studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

♻️(ci) reuse amd64 to build arm64 image when possible

Browse Source 
Building twice the image take lof of time. In soma cases, building the
arm64 image using the artifacts build in the amd64 and thant can be
reused should speed up the build of the arm64 image.
This commit is contained in:
Manuel Raynaud
2026-03-02 16:16:20 +01:00
parent 3f638b22c4
commit 2d6e34c555
4 changed files with 48 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
.github/workflows/docker-hub.yml vendored
View File

@@ -28,100 +28,37 @@ jobs:
with: with:
image_name: lasuite/impress-backend image_name: lasuite/impress-backend
context: . context: .
file: Dockerfile
target: backend-production target: backend-production
should_push: ${{ github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview') }} should_push: ${{ github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview') }}
docker_user: 1001:127 docker_user: 1001:127
build-and-push-frontend: build-and-push-frontend:
runs-on: ubuntu-latest uses: ./.github/workflows/docker-publish.yml
steps: permissions:
- name: Checkout repository contents: read
uses: actions/checkout@v4 secrets: inherit
- name: Set up QEMU with:
if: env.SHOULD_PUSH == 'true' image_name: lasuite/impress-frontend
uses: docker/setup-qemu-action@v3 context: .
- name: Set up Docker Buildx file: src/frontend/Dockerfile
if: env.SHOULD_PUSH == 'true' target: frontend-production
uses: docker/setup-buildx-action@v3 arm64_reuse_amd64_build_arg: "FRONTEND_IMAGE"
- name: Docker meta should_push: ${{ github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview') }}
id: meta docker_user: 1001:127
uses: docker/metadata-action@v5
with:
images: lasuite/impress-frontend
- name: Login to DockerHub
if: env.SHOULD_PUSH == 'true'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USER }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
# - name: Run trivy scan
# uses: numerique-gouv/action-trivy-cache@main
# with:
# docker-build-args: "-f src/frontend/Dockerfile --target frontend-production"
# docker-image-name: "docker.io/lasuite/impress-frontend:${{ github.sha }}"
# trivyignores: ./.github/.trivyignore
- name: Build and push
if: env.SHOULD_PUSH == 'true'
uses: docker/build-push-action@v6
with:
context: .
file: ./src/frontend/Dockerfile
target: frontend-production
platforms: linux/amd64,linux/arm64
build-args: |
DOCKER_USER=${{ env.DOCKER_USER }}
PUBLISH_AS_MIT=false
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Cleanup Docker after build
if: always()
run: |
docker system prune -af
docker volume prune -f
build-and-push-y-provider: build-and-push-y-provider:
runs-on: ubuntu-latest uses: ./.github/workflows/docker-publish.yml
steps: permissions:
- name: Checkout repository contents: read
uses: actions/checkout@v4 secrets: inherit
- name: Set up QEMU with:
if: env.SHOULD_PUSH == 'true' image_name: lasuite/impress-y-provider
uses: docker/setup-qemu-action@v3 context: .
- name: Set up Docker Buildx file: src/frontend/servers/y-provider/Dockerfile
if: env.SHOULD_PUSH == 'true' target: y-provider
uses: docker/setup-buildx-action@v3 should_push: ${{ github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview') }}
- name: Docker meta docker_user: 1001:127
id: meta
uses: docker/metadata-action@v5
with:
images: lasuite/impress-y-provider
- name: Login to DockerHub
if: env.SHOULD_PUSH == 'true'
run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin
# - name: Run trivy scan
# uses: numerique-gouv/action-trivy-cache@main
# with:
# docker-build-args: "-f src/frontend/servers/y-provider/Dockerfile --target y-provider"
# docker-image-name: "docker.io/lasuite/impress-y-provider:${{ github.sha }}"
# trivyignores: ./.github/.trivyignore
- name: Build and push
if: env.SHOULD_PUSH == 'true'
uses: docker/build-push-action@v6
with:
context: .
file: ./src/frontend/servers/y-provider/Dockerfile
target: y-provider
platforms: linux/amd64,linux/arm64
build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Cleanup Docker after build
if: always()
run: |
docker system prune -af
docker volume prune -f
notify-argocd: notify-argocd:
needs: needs:

13
.github/workflows/docker-publish.yml vendored
View File

@@ -12,6 +12,10 @@ description: Build and push a container image based on the input arguments provi
type: string type: string
required: true required: true
description: The path to the context to start `docker build` into. description: The path to the context to start `docker build` into.
file:
type: string
required: true
description: The path to the Dockerfile
target: target:
type: string type: string
required: false required: false
@@ -72,20 +76,23 @@ jobs:
echo "amd64_first=$FIRST_AMD64_TAG" echo "amd64_first=$FIRST_AMD64_TAG"
} >> "$GITHUB_OUTPUT" } >> "$GITHUB_OUTPUT"
# - name: Run trivy scan # - name: Run trivy scan
# if: vars.TRIVY_SCAN_ENABLED # if: ${{ vars.TRIVY_SCAN_ENABLED }} == 'true'
# uses: numerique-gouv/action-trivy-cache@main # uses: numerique-gouv/action-trivy-cache@main
# with: # with:
# docker-build-args: "--target backend-production -f Dockerfile" # docker-build-args: "--target ${{ inputs.target }} -f ${{ inputs.file }}"
# docker-image-name: "docker.io/${{ inputs.image_name }}:${{ github.sha }}" # docker-image-name: "docker.io/${{ inputs.image_name }}:${{ github.sha }}"
# trivyignores: ./.github/.trivyignore # trivyignores: ./.github/.trivyignore
- name: Build and push (amd64) - name: Build and push (amd64)
if: ${{ inputs.should_push }}||${{ vars.TRIVY_SCAN_ENABLED }} != 'true'
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
context: ${{ inputs.context }} context: ${{ inputs.context }}
file: ${{ inputs.file }}
target: ${{ inputs.target }} target: ${{ inputs.target }}
platforms: linux/amd64 platforms: linux/amd64
build-args: | build-args: |
DOCKER_USER=${{ inputs.docker_user }} DOCKER_USER=${{ inputs.docker_user }}
PUBLISH_AS_MIT=false
push: ${{ inputs.should_push }} push: ${{ inputs.should_push }}
provenance: false provenance: false
tags: ${{ steps.platform-tags.outputs.amd64 }} tags: ${{ steps.platform-tags.outputs.amd64 }}
@@ -95,10 +102,12 @@ jobs:
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
context: ${{ inputs.context }} context: ${{ inputs.context }}
file: ${{ inputs.file }}
target: ${{ inputs.target }} target: ${{ inputs.target }}
platforms: linux/arm64 platforms: linux/arm64
build-args: | build-args: |
DOCKER_USER=${{ inputs.docker_user }} DOCKER_USER=${{ inputs.docker_user }}
PUBLISH_AS_MIT=false
${{ inputs.arm64_reuse_amd64_build_arg && format('{0}={1}', inputs.arm64_reuse_amd64_build_arg, steps.platform-tags.outputs.amd64_first) || '' }} ${{ inputs.arm64_reuse_amd64_build_arg && format('{0}={1}', inputs.arm64_reuse_amd64_build_arg, steps.platform-tags.outputs.amd64_first) || '' }}
push: ${{ inputs.should_push }} push: ${{ inputs.should_push }}
provenance: false provenance: false

16
src/frontend/Dockerfile
View File

@@ -1,3 +1,5 @@
ARG FRONTEND_IMAGE=frontend-build-output
FROM node:24-alpine AS frontend-deps FROM node:24-alpine AS frontend-deps
# Upgrade system packages to install security updates # Upgrade system packages to install security updates
@@ -32,7 +34,7 @@ EXPOSE 3000
CMD [ "yarn", "dev"] CMD [ "yarn", "dev"]
# Tilt will rebuild impress target so, we dissociate impress and impress-builder # Tilt will rebuild impress target so, we dissociate impress and impress-builder
# to avoid rebuilding the app at every changes. # to avoid rebuilding the app at every changes.
FROM impress AS impress-builder FROM impress AS impress-builder
@@ -49,6 +51,14 @@ ENV NEXT_PUBLIC_PUBLISH_AS_MIT=${PUBLISH_AS_MIT}
RUN yarn build RUN yarn build
# Normalize output path to /app (matches the runtime-prod layout)
FROM scratch AS frontend-build-output
COPY --from=impress-builder /home/frontend/apps/impress/out /app
# When FRONTEND_IMAGE is set to an external image, BuildKit skips
# frontend-deps,impress-builder, and frontend-build-output entirely
FROM ${FRONTEND_IMAGE} AS frontend-source
# ---- Front-end image ---- # ---- Front-end image ----
FROM nginxinc/nginx-unprivileged:alpine3.22 AS frontend-production FROM nginxinc/nginx-unprivileged:alpine3.22 AS frontend-production
@@ -62,9 +72,7 @@ RUN apk update && \
ARG DOCKER_USER ARG DOCKER_USER
USER ${DOCKER_USER} USER ${DOCKER_USER}
COPY --from=impress-builder \ COPY --from=frontend-source /app /app
/home/frontend/apps/impress/out \
/usr/share/nginx/html
COPY ./src/frontend/apps/impress/conf/default.conf /etc/nginx/conf.d COPY ./src/frontend/apps/impress/conf/default.conf /etc/nginx/conf.d
COPY ./docker/files/usr/local/bin/entrypoint /usr/local/bin/entrypoint COPY ./docker/files/usr/local/bin/entrypoint /usr/local/bin/entrypoint

2
src/frontend/apps/impress/conf/default.conf
View File

@@ -3,7 +3,7 @@ server {
listen 3000; listen 3000;
server_name localhost; server_name localhost;
root /usr/share/nginx/html; root /app;
location / { location / {
try_files $uri index.html $uri/index.html =404; try_files $uri index.html $uri/index.html =404;