PCP-1845: Update go, arm support and workflow changes (#24)

spectrocloud · Oct 10, 2023 · 60f254b · 60f254b
1 parent b52280e
commit 60f254b
Show file tree

Hide file tree

Showing 5 changed files with 99 additions and 18 deletions.
diff --git a/.github/workflows/spectro-release.yaml b/.github/workflows/spectro-release.yaml
@@ -7,6 +7,12 @@ on:
         description: 'Cluster API Version to Build'
         required: true
         default: '0.0.0'
+      rel_type:
+        type: choice
+        description: Type of release
+        options:
+          - release
+          - rc
 jobs:
   builder:
     # edge-runner machine group is a bunch of machines in US Datacenter
@@ -15,6 +21,8 @@ jobs:
     # Ensure that the credentials are provided as encrypted secrets
     env:
       SPECTRO_VERSION: ${{ github.event.inputs.release_version }}
+      LEGACY_REGISTRY: gcr.io/spectro-images-public/release/cluster-api-coxedge
+      FIPS_REGISTRY: gcr.io/spectro-images-public/release-fips/cluster-api-coxedge
     steps:
       -
         uses: mukunku/[email protected]
@@ -26,6 +34,11 @@ jobs:
         run: |
           echo "Tag already exists for v${{ github.event.inputs.release_version }}-spectro..."
           exit 1
+      -
+        if: ${{ github.event.inputs.rel_type == 'rc' }}
+        run: |
+          echo "LEGACY_REGISTRY=gcr.io/spectro-dev-public/release/cluster-api-coxedge" >> $GITHUB_ENV
+          echo "FIPS_REGISTRY=gcr.io/spectro-dev-public/release-fips/cluster-api-coxedge" >> $GITHUB_ENV
       -
         uses: actions/checkout@v3
       -
@@ -41,20 +54,22 @@ jobs:
       -
         name: Build Image
         env:
-          REGISTRY: gcr.io/spectro-images-public/release/cluster-api-coxedge
+          REGISTRY: ${{ env.LEGACY_REGISTRY }}
         run: |
-          make docker-build
-          make docker-push
+          make docker-build-all
+          make docker-push-all
       -
         name: Build Image - FIPS Mode
         env:
           FIPS_ENABLE: yes
-          REGISTRY: gcr.io/spectro-images-public/release-fips/cluster-api-coxedge
+          DEV_REGISTRY: ${{ env.FIPS_REGISTRY }}
+          ALL_ARCH: amd64
         run: |
-          make docker-build
-          make docker-push
+          make docker-build-all
+          make docker-push-all
       -
         name: Create Release
+        if: ${{ github.event.inputs.rel_type == 'release' }}
         id: create_release
         uses: actions/create-release@v1
         env:

diff --git a/Dockerfile b/Dockerfile
@@ -1,18 +1,27 @@
 # syntax = docker/dockerfile:1-experimental
 
 # Build the manager binary
-FROM golang:1.19.10-alpine3.18 as builder
+ARG BUILDER_GOLANG_VERSION
+# First stage: build the executable.
+FROM --platform=$TARGETPLATFORM gcr.io/spectro-images-public/golang:${BUILDER_GOLANG_VERSION}-alpine as toolchain
+# Run this with docker build --build_arg $(go env GOPROXY) to override the goproxy
+ARG goproxy=https://proxy.golang.org
+ENV GOPROXY=$goproxy
+
+# FIPS
 ARG CRYPTO_LIB
 ENV GOEXPERIMENT=${CRYPTO_LIB:+boringcrypto}
 
+FROM toolchain as builder
+WORKDIR /workspace
+
 RUN apk update
-RUN apk add git gcc g++ curl
+RUN apk add git gcc g++ curl binutils-gold
 
-WORKDIR /workspace
 # Copy the Go Modules manifests
 COPY go.mod go.mod
 COPY go.sum go.sum
-# cache deps before building and copying source so that we don't need to re-download as much
+# Cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
 RUN go mod download
 
@@ -21,16 +30,21 @@ COPY main.go main.go
 COPY api/ api/
 COPY controllers/ controllers/
 COPY pkg/ pkg/
+# Copy the sources
+COPY ./ ./
 
 # Build
-
-RUN --mount=type=cache,target=/root/.cache/go-build \
-    if [ ${CRYPTO_LIB} ]; \
+ARG ARCH
+ARG ldflags
+RUN if [ ${CRYPTO_LIB} ]; \
     then \
-      CGO_ENABLED=1 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -ldflags "-linkmode=external -extldflags=-static" -o manager main.go ;\
+      GOARCH=${ARCH} go-build-fips.sh -a -o manager main.go ;\
     else \
-      CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o manager main.go ;\
+      GOARCH=${ARCH} go-build-static.sh -a -o manager main.go ;\
     fi
+RUN if [ "${CRYPTO_LIB}" ]; then assert-static.sh manager; fi
+RUN if [ "${CRYPTO_LIB}" ]; then assert-fips.sh manager; fi
+RUN scan-govulncheck.sh manager
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details

diff --git a/Makefile b/Makefile
@@ -1,6 +1,12 @@
 # Image URL to use all building/pushing image targets
 FIPS_ENABLE ?= ""
 
+BUILDER_GOLANG_VERSION ?= 1.21
+BUILD_ARGS = --build-arg CRYPTO_LIB=${FIPS_ENABLE} --build-arg BUILDER_GOLANG_VERSION=${BUILDER_GOLANG_VERSION}
+
+ARCH ?= amd64
+ALL_ARCH = amd64 arm64
+
 RELEASE_LOC := release
 ifeq ($(FIPS_ENABLE),yes)
   RELEASE_LOC := release-fips
@@ -11,6 +17,7 @@ SPECTRO_VERSION ?= 4.0.0-dev
 IMG_TAG ?= v0.5.5-spectro-${SPECTRO_VERSION}
 IMAGE_NAME ?= cluster-api-cox-controller:${IMG_TAG}
 IMG ?= $(REGISTRY)/$(IMAGE_NAME)
+IMAGE ?= gcr.io/spectro-dev-public/${RELEASE_LOC}/cluster-api-coxedge/cluster-api-cox-controller
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
 CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false"
 
@@ -125,11 +132,31 @@ run: manifests generate ## Run a controller from your host.
 
 ##@ Docker
 
+docker-build-%: ## Build docker images for a given ARCH
+	$(MAKE) ARCH=$* docker-build
+
+.PHONY: docker-build-all ## Build all the architecture docker images
+docker-build-all: $(addprefix docker-build-,$(ALL_ARCH))
+
 docker-build:  ## Build docker image with the manager.
-	DOCKER_BUILDKIT=1 docker build --build-arg CRYPTO_LIB=${FIPS_ENABLE} -t ${IMG} .
+	DOCKER_BUILDKIT=1 docker buildx build --load --platform linux/${ARCH} ${BUILD_ARGS} --build-arg ARCH=$(ARCH) -t $(IMAGE)-$(ARCH):$(IMG_TAG) .
+
+docker-push-%: ## Docker push
+	$(MAKE) ARCH=$* docker-push
+
+.PHONY: docker-push-all ## Push all the architecture docker images
+docker-push-all: $(addprefix docker-push-,$(ALL_ARCH))
+	$(MAKE) docker-push-manifest
 
 docker-push: ## Push docker image with the manager.
-	docker push ${IMG}
+	docker push $(IMAGE)-$(ARCH):$(IMG_TAG)
+
+.PHONY: docker-push-manifest
+docker-push-manifest: ## Push the fat manifest docker image.
+	## Minimum docker version 18.06.0 is required for creating and pushing manifest images.
+	docker manifest create --amend ${IMG} $(shell echo $(ALL_ARCH) | sed -e "s~[^ ]*~$(IMAGE)\-&:$(IMG_TAG)~g")
+	@for arch in $(ALL_ARCH); do docker manifest annotate --arch $${arch} ${IMAGE}:${IMG_TAG} ${IMAGE}-$${arch}:${IMG_TAG}; done
+	docker manifest push --purge ${IMAGE}:${IMG_TAG}
 
 .PHONY: docker-clean
 docker-clean:

diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/coxedge/cluster-api-provider-cox
 
-go 1.19
+go 1.21
 
 require (
 	github.com/erwinvaneyk/cobras v0.0.0-20200914200705-1d2dfabe2493