Push multi-arch images

.github/workflows/release-latest.yml

@@ -19,17 +19,16 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
 
-      - name: Build the Docker images 
+      - name: Build the Docker images and push
         env:
           GITHUB_CONTEXT: ${{ toJson(github) }}
         run: |
-          docker compose --env-file template.env build --parallel
-          # Tag the image with the commit SHA[0:7]
+          # Initialize variables
           DOCKER_IMG_TAG=`echo "${{ github.sha }}" | cut -c 1-7`
-          docker tag ${{ secrets.DOCKER_USERNAME }}/misp-docker:core-latest ${{ secrets.DOCKER_USERNAME }}/misp-docker:core-$DOCKER_IMG_TAG
-          docker tag ${{ secrets.DOCKER_USERNAME }}/misp-docker:modules-latest ${{ secrets.DOCKER_USERNAME }}/misp-docker:modules-$DOCKER_IMG_TAG
-        
-      - name: Push the Docker images to Docker Hub
-        run: |
+          DOCKER_USERNAME=${{ secrets.DOCKER_USERNAME }}
+          # Login
           echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
-          docker push ${{ secrets.DOCKER_USERNAME }}/misp-docker --all-tags
+          # Create the environment
+          sed -e '/^[[:space:]]*$/d' -e '/[#@]/d' -e 's/\(^[^=]*\)=\(.*\)/\1="\2"/' template.env > env.hcl
+          # Build and Push
+          DOCKER_IMG_TAG=$DOCKER_IMG_TAG DOCKER_USERNAME=$DOCKER_USERNAME docker buildx bake -f docker-bake.hcl -f env.hcl --push

.github/workflows/test-build-latest.yml

@@ -19,6 +19,16 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
 
-      - name: Build Docker images
+      - name: Build the Docker images 
+        env:
+          GITHUB_CONTEXT: ${{ toJson(github) }}
         run: |
-          docker-compose --env-file template.env build --parallel
+          # Initialize variables
+          DOCKER_IMG_TAG=`echo "${{ github.sha }}" | cut -c 1-7`
+          DOCKER_USERNAME=${{ secrets.DOCKER_USERNAME }}
+          # Login
+          echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
+          # Create the environment
+          sed -e '/^[[:space:]]*$/d' -e '/[#@]/d' -e 's/\(^[^=]*\)=\(.*\)/\1="\2"/' template.env > env.hcl
+          # Build and Push
+          DOCKER_IMG_TAG=$DOCKER_IMG_TAG DOCKER_USERNAME=$DOCKER_USERNAME docker buildx bake -f docker-bake.hcl -f env.hcl

.gitignore

@@ -5,3 +5,4 @@
 /public/
 /ssl/
 .env
+env.hcl

docker-bake.hcl

@@ -0,0 +1,61 @@
+variable "PLATFORMS" {
+  default = ["linux/amd64", "linux/arm64"]
+}
+
+variable "DOCKER_USERNAME" {
+  default = null
+}
+
+variable "DOCKER_IMG_TAG" {
+  default = null
+}
+
+variable "MODULES_TAG" {
+  default = ""
+}
+
+variable "MODULES_COMMIT" {
+  default = ""
+}
+
+variable "MISP_TAG" {
+  default = ""
+}
+
+variable "MISP_COMMIT" {
+  default = ""
+}
+
+variable "PHP_VER" {
+  default = null
+}
+
+group "default" {
+  targets = [
+    "misp-modules",
+    "misp",
+  ]
+}
+
+target "misp-modules" {
+  context = "modules/."
+  dockerfile = "Dockerfile"
+  tags = ["${DOCKER_USERNAME}/misp-docker:modules-latest", "${DOCKER_USERNAME}/misp-docker:modules-${DOCKER_IMG_TAG}"]
+  args = {
+    "MODULES_TAG": "${MODULES_TAG}",
+    "MODULES_COMMIT": "${MODULES_COMMIT}"
+  }
+  platforms = "${PLATFORMS}"
+}
+
+target "misp" {
+  context = "server/."
+  dockerfile = "Dockerfile"
+  tags = ["${DOCKER_USERNAME}/misp-docker:core-latest", "${DOCKER_USERNAME}/misp-docker:core-${DOCKER_IMG_TAG}"]
+  args = {
+    "MISP_TAG": "${MISP_TAG}",
+    "MISP_COMMIT": "${MISP_COMMIT}",
+    "PHP_VER": "${PHP_VER}",
+  }
+  platforms = "${PLATFORMS}"
+}

server/Dockerfile

@@ -7,7 +7,7 @@ FROM "${DOCKER_HUB_PROXY}composer:2.1.14" as composer-build
     RUN composer install --ignore-platform-reqs && \
      composer require jakub-onderka/openid-connect-php:1.0.0-rc1 --ignore-platform-reqs && \
      composer require --with-all-dependencies supervisorphp/supervisor:^4.0 \
-      guzzlehttp/guzzle php-http/message lstrojny/fxmlrpc --ignore-platform-reqs && \
+      guzzlehttp/guzzle php-http/message php-http/message-factory lstrojny/fxmlrpc --ignore-platform-reqs && \
      composer require --with-all-dependencies elasticsearch/elasticsearch:^8.7.0 aws/aws-sdk-php --ignore-platform-reqs
 
 FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim" as php-build