docker: publish docker images to docker hub (#896)

docker: push dockerhub tags * major.minor - tracks latest major.minor release (except major==0) * latest - tracks official stable releases * testing - tracks official stable releases or pre-releases (beta, rc) * unstable - tracks nightly/unstable builds
2026-05-03 20:36:00 -04:00 · 2021-03-19 12:51:24 -07:00
parent cbcd59f18e
commit 3b6cf5cc7b
6 changed files with 70 additions and 0 deletions
--- a/.github/workflows/make.yml
+++ b/.github/workflows/make.yml
@@ -46,6 +46,10 @@ jobs:
      # used to publish releases to GitHub by GoReleaser
      GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}

+      # used to publish docker images
+      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
+
      # used in Azure tests
      KOPIA_AZURE_TEST_CONTAINER: ${{ secrets.KOPIA_AZURE_TEST_CONTAINER }}
      KOPIA_AZURE_TEST_STORAGE_ACCOUNT: ${{ secrets.KOPIA_AZURE_TEST_STORAGE_ACCOUNT }}
@@ -109,6 +113,12 @@ jobs:
    - name: Install macOS-specific packages
      run: "sudo xcode-select -r"
      if: ${{ contains(matrix.os, 'macos') }}
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v1
+      if: ${{ contains(matrix.os, 'ubuntu') }}
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v1
+      if: ${{ contains(matrix.os, 'ubuntu') }}
    - name: Check out code into the Go module directory
      uses: actions/checkout@v2
      with:
--- a/2
+++ b/2
@@ -325,6 +325,8 @@ publish-packages:
 ifeq ($(REPO_OWNER)/$(GOOS)/$(GOARCH)/$(IS_PULL_REQUEST),kopia/linux/amd64/false)
 	$(CURDIR)/tools/apt-publish.sh $(CURDIR)/dist
 	$(CURDIR)/tools/rpm-publish.sh $(CURDIR)/dist
+	@echo $(DOCKERHUB_TOKEN) | docker login --username $(DOCKERHUB_USERNAME) --password-stdin
+	$(CURDIR)/tools/docker-publish.sh
 else
 	@echo Not pushing to Linux repositories on pull request builds.
 endif
--- a/tools/docker-publish.sh
+++ b/tools/docker-publish.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+set -e
+DIST_DIR=dist
+DOCKER_BUILD_DIR=tools/docker
+DOCKERHUB_REPO=kopia/kopia
+
+cp -r "$DIST_DIR/kopia_linux_amd64/" "$DOCKER_BUILD_DIR/bin-amd64/"
+cp -r "$DIST_DIR/kopia_linux_arm64/" "$DOCKER_BUILD_DIR/bin-arm64/"
+cp -r "$DIST_DIR/kopia_linux_arm_6/" "$DOCKER_BUILD_DIR/bin-arm/"
+
+if [ "$KOPIA_VERSION_NO_PREFIX" == "" ]; then
+    echo KOPIA_VERSION_NO_PREFIX not set, not publishing.
+    exit 1
+fi
+
+major=$(echo $KOPIA_VERSION_NO_PREFIX | cut -f 1 -d .)
+minor=$(echo $KOPIA_VERSION_NO_PREFIX | cut -f 2 -d .)
+rev=$(echo $KOPIA_VERSION_NO_PREFIX | cut -f 3 -d .)
+
+# x.y.z
+if [[ "$KOPIA_VERSION_NO_PREFIX" =~ [0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+    extra_tags="latest testing $major $major.$minor"
+fi
+
+# x.y.z-prerelease
+if [[ "$KOPIA_VERSION_NO_PREFIX" =~ [0-9]+\.[0-9]+\.[0-9]+\-.*$ ]]; then
+    extra_tags="testing"
+fi
+
+# yyyymmdd.0.hhmmss starts with 20
+if [[ "$KOPIA_VERSION_NO_PREFIX" =~ 20[0-9]+\.[0-9]+\.[0-9]+ ]]; then
+    extra_tags="unstable"
+fi
+
+versioned_image=$DOCKERHUB_REPO:$KOPIA_VERSION_NO_PREFIX
+tags="-t $versioned_image"
+for t in $extra_tags; do
+    if [ "$t" != "0" ]; then
+        tags="$tags -t $DOCKERHUB_REPO:$t"
+    fi
+done
+
+echo Building $versioned_image with tags [$tags]...
+docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v6 $tags --push $DOCKER_BUILD_DIR
--- a/tools/docker/Dockerfile
+++ b/tools/docker/Dockerfile
@@ -0,0 +1,6 @@
+FROM alpine
+ARG TARGETARCH
+RUN apk add --no-cache --verbose ca-certificates && adduser -D kopia && addgroup kopia kopia
+USER kopia:kopia
+ENTRYPOINT ["/kopia"]
+COPY bin-${TARGETARCH}/kopia /
--- a/tools/docker/Makefile
+++ b/tools/docker/Makefile
@@ -0,0 +1,7 @@
+DOCKER_BUILD_DIR=.
+
+make:
+	cp -rv $(CURDIR)/../dist/kopia_linux_amd64/ $(DOCKER_BUILD_DIR)/bin-amd64
+	cp -rv $(CURDIR)/../dist/kopia_linux_arm64/ $(DOCKER_BUILD_DIR)/bin-arm64
+	cp -rv $(CURDIR)/../dist/kopia_linux_arm_6/ $(DOCKER_BUILD_DIR)/bin-arm
+	docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v6 -t containers.jkowalski.net/kopia:latest --push $(DOCKER_BUILD_DIR)
--- a/tools/docker/README.md
+++ b/tools/docker/README.md
@@ -0,0 +1 @@
+This is a directory for staging pre-built binaries from the  `dist/` directory to prevent sending the entire codebase to the docker daemon.
				`@@ -0,0 +1 @@`
				This is a directory for staging pre-built binaries from the `dist/` directory to prevent sending the entire codebase to the docker daemon.