build: Multi arch Docker images with GitHub actions (ref #8834)

This builds and publishes our Docker images from GitHub.

.github/workflows/build-syncthing.yaml

@@ -624,3 +624,70 @@ jobs:
           RCLONE_CONFIG_SPACES_ACL: public-read
         with:
           args: sync packages spaces:syncthing/release/${{ env.VERSION }}
+
+  docker-syncthing:
+    name: Build and push Docker images
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/release' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release-'))
+    environment: docker
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-go@v4
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-docker-${{ hashFiles('**/go.sum') }}
+
+      - name: Build binaries
+        run: |
+          for arch in arm64 amd64; do
+            go run build.go -goos linux -goarch "$arch" build syncthing
+            mv syncthing syncthing-linux-"$arch"
+          done
+        env:
+          CGO_ENABLED: "0"
+          BUILD_USER: docker
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Set version tags
+        run: |
+          version=$(go run build.go version)
+          version=${version#v}
+          if [[ $version == @([0-9]|[0-9][0-9]).@([0-9]|[0-9][0-9]).@([0-9]|[0-9][0-9]) ]] ; then
+            echo Release version, pushing to :latest and version tags
+            major=${version%.*.*}
+            minor=${version%.*}
+            tags=syncthing/syncthing:$version,syncthing/syncthing:$major,syncthing/syncthing:$minor,syncthing/syncthing:latest
+          elif [[ $version == *-rc.@([0-9]|[0-9][0-9]) ]] ; then
+            echo Release candidate, pushing to :rc
+            tags=syncthing/syncthing:rc
+          else
+            echo Development version, pushing to :edge
+            tags=syncthing/syncthing:edge
+          fi
+          echo "DOCKER_TAGS=$tags" >> $GITHUB_ENV
+
+      - name: Build and push syncthing
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ env.DOCKER_TAGS }}

Dockerfile

@@ -1,15 +1,33 @@
 ARG GOVERSION=latest
+
+#
+# Maybe build Syncthing. This is a bit ugly as we can't make an entire
+# section of the Dockerfile conditional, so we end up always pulling the
+# golang image as builder. Then we check if the executable we need already
+# exists (pre-built) otherwise we build it.
+#
+
 FROM golang:$GOVERSION AS builder
+ARG BUILD_USER
+ARG BUILD_HOST
+ARG TARGETARCH
 
 WORKDIR /src
 COPY . .
 
 ENV CGO_ENABLED=0
-ENV BUILD_HOST=syncthing.net
-ENV BUILD_USER=docker
-RUN rm -f syncthing && go run build.go -no-upgrade build syncthing
+RUN if [ ! -f syncthing-linux-$TARGETARCH ] ; then \
+    go run build.go -no-upgrade build syncthing ; \
+    mv syncthing syncthing-linux-$TARGETARCH ; \
+  fi
+
+#
+# The rest of the Dockerfile uses the binary from the builder, prebuilt or
+# not.
+#
 
 FROM alpine
+ARG TARGETARCH
 
 EXPOSE 8384 22000/tcp 22000/udp 21027/udp
 
@@ -17,7 +35,7 @@ VOLUME ["/var/syncthing"]
 
 RUN apk add --no-cache ca-certificates curl libcap su-exec tzdata
 
-COPY --from=builder /src/syncthing /bin/syncthing
+COPY --from=builder /src/syncthing-linux-$TARGETARCH /bin/syncthing
 COPY --from=builder /src/script/docker-entrypoint.sh /bin/entrypoint.sh
 
 ENV PUID=1000 PGID=1000 HOME=/var/syncthing

Dockerfile.buildx

@@ -1,19 +0,0 @@
-FROM alpine
-ARG TARGETARCH
-
-EXPOSE 8384 22000/tcp 22000/udp 21027/udp
-
-VOLUME ["/var/syncthing"]
-
-RUN apk add --no-cache ca-certificates curl libcap su-exec tzdata
-
-COPY ./syncthing-linux-$TARGETARCH /bin/syncthing
-COPY ./script/docker-entrypoint.sh /bin/entrypoint.sh
-
-ENV PUID=1000 PGID=1000 HOME=/var/syncthing
-
-HEALTHCHECK --interval=1m --timeout=10s \
-  CMD curl -fkLsS -m 2 127.0.0.1:8384/rest/noauth/health | grep -o --color=never OK || exit 1
-
-ENV STGUIADDRESS=0.0.0.0:8384
-ENTRYPOINT ["/bin/entrypoint.sh", "/bin/syncthing", "-home", "/var/syncthing/config"]