Windows: Add CI for per-commit/release image build (#13374)

Commit Message: Windows: Add CI for per-commit/release image build - Make ./ci/docker_ci.sh cross platform - Add CI job to build image from result of build and test CI job - Add Docker image built in same structure as Linux version, mirrored entrypoint/command - google proxy example config used like in Linux build - Docker image base can be overridden with different Windows container image if needed Additional Description: N/A Risk Level: Low Testing: N/A Docs Changes: N/A Release Notes: N/A Signed-off-by: Sunjay Bhatia <[email protected]>
envoyproxy · Oct 10, 2020 · 989c898 · 989c898
1 parent 51af1b0
commit 989c898
Show file tree

Hide file tree

Showing 4 changed files with 111 additions and 19 deletions.
diff --git a/.azure-pipelines/pipelines.yml b/.azure-pipelines/pipelines.yml
@@ -230,3 +230,35 @@ jobs:
           pathtoPublish: "$(Build.StagingDirectory)/envoy"
           artifactName: windows.release
         condition: always()
+
+  - job: docker_windows
+    displayName: "Windows docker"
+    dependsOn: ["Windows"]
+    timeoutInMinutes: 360
+    pool:
+      vmImage: "windows-latest"
+    steps:
+      - task: DownloadBuildArtifacts@0
+        inputs:
+          buildType: current
+          artifactName: "windows.release"
+          itemPattern: "windows.release/envoy_binary.tar.gz"
+          downloadType: single
+          targetPath: $(Build.StagingDirectory)
+      - bash: |
+          set -e
+          # Convert to Unix-style path so tar doesn't think drive letter is a hostname
+          STAGING_DIR="/$(echo '$(Build.StagingDirectory)' | tr -d ':' | tr '\\' '/')"
+          mkdir -p windows/amd64 && tar zxf "${STAGING_DIR}/windows.release/envoy_binary.tar.gz" -C ./windows/amd64
+          ci/docker_ci.sh
+        workingDirectory: $(Build.SourcesDirectory)
+        env:
+          AZP_BRANCH: $(Build.SourceBranch)
+          AZP_SHA1: $(Build.SourceVersion)
+          DOCKERHUB_USERNAME: $(DockerUsername)
+          DOCKERHUB_PASSWORD: $(DockerPassword)
+      - task: PublishBuildArtifacts@1
+        inputs:
+          pathtoPublish: "$(Build.StagingDirectory)/build_images"
+          artifactName: docker_windows
+        condition: always()
diff --git a/ci/Dockerfile-envoy-windows b/ci/Dockerfile-envoy-windows
@@ -0,0 +1,19 @@
+ARG BUILD_OS=mcr.microsoft.com/windows/servercore
+ARG BUILD_TAG=ltsc2019
+
+FROM $BUILD_OS:$BUILD_TAG
+
+RUN mkdir "C:\\Program\ Files\\envoy"
+RUN setx path "%path%;c:\Program Files\envoy"
+ADD ["windows/amd64/envoy.exe", "C:/Program Files/envoy/"]
+
+RUN mkdir "C:\\ProgramData\\envoy"
+ADD ["configs/google_com_proxy.v2.yaml", "C:/ProgramData/envoy/envoy.yaml"]
+# Replace temp path with Windows temp path
+RUN powershell -Command "(cat C:\ProgramData\envoy\envoy.yaml -raw) -replace '/tmp/','C:\Windows\Temp\' | Set-Content -Encoding Ascii C:\ProgramData\envoy\envoy.yaml"
+
+EXPOSE 10000
+
+COPY ci/docker-entrypoint.bat C:/
+ENTRYPOINT ["C:/docker-entrypoint.bat"]
+CMD ["envoy.exe", "-c", "C:\\ProgramData\\envoy\\envoy.yaml"]
diff --git a/ci/docker-entrypoint.bat b/ci/docker-entrypoint.bat
@@ -0,0 +1,21 @@
+@echo off
+setlocal
+
+set CMD=%*%
+
+REM if the first argument look like a parameter (i.e. start with '-'), run Envoy
+set first_arg=%1%
+if "%first_arg:~0,1%" == "-" (
+    set CMD=envoy.exe %CMD%
+)
+
+if /i "%1" == "envoy" set is_envoy=1
+if /i "%1" == "envoy.exe" set is_envoy=1
+if defined is_envoy (
+    REM set the log level if the $loglevel variable is set
+    if defined loglevel (
+        set CMD=%CMD% --log-level %loglevel%
+    )
+)
+
+%CMD%
diff --git a/ci/docker_ci.sh b/ci/docker_ci.sh
@@ -4,6 +4,10 @@
 # CI logs.
 set -e
 
+function is_windows() {
+  [[ "$(uname -s)" == *NT* ]]
+}
+
 ENVOY_DOCKER_IMAGE_DIRECTORY="${ENVOY_DOCKER_IMAGE_DIRECTORY:-${BUILD_STAGINGDIRECTORY:-.}/build_images}"
 
 # Setting environments for buildx tools
@@ -20,10 +24,12 @@ build_platforms() {
   TYPE=$1
   FILE_SUFFIX="${TYPE/-debug/}"
 
-  if [[ -z "${FILE_SUFFIX}" ]]; then
-    echo "linux/arm64,linux/amd64"
+  if is_windows; then
+    echo "windows/amd64"
+  elif [[ -z "${FILE_SUFFIX}" ]]; then
+      echo "linux/arm64,linux/amd64"
   else
-    echo "linux/amd64"
+      echo "linux/amd64"
   fi
 }
 
@@ -40,11 +46,14 @@ build_args() {
 }
 
 use_builder() {
-  TYPE=$1
-  if [[ "${TYPE}" == "-google-vrp" ]]; then
-    docker buildx use default
-  else
-    docker buildx use multi-builder
+  # BuildKit is not available for Windows images, skip this
+  if ! is_windows; then
+    TYPE=$1
+    if [[ "${TYPE}" == "-google-vrp" ]]; then
+      docker buildx use default
+    else
+      docker buildx use multi-builder
+    fi
   fi
 }
 
@@ -60,18 +69,21 @@ build_images() {
   read -ra args <<< "$_args"
   PLATFORM="$(build_platforms "${TYPE}")"
 
-  docker buildx build --platform "${PLATFORM}" "${args[@]}" -t "${BUILD_TAG}" .
+  docker "${BUILD_COMMAND[@]}" --platform "${PLATFORM}" "${args[@]}" -t "${BUILD_TAG}" .
 
   PLATFORM="$(build_platforms "${TYPE}" | tr ',' ' ')"
-  # docker buildx load cannot have multiple platform, load individually
   for ARCH in ${PLATFORM}; do
-    if [[ "${ARCH}" == "linux/amd64" ]]; then
+    if [[ "${ARCH}" == "linux/amd64" ]] || [[ "${ARCH}" == "windows/amd64" ]]; then
       IMAGE_TAG="${BUILD_TAG}"
     else
       IMAGE_TAG="${BUILD_TAG}-${ARCH/linux\//}"
     fi
-    docker buildx build --platform "${ARCH}" "${args[@]}" -t "${IMAGE_TAG}" . --load
     IMAGES_TO_SAVE+=("${IMAGE_TAG}")
+
+    # docker buildx load cannot have multiple platform, load individually
+    if ! is_windows; then
+      docker "${BUILD_COMMAND[@]}" --platform "${ARCH}" "${args[@]}" -t "${IMAGE_TAG}" . --load
+    fi
   done
 }
 
@@ -85,7 +97,7 @@ push_images() {
   read -ra args <<< "$_args"
   PLATFORM="$(build_platforms "${TYPE}")"
   # docker buildx doesn't do push with default builder
-  docker buildx build --platform "${PLATFORM}" "${args[@]}" -t "${BUILD_TAG}" . --push || \
+  docker "${BUILD_COMMAND[@]}" --platform "${PLATFORM}" "${args[@]}" -t "${BUILD_TAG}" . --push || \
     docker push "${BUILD_TAG}"
 }
 
@@ -106,14 +118,22 @@ fi
 # This prefix is altered for the private security images on setec builds.
 DOCKER_IMAGE_PREFIX="${DOCKER_IMAGE_PREFIX:-envoyproxy/envoy}"
 
-# "-google-vrp" must come afer "" to ensure we rebuild the local base image dependency.
-BUILD_TYPES=("" "-debug" "-alpine" "-alpine-debug" "-google-vrp")
 
-# Configure docker-buildx tools
-config_env
+if is_windows; then
+  BUILD_TYPES=("-windows")
+  # BuildKit is not available for Windows images, use standard build command
+  BUILD_COMMAND=("build")
+else
+  # "-google-vrp" must come afer "" to ensure we rebuild the local base image dependency.
+  BUILD_TYPES=("" "-debug" "-alpine" "-alpine-debug" "-google-vrp")
 
-# VRP base image is only for amd64
-VRP_BASE_IMAGE="${DOCKER_IMAGE_PREFIX}${IMAGE_POSTFIX}:${IMAGE_NAME}"
+  # Configure docker-buildx tools
+  BUILD_COMMAND=("buildx" "build")
+  config_env
+
+  # VRP base image is only for Linux amd64
+  VRP_BASE_IMAGE="${DOCKER_IMAGE_PREFIX}${IMAGE_POSTFIX}:${IMAGE_NAME}"
+fi
 
 # Test the docker build in all cases, but use a local tag that we will overwrite before push in the
 # cases where we do push.