From c2605e52fc65e6340feccafbc7a208f7fb267d62 Mon Sep 17 00:00:00 2001
From: Natalie Arellano <narellano@vmware.com>
Date: Thu, 12 Oct 2023 10:01:06 -0400
Subject: [PATCH] Ensure the run image os/arch always matches the builder
 os/arch

Signed-off-by: Natalie Arellano <narellano@vmware.com>
---
 pkg/client/build.go      | 36 ++++++++++++++++++++++--------------
 pkg/client/build_test.go |  9 +++++----
 2 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/pkg/client/build.go b/pkg/client/build.go
index c7c35465ec..c94e862dfd 100644
--- a/pkg/client/build.go
+++ b/pkg/client/build.go
@@ -318,6 +318,16 @@ func (c *Client) Build(ctx context.Context, opts BuildOptions) error {
 		return errors.Wrapf(err, "failed to fetch builder image '%s'", builderRef.Name())
 	}
 
+	builderOS, err := rawBuilderImage.OS()
+	if err != nil {
+		return errors.Wrapf(err, "getting builder OS")
+	}
+
+	builderArch, err := rawBuilderImage.Architecture()
+	if err != nil {
+		return errors.Wrapf(err, "getting builder architecture")
+	}
+
 	bldr, err := c.getBuilder(rawBuilderImage)
 	if err != nil {
 		return errors.Wrapf(err, "invalid builder %s", style.Symbol(opts.Builder))
@@ -325,7 +335,11 @@ func (c *Client) Build(ctx context.Context, opts BuildOptions) error {
 
 	runImageName := c.resolveRunImage(opts.RunImage, imgRegistry, builderRef.Context().RegistryStr(), bldr.DefaultRunImage(), opts.AdditionalMirrors, opts.Publish)
 
-	fetchOptions := image.FetchOptions{Daemon: !opts.Publish, PullPolicy: opts.PullPolicy}
+	fetchOptions := image.FetchOptions{
+		Daemon:     !opts.Publish,
+		PullPolicy: opts.PullPolicy,
+		Platform:   fmt.Sprintf("%s/%s", builderOS, builderArch),
+	}
 	if opts.Layout() {
 		targetRunImagePath, err := layout.ParseRefToPath(runImageName)
 		if err != nil {
@@ -361,11 +375,6 @@ func (c *Client) Build(ctx context.Context, opts BuildOptions) error {
 		return err
 	}
 
-	imgOS, err := rawBuilderImage.OS()
-	if err != nil {
-		return errors.Wrapf(err, "getting builder OS")
-	}
-
 	// Default mode: if the TrustBuilder option is not set, trust the suggested builders.
 	if opts.TrustBuilder == nil {
 		opts.TrustBuilder = IsSuggestedBuilderFunc
@@ -396,15 +405,14 @@ func (c *Client) Build(ctx context.Context, opts BuildOptions) error {
 				lifecycleImageName = fmt.Sprintf("%s:%s", internalConfig.DefaultLifecycleImageRepo, lifecycleVersion.String())
 			}
 
-			imgArch, err := rawBuilderImage.Architecture()
-			if err != nil {
-				return errors.Wrapf(err, "getting builder architecture")
-			}
-
 			lifecycleImage, err := c.imageFetcher.Fetch(
 				ctx,
 				lifecycleImageName,
-				image.FetchOptions{Daemon: true, PullPolicy: opts.PullPolicy, Platform: fmt.Sprintf("%s/%s", imgOS, imgArch)},
+				image.FetchOptions{
+					Daemon:     true,
+					PullPolicy: opts.PullPolicy,
+					Platform:   fmt.Sprintf("%s/%s", builderOS, builderArch),
+				},
 			)
 			if err != nil {
 				return fmt.Errorf("fetching lifecycle image: %w", err)
@@ -455,7 +463,7 @@ func (c *Client) Build(ctx context.Context, opts BuildOptions) error {
 		if !c.experimental {
 			return fmt.Errorf("experimental features must be enabled when builder contains image extensions")
 		}
-		if imgOS == "windows" {
+		if builderOS == "windows" {
 			return fmt.Errorf("builder contains image extensions which are not supported for Windows builds")
 		}
 		if !(opts.PullPolicy == image.PullAlways) {
@@ -467,7 +475,7 @@ func (c *Client) Build(ctx context.Context, opts BuildOptions) error {
 		opts.ContainerConfig.Volumes = appendLayoutVolumes(opts.ContainerConfig.Volumes, pathsConfig)
 	}
 
-	processedVolumes, warnings, err := processVolumes(imgOS, opts.ContainerConfig.Volumes)
+	processedVolumes, warnings, err := processVolumes(builderOS, opts.ContainerConfig.Volumes)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/client/build_test.go b/pkg/client/build_test.go
index 06b215104b..2f43619c53 100644
--- a/pkg/client/build_test.go
+++ b/pkg/client/build_test.go
@@ -2085,11 +2085,12 @@ api = "0.2"
 					}))
 					h.AssertEq(t, fakeLifecycle.Opts.Publish, true)
 
-					args := fakeImageFetcher.FetchCalls["default/run"]
-					h.AssertEq(t, args.Daemon, false)
-
-					args = fakeImageFetcher.FetchCalls[defaultBuilderName]
+					args := fakeImageFetcher.FetchCalls[defaultBuilderName]
 					h.AssertEq(t, args.Daemon, true)
+
+					args = fakeImageFetcher.FetchCalls["default/run"]
+					h.AssertEq(t, args.Daemon, false)
+					h.AssertEq(t, args.Platform, "linux/amd64")
 				})
 
 				when("builder is untrusted", func() {