diff --git a/package/Dockerfile b/package/Dockerfile index a74dc8b..5b41b6d 100644 --- a/package/Dockerfile +++ b/package/Dockerfile @@ -1,4 +1,4 @@ FROM scratch -LABEL org.opencontainers.image.source "https://github.com/rails-lambda/crypteia" -LABEL org.opencontainers.image.description "Rust Lambda Extension for any Runtime to preload SSM Parameters as Secure Environment Variables!" +LABEL org.opencontainers.image.source="https://github.com/rails-lambda/crypteia" +LABEL org.opencontainers.image.description="Rust Lambda Extension for any Runtime to preload SSM Parameters as Secure Environment Variables!" COPY ./package/opt /opt diff --git a/package/deploy-image-amzn b/package/deploy-image-amzn index 565a80b..e957c5d 100755 --- a/package/deploy-image-amzn +++ b/package/deploy-image-amzn @@ -10,34 +10,36 @@ CRYPTEIA_VERSION_MAJOR=$(echo "${CRYPTEIA_VERSION}" | cut -d. -f1) docker login ghcr.io -u "metaskills" -p $DOCKER_LOGIN_PAT +# Prevent BuildKit from wrapping single-platform builds in an OCI index +# (attestation manifests), which breaks docker manifest create. +export BUILDX_NO_DEFAULT_ATTESTATIONS=1 + ./amzn/setup BASE_NAME_AMD64="ghcr.io/rails-lambda/crypteia-extension-amzn-amd64" docker build \ --platform linux/amd64 \ - --tag "${BASE_NAME_AMD64}:${CRYPTEIA_VERSION_MAJOR}" \ --tag "${BASE_NAME_AMD64}:${CRYPTEIA_VERSION}" \ --file package/Dockerfile . -docker push "${BASE_NAME_AMD64}:${CRYPTEIA_VERSION_MAJOR}" docker push "${BASE_NAME_AMD64}:${CRYPTEIA_VERSION}" ./amzn/setup-arm64 BASE_NAME_ARM64="ghcr.io/rails-lambda/crypteia-extension-amzn-arm64" docker build \ --platform linux/arm64 \ - --tag "${BASE_NAME_ARM64}:${CRYPTEIA_VERSION_MAJOR}" \ --tag "${BASE_NAME_ARM64}:${CRYPTEIA_VERSION}" \ --file package/Dockerfile . -docker push "${BASE_NAME_ARM64}:${CRYPTEIA_VERSION_MAJOR}" docker push "${BASE_NAME_ARM64}:${CRYPTEIA_VERSION}" -docker manifest create \ - "ghcr.io/rails-lambda/crypteia-extension-amzn:${CRYPTEIA_VERSION_MAJOR}" \ - --amend "${BASE_NAME_AMD64}:${CRYPTEIA_VERSION_MAJOR}" \ - --amend "${BASE_NAME_ARM64}:${CRYPTEIA_VERSION_MAJOR}" -docker manifest push "ghcr.io/rails-lambda/crypteia-extension-amzn:${CRYPTEIA_VERSION_MAJOR}" - +docker manifest rm "ghcr.io/rails-lambda/crypteia-extension-amzn:${CRYPTEIA_VERSION}" 2>/dev/null || true docker manifest create \ "ghcr.io/rails-lambda/crypteia-extension-amzn:${CRYPTEIA_VERSION}" \ - --amend "${BASE_NAME_AMD64}:${CRYPTEIA_VERSION}" \ - --amend "${BASE_NAME_ARM64}:${CRYPTEIA_VERSION}" + "${BASE_NAME_AMD64}:${CRYPTEIA_VERSION}" \ + "${BASE_NAME_ARM64}:${CRYPTEIA_VERSION}" docker manifest push "ghcr.io/rails-lambda/crypteia-extension-amzn:${CRYPTEIA_VERSION}" + +docker manifest rm "ghcr.io/rails-lambda/crypteia-extension-amzn:${CRYPTEIA_VERSION_MAJOR}" 2>/dev/null || true +docker manifest create \ + "ghcr.io/rails-lambda/crypteia-extension-amzn:${CRYPTEIA_VERSION_MAJOR}" \ + "${BASE_NAME_AMD64}:${CRYPTEIA_VERSION}" \ + "${BASE_NAME_ARM64}:${CRYPTEIA_VERSION}" +docker manifest push "ghcr.io/rails-lambda/crypteia-extension-amzn:${CRYPTEIA_VERSION_MAJOR}" diff --git a/package/deploy-image-debian b/package/deploy-image-debian index 3c0cd06..8d9a198 100755 --- a/package/deploy-image-debian +++ b/package/deploy-image-debian @@ -10,34 +10,36 @@ CRYPTEIA_VERSION_MAJOR=$(echo "${CRYPTEIA_VERSION}" | cut -d. -f1) docker login ghcr.io -u "metaskills" -p $DOCKER_LOGIN_PAT +# Prevent BuildKit from wrapping single-platform builds in an OCI index +# (attestation manifests), which breaks docker manifest create. +export BUILDX_NO_DEFAULT_ATTESTATIONS=1 + ./bin/setup BASE_NAME_AMD64="ghcr.io/rails-lambda/crypteia-extension-debian-amd64" docker build \ --platform linux/amd64 \ - --tag "${BASE_NAME_AMD64}:${CRYPTEIA_VERSION_MAJOR}" \ --tag "${BASE_NAME_AMD64}:${CRYPTEIA_VERSION}" \ --file package/Dockerfile . -docker push "${BASE_NAME_AMD64}:${CRYPTEIA_VERSION_MAJOR}" docker push "${BASE_NAME_AMD64}:${CRYPTEIA_VERSION}" ./debian/setup-arm64 BASE_NAME_ARM64="ghcr.io/rails-lambda/crypteia-extension-debian-arm64" docker build \ --platform linux/arm64 \ - --tag "${BASE_NAME_ARM64}:${CRYPTEIA_VERSION_MAJOR}" \ --tag "${BASE_NAME_ARM64}:${CRYPTEIA_VERSION}" \ --file package/Dockerfile . -docker push "${BASE_NAME_ARM64}:${CRYPTEIA_VERSION_MAJOR}" docker push "${BASE_NAME_ARM64}:${CRYPTEIA_VERSION}" -docker manifest create \ - "ghcr.io/rails-lambda/crypteia-extension-debian:${CRYPTEIA_VERSION_MAJOR}" \ - --amend "${BASE_NAME_AMD64}:${CRYPTEIA_VERSION_MAJOR}" \ - --amend "${BASE_NAME_ARM64}:${CRYPTEIA_VERSION_MAJOR}" -docker manifest push "ghcr.io/rails-lambda/crypteia-extension-debian:${CRYPTEIA_VERSION_MAJOR}" - +docker manifest rm "ghcr.io/rails-lambda/crypteia-extension-debian:${CRYPTEIA_VERSION}" 2>/dev/null || true docker manifest create \ "ghcr.io/rails-lambda/crypteia-extension-debian:${CRYPTEIA_VERSION}" \ - --amend "${BASE_NAME_AMD64}:${CRYPTEIA_VERSION}" \ - --amend "${BASE_NAME_ARM64}:${CRYPTEIA_VERSION}" + "${BASE_NAME_AMD64}:${CRYPTEIA_VERSION}" \ + "${BASE_NAME_ARM64}:${CRYPTEIA_VERSION}" docker manifest push "ghcr.io/rails-lambda/crypteia-extension-debian:${CRYPTEIA_VERSION}" + +docker manifest rm "ghcr.io/rails-lambda/crypteia-extension-debian:${CRYPTEIA_VERSION_MAJOR}" 2>/dev/null || true +docker manifest create \ + "ghcr.io/rails-lambda/crypteia-extension-debian:${CRYPTEIA_VERSION_MAJOR}" \ + "${BASE_NAME_AMD64}:${CRYPTEIA_VERSION}" \ + "${BASE_NAME_ARM64}:${CRYPTEIA_VERSION}" +docker manifest push "ghcr.io/rails-lambda/crypteia-extension-debian:${CRYPTEIA_VERSION_MAJOR}"