Merge pull request #530 from ComplianceAsCode/multi-arch

Support Building multi-arch container imagers
ComplianceAsCode · Jun 7, 2024 · e067faa · e067faa
2 parents 71cd27f + 88f30fc
commit e067faa
Show file tree

Hide file tree

Showing 3 changed files with 104 additions and 135 deletions.
diff --git a/.github/workflows/release-latest.yml b/.github/workflows/release-latest.yml
@@ -7,6 +7,12 @@ on:
 jobs:
   # Push to latest
   operator-container-push-latest:
+    strategy:
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/ppc64le
+          - linux/s390x
     permissions:
       contents: read
       id-token: write
@@ -18,8 +24,15 @@ jobs:
       tag: latest
       dockerfile_path: build/Dockerfile
       vendor: 'Compliance Operator Authors'
-
+      platforms: ${{ matrix.platform }}
+
   bundle-container-push-latest:
+    strategy:
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/ppc64le
+          - linux/s390x
     permissions:
       contents: read
       id-token: write
@@ -31,8 +44,15 @@ jobs:
       tag: latest
       dockerfile_path: bundle.Dockerfile
       vendor: 'Compliance Operator Authors'
-
+      platforms: ${{ matrix.platform }}
+
   openscap-container-push-latest:
+    strategy:
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/ppc64le
+          - linux/s390x
     permissions:
       contents: read
       id-token: write
@@ -44,72 +64,26 @@ jobs:
       tag: latest
       dockerfile_path: images/openscap/Dockerfile
       vendor: 'Compliance Operator Authors'
+      platforms: ${{ matrix.platform }}
 
-  catalog-container-push-latest:
-    runs-on: ubuntu-latest
-    needs: bundle-container-push-latest
-    if: always() # remove this after we fix signing
-
+  catalog-container-push-pr:
+    strategy:
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/ppc64le
+          - linux/s390x
     permissions:
-      packages: write
       contents: read
-
-    outputs:
-      image-digest: ${{ steps.container_info.outputs.image-digest }}
-      image-tags: ${{ steps.container_info.outputs.image-tags }}
-
-    steps:
-      - name: Checkout
-        uses: actions/[email protected]
-
-      - name: Login to ghcr.io
-        uses: docker/[email protected]
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Docker metadata
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: ghcr.io/complianceascode/compliance-operator-catalog
-          tags: |
-            type=raw,value=latest
-            type=sha,format=long
-            type=raw,value=latest,enable=true
-          labels: |
-            org.opencontainers.image.source=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}
-            org.opencontainers.image.title=compliance-operator-catalog
-            org.opencontainers.image.version=latest
-            org.opencontainers.image.licenses='Apache-2.0'
-            org.opencontainers.image.vendor='Compliance Operator Authors'
-        
-      - name: Generate catalog dockerfile
-        id: generate_catalog_dockerfile
-        run: |
-          make catalog-docker BUNDLE_IMGS=ghcr.io/complianceascode/compliance-operator-bundle:latest
-
-      - name: Build container images and push
-        id: docker_build
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: catalog.Dockerfile
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          push: true
-          platforms: 'linux/amd64'
-
-      - name: Get container info
-        id: container_info
-        run: |
-          image_tags="latest,sha-$(git rev-parse HEAD)"
-          echo "::set-output name=image-digest::${{ steps.docker_build.outputs.digest }}"
-          echo "::set-output name=image-tags::${image_tags}"
+      id-token: write
+      packages: write
+    uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
+    with:
+      name: compliance-operator-catalog
+      registry_org: complianceascode
+      tag: latest
+      dockerfile_path: catalog.Dockerfile
+      vendor: 'Compliance Operator Authors'
+      prepare_command: |
+        make catalog-docker BUNDLE_IMGS=ghcr.io/complianceascode/compliance-operator-bundle:latest
+      platforms: ${{ matrix.platform }}
diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml
@@ -41,6 +41,12 @@ jobs:
           echo "pr_number=$(cat pr_number)" >> "$GITHUB_OUTPUT"
 
   operator-container-push-pr:
+    strategy:
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/ppc64le
+          - linux/s390x
     needs: get-pr-number
     permissions:
       contents: read
@@ -54,8 +60,15 @@ jobs:
       dockerfile_path: build/Dockerfile
       vendor: 'Compliance Operator Authors'
       checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head
+      platforms: ${{ matrix.platform }}
 
   bundle-container-push-pr:
+    strategy:
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/ppc64le
+          - linux/s390x
     needs: get-pr-number
     permissions:
       contents: read
@@ -69,8 +82,15 @@ jobs:
       dockerfile_path: bundle.Dockerfile
       vendor: 'Compliance Operator Authors'
       checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head
+      platforms: ${{ matrix.platform }}
 
   openscap-container-push-pr:
+    strategy:
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/ppc64le
+          - linux/s390x
     needs: get-pr-number
     permissions:
       contents: read
@@ -84,8 +104,15 @@ jobs:
       dockerfile_path: images/openscap/Dockerfile
       vendor: 'Compliance Operator Authors'
       checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head
+      platforms: ${{ matrix.platform }}
 
   catalog-container-push-pr:
+    strategy:
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/ppc64le
+          - linux/s390x
     needs:
     - get-pr-number
     - bundle-container-push-pr
@@ -102,7 +129,8 @@ jobs:
       vendor: 'Compliance Operator Authors'
       checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head
       prepare_command: |
-        make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:${{ needs.get-pr-number.outputs.pr-number }}
+        make catalog-docker BUNDLE_IMGS=ghcr.io/complianceascode/compliance-operator-bundle:${{ needs.get-pr-number.outputs.pr-number }}
+      platforms: ${{ matrix.platform }}
 
   comment-pr:
     needs: 

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -7,6 +7,12 @@ on:
 
 jobs:
   container-main:
+    strategy:
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/ppc64le
+          - linux/s390x
     permissions:
       contents: read
       id-token: write
@@ -18,8 +24,15 @@ jobs:
       tag: ${GITHUB_REF_NAME}
       dockerfile_path: build/Dockerfile
       vendor: 'Compliance Operator Authors'
+      platforms: ${{ matrix.platform }}
 
   bundle-container:
+    strategy:
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/ppc64le
+          - linux/s390x
     permissions:
       contents: read
       id-token: write
@@ -31,72 +44,26 @@ jobs:
       tag: ${GITHUB_REF_NAME}
       dockerfile_path: bundle.Dockerfile
       vendor: 'Compliance Operator Authors'
+      platforms: ${{ matrix.platform }}
 
-  catalog-container:
-    runs-on: ubuntu-latest
-    needs: bundle-container
-    if: always() # remove this after we fix signing
-
+  catalog-container-push-pr:
+    strategy:
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/ppc64le
+          - linux/s390x
     permissions:
-      packages: write
       contents: read
-
-    outputs:
-      image-digest: ${{ steps.container_info.outputs.image-digest }}
-      image-tags: ${{ steps.container_info.outputs.image-tags }}
-
-    steps:
-      - name: Checkout
-        uses: actions/[email protected]
-
-      - name: Login to ghcr.io
-        uses: docker/[email protected]
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Docker metadata
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: ghcr.io/complianceascode/compliance-operator-catalog
-          tags: |
-            type=raw,value=${GITHUB_REF_NAME}
-            type=sha,format=long
-            type=raw,value=${GITHUB_REF_NAME},enable=true
-          labels: |
-            org.opencontainers.image.source=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}
-            org.opencontainers.image.title=compliance-operator-catalog
-            org.opencontainers.image.version=${GITHUB_REF_NAME}
-            org.opencontainers.image.licenses='Apache-2.0'
-            org.opencontainers.image.vendor='Compliance Operator Authors'
-        
-      - name: Generate catalog dockerfile
-        id: generate_catalog_dockerfile
-        run: |
-          make catalog-docker BUNDLE_IMGS=ghcr.io/complianceascode/compliance-operator-bundle:${GITHUB_REF_NAME}
-
-      - name: Build container images and push
-        id: docker_build
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: catalog.Dockerfile
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          push: true
-          platforms: 'linux/amd64'
-
-      - name: Get container info
-        id: container_info
-        run: |
-          image_tags="${GITHUB_REF_NAME},sha-$(git rev-parse HEAD)"
-          echo "::set-output name=image-digest::${{ steps.docker_build.outputs.digest }}"
-          echo "::set-output name=image-tags::${image_tags}"
+      id-token: write
+      packages: write
+    uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
+    with:
+      name: compliance-operator-catalog
+      registry_org: complianceascode
+      tag: ${GITHUB_REF_NAME}
+      dockerfile_path: catalog.Dockerfile
+      vendor: 'Compliance Operator Authors'
+      prepare_command: |
+        make catalog-docker BUNDLE_IMGS=ghcr.io/complianceascode/compliance-operator-bundle:${GITHUB_REF_NAME}
+      platforms: ${{ matrix.platform }}