses: docker/setup-qemu-action@v3 From d93e05f1598ef39a2268ef2a3453f5d08a448feb Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Fri, 20 Jun 2025 14:27:24 +0100 Subject: [PATCH 11/24] chore: push images to docker hub --- .github/workflows/ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fc58adf..6d082d9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -41,5 +41,4 @@ jobs: docker login --username "${{ secrets.DOCKERHUB_USERNAME }}" --password "${{ secrets.DOCKERHUB_TOKEN }}" if: github.event.pull_request.head.repo.full_name == github.repository - name: Run tests - run: earthly --ci -P +test - # run: earthly --ci -P --push +test + run: earthly --ci -P --push +test From 95d3ec9df0f4c1badd3fcf41a35bf43b87f316d9 Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Fri, 20 Jun 2025 14:51:29 +0100 Subject: [PATCH 12/24] chore: modprobe ip6* --- .github/workflows/ci.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6d082d9..0490a5b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,6 +21,14 @@ jobs: EARTHLY_TOKEN: "${{ secrets.EARTHLY_TOKEN }}" EARTHLY_INSTALL_ID: "earthly-dind-githubactions" steps: + - name: Load kernel modules for IPv6 NAT + run: | + sudo modprobe ip6_tables + sudo modprobe ip6table_nat + echo "--- Loaded kernel modules (checking for ip6_tables, ip6table_nat) ---" + lsmod | grep -E "ip6_tables|ip6table_nat" + echo "--- Checking ip6tables nat table availability on runner ---" + sudo ip6tables -t nat -L -n || echo "Warning: ip6tables nat table still not accessible on the runner after modprobe." - name: Set up Docker Hub mirrors run: | sudo mkdir -p /etc/docker From d69e370b756fae96f8a1031a1e8397e58ff91eab Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Fri, 20 Jun 2025 17:17:12 +0100 Subject: [PATCH 13/24] chore: use ghcr --- .arg | 3 ++- .github/workflows/ci.yml | 5 ++--- README.md | 6 +++--- common/Earthfile | 26 ++++++++++++++------------ 4 files changed, 21 insertions(+), 19 deletions(-) diff --git a/.arg b/.arg index 73dc6f0..77dea16 100644 --- a/.arg +++ b/.arg @@ -1,3 +1,4 @@ -DOCKERHUB_USER=earthbuild +CR_HOST=gchr.io +CR_USER=earthbuild IMAGE_NAME=dind EARTHLY_REPO_VERSION=0b28ef80785fd88df1ec7e674475b02e046d5b36 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0490a5b..b42efcc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -44,9 +44,8 @@ jobs: with: version: v0.8.15 - uses: actions/checkout@v4 - - name: Docker login (non fork only) - run: |- - docker login --username "${{ secrets.DOCKERHUB_USERNAME }}" --password "${{ secrets.DOCKERHUB_TOKEN }}" + - name: Log in to registry (non fork only) + run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin if: github.event.pull_request.head.repo.full_name == github.repository - name: Run tests run: earthly --ci -P --push +test diff --git a/README.md b/README.md index 11c67ab..afe5a38 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ For information on how to use these images, please refer to [docker in earthly]( ## Supported Distributions -There are currently 3 supported dind distributions available: +There are currently 3 supported dind distributions available: - `alpine` - `ubuntu:20.04` - `ubuntu:23.04` @@ -30,7 +30,7 @@ dependencies that will trigger new versions of the dind images such as the docke ```bash . -├── Earthfile // Targets that apply to all images (e.g. +test) +├── Earthfile // Targets that apply to all images (e.g. +test) ├── common │ └── Earthfile // A library of common helper targets └── os // Each directory contains an Earthfile with targets to maintain the specific os (e.g. +test, +build) @@ -65,7 +65,7 @@ earthly --push -P +test #### Community members -Community members do not have permissions to push a built image and run the tests against it. However, they can easily set a different dockerhub repository by changing the `DOCKERHUB_USER` ARG value in [.arg](.arg) to a private repository or by passing the arg in the earthly command, e.g. `earthly --push -P +test --DOCKERHUB_USER=`. +Community members do not have permissions to push a built image and run the tests against it. However, they can easily set a different container registry by changing the `CR_HOST` (default: ghcr.io) and `CR_USER` ARG values in [.arg](.arg) to a private container registry or by passing the arg in the earthly command, e.g. `earthly --push -P +test --CR_HOST= --CR_USER=`. ## Deployment diff --git a/common/Earthfile b/common/Earthfile index 7c2ad25..c5f9cb5 100644 --- a/common/Earthfile +++ b/common/Earthfile @@ -12,8 +12,8 @@ IMPORT github.com/EarthBuild/earthbuild/tests/with-docker-compose:$EARTHLY_REPO_ IMPORT github.com/EarthBuild/earthbuild/tests/with-docker-kind:$EARTHLY_REPO_VERSION AS with-docker-kind IMPORT github.com/EarthBuild/earthbuild/tests/dind-auto-install:$EARTHLY_REPO_VERSION AS dind-auto-install -# DOCKERHUB_USER is the organization name in docker hub (default: earthly) -ARG --global DOCKERHUB_USER +# CR_USER is the organization name in a container registry (default: earthbuild) +ARG --global CR_USER # IMAGE_NAME is the image repository in docker hub (default: dind) ARG --global IMAGE_NAME @@ -40,8 +40,8 @@ build: IF [ "$OS_IMAGE" = "alpine" ] RUN apk add iptables-legacy # required for older kernels END - # DOCKERHUB_USER is the organization name in docker hub (default: earthly) - ARG DOCKERHUB_USER + # CR_USER is the organization name in container registry (default: earthbuild) + ARG CR_USER # IMAGE_NAME is the image repository in docker hub (default: dind) ARG IMAGE_NAME COPY --dir --pass-args +get-image-info/image-info . @@ -49,7 +49,8 @@ build: LET image_tag=$(cat image-info/tag) RUN rm -rf image-info ENV OTEL_TRACES_EXPORTER=none # disabled for speed improvement; see https://github.com/earthly/earthly/issues/4066 - SAVE IMAGE --push $image_name:$image_tag + ARG --required CR_HOST + SAVE IMAGE --push $CR_HOST/$image_name:$image_tag # get-image-info generates the image name and tag as a saved artifact so it can be used by multiple targets get-image-info: @@ -67,11 +68,12 @@ get-image-info: RUN if echo $DOCKER_VERSION_TAG | grep "[^0-9.-]"; then echo "DOCKER_VERSION_TAG looks bad; got $DOCKER_VERSION_TAG" && exit 1; fi END LET TAG=$OS_IMAGE-$OS_VERSION-docker-$DOCKER_VERSION_TAG - # DOCKERHUB_USER is the organization name in docker hub (default: earthly) - ARG --required DOCKERHUB_USER + # CR_USER is the organization name in container registry (default: earthbuild) + ARG --required CR_USER # IMAGE_NAME is the image repository in docker hub (default: dind) ARG --required IMAGE_NAME - LET image_full_name=$DOCKERHUB_USER/$IMAGE_NAME + # image_full_name excludes container registry name + LET image_full_name=$CR_USER/$IMAGE_NAME ARG SUFFIX IF [ -n "$SUFFIX" ] SET TAG="$TAG-$SUFFIX" @@ -83,7 +85,7 @@ get-image-info: # test runs tests against the specified image (DIND_IMAGE) or otherwise uses the image specified in earthly/earthly repo test: - # DIND_IMAGE is the full docker image name & tag to run the tests against. The image must exist in the remote docker registry + # DIND_IMAGE is the full container image name & tag to run the tests against. The image must exist in the remote container registry ARG DIND_IMAGE BUILD --pass-args with-docker+all --DIND_IMAGE=$DIND_IMAGE BUILD --pass-args dind-auto-install+test --BASE_IMAGE=$DIND_IMAGE @@ -107,7 +109,7 @@ build-and-test: # EARTHLY_PUSH is a builtin arg that helps determine if the tests should run ARG EARTHLY_PUSH IF [ "$EARTHLY_PUSH" = "true" ] - BUILD --pass-args ../os/$DIR_PATH+test --DIND_IMAGE=$image_name:$image_tag + BUILD --pass-args ../os/$DIR_PATH+test --DIND_IMAGE=$CR_HOST/$image_name:$image_tag END END @@ -122,12 +124,12 @@ push-new-tag: exit 1 END END - FROM $DOCKERHUB_USER/$IMAGE_NAME:$TAG_WITH_DATE + FROM $CR_USER/$IMAGE_NAME:$TAG_WITH_DATE LET new_tag="$(echo ${TAG_WITH_DATE%-*})" IF [ "$new_tag" = "$TAG_WITH_DATE" ] RUN --no-cache echo "failed to remove date from tag $TAG_WITH_DATE" && exit 1 END - SAVE IMAGE --push $DOCKERHUB_USER/$IMAGE_NAME:$new_tag + SAVE IMAGE --push $CR_USER/$IMAGE_NAME:$new_tag # push-new-tag-multi-platform builds push-new-tag using both amd64 & arm64 platforms. push-new-tag-multi-platform: From f5c770c835124fed6f9470a574a70c7785ec50e5 Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Fri, 20 Jun 2025 17:38:13 +0100 Subject: [PATCH 14/24] chore: use docker/login-action --- .github/workflows/ci.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b42efcc..474d07c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -44,8 +44,12 @@ jobs: with: version: v0.8.15 - uses: actions/checkout@v4 - - name: Log in to registry (non fork only) - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin + - name: Log in to GitHub Container Registry (non fork only) + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} if: github.event.pull_request.head.repo.full_name == github.repository - name: Run tests run: earthly --ci -P --push +test From 14f841a49c9c9d98ffe5ae10b6b686072cbed41c Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Fri, 20 Jun 2025 17:46:26 +0100 Subject: [PATCH 15/24] chore: fix github container registry host --- .arg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.arg b/.arg index 77dea16..cdb73f7 100644 --- a/.arg +++ b/.arg @@ -1,4 +1,4 @@ -CR_HOST=gchr.io +CR_HOST=ghcr.io CR_USER=earthbuild IMAGE_NAME=dind EARTHLY_REPO_VERSION=0b28ef80785fd88df1ec7e674475b02e046d5b36 From bf7bb12a1f07f0cacbd7da6b9cc9b66d96a947cb Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Fri, 20 Jun 2025 17:54:07 +0100 Subject: [PATCH 16/24] chore: permit to push images --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 474d07c..37563a9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,6 +15,9 @@ jobs: test: name: test runs-on: ubuntu-latest + permissions: + contents: read + packages: write env: FORCE_COLOR: 1 EARTHLY_CONVERSION_PARALLELISM: "5" From 708bb9311f8333584897ddd25f52574d669fe670 Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Fri, 20 Jun 2025 18:10:58 +0100 Subject: [PATCH 17/24] chore: ensure CR_HOST is required for +build-and-test --- common/Earthfile | 1 + 1 file changed, 1 insertion(+) diff --git a/common/Earthfile b/common/Earthfile index c5f9cb5..3075d8b 100644 --- a/common/Earthfile +++ b/common/Earthfile @@ -105,6 +105,7 @@ build-and-test: COPY --dir --pass-args +get-image-info/image-info . LET image_name=$(cat image-info/name) LET image_tag=$(cat image-info/tag) + ARG --required CR_HOST WAIT # EARTHLY_PUSH is a builtin arg that helps determine if the tests should run ARG EARTHLY_PUSH From ec0c2ae2ba59f37c8fcb9e761b409fbdcaa279c3 Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Fri, 20 Jun 2025 18:41:00 +0100 Subject: [PATCH 18/24] chore: rename CR_USER to CR_ORG --- .arg | 2 +- README.md | 2 +- common/Earthfile | 20 ++++++++++---------- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.arg b/.arg index cdb73f7..a9fbc5e 100644 --- a/.arg +++ b/.arg @@ -1,4 +1,4 @@ CR_HOST=ghcr.io -CR_USER=earthbuild +CR_ORG=earthbuild IMAGE_NAME=dind EARTHLY_REPO_VERSION=0b28ef80785fd88df1ec7e674475b02e046d5b36 diff --git a/README.md b/README.md index afe5a38..3c0256e 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ earthly --push -P +test #### Community members -Community members do not have permissions to push a built image and run the tests against it. However, they can easily set a different container registry by changing the `CR_HOST` (default: ghcr.io) and `CR_USER` ARG values in [.arg](.arg) to a private container registry or by passing the arg in the earthly command, e.g. `earthly --push -P +test --CR_HOST= --CR_USER=`. +Community members do not have permissions to push a built image and run the tests against it. However, they can easily set a different container registry repository by changing the `CR_HOST` (default: ghcr.io) and `CR_ORG` ARG values in [.arg](.arg) to a private container registry repository or by passing the args in the earthly command, e.g. `earthly --push -P +test --CR_HOST= --CR_ORG=`. ## Deployment diff --git a/common/Earthfile b/common/Earthfile index 3075d8b..1dc50df 100644 --- a/common/Earthfile +++ b/common/Earthfile @@ -12,8 +12,8 @@ IMPORT github.com/EarthBuild/earthbuild/tests/with-docker-compose:$EARTHLY_REPO_ IMPORT github.com/EarthBuild/earthbuild/tests/with-docker-kind:$EARTHLY_REPO_VERSION AS with-docker-kind IMPORT github.com/EarthBuild/earthbuild/tests/dind-auto-install:$EARTHLY_REPO_VERSION AS dind-auto-install -# CR_USER is the organization name in a container registry (default: earthbuild) -ARG --global CR_USER +# CR_ORG is the organization name in a container registry (default: earthbuild) +ARG --global CR_ORG # IMAGE_NAME is the image repository in docker hub (default: dind) ARG --global IMAGE_NAME @@ -40,8 +40,8 @@ build: IF [ "$OS_IMAGE" = "alpine" ] RUN apk add iptables-legacy # required for older kernels END - # CR_USER is the organization name in container registry (default: earthbuild) - ARG CR_USER + # CR_ORG is the organization name in container registry (default: earthbuild) + ARG CR_ORG # IMAGE_NAME is the image repository in docker hub (default: dind) ARG IMAGE_NAME COPY --dir --pass-args +get-image-info/image-info . @@ -68,12 +68,12 @@ get-image-info: RUN if echo $DOCKER_VERSION_TAG | grep "[^0-9.-]"; then echo "DOCKER_VERSION_TAG looks bad; got $DOCKER_VERSION_TAG" && exit 1; fi END LET TAG=$OS_IMAGE-$OS_VERSION-docker-$DOCKER_VERSION_TAG - # CR_USER is the organization name in container registry (default: earthbuild) - ARG --required CR_USER + # CR_ORG is the organization name in container registry (default: earthbuild) + ARG --required CR_ORG # IMAGE_NAME is the image repository in docker hub (default: dind) ARG --required IMAGE_NAME - # image_full_name excludes container registry name - LET image_full_name=$CR_USER/$IMAGE_NAME + # image_full_name excludes container registry host + LET image_full_name=$CR_ORG/$IMAGE_NAME ARG SUFFIX IF [ -n "$SUFFIX" ] SET TAG="$TAG-$SUFFIX" @@ -125,12 +125,12 @@ push-new-tag: exit 1 END END - FROM $CR_USER/$IMAGE_NAME:$TAG_WITH_DATE + FROM $CR_ORG/$IMAGE_NAME:$TAG_WITH_DATE LET new_tag="$(echo ${TAG_WITH_DATE%-*})" IF [ "$new_tag" = "$TAG_WITH_DATE" ] RUN --no-cache echo "failed to remove date from tag $TAG_WITH_DATE" && exit 1 END - SAVE IMAGE --push $CR_USER/$IMAGE_NAME:$new_tag + SAVE IMAGE --push $CR_ORG/$IMAGE_NAME:$new_tag # push-new-tag-multi-platform builds push-new-tag using both amd64 & arm64 platforms. push-new-tag-multi-platform: From c96387c1299df0677317f9c9eafedd1cb86ddf8f Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Fri, 20 Jun 2025 18:57:51 +0100 Subject: [PATCH 19/24] chore: tidy --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3c0256e..dba2302 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ For information on how to use these images, please refer to [docker in earthly]( ## Supported Distributions -There are currently 3 supported dind distributions available: +There are currently 4 supported dind distributions available: - `alpine` - `ubuntu:20.04` - `ubuntu:23.04` From bbc95da1d04c62866a9236b9228b347c1df7340e Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Fri, 20 Jun 2025 19:18:58 +0100 Subject: [PATCH 20/24] chore: use earthbuild/actions-setup and delete EARTHLY_TOKEN --- .github/workflows/ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 37563a9..396b5e9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,7 +21,6 @@ jobs: env: FORCE_COLOR: 1 EARTHLY_CONVERSION_PARALLELISM: "5" - EARTHLY_TOKEN: "${{ secrets.EARTHLY_TOKEN }}" EARTHLY_INSTALL_ID: "earthly-dind-githubactions" steps: - name: Load kernel modules for IPv6 NAT @@ -43,7 +42,7 @@ jobs: with: image: tonistiigi/binfmt:latest platforms: all - - uses: earthly/actions/setup-earthly@v1 + - uses: earthbuild/actions-setup@main with: version: v0.8.15 - uses: actions/checkout@v4 From dff8c60511330f4fa15993e33f6bb41593faaeb7 Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Fri, 20 Jun 2025 20:17:23 +0100 Subject: [PATCH 21/24] chore: rename EARTHLY_INSTALL_ID --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 396b5e9..2933047 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,7 +21,7 @@ jobs: env: FORCE_COLOR: 1 EARTHLY_CONVERSION_PARALLELISM: "5" - EARTHLY_INSTALL_ID: "earthly-dind-githubactions" + EARTHLY_INSTALL_ID: "earthbuild-dind-githubactions" steps: - name: Load kernel modules for IPv6 NAT run: | From 817f118f329a1d0215b5fa44262597fbf278b245 Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Fri, 20 Jun 2025 23:39:02 +0100 Subject: [PATCH 22/24] refactor: based on feedback by @kmannislands --- .github/workflows/ci.yml | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2933047..3ee5113 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,18 +23,16 @@ jobs: EARTHLY_CONVERSION_PARALLELISM: "5" EARTHLY_INSTALL_ID: "earthbuild-dind-githubactions" steps: - - name: Load kernel modules for IPv6 NAT - run: | - sudo modprobe ip6_tables - sudo modprobe ip6table_nat - echo "--- Loaded kernel modules (checking for ip6_tables, ip6table_nat) ---" - lsmod | grep -E "ip6_tables|ip6table_nat" - echo "--- Checking ip6tables nat table availability on runner ---" - sudo ip6tables -t nat -L -n || echo "Warning: ip6tables nat table still not accessible on the runner after modprobe." + # The dind (common+alpine-kind-test and common+ubuntu-kind-test) detects + # the host's IPv6 capability and then requires IPv6 NAT to create networks + # for kind. So we load it here. + # Ref: https://github.com/moby/moby/pull/47062 + - name: Load kernel module IPv6 NAT + run: sudo modprobe ip6table_nat - name: Set up Docker Hub mirrors run: | sudo mkdir -p /etc/docker - echo '{"registry-mirrors": ["https://mirror.gcr.io"]}' | sudo tee /etc/docker/daemon.json + echo '{"registry-mirrors": ["https://mirror.gcr.io", "https://public.ecr.aws"]}' | sudo tee /etc/docker/daemon.json sudo systemctl restart docker - name: Set up QEMU id: qemu @@ -47,11 +45,7 @@ jobs: version: v0.8.15 - uses: actions/checkout@v4 - name: Log in to GitHub Container Registry (non fork only) - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin if: github.event.pull_request.head.repo.full_name == github.repository - name: Run tests run: earthly --ci -P --push +test From a3a8fbc9b91a7a77e232c0baee79fad656d30280 Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Sat, 21 Jun 2025 09:23:18 +0100 Subject: [PATCH 23/24] chore: set up QEMU with apt-get --- .github/workflows/ci.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3ee5113..63d9827 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,11 +35,10 @@ jobs: echo '{"registry-mirrors": ["https://mirror.gcr.io", "https://public.ecr.aws"]}' | sudo tee /etc/docker/daemon.json sudo systemctl restart docker - name: Set up QEMU - id: qemu - uses: docker/setup-qemu-action@v3 - with: - image: tonistiigi/binfmt:latest - platforms: all + run: | + sudo apt-get update + sudo apt-get install -y qemu-user-static binfmt-support + sudo update-binfmts --display - uses: earthbuild/actions-setup@main with: version: v0.8.15 From a003528906e85b0f9f7ce900dd416853dbe83705 Mon Sep 17 00:00:00 2001 From: Janis Horsts Date: Sun, 22 Jun 2025 10:38:18 +0100 Subject: [PATCH 24/24] chore: update CODEOWNERS --- .github/CODEOWNERS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index e2d3d45..231659a 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,2 +1,2 @@ -# PRs require approval from the earthly core team -* @earthly/core +# PRs require approval from the EarthBuild admin team +* @EarthBuild/fork-admins