From 313f3780238fe2c51661f8daaa26594318d88a6e Mon Sep 17 00:00:00 2001
From: sebthom <sebthom@users.noreply.github.com>
Date: Wed, 10 May 2023 23:04:50 +0200
Subject: [PATCH] add ARM builds

---
 .github/workflows/build.yml | 38 ++++++++++++++++++-------------------
 build-image.sh              | 24 ++++++++++-------------
 image/DinD.Dockerfile       | 13 ++++++++++---
 image/Dockerfile            | 13 ++++++++++---
 4 files changed, 49 insertions(+), 39 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index fd35546..04feafc 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -72,31 +72,31 @@ jobs:
 
     - name: Build ${{ env.DOCKER_IMAGE_REPO }}:${{ env.DOCKER_IMAGE_TAG }}
       env:
-        DOCKER_REGISTRY: docker.io
-        DOCKER_REGISTRY_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }}
-        DOCKER_REGISTRY_TOKEN: ${{ secrets.DOCKER_HUB_TOKEN }}
         DOCKER_IMAGE_TAG: ${{ matrix.DOCKER_IMAGE_TAG }}
         DOCKER_FILE: ${{ matrix.DOCKER_FILE }}
         TRIVY_GITHUB_TOKEN: ${{ github.token }}
-      run: |
-        set -eu
-        if [[ $GITHUB_REF_NAME == "main" && $GITHUB_EVENT_NAME != "pull_request" && ${ACT:-} != "true" ]]; then
-          export DOCKER_PUSH=1
-          echo "$DOCKER_REGISTRY_TOKEN" | docker login -u="$DOCKER_REGISTRY_USERNAME" "$DOCKER_REGISTRY" --password-stdin
-        fi
-        bash build-image.sh
+      run: bash build-image.sh
+
+    - name: Publish Docker image to docker.io registry
+      if: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }} # https://github.com/nektos/act#skipping-steps
+      uses: truemark/skopeo-copy-action@v1 # https://github.com/truemark/skopeo-copy-action
+      # alternative for skopeo is https://github.com/regclient/regclient via iarekylew00t/regctl-installer
+      with:
+        src-image: "docker://${{ env.DOCKER_IMAGE_REPO }}:${{ matrix.DOCKER_IMAGE_TAG }}"
+        dest-image: "docker://docker.io/${{ env.DOCKER_IMAGE_REPO }}:${{ matrix.DOCKER_IMAGE_TAG }}"
+        dest-username: "${{ secrets.DOCKER_HUB_USERNAME }}"
+        dest-password: "${{ secrets.DOCKER_HUB_TOKEN }}"
+        multi-arch: "all"
 
     - name: Publish Docker image to GH registry
       if: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }} # https://github.com/nektos/act#skipping-steps
-      env:
-        DOCKER_IMAGE_TAG: ${{ matrix.DOCKER_IMAGE_TAG }}
-      run: |
-        set -eux
-
-        echo "${{ github.token }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin
-
-        docker image tag $DOCKER_IMAGE_REPO:$DOCKER_IMAGE_TAG ghcr.io/$DOCKER_IMAGE_REPO:$DOCKER_IMAGE_TAG
-        docker push ghcr.io/$DOCKER_IMAGE_REPO:$DOCKER_IMAGE_TAG
+      uses: truemark/skopeo-copy-action@v1 # https://github.com/truemark/skopeo-copy-action
+      with:
+        src-image: "docker://${{ env.DOCKER_IMAGE_REPO }}:${{ matrix.DOCKER_IMAGE_TAG }}"
+        dest-image: "docker://ghcr.io/${{ env.DOCKER_IMAGE_REPO }}:${{ matrix.DOCKER_IMAGE_TAG }}"
+        dest-username: "${{ github.actor }}"
+        dest-password: "${{ github.token }}"
+        multi-arch: "all"
 
     - name: Delete untagged images
       uses: actions/github-script@v6
diff --git a/build-image.sh b/build-image.sh
index d6b36de..76041d5 100644
--- a/build-image.sh
+++ b/build-image.sh
@@ -4,7 +4,6 @@
 # SPDX-FileContributor: Sebastian Thomschke
 # SPDX-License-Identifier: Apache-2.0
 # SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-gitea-act-runner
-#
 
 shared_lib="$(dirname $0)/.shared"
 [ -e "$shared_lib" ] || curl -sSf https://raw.githubusercontent.com/vegardit/docker-shared/v1/download.sh?_=$(date +%s) | bash -s v1 "$shared_lib" || exit 1
@@ -15,7 +14,7 @@ source "$shared_lib/lib/build-image-init.sh"
 # specify target docker registry/repo
 #################################################
 docker_registry=${DOCKER_REGISTRY:-docker.io}
-image_repo=${DOCKER_REPO:-vegardit/gitea-act-runner}
+image_repo=${DOCKER_IMAGE_REPO:-vegardit/gitea-act-runner}
 image_name=$image_repo:${DOCKER_IMAGE_TAG:-latest}
 
 
@@ -27,7 +26,11 @@ if [[ $OSTYPE == "cygwin" || $OSTYPE == "msys" ]]; then
    project_root=$(cygpath -w "$project_root")
 fi
 
-DOCKER_BUILDKIT=1 docker build "$project_root" \
+# https://github.com/docker/buildx/#building-multi-platform-images
+docker run --privileged --rm tonistiigi/binfmt --install all
+export DOCKER_CLI_EXPERIMENTAL=enabled # prevents "docker: 'buildx' is not a docker command."
+docker buildx create --use # prevents: error: multiple platforms feature is currently not supported for docker driver. Please switch to a different driver (eg. "docker buildx create --use")
+docker buildx build "$project_root" \
    --file "image/$DOCKER_FILE" \
    --progress=plain \
    --pull \
@@ -39,9 +42,12 @@ DOCKER_BUILDKIT=1 docker build "$project_root" \
    --build-arg GIT_COMMIT_DATE="$(date -d @$(git log -1 --format='%at') --utc +'%Y-%m-%d %H:%M:%S UTC')" \
    --build-arg GIT_COMMIT_HASH="$(git rev-parse --short HEAD)" \
    --build-arg GIT_REPO_URL="$(git config --get remote.origin.url)" \
-   --build-arg ACT_RUNNER_DOWNLOAD_URL=$(curl -sSfL https://gitea.com/gitea/act_runner/releases | grep -oP "https://gitea.com/gitea/act_runner/releases/download/.*-linux-amd64" | head -1) \
+   --platform linux/amd64,linux/arm64,linux/arm/v7 \
    -t $image_name \
+   $(if [[ "${DOCKER_PUSH:-0}" == "1" ]]; then echo -n "--push"; fi) \
    "$@"
+docker buildx stop
+docker image pull $image_name
 
 
 #################################################
@@ -59,13 +65,3 @@ echo
 if [[ "${DOCKER_AUDIT_IMAGE:-1}" == 1 ]]; then
    bash "$shared_lib/cmd/audit-image.sh" $image_name
 fi
-
-
-#################################################
-# push image with tags to remote docker image registry
-#################################################
-if [[ "${DOCKER_PUSH:-0}" == "1" ]]; then
-   docker image tag $image_name $docker_registry/$image_name
-
-   docker push $docker_registry/$image_name
-fi
diff --git a/image/DinD.Dockerfile b/image/DinD.Dockerfile
index 3446f8a..0c14482 100644
--- a/image/DinD.Dockerfile
+++ b/image/DinD.Dockerfile
@@ -23,7 +23,6 @@ ARG LC_ALL=C
 
 ARG INSTALL_SUPPORT_TOOLS=0
 
-ARG ACT_RUNNER_DOWNLOAD_URL
 ARG UPX_COMPRESS=true
 
 ARG BASE_LAYER_CACHE_KEY
@@ -57,7 +56,7 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
     mkdir /opt/upx
     upx_download_url=$(curl -fsSL https://api.github.com/repos/upx/upx/releases/latest | grep browser_download_url | grep amd64_linux.tar.xz | cut "-d\"" -f4)
     echo "Downloading [$upx_download_url]..."
-    curl -fL "$upx_download_url" | tar Jxv -C /opt/upx --strip-components=1
+    curl -fsSL "$upx_download_url" | tar Jxv -C /opt/upx --strip-components=1
     /opt/upx/upx --version
   fi
 
@@ -66,7 +65,15 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
   echo "#################################################"
   echo "Downloading Gitea act runner..."
   echo "#################################################"
-  curl -fsSL "$ACT_RUNNER_DOWNLOAD_URL" -o /usr/local/bin/act_runner
+  arch=$(dpkg --print-architecture)
+  case $arch in
+    armhf) arch=arm-7 ;;
+    amd64|arm64) ;;
+    *) echo "Unsupported arch: $arch"; exit 1;;
+  esac
+  act_runner_download_url=$(curl -sSfL https://gitea.com/gitea/act_runner/releases | grep -oP "https://gitea.com/gitea/act_runner/releases/download/.*-linux-${arch}" | head -1)
+  echo "Downloading [$act_runner_download_url]..."
+  curl -fsSL "$act_runner_download_url" -o /usr/local/bin/act_runner
   chmod 755 /usr/local/bin/act_runner
   minimize /usr/local/bin/act_runner
   act_runner --version
diff --git a/image/Dockerfile b/image/Dockerfile
index dfb329a..dfe8586 100644
--- a/image/Dockerfile
+++ b/image/Dockerfile
@@ -23,7 +23,6 @@ ARG LC_ALL=C
 
 ARG INSTALL_SUPPORT_TOOLS=0
 
-ARG ACT_RUNNER_DOWNLOAD_URL
 ARG UPX_COMPRESS=true
 
 ARG BASE_LAYER_CACHE_KEY
@@ -57,7 +56,7 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
     mkdir /opt/upx
     upx_download_url=$(curl -fsSL https://api.github.com/repos/upx/upx/releases/latest | grep browser_download_url | grep amd64_linux.tar.xz | cut "-d\"" -f4)
     echo "Downloading [$upx_download_url]..."
-    curl -fL "$upx_download_url" | tar Jxv -C /opt/upx --strip-components=1
+    curl -fsSL "$upx_download_url" | tar Jxv -C /opt/upx --strip-components=1
     /opt/upx/upx --version
   fi
 
@@ -66,7 +65,15 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
   echo "#################################################"
   echo "Downloading Gitea act runner..."
   echo "#################################################"
-  curl -fsSL "$ACT_RUNNER_DOWNLOAD_URL" -o /usr/local/bin/act_runner
+  arch=$(dpkg --print-architecture)
+  case $arch in
+    armhf) arch=arm-7 ;;
+    amd64|arm64) ;;
+    *) echo "Unsupported arch: $arch"; exit 1;;
+  esac
+  act_runner_download_url=$(curl -sSfL https://gitea.com/gitea/act_runner/releases | grep -oP "https://gitea.com/gitea/act_runner/releases/download/.*-linux-${arch}" | head -1)
+  echo "Downloading [$act_runner_download_url]..."
+  curl -fsSL "$act_runner_download_url" -o /usr/local/bin/act_runner
   chmod 755 /usr/local/bin/act_runner
   minimize /usr/local/bin/act_runner
   act_runner --version