feat: release arm64 arch for humio-operator (#762)

* feat: release arm64 arch for humio-operator ci: update to use current best practices for permissions of jobs Update Dockerfile Update Dockerfile feat: release arm64 arch for humio-operator ci: update to use current best practices for permissions of jobs Update Dockerfile Update Dockerfile Revert "feat: release arm64 arch for humio-operator" This reverts commit 9f06742. Update release-container-image.yaml * ARM build for master branch builds --------- Co-authored-by: Ryan Faircloth <[email protected]> Co-authored-by: Mike Rostermund <[email protected]>
humio · Jun 6, 2024 · c70e4d3 · c70e4d3
1 parent 8efd59e
commit c70e4d3
Show file tree

Hide file tree

Showing 3 changed files with 95 additions and 26 deletions.
diff --git a/.github/workflows/master.yaml b/.github/workflows/master.yaml
@@ -14,8 +14,31 @@ jobs:
         echo "RELEASE_VERSION=master" >> $GITHUB_ENV
         echo "RELEASE_COMMIT=$(git rev-parse --verify HEAD)" >> $GITHUB_ENV
         echo "RELEASE_DATE=$(date --iso-8601=seconds)" >> $GITHUB_ENV
-    - name: docker build
-      run: make docker-build-operator IMG=humio/humio-operator:${{ env.RELEASE_VERSION }} IMG_BUILD_ARGS="--label version=${{ env.RELEASE_VERSION }} --label release=${{ github.run_id }} --build-arg RELEASE_VERSION=${{ env.RELEASE_VERSION }} --build-arg RELEASE_COMMIT=${{ env.RELEASE_COMMIT }} --build-arg RELEASE_DATE=${{ env.RELEASE_DATE }}"
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+    - name: Build but don't push
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        # Because we use a container scanner pre-push we don't specify platform here so only the runner platform builds
+        # platforms: linux/amd64,linux/arm64
+        load: true
+        tags: ${{ github.repository_owner }}/humio-operator:${{ env.RELEASE_VERSION }}
+        labels: |
+          version=${{ env.RELEASE_VERSION }}
+          release=${{ github.run_id }}
+        build-args: |
+            RELEASE_VERSION=${{ env.RELEASE_VERSION }}
+            RELEASE_COMMIT=${{ env.RELEASE_COMMIT }}
+            RELEASE_DATE=${{ env.RELEASE_DATE }}
+        cache-to: type=local,type=registry,type=gha
     - name: Set up Python
       uses: actions/setup-python@v5
     - name: Install dependencies
@@ -25,24 +48,32 @@ jobs:
         python -m pip install --upgrade retry
         pip install retry
     - name: CrowdStrike Container Image Scan Operator
+      if: github.repository_owner == 'humio'
       uses: crowdstrike/container-image-scan-action@v1
       with:
         falcon_client_id: 1cd30708cb31442f85a6eec83279fe7b
-        container_repository: humio/humio-operator
+        container_repository: ${{ github.repository_owner }}/humio-operator
         container_tag: ${{ env.RELEASE_VERSION }}
       env:
         FALCON_CLIENT_SECRET: "${{ secrets.FALCON_CLIENT_SECRET }}"
-    - name: Login to DockerHub
-      uses: docker/login-action@v3
+    - name: Build and push
+      uses: docker/build-push-action@v5
       with:
-        username: ${{ secrets.DOCKER_USERNAME }}
-        password: ${{ secrets.DOCKER_PASSWORD }}
-    - name: docker tag
-      run: docker tag humio/humio-operator:${{ env.RELEASE_VERSION }} humio/humio-operator:${{ env.RELEASE_COMMIT }}
-    - name: docker push
-      run: |
-        make docker-push IMG=humio/humio-operator:${{ env.RELEASE_VERSION }}
-        make docker-push IMG=humio/humio-operator:${{ env.RELEASE_COMMIT }}
+        context: .
+        platforms: linux/amd64,linux/arm64
+        push: true
+        tags: |
+          ${{ github.repository_owner }}/humio-operator:${{ env.RELEASE_VERSION }}
+          ${{ github.repository_owner }}/humio-operator:${{ env.RELEASE_COMMIT }}
+        labels: |
+          version=${{ env.RELEASE_VERSION }}
+          release=${{ github.run_id }}
+        build-args: |
+          RELEASE_VERSION=${{ env.RELEASE_VERSION }}
+          RELEASE_COMMIT=${{ env.RELEASE_COMMIT }}
+          RELEASE_DATE=${{ env.RELEASE_DATE }}
+        cache-from: type=gha, mode=max
+        cache-to: type=gha
   build-and-publish-helper:
     name: Build and Publish Helperimage
     runs-on: ubuntu-latest
@@ -54,7 +85,7 @@ jobs:
           echo "RELEASE_COMMIT=$(git rev-parse --verify HEAD)" >> $GITHUB_ENV
           echo "RELEASE_DATE=$(date --iso-8601=seconds)" >> $GITHUB_ENV
       - name: docker build
-        run: make docker-build-helper IMG=humio/humio-operator-helper:${{ env.RELEASE_VERSION }} IMG_BUILD_ARGS="--label version=${{ env.RELEASE_VERSION }} --label release=${{ github.run_id }} --build-arg RELEASE_VERSION=${{ env.RELEASE_VERSION }} --build-arg RELEASE_COMMIT=${{ env.RELEASE_COMMIT }} --build-arg RELEASE_DATE=${{ env.RELEASE_DATE }}"
+        run: make docker-build-helper IMG=${{ github.repository_owner }}/humio-operator-helper:${{ env.RELEASE_VERSION }} IMG_BUILD_ARGS="--label version=${{ env.RELEASE_VERSION }} --label release=${{ github.run_id }} --build-arg RELEASE_VERSION=${{ env.RELEASE_VERSION }} --build-arg RELEASE_COMMIT=${{ env.RELEASE_COMMIT }} --build-arg RELEASE_DATE=${{ env.RELEASE_DATE }}"
       - name: Set up Python
         uses: actions/setup-python@v5
       - name: Install dependencies
@@ -64,10 +95,11 @@ jobs:
           python -m pip install --upgrade retry
           pip install retry
       - name: CrowdStrike Container Image Scan Operator Helper
+        if: github.repository_owner == 'humio'
         uses: crowdstrike/container-image-scan-action@v1
         with:
           falcon_client_id: 1cd30708cb31442f85a6eec83279fe7b
-          container_repository: humio/humio-operator-helper
+          container_repository: ${{ github.repository_owner }}/humio-operator-helper
           container_tag: ${{ env.RELEASE_VERSION }}
         env:
           FALCON_CLIENT_SECRET: "${{ secrets.FALCON_CLIENT_SECRET }}"
@@ -77,8 +109,8 @@ jobs:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: docker tag
-        run: docker tag humio/humio-operator-helper:${{ env.RELEASE_VERSION }} humio/humio-operator-helper:${{ env.RELEASE_COMMIT }}
+        run: docker tag ${{ github.repository_owner }}/humio-operator-helper:${{ env.RELEASE_VERSION }} ${{ github.repository_owner }}/humio-operator-helper:${{ env.RELEASE_COMMIT }}
       - name: docker push
         run: |
-          make docker-push IMG=humio/humio-operator-helper:${{ env.RELEASE_VERSION }}
-          make docker-push IMG=humio/humio-operator-helper:${{ env.RELEASE_COMMIT }}
+          make docker-push IMG=${{ github.repository_owner }}/humio-operator-helper:${{ env.RELEASE_VERSION }}
+          make docker-push IMG=${{ github.repository_owner }}/humio-operator-helper:${{ env.RELEASE_COMMIT }}
diff --git a/.github/workflows/release-container-image.yaml b/.github/workflows/release-container-image.yaml
@@ -9,20 +9,40 @@ jobs:
   build-and-publish:
     name: Test, Build and Publish
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
     - uses: actions/checkout@v4
     - name: Set version information
       run: |
         echo "RELEASE_VERSION=$(cat VERSION)" >> $GITHUB_ENV
         echo "RELEASE_COMMIT=$(git rev-parse --verify HEAD)" >> $GITHUB_ENV
         echo "RELEASE_DATE=$(date --iso-8601=seconds)" >> $GITHUB_ENV
-    - name: Login to DockerHub
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Login to Docker Hub
       uses: docker/login-action@v3
       with:
         username: ${{ secrets.DOCKER_USERNAME }}
         password: ${{ secrets.DOCKER_PASSWORD }}
-    - name: docker build
-      run: make docker-build-operator IMG=humio/humio-operator:${{ env.RELEASE_VERSION }} IMG_BUILD_ARGS="--label version=${{ env.RELEASE_VERSION }} --label release=${{ github.run_id }} --build-arg RELEASE_VERSION=${{ env.RELEASE_VERSION }} --build-arg RELEASE_COMMIT=${{ env.RELEASE_COMMIT }} --build-arg RELEASE_DATE=${{ env.RELEASE_DATE }}"
+    - name: Build but don't push
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        # Because we use a container scanner pre-push we don't specify platform here so only the runner platform builds
+        # platforms: linux/amd64,linux/arm64
+        load: true
+        tags: ${{ github.repository_owner }}/humio-operator:${{ env.RELEASE_VERSION }}
+        labels: |
+          version=${{ env.RELEASE_VERSION }}
+          release=${{ github.run_id }}
+        build-args: |
+            RELEASE_VERSION=${{ env.RELEASE_VERSION }}
+            RELEASE_COMMIT=${{ env.RELEASE_COMMIT }}
+            RELEASE_DATE=${{ env.RELEASE_DATE }}
+        cache-to: type=local,type=registry,type=gha
     - name: Set up Python
       uses: actions/setup-python@v5
     - name: Install dependencies
@@ -32,18 +52,35 @@ jobs:
         python -m pip install --upgrade retry
         pip install retry
     - name: CrowdStrike Container Image Scan Operator
+      if: github.repository_owner == 'humio'
       uses: crowdstrike/container-image-scan-action@v1
       with:
         falcon_client_id: 1cd30708cb31442f85a6eec83279fe7b
-        container_repository: humio/humio-operator
+        container_repository: ${{ github.repository_owner }}/humio-operator
         container_tag: ${{ env.RELEASE_VERSION }}
       env:
         FALCON_CLIENT_SECRET: "${{ secrets.FALCON_CLIENT_SECRET }}"
-    - name: docker push
-      run:  make docker-push IMG=humio/humio-operator:${{ env.RELEASE_VERSION }}
+    - name: Build and push
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        platforms: linux/amd64,linux/arm64
+        push: true
+        tags: ${{ github.repository_owner }}/humio-operator:${{ env.RELEASE_VERSION }}
+        labels: |
+          version=${{ env.RELEASE_VERSION }}
+          release=${{ github.run_id }}
+        build-args: |
+          RELEASE_VERSION=${{ env.RELEASE_VERSION }}
+          RELEASE_COMMIT=${{ env.RELEASE_COMMIT }}
+          RELEASE_DATE=${{ env.RELEASE_DATE }}
+        cache-from: type=gha, mode=max
+        cache-to: type=gha
   gh-release:
     name: Create GitHub Release
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
       - uses: actions/checkout@v4
       - name: Get release version
@@ -55,6 +92,6 @@ jobs:
           tag_name: operator-${{ env.RELEASE_VERSION }}
           release_name: Operator Release ${{ env.RELEASE_VERSION }}
           body: |
-            **Image:** `humio/humio-operator:${{ env.RELEASE_VERSION }}`
+            **Image:** `${{ github.repository_owner }}/humio-operator:${{ env.RELEASE_VERSION }}`
             **Upgrade notes:** https://library.humio.com/falcon-logscale-self-hosted/installation-kubernetes-operator-upgrade.html#installation-containers-kubernetes-operator-upgrade-notes
           prerelease: true
diff --git a/Dockerfile b/Dockerfile
@@ -20,7 +20,7 @@ COPY controllers/ controllers/
 COPY pkg/ pkg/
 
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -ldflags="-s -w -X 'main.version=$RELEASE_VERSION' -X 'main.commit=$RELEASE_COMMIT' -X 'main.date=$RELEASE_DATE'" -a -o manager main.go
+RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH GO111MODULE=on go build -ldflags="-s -w -X 'main.version=$RELEASE_VERSION' -X 'main.commit=$RELEASE_COMMIT' -X 'main.date=$RELEASE_DATE'" -a -o manager main.go
 
 # Use ubi8 as base image to package the manager binary to comply with Red Hat image certification requirements
 FROM scratch