feat(build): multi-arch build starting point

Dockerfile

@@ -1,12 +1,15 @@
-FROM golang:1.16.3-alpine3.13 AS build-env
+FROM golang:1.16-alpine AS build-env
 
-COPY . maddy/
-WORKDIR maddy/
+RUN set -ex ;\
+    apk upgrade --no-cache --available ;\
+    apk add --no-cache bash git build-base
 
+WORKDIR /maddy
+ADD go.mod go.sum ./
 ENV LDFLAGS -static
-RUN apk --no-cache add bash git gcc musl-dev
-
-RUN mkdir /pkg/
+RUN go mod download
+ADD . ./
+RUN mkdir -p /pkg/data
 COPY maddy.conf /pkg/data/maddy.conf
 # Monkey-patch config to use environment.
 RUN sed -Ei 's!\$\(hostname\) = .+!$(hostname) = {env:MADDY_HOSTNAME}!' /pkg/data/maddy.conf
@@ -18,10 +21,11 @@ RUN ./build.sh --builddir /tmp --destdir /pkg/ --tags docker build install
 FROM alpine:3.13.4
 LABEL maintainer="fox.cpp@disroot.org"
 
-RUN apk --no-cache add ca-certificates
+RUN set -ex ;\
+    apk upgrade --no-cache --available ;\
+    apk --no-cache add ca-certificates
 COPY --from=build-env /pkg/data/maddy.conf /data/maddy.conf
-COPY --from=build-env /pkg/usr/local/bin/maddy /bin/maddy
-COPY --from=build-env /pkg/usr/local/bin/maddyctl /bin/maddyctl
+COPY --from=build-env /pkg/usr/local/bin/maddy /pkg/usr/local/bin/maddyctl /bin/
 
 EXPOSE 25 143 993 587 465
 VOLUME ["/data"]

docker-build-multiarch.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+set -eEuo pipefail
+
+AMD64_DOCKER_HOST=${AMD64_DOCKER_HOST:-"unix:///var/run/docker.sock"}
+ARM_DOCKER_HOST=${ARM_DOCKER_HOST:-"tcp://raspberrypi.local:2375"}
+
+if [ ! -x ${HOME}/.docker/cli-plugins/docker-buildx ]; then
+    mkdir -p ${HOME}/.docker/cli-plugins/
+    wget https://github.com/docker/buildx/releases/download/v0.7.0/buildx-v0.7.0.linux-amd64 -O ${HOME}/.docker/cli-plugins/docker-buildx
+    chmod +x ${HOME}/.docker/cli-plugins/docker-buildx
+fi
+
+docker buildx version
+
+BUILDER="multiarch-builder"
+CONFIG=${PWD}/multiarch/buildkitd.toml
+docker buildx create --name ${BUILDER} --buildkitd-flags '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host' --config=${CONFIG} --driver=docker-container --driver-opt image=moby/buildkit:latest,network=host --platform=linux/amd64 --use ${AMD64_DOCKER_HOST}
+docker buildx create --name ${BUILDER} --buildkitd-flags '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host' --config=${CONFIG} --driver=docker-container --driver-opt image=moby/buildkit:latest,network=host --platform=linux/arm64,linux/arm/v7,linux/arm/v6 --append ${ARM_DOCKER_HOST}
+stopbuilders() {
+    set +x
+    echo stopping builders
+    docker buildx stop ${BUILDER}
+    docker buildx rm ${BUILDER}
+}
+trap stopbuilders INT TERM EXIT
+
+docker buildx inspect --bootstrap --builder=${BUILDER}
+
+PLATFORM="${PLATFORM:-"linux/amd64,linux/arm/v7,linux/arm64"}"
+
+docker --log-level=debug \
+    buildx build ${PWD} \
+    --builder=${BUILDER} \
+    --allow security.insecure \
+    --platform=${PLATFORM} \
+    $@

multiarch/README.md

@@ -0,0 +1,15 @@
+# Mutliarch builds
+
+## Requirements
+
+An ARM64 server with docker daemon exposed (for example, a raspberry pi 4 with Raspberry Pi OS 64bits)
+
+## Build
+
+At repository root, launch :
+
+```
+./docker-build-multiarch.sh --tag=TAG --push
+```
+
+It will build and push multi-arch docker images as TAG.

multiarch/buildkitd.toml

@@ -0,0 +1,7 @@
+###################
+## https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md
+
+debug = true
+
+# insecure-entitlements allows insecure entitlements, disabled by default.
+insecure-entitlements = [ "network.host", "security.insecure" ]