Build manylinux2014_aarch64 container for wheel builds.

.github/workflows/build-docker-images.yml

@@ -18,6 +18,7 @@ on:
       - 'cryptography-manylinux/**'
 
 jobs:
+  # Build containers for x86
   build:
     runs-on: ubuntu-latest
     strategy:
@@ -28,19 +29,16 @@ jobs:
           - {TAG_NAME: "pyca/cryptography-runner-centos8-fips", DOCKERFILE_PATH: "runners/centos8", BUILD_ARGS: "--build-arg FIPS=1"}
 
           - {TAG_NAME: "pyca/cryptography-runner-fedora", DOCKERFILE_PATH: "runners/fedora"}
-          - {TAG_NAME: "pyca/cryptography-runner-alpine", DOCKERFILE_PATH: "runners/alpine"}
 
           - {TAG_NAME: "pyca/cryptography-runner-stretch", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=stretch"}
           - {TAG_NAME: "pyca/cryptography-runner-buster", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=buster"}
           - {TAG_NAME: "pyca/cryptography-runner-bullseye", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=bullseye"}
           - {TAG_NAME: "pyca/cryptography-runner-sid", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=sid"}
 
-          - {TAG_NAME: "pyca/cryptography-runner-ubuntu-bionic", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=bionic"}
-          - {TAG_NAME: "pyca/cryptography-runner-ubuntu-focal", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=focal"}
-          - {TAG_NAME: "pyca/cryptography-runner-ubuntu-rolling", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=rolling"}
+          - {TAG_NAME: "pyca/cryptography-runner-alpine", DOCKERFILE_PATH: "runners/alpine"}
 
-          - {TAG_NAME: "pyca/cryptography-manylinux1:x86_64", DOCKERFILE_PATH: "cryptography-manylinux", BUILD_ARGS: "-f cryptography-manylinux/Dockerfile-manylinux1"}
-          - {TAG_NAME: "pyca/cryptography-manylinux2010:x86_64", DOCKERFILE_PATH: "cryptography-manylinux", BUILD_ARGS: "-f cryptography-manylinux/Dockerfile-manylinux2010"}
+          - {TAG_NAME: "pyca/cryptography-manylinux1", DOCKERFILE_PATH: "cryptography-manylinux", BUILD_ARGS: "-f cryptography-manylinux/Dockerfile-manylinux1"}
+          - {TAG_NAME: "pyca/cryptography-manylinux2010", DOCKERFILE_PATH: "cryptography-manylinux", BUILD_ARGS: "-f cryptography-manylinux/Dockerfile-manylinux2010"}
 
     name: "Building docker image ${{ matrix.IMAGE.TAG_NAME }}"
     steps:
@@ -61,3 +59,43 @@ jobs:
       - name: Push image
         run: docker push ${{ matrix.IMAGE.TAG_NAME }}
         if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master'
+
+  # Build the manylinux2014_aarch64 container
+  build_manylinux2014_aarch64:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        IMAGE:
+          - {TAG_NAME: "pyca/cryptography-manylinux2014_aarch64", DOCKERFILE_PATH: "cryptography-manylinux", BUILD_ARGS: "-f cryptography-manylinux/Dockerfile-manylinux2014_aarch64"}
+
+    name: "Building docker image ${{ matrix.IMAGE.TAG_NAME }}"
+    steps:
+      - uses: actions/checkout@master
+      - name: Docker Buildx
+        id: buildx
+        uses: crazy-max/[email protected]
+        with:
+          buildx-version: latest
+          qemu-version: latest
+      # Pull the previous image, but if it fails return true anyway.
+      # Sometimes we add new docker images and if they've never been pushed
+      # they can't be pulled.
+      - name: Pull existing image
+        run: docker pull ${{ matrix.IMAGE.TAG_NAME }}:latest || true
+      - name: Build image
+        run: >
+          docker buildx build --platform linux/arm64 --pull --cache-from ${{ matrix.IMAGE.TAG_NAME }}
+          --cache-to "type=local,dest=/tmp/.buildx-cache" --output "type=image,push=false"
+          -t ${{ matrix.IMAGE.TAG_NAME }} ${{ matrix.IMAGE.DOCKERFILE_PATH }} ${{ matrix.IMAGE.BUILD_ARGS }}
+      - name: Login to docker
+        run: 'docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"'
+        env:
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master'
+      - name: Push image
+        run: >
+          docker buildx build --cache-from "type=local,src=/tmp/.buildx-cache"
+          --platform linux/arm64 --output "type=image,push=true" -t ${{ matrix.IMAGE.TAG_NAME }}
+          ${{ matrix.IMAGE.DOCKERFILE_PATH }} ${{ matrix.IMAGE.BUILD_ARGS }}
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master'

cryptography-manylinux/Dockerfile-manylinux2014_aarch64

@@ -0,0 +1,15 @@
+FROM quay.io/pypa/manylinux2014_aarch64
+MAINTAINER Python Cryptographic Authority
+WORKDIR /root
+# RUN yum -y install prelink && yum -y clean all
+RUN yum -y clean all
+ADD install_libffi.sh /root/install_libffi.sh
+RUN sh install_libffi.sh manylinux2014
+ADD install_openssl.sh /root/install_openssl.sh
+ADD openssl-version.sh /root/openssl-version.sh
+RUN sh install_openssl.sh manylinux2014
+ADD install_virtualenv.sh /root/install_virtualenv.sh
+RUN sh install_virtualenv.sh manylinux2014
+
+RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain stable
+ENV PATH="/root/.cargo/bin:$PATH"