fix(docker): create optimized builder with docker-container driver for arm64 builds

closes #580

docker/production/.gitlab-ci.yml

@@ -12,12 +12,35 @@ docker-build-rolling:
     DOCKER_BUILDKIT: 1
     DOCKER_HOST: tcp://docker:2376
     DOCKER_TLS_CERTDIR: "/certs"
-  script:
+  before_script:
+    # ensure the Docker config directory exists
     - mkdir -p /root/.docker
+    # copy credentials to authenticate against registry
     - cp ${DOCKER_HUB_CONFIG} /root/.docker/config.json
+
     - docker context create tls-environment
-    - docker buildx create --use tls-environment
-    - docker buildx build --secret id=maxmind-licence-key,env=MAXMIND_LICENCE_KEY --push --platform=linux/amd64 --file=docker/production/Dockerfile --tag=${DOCKER_IMAGE_CASTOPOD}:${TAG} .
+
+    # Create and use builder with optimized settings
+    - docker buildx create
+      --name fast-multiplatform
+      --driver docker-container
+      --driver-opt network=host
+      --driver-opt image=moby/buildkit:v0.27.1
+      --use
+      tls-environment
+
+    # initialize and boot fast-multiplatform builder
+    # configure BuildKit features that aren't enabled by default
+    - docker buildx inspect --bootstrap
+  script:
+    - docker buildx build
+      --target production
+      --secret id=maxmind-licence-key,env=MAXMIND_LICENCE_KEY
+      --platform linux/amd64
+      --file docker/production/Dockerfile
+      --push
+      --tag ${DOCKER_IMAGE_CASTOPOD}:${TAG}
+      .
   rules:
     - if: $CI_COMMIT_BRANCH == 'develop'
 
@@ -31,18 +54,42 @@ docker-build-release:
     DOCKER_BUILDKIT: 1
     DOCKER_HOST: tcp://docker:2376
     DOCKER_TLS_CERTDIR: "/certs"
-  script:
+  before_script:
+    # ensure the Docker config directory exists
     - mkdir -p /root/.docker
+    # copy credentials to authenticate against registry
     - cp ${DOCKER_HUB_CONFIG} /root/.docker/config.json
+
     # extract Castopod version from tag (remove "v" prefix)
     - export CP_VERSION=$(echo "$CI_COMMIT_TAG" | sed 's/^v//')
     # extract pre release identifier (eg. alpha, beta, next, ...) from CP_VERSION or "latest" if none exists
     - export CP_TAG=$(echo "$CP_VERSION" | sed 's/^[^-]*-\([^.]*\)\..*/\1/; t; s/.*/latest/')
+
     - docker context create tls-environment
-    - docker buildx create --use tls-environment
-    - docker buildx build --secret id=maxmind-licence-key,env=MAXMIND_LICENCE_KEY --push --platform=linux/amd64 --file=docker/production/Dockerfile --tag=${DOCKER_IMAGE_CASTOPOD}:${CP_VERSION} --tag=${DOCKER_IMAGE_CASTOPOD}:${CP_TAG} .
-    # when --platform=linux/amd64,linux/arm64: amd64 image takes too long to be pushed as it needs to wait for arm64 to be built
-    # --> build and push amd64 image first, then overwrite manifest after building arm64
-    - docker buildx build --secret id=maxmind-licence-key,env=MAXMIND_LICENCE_KEY --push --platform=linux/amd64,linux/arm64 --file=docker/production/Dockerfile --tag=${DOCKER_IMAGE_CASTOPOD}:${CP_VERSION} --tag=${DOCKER_IMAGE_CASTOPOD}:${CP_TAG} .
+
+    # Create and use builder with optimized settings
+    - docker buildx create
+      --name fast-multiplatform
+      --driver docker-container
+      --driver-opt network=host
+      --driver-opt image=moby/buildkit:v0.27.1
+      --use
+      tls-environment
+
+    # initialize and boot fast-multiplatform builder
+    # configure BuildKit features that aren't enabled by default
+    - docker buildx inspect --bootstrap
+  script:
+    # build multiplatform image for amd64 and arm64
+    - docker buildx build
+      --target production
+      --secret id=maxmind-licence-key,env=MAXMIND_LICENCE_KEY
+      --platform linux/amd64,linux/arm64
+      --file docker/production/Dockerfile
+      --push
+      --tag ${DOCKER_IMAGE_CASTOPOD}:${CP_VERSION}
+      --tag ${DOCKER_IMAGE_CASTOPOD}:${CP_TAG}
+      --progress=plain
+      .
   rules:
     - if: $CI_COMMIT_TAG

docker/production/Dockerfile

@@ -56,7 +56,7 @@ RUN \
 # Define production image based on FrankenPHP /
 # Debian with services managed by s6-overlay
 #---------------------------------------------------
-FROM serversideup/php:${PHP_VERSION}-frankenphp-trixie AS build
+FROM serversideup/php:${PHP_VERSION}-frankenphp-trixie AS production
 
 LABEL maintainer="Yassine Doghri <yassine@doghri.fr>"