multi-arch ci

.gitlab-ci.yml

-image: docker:latest
-services:
-  - docker:dind
-
 stages:
   - build
-  - test
+  - combine
   - deploy
 
 variables:
-  CI_IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
-  LAST_VERSION_FILE: .last_version
-  CI_ENV_FILE: .ci.env
+  GIT_DEPTH: "1"
+  CONTAINER_TEST_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
+  CONTAINER_TEST_ARM_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-arm
+  CONTAINER_TEST_X86_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-x86
+  CONTAINER_RELEASE_IMAGE: $CI_REGISTRY_IMAGE:latest
+
+before_script:
+  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
 
-docker-build:
+build-x86:
   stage: build
-  cache:
-    paths:
-      - $LAST_VERSION_FILE
-  artifacts:
-    reports:
-      dotenv: $CI_ENV_FILE
-    expire_in: 30 minutes
-  before_script:
-    - apk add bash curl jq
-    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+  tags: 
+    - docker
   script:
-    - chmod +x ./build.sh && /bin/bash ./build.sh
-    - docker push "${CI_IMAGE_TAG}"
-  only:
-    changes:
-      - "Dockerfile"
-      - "nginx.conf"
-      - ".gitlab-ci.yml"
-      - "build.sh"
+    - docker build --pull -t $CONTAINER_TEST_X86_IMAGE .
+    - docker push $CONTAINER_TEST_X86_IMAGE
 
+build-arm:
+  stage: build
+  tags: 
+    - docker-arm
+  script:
+    - docker build --pull -f Dockerfile.arm -t $CONTAINER_TEST_ARM_IMAGE .
+    - docker push $CONTAINER_TEST_ARM_IMAGE
 
-docker-tests:
-  stage: test
-  dependencies:
-    - docker-build
-  image: ymuski/curl-http3
-  services:
-    - name: "$CI_IMAGE_TAG"
-      alias: nginxquic
+combine:
+  stage: combine
+  tags:
+    - docker
   script:
-    - curl --http3 -v --silent --insecure "https://nginxquic:443"
-    - /opt/httpstat.sh --http3 "https://nginxquic:443"
-  only:
-    changes:
-      - "Dockerfile"
-      - "nginx.conf"
-      - ".gitlab-ci.yml"
-      - "build.sh"
+    - docker pull $CONTAINER_TEST_X86_IMAGE
+    - docker pull $CONTAINER_TEST_ARM_IMAGE
+    - docker manifest create $CONTAINER_TEST_IMAGE --amend $CONTAINER_TEST_X86_IMAGE --amend $CONTAINER_TEST_ARM_IMAGE
+    - docker manifest push $CONTAINER_TEST_IMAGE
 
+deploy_latest:
+  stage: deploy
+  tags: 
+    - docker
+  script:
+    - docker pull $CONTAINER_TEST_IMAGE
+    - docker tag $CONTAINER_TEST_IMAGE $CONTAINER_RELEASE_IMAGE
+    - docker push $CONTAINER_RELEASE_IMAGE
+  only:
+    - master
 
-docker-publish:
+deploy_tag:
   stage: deploy
-  dependencies:
-    - docker-build
-    - docker-tests
+  tags: 
+    - docker
   variables:
-    FULL_VERSION: $FULL_VERSION
-    VERSION: $VERSION
-  cache:
-    paths:
-      - $LAST_VERSION_FILE
-  before_script:
-    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
-    - docker login -u "$DP_REGISTRY_USER" -p "$DP_REGISTRY_PASSWORD" $DP_REGISTRY
+    CONTAINER_TAG_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
   script:
-    - docker pull "${CI_IMAGE_TAG}"
-
-    - docker tag "${CI_IMAGE_TAG}" "${CI_REGISTRY_IMAGE}:latest"
-    - docker tag "${CI_IMAGE_TAG}" "${CI_REGISTRY_IMAGE}:${VERSION}"
-    - docker tag "${CI_IMAGE_TAG}" "${CI_REGISTRY_IMAGE}:archlinux"
-    - docker tag "${CI_IMAGE_TAG}" "${CI_REGISTRY_IMAGE}:${VERSION}-archlinux"
-
-    - docker push "${CI_REGISTRY_IMAGE}:latest"
-    - docker push "${CI_REGISTRY_IMAGE}:${VERSION}"
-    - docker push "${CI_REGISTRY_IMAGE}:archlinux"
-    - docker push "${CI_REGISTRY_IMAGE}:${VERSION}-archlinux"
-
-    - docker tag "${CI_IMAGE_TAG}" "${DP_REGISTRY_IMAGE}:latest"
-    - docker tag "${CI_IMAGE_TAG}" "${DP_REGISTRY_IMAGE}:${VERSION}"
-    - docker tag "${CI_IMAGE_TAG}" "${DP_REGISTRY_IMAGE}:archlinux"
-    - docker tag "${CI_IMAGE_TAG}" "${DP_REGISTRY_IMAGE}:${VERSION}-archlinux"
-
-    - docker push "${DP_REGISTRY_IMAGE}:latest"
-    - docker push "${DP_REGISTRY_IMAGE}:${VERSION}"
-    - docker push "${DP_REGISTRY_IMAGE}:archlinux"
-    - docker push "${DP_REGISTRY_IMAGE}:${VERSION}-archlinux"
-
-    - echo $FULL_VERSION > $LAST_VERSION_FILE
+    - docker pull $CONTAINER_TEST_IMAGE
+    - docker tag $CONTAINER_TEST_IMAGE $CONTAINER_TAG_IMAGE
+    - docker push $CONTAINER_TAG_IMAGE
   only:
-    refs:
-      - master
-      - schedules
-      - web
-    variables:
-      - $DP_REGISTRY && $DP_REGISTRY_USER && $DP_REGISTRY_PASSWORD && $DP_REGISTRY_IMAGE
-    changes:
-      - "Dockerfile"
-      - "nginx.conf"
-      - ".gitlab-ci.yml"
-      - "build.sh"
+    - tags

Dockerfile

-FROM archlinux:base-devel
+FROM archlinux/archlinux:base-devel
 
 RUN set -x \
+    && echo 'Server = https://mirrors.aliyun.com/archlinux/$repo/os/$arch' > /etc/pacman.d/mirrorlist \
     && groupadd --gid 101 --system nginx \
     && useradd --uid 101 --gid nginx --system --create-home --home-dir /var/cache/nginx --shell /sbin/nologin nginx \
     && echo "nginx ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/nginx \

Dockerfile.arm

+FROM lopsided/archlinux:devel
+
+RUN set -x \
+    && echo 'Server = https://mirrors.aliyun.com/archlinuxarm/$arch/$repo/' > /etc/pacman.d/mirrorlist \
+    && groupadd --gid 101 --system nginx \
+    && useradd --uid 101 --gid nginx --system --create-home --home-dir /var/cache/nginx --shell /sbin/nologin nginx \
+    && echo "nginx ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/nginx \
+    && pacman --noconfirm -Sy git \
+    && mkdir -m 777 /aur \
+    && su nginx -s /bin/sh -c " \
+        cd /aur \
+        && git clone https://aur.archlinux.org/nginx-quic.git \
+        && cd nginx-quic \
+        && makepkg -scri --noconfirm \
+    " \
+    && rm -f /etc/sudoers.d/nginx \
+    && rm -rf /aur \
+    && rm -rf /var/cache/pacman/pkg/*
+RUN openssl req -x509 -newkey rsa:4096 -days 365 -subj '/CN=localhost/O=localhost/C=US' \
+      -nodes -keyout /etc/nginx/cert.key -out /etc/nginx/cert.pem \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log
+
+COPY nginx.conf /etc/nginx/nginx.conf
+
+EXPOSE 80
+EXPOSE 443/tcp
+EXPOSE 443/udp
+
+STOPSIGNAL SIGQUIT
+
+CMD ["nginx", "-g", "daemon off;"]