Use cross-compile + qemu instead of buildx docker images (#12)

* Use dockcross for cross compiling

* Removed pushd/popd shenanigans, all commands take paths relative to launch dir/--build-dir now

* Added script to produce cross-compiled libcrypto

* Added imports to builder

* Added cross compile to sanity tests

* Re-enabled cached docker builds since we don't need buildx

* Added support for debian

* Allow build/test steps to contain action names

* Fixed bug where local builds would be unable to find their installed deps

* Added the ability for targets to export variables to other projects' configs with late binding

* Made dependencies and consumers also late binding

Author: Justin Boswell

.github/docker-images/build_cmake.sh

@@ -16,7 +16,7 @@ CMAKE_VERSION=3.13.5
 [ ! -z "$AWS_ACCESS_KEY_ID" ] && [ ! -z "$AWS_SECRET_ACCESS_KEY" ]
 
 if [ ! -e /tmp/aws-crt-${variant}-${arch}-${version}.tar.gz ]; then
-    aws s3 cp s3://aws-crt-builder/_docker/aws-crt-${variant}-${arch}-${version}.tar.gz /tmp
+    aws s3 cp s3://aws-crt-builder/${version}/aws-crt-${variant}-${arch}-${version}.tar.gz /tmp
     docker load < /tmp/aws-crt-${variant}-${arch}-${version}.tar.gz
 fi
 

.github/docker-images/build_libcrypto_1.0.2.sh

@@ -14,7 +14,7 @@ libcrypto_version=1.0.2
 [ ! -z "$AWS_ACCESS_KEY_ID" ] && [ ! -z "$AWS_SECRET_ACCESS_KEY" ]
 
 if [ ! -e /tmp/aws-crt-${variant}-${arch}-${version}.tar.gz ]; then
-    aws s3 cp s3://aws-crt-builder/_docker/aws-crt-${variant}-${arch}-${version}.tar.gz /tmp
+    aws s3 cp s3://aws-crt-builder/${version}/aws-crt-${variant}-${arch}-${version}.tar.gz /tmp
     docker load < /tmp/aws-crt-${variant}-${arch}-${version}.tar.gz
 fi
 

.github/docker-images/build_libcrypto_1.1.1.sh

@@ -14,7 +14,7 @@ libcrypto_version=1.1.1
 [ ! -z "$AWS_ACCESS_KEY_ID" ] && [ ! -z "$AWS_SECRET_ACCESS_KEY" ]
 
 if [ ! -e /tmp/aws-crt-${variant}-${arch}-${version}.tar.gz ]; then
-    aws s3 cp s3://aws-crt-builder/_docker/aws-crt-${variant}-${arch}-${version}.tar.gz /tmp
+    aws s3 cp s3://aws-crt-builder/${version}/aws-crt-${variant}-${arch}-${version}.tar.gz /tmp
     docker load < /tmp/aws-crt-${variant}-${arch}-${version}.tar.gz
 fi
 

.github/docker-images/crossbuild_libcrypto_1.1.1.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+# This builds libcrypto in the specified container, and uploads the result to S3 for use in building future containers
+
+set -ex
+
+[ $# -eq 3 ]
+os=$1
+arch=$2
+# See ./Configure LIST in openssl
+config_platform=$3
+libcrypto_version=1.1.1
+
+# AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY must be in env vars to pass to container
+[ ! -z "$AWS_ACCESS_KEY_ID" ] && [ ! -z "$AWS_SECRET_ACCESS_KEY" ]
+
+rm -rf /tmp/openssl-${os}-${arch} || true
+mkdir -p /tmp/openssl-${os}-${arch}
+pushd /tmp/openssl-${os}-${arch}
+git clone --single-branch --branch OpenSSL_1_1_1-stable https://github.com/openssl/openssl.git
+docker run --rm dockcross/${os}-${arch} > dockcross-${os}-${arch} && chmod a+x dockcross-${os}-${arch}
+cd openssl
+
+# Note that commands going into dockcross need to be quoted based on which shell you want the expansion done by. If the
+# expansion should be done in the container, make sure the command is single quoted
+
+# Configure OpenSSL
+cmd='./Configure '
+cmd+=${config_platform}
+cmd+=' -fPIC no-md2 no-rc5 no-rfc3779 no-sctp no-ssl-trace no-zlib no-hw no-mdc2 no-seed no-idea no-camellia no-bf no-dsa no-ssl3 no-capieng no-unit-test no-tests -DSSL_FORBID_ENULL -DOPENSSL_NO_DTLS1 -DOPENSSL_NO_HEARTBEATS --prefix=/opt/openssl --openssldir=/opt/openssl'
+../dockcross-${os}-${arch} bash -c "$cmd"
+
+# Build, install, tarball install into working directory
+cmd='PATH=$PATH:`dirname $CC` make  CC=`basename $CC` AR=`basename $AR` -j && sudo make install_sw && rm -rf install/man'
+cmd+=" && tar cvzf /work/libcrypto-${libcrypto_version}-${os}-${arch}.tar.gz -C /opt/openssl ."
+# PATH, AR, and CC have to be carefully managed because openssl's configure/make is a little fragile during cross compiles
+../dockcross-${os}-${arch} bash -c "$cmd"
+
+# Upload to S3
+aws s3 cp libcrypto-${libcrypto_version}-${os}-${arch}.tar.gz s3://aws-crt-builder/_binaries/libcrypto/libcrypto-${libcrypto_version}-${os}-${arch}.tar.gz
+popd

.github/workflows/docker-images.yml

@@ -136,102 +136,24 @@ jobs:
       run: cat .github/docker-images/entrypoint.sh | sed s/version=LATEST/version=$IMAGE_TAG/ > .github/docker-images/${{ matrix.variant }}/entrypoint.sh
 
     - name: Build ${{ matrix.variant }} image
-      run: .github/workflows/docker_buildx.sh \
-        docker.pkg.github.com \
-        awslabs \
-        ${{ secrets.DOCKER_TOKEN }} \
-        awslabs/aws-crt-builder/aws-crt-${{ matrix.variant }} \
-        ${{ env.IMAGE_TAG }} \
-        .github/docker-images/${{ matrix.variant }} \
-        --compress=true
-
-    - name: Export ${{ matrix.variant }} image
-      run: |
-        docker save docker.pkg.github.com/awslabs/aws-crt-builder/aws-crt-${{ matrix.variant }}:${{ env.IMAGE_TAG }} | gzip > /tmp/aws-crt-${{ matrix.variant }}-${{ env.IMAGE_TAG }}.tar.gz
-        aws s3 cp --no-progress /tmp/aws-crt-${{ matrix.variant }}-${{ env.IMAGE_TAG }}.tar.gz s3://${{env.AWS_S3_BUCKET}}/_docker/aws-crt-${{ matrix.variant }}-${{ env.IMAGE_TAG }}.tar.gz
-
-  linux-arm64:
-    name: ${{ matrix.variant }}-${{ matrix.arch }}
-    runs-on: 'ubuntu-latest'
-    needs: [tag, package]
-    strategy:
-      matrix:
-        variant: [al2]
-        arch: [arm64]
-    steps:
-    - name: Checkout Sources
-      uses: actions/checkout@v1
-
-    - name: Fetch release_tag
-      uses: actions/download-artifact@v1
-      with:
-        name: release_tag
-        path: release_tag
-
-    - name: Export IMAGE_TAG
-      run: echo "::set-env name=IMAGE_TAG::$(cat release_tag/tag)"
-
-    - name: Install entrypoint
-      run: cat .github/docker-images/entrypoint.sh | sed s/version=LATEST/version=$IMAGE_TAG/ > .github/docker-images/${{ matrix.variant }}-${{ matrix.arch }}/entrypoint.sh
-
-    - name: "Build ${{ matrix.variant }}-${{ matrix.arch }} image"
-      run: .github/workflows/docker_buildx.sh \
-        docker.pkg.github.com \
-        awslabs \
-        ${{ secrets.DOCKER_TOKEN }} \
-        awslabs/aws-crt-builder/aws-crt-${{ matrix.variant }}-${{ matrix.arch }} \
-        ${{ env.IMAGE_TAG }} \
-        .github/docker-images/${{ matrix.variant }}-${{ matrix.arch }} \
-        --compress=true --platform=linux/${{ matrix.arch }}
-
-    - name: Export ${{ matrix.variant }} ${{ matrix.arch }} image
-      run: |
-        docker save docker.pkg.github.com/awslabs/aws-crt-builder/aws-crt-${{ matrix.variant }}-${{ matrix.arch }}:${{ env.IMAGE_TAG }} | gzip > /tmp/aws-crt-${{ matrix.variant }}-${{ matrix.arch }}-${{ env.IMAGE_TAG }}.tar.gz
-        aws s3 cp --no-progress /tmp/aws-crt-${{ matrix.variant }}-${{ matrix.arch }}-${{ env.IMAGE_TAG }}.tar.gz s3://${{env.AWS_S3_BUCKET}}/_docker/aws-crt-${{ matrix.variant }}-${{ matrix.arch }}-${{ env.IMAGE_TAG }}.tar.gz
-
-  linux-arm32:
-    name: ${{ matrix.variant }}-arm${{ matrix.arch }}
-    runs-on: 'ubuntu-latest'
-    needs: [tag, package]
-    strategy:
-      fail-fast: false
-      matrix:
-        variant: [alpine, raspbian]
-        arch: [v6, v7]
-    steps:
-    - name: Checkout Sources
-      uses: actions/checkout@v1
-
-    - name: Fetch release_tag
-      uses: actions/download-artifact@v1
+      uses: whoan/docker-build-with-cache-action@v4
       with:
-        name: release_tag
-        path: release_tag
-
-    - name: Export IMAGE_TAG
-      run: echo "::set-env name=IMAGE_TAG::$(cat release_tag/tag)"
-
-    - name: Install entrypoint
-      run: cat -v .github/docker-images/entrypoint.sh | sed s/version=LATEST/version=$IMAGE_TAG/ > .github/docker-images/${{ matrix.variant }}-arm${{ matrix.arch }}/entrypoint.sh
-
-    - name: "Build ${{ matrix.variant }}-arm${{ matrix.arch }} image"
-      run: .github/workflows/docker_buildx.sh \
-        docker.pkg.github.com \
-        awslabs \
-        ${{ secrets.DOCKER_TOKEN }} \
-        awslabs/aws-crt-builder/aws-crt-${{ matrix.variant }}-arm${{ matrix.arch }} \
-        ${{ env.IMAGE_TAG }} \
-        .github/docker-images/${{ matrix.variant }}-arm${{ matrix.arch }} \
-        --compress=true --platform=linux/arm/${{ matrix.arch }}
-
-    - name: Export ${{ matrix.variant }} arm${{ matrix.arch }} image
+        registry: docker.pkg.github.com
+        username: awslabs
+        password: ${{ secrets.DOCKER_TOKEN }}
+        image_name: awslabs/aws-crt-builder/aws-crt-${{ matrix.variant }}
+        image_tag: ${{ env.IMAGE_TAG }}
+        context: .github/docker-images/${{ matrix.variant }}
+        build_extra_args: --compress=true
+
+    - name: Export ${{ matrix.variant }} image to S3
       run: |
-        docker save docker.pkg.github.com/awslabs/aws-crt-builder/aws-crt-${{ matrix.variant }}-arm${{ matrix.arch }}:${{ env.IMAGE_TAG }} | gzip > /tmp/aws-crt-${{ matrix.variant }}-arm${{ matrix.arch }}-${{ env.IMAGE_TAG }}.tar.gz
-        aws s3 cp --no-progress /tmp/aws-crt-${{ matrix.variant }}-arm${{ matrix.arch }}-${{ env.IMAGE_TAG }}.tar.gz s3://${{env.AWS_S3_BUCKET}}/_docker/aws-crt-${{ matrix.variant }}-arm${{ matrix.arch }}-${{ env.IMAGE_TAG }}.tar.gz
+        docker save docker.pkg.github.com/awslabs/aws-crt-builder/aws-crt-${{ matrix.variant }}:${{ env.IMAGE_TAG }} > /tmp/aws-crt-${{ matrix.variant }}-${{ env.IMAGE_TAG }}.tar.gz
+        aws s3 cp --no-progress /tmp/aws-crt-${{ matrix.variant }}-${{ env.IMAGE_TAG }}.tar.gz s3://${{env.AWS_S3_BUCKET}}/${{ env.IMAGE_TAG }}/aws-crt-${{ matrix.variant }}.tar.gz
 
-###############################################################################
-# DOWNSTREAM TESTS
-###############################################################################
+  ###############################################################################
+  # DOWNSTREAM TESTS
+  ###############################################################################
   aws-c-common-linux-x64:
     name: Linux x64 aws-c-common test build
     runs-on: 'ubuntu-latest'
@@ -253,78 +175,6 @@ jobs:
         docker pull docker.pkg.github.com/awslabs/aws-crt-builder/aws-crt-ubuntu-16-x64:${{ steps.release.outputs.release_tag }}
         docker run --env GITHUB_REF docker.pkg.github.com/awslabs/aws-crt-builder/aws-crt-ubuntu-16-x64:${{ steps.release.outputs.release_tag }} build -p aws-c-common downstream --compiler=clang-9
 
-  aws-c-common-raspbian-armv6:
-    name: Raspbian armv6 aws-c-common test build
-    runs-on: 'ubuntu-latest'
-    if: github.event_name != 'release'
-    needs: linux-arm32
-
-    steps:
-    - name: Checkout Source
-      uses: actions/checkout@v1
-
-    - name: Get Release Tag
-      uses: ./.github/actions/release-tag
-      id: release
-
-    - name: Bootstrap docker-buildx
-      run: .github/workflows/install_buildx.sh
-
-    # We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages
-    - name: Build aws-c-common + consumers
-      run: |
-        echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com -u awslabs --password-stdin
-        docker pull docker.pkg.github.com/awslabs/aws-crt-builder/aws-crt-raspbian-armv6:${{ steps.release.outputs.release_tag }}
-        docker run --env GITHUB_REF docker.pkg.github.com/awslabs/aws-crt-builder/aws-crt-raspbian-armv6:${{ steps.release.outputs.release_tag }} build -p aws-c-common downstream
-
-  aws-c-common-alpine-armv7:
-    name: Alpine ARMv7 aws-c-common test build
-    runs-on: 'ubuntu-latest'
-    if: github.event_name != 'release'
-    needs: linux-arm32
-
-    steps:
-    - name: Checkout Source
-      uses: actions/checkout@v1
-
-    - name: Get Release Tag
-      uses: ./.github/actions/release-tag
-      id: release
-
-    - name: Bootstrap docker-buildx
-      run: .github/workflows/install_buildx.sh
-
-    # We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages
-    - name: Build aws-c-common + consumers
-      run: |
-        echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com -u awslabs --password-stdin
-        docker pull docker.pkg.github.com/awslabs/aws-crt-builder/aws-crt-alpine-armv7:${{ steps.release.outputs.release_tag }}
-        docker run --env GITHUB_REF docker.pkg.github.com/awslabs/aws-crt-builder/aws-crt-alpine-armv7:${{ steps.release.outputs.release_tag }} build -p aws-c-common downstream
-
-  aws-c-common-al2-armv8:
-    name: al2 armv8 aws-c-common test build
-    runs-on: 'ubuntu-latest'
-    if: github.event_name != 'release'
-    needs: linux-arm64
-
-    steps:
-    - name: Checkout Source
-      uses: actions/checkout@v1
-
-    - name: Get Release Tag
-      uses: ./.github/actions/release-tag
-      id: release
-
-    - name: Bootstrap docker-buildx
-      run: .github/workflows/install_buildx.sh
-
-    # We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages
-    - name: Build aws-c-common + consumers
-      run: |
-        echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com -u awslabs --password-stdin
-        docker pull docker.pkg.github.com/awslabs/aws-crt-builder/aws-crt-al2-arm64:${{ steps.release.outputs.release_tag }}
-        docker run --env GITHUB_REF docker.pkg.github.com/awslabs/aws-crt-builder/aws-crt-al2-arm64:${{ steps.release.outputs.release_tag }} build -p aws-c-common downstream
-
   aws-c-common-osx:
     name: OSX aws-c-common test build
     runs-on: 'macos-latest'
@@ -335,7 +185,7 @@ jobs:
     - name: Checkout Source
       uses: actions/checkout@v1
 
-    - name: Install entrypoint
+    - name: Install builder
       uses: actions/download-artifact@v1
       with:
         name: builder
@@ -347,22 +197,22 @@ jobs:
       run: builder build default-downstream -p aws-c-common --dump-config
 
   aws-c-common-windows-vs2019:
-      name: Windows (VS2019) aws-c-common test build
-      runs-on: 'windows-latest'
-      if: github.event_name != 'release'
-      needs: package
+    name: Windows (VS2019) aws-c-common test build
+    runs-on: 'windows-latest'
+    if: github.event_name != 'release'
+    needs: package
 
-      steps:
-      - name: Checkout Source
-        uses: actions/checkout@v1
+    steps:
+    - name: Checkout Source
+      uses: actions/checkout@v1
 
-      - name: Install entrypoint
-        uses: actions/download-artifact@v1
-        with:
-          name: builder
+    - name: Install builder
+      uses: actions/download-artifact@v1
+      with:
+        name: builder
 
-      - name: Build aws-c-common + consumers
-        run: python builder\builder build default-downstream -p aws-c-common --dump-config
+    - name: Build aws-c-common + consumers
+      run: python builder\builder build default-downstream -p aws-c-common --dump-config
 
   ci-passed:
     name: Downstream Tests Passed
@@ -371,8 +221,5 @@ jobs:
     - aws-c-common-linux-x64
     - aws-c-common-osx
     - aws-c-common-windows-vs2019
-    - aws-c-common-alpine-armv7
-    - aws-c-common-raspbian-armv6
-    - aws-c-common-al2-armv8
     steps:
       - run: echo "All downstream tests passed"

.github/workflows/docker_buildx.sh

@@ -50,12 +50,10 @@ build_image() {
   # build builder target image
   docker build \
     --build-arg BUILDKIT_INLINE_CACHE=1 \
-    --load \
+    --output=type=docker,push=true \
     --tag="$(_get_full_image_name)":${INPUT_IMAGE_TAG} \
     ${INPUT_BUILD_EXTRA_ARGS} \
     ${INPUT_CONTEXT}
-
-  docker push "$(_get_full_image_name)":${INPUT_IMAGE_TAG}
 }
 
 logout_from_registry() {

.github/workflows/install_buildx.sh

@@ -14,7 +14,7 @@ install_buildx() {
 
 configure_buildx() {
   docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
-  docker buildx create --name builder --driver docker-container --use
+  docker buildx create --name builder --driver docker-container --platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 --use
   docker buildx inspect --bootstrap
   docker buildx install
 }