CI: cross-compile binaries

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

.dockerignore

@@ -1,2 +1,4 @@
 Dockerfile
 .github
+bin/
+_artifact/

.github/workflows/release.yaml

@@ -16,40 +16,42 @@ on:
 
 jobs:
   release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
     - uses: actions/checkout@v2
-    - run: DOCKER_BUILDKIT=1 docker build -o type=tar,dest=/tmp/rootlesskit-x86_64.tar --target artifact .
-    - run: gzip -9 /tmp/rootlesskit-x86_64.tar
-    - run: (cd /tmp; sha256sum rootlesskit-x86_64.tar.gz | tee /tmp/SHA256SUMS)
-    - uses: actions/create-release@v1
-      id: create_release
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        tag_name: ${{ github.ref }}
-        release_name: ${{ github.ref }}
-        draft: true
-    - name: "Upload rootlesskit-x86_64.tar.gz"
-      uses: actions/upload-release-asset@v1.0.2
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.create_release.outputs.upload_url }}
-        asset_path: /tmp/rootlesskit-x86_64.tar.gz
-        asset_name: rootlesskit-x86_64.tar.gz
-        asset_content_type: application/octet-stream
-    - name: "Upload SHA256SUMS"
-      uses: actions/upload-release-asset@v1.0.2
+    - name: "Build binaries"
+      run: DOCKER_BUILDKIT=1 docker build -o /tmp/artifact --target cross-artifact .
+    - name: "SHA256SUMS"
+      run: (cd /tmp/artifact; sha256sum *) | tee /tmp/SHA256SUMS
+    - name: "The sha256sum of the SHA256SUMS file"
+      run: sha256sum /tmp/SHA256SUMS
+    - name: "Prepare the release note"
+      run: |
+        tag="${GITHUB_REF##*/}"
+        shasha=$(sha256sum /tmp/SHA256SUMS | awk '{print $1}')
+        cat << EOF | tee /tmp/release-note.txt
+        ${tag}
+
+        #### Changes
+        (To be documented)
+
+        #### Install
+        \`\`\`
+        mkdir -p ~/bin
+        curl -sSL /~https://github.com/${{ github.repository }}/releases/download/${tag}/rootlesskit-\$(uname -m).tar.gz | tar Cxzv ~/bin
+        \`\`\`
+
+        #### About the binaries
+        The binaries were built automatically on GitHub Actions.
+        See the log to verify SHA256SUMS.
+        /~https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
+        The sha256sum of the SHA256SUMS file itself is ${shasha} .
+        EOF
+    - name: "Create release"
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.create_release.outputs.upload_url }}
-        asset_path: /tmp/SHA256SUMS
-        asset_name: SHA256SUMS
-        asset_content_type: application/octet-stream
-    - name: "Upload SHA256SUMS (artifact)"
-      uses: actions/upload-artifact@v1
-      with:
-        name: SHA256SUMS
-        path: /tmp/SHA256SUMS
+      run: |
+        tag="${GITHUB_REF##*/}"
+        asset_flags=()
+        for f in /tmp/artifact/* /tmp/SHA256SUMS; do asset_flags+=("-a" "$f"); done
+        hub release create "${asset_flags[@]}" -F /tmp/release-note.txt --draft "${tag}"

.gitignore

@@ -1 +1,2 @@
 bin/
+_artifact/

Dockerfile

@@ -4,17 +4,22 @@ ARG SHADOW_VERSION=4.8.1
 ARG SLIRP4NETNS_VERSION=v1.1.4
 ARG VPNKIT_VERSION=0.4.0
 
-FROM golang:${GO_VERSION}-alpine AS rootlesskit
-RUN apk add --no-cache file
+FROM golang:${GO_VERSION}-alpine AS build
+RUN apk add --no-cache file make
 ADD . /go/src/github.com/rootless-containers/rootlesskit
-ENV CGO_ENABLED=0
-RUN mkdir -p /out && \
-  go build -o /out github.com/rootless-containers/rootlesskit/cmd/... && \
-  file /out/* | grep -v dynamic
+WORKDIR /go/src/github.com/rootless-containers/rootlesskit
+
+FROM build AS rootlesskit
+RUN CGO_ENABLED=0 make && file /bin/* | grep -v dynamic
 
 FROM scratch AS artifact
-COPY --from=rootlesskit /out/rootlesskit /rootlesskit
-COPY --from=rootlesskit /out/rootlessctl /rootlessctl
+COPY --from=rootlesskit /go/src/github.com/rootless-containers/rootlesskit/bin/* /
+
+FROM build AS cross
+RUN make cross
+
+FROM scratch AS cross-artifact
+COPY --from=cross /go/src/github.com/rootless-containers/rootlesskit/_artifact/* /
 
 # `go test -race` requires non-Alpine
 FROM golang:${GO_VERSION} AS test-unit
@@ -55,8 +60,8 @@ RUN /sbin/setcap cap_setuid+eip /usr/bin/newuidmap && \
   mkdir -p /run/user/1000 /etc/lxc && \
   echo "user veth lxcbr0 32" > /etc/lxc/lxc-usernet && \
   echo "user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/user
-COPY --from=rootlesskit /out/rootlesskit /home/user/bin/
-COPY --from=rootlesskit /out/rootlessctl /home/user/bin/
+COPY --from=artifact /rootlesskit /home/user/bin/
+COPY --from=artifact /rootlessctl /home/user/bin/
 ARG SLIRP4NETNS_VERSION
 RUN curl -sSL -o /home/user/bin/slirp4netns /~https://github.com/rootless-containers/slirp4netns/releases/download/${SLIRP4NETNS_VERSION}/slirp4netns-x86_64 && \
   chmod +x /home/user/bin/slirp4netns

Makefile

@@ -7,7 +7,7 @@ all: $(addprefix bin/, $(BINARIES))
 
 .PHONY: clean
 clean:
-	$(RM) -r bin/
+	$(RM) -r bin/ _artifact/
 
 bin/rootlesskit: $(GO_FILES)
 	$(GO) build -o $@ -v github.com/rootless-containers/rootlesskit/cmd/rootlesskit
@@ -17,3 +17,7 @@ bin/rootlessctl: $(GO_FILES)
 
 bin/rootlesskit-docker-proxy: $(GO_FILES)
 	$(GO) build -o $@ -v github.com/rootless-containers/rootlesskit/cmd/rootlesskit-docker-proxy
+
+.PHONY: cross
+cross:
+	./hack/make-cross.sh

hack/make-cross.sh

@@ -0,0 +1,28 @@
+#!/bin/sh
+set -eux
+
+cd "$(dirname $0)/.."
+CGO_ENABLED=0
+export CGO_ENABLED
+
+rm -rf _artifact
+mkdir -p _artifact
+
+x() {
+	goarch="$1"
+	uname_m="$2"
+	rm -rf bin
+	GOARCH="$goarch" make all
+	file bin/* | grep -v dynamic
+	(cd bin && tar czvf "../_artifact/rootlesskit-${uname_m}.tar.gz" *)
+}
+
+x amd64 x86_64
+x arm64 aarch64
+x s390x s390x
+x ppc64le ppc64le
+GOARM=7
+export GOARM
+x arm armv7l
+
+rm -rf bin