NETOBSERV-847 Operator multi-arch builds (upstream)

.github/workflows/push_image.yml

@@ -5,9 +5,10 @@ on:
 
 env:
   REGISTRY_USER: netobserv+github_ci
-  REGISTRY_PASSWORD: ${{ secrets.QUAY_SECRET }}
   REGISTRY: quay.io/netobserv
   IMAGE: network-observability-operator
+  ORG: netobserv
+  VERSION: main
 
 jobs:
   push-image:
@@ -25,42 +26,39 @@ jobs:
           go-version: ${{ matrix.go }}
       - name: checkout
         uses: actions/checkout@v3
-      - name: build images
-        run: IMG=${{ env.REGISTRY }}/${{ env.IMAGE }}:main make ci-images-build
-      - name: podman login to quay.io
-        uses: redhat-actions/podman-login@v1
+      - name: docker login to quay.io
+        uses: docker/login-action@v2
         with:
           username: ${{ env.REGISTRY_USER }}
-          password: ${{ env.REGISTRY_PASSWORD }}
+          password: ${{ secrets.QUAY_SECRET }}
           registry: quay.io
       - name: get short sha
         run: echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
-      - name: push to quay.io
-        id: push-to-quay
-        uses: redhat-actions/push-to-registry@v2
-        with:
-          image: ${{ env.IMAGE }}
-          tags: main ${{ env.short_sha }}
-          registry: ${{ env.REGISTRY }}
+      - name: build images
+        run: IMAGE_ORG=${{ env.ORG }} IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.VERSION }} make image-build
+      - name: push images
+        run: IMAGE_ORG=${{ env.ORG }} IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.VERSION }} make image-push
+      - name: build and push manifest
+        run: IMAGE_ORG=${{ env.ORG }} VERSION=${{ env.VERSION }} make ci-manifest
       - name: print image url
         run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
       - name: build bundle
-        run: VERSION=main PLG_VERSION=main FLP_VERSION=main BPF_VERSION=main BUNDLE_VERSION=0.0.0-main make bundle bundle-build
+        run: IMAGE_ORG=${{ env.ORG }} VERSION=${{ env.VERSION }} PLG_VERSION=${{ env.VERSION }} FLP_VERSION=${{ env.VERSION }} BPF_VERSION=${{ env.VERSION }} BUNDLE_VERSION=0.0.0-${{ env.VERSION }} make bundle bundle-build
       - name: push bundle to quay.io
         id: push-bundle
         uses: redhat-actions/push-to-registry@v2
         with:
           image: ${{ env.IMAGE }}-bundle
-          tags: v0.0.0-main
+          tags: v0.0.0-${{ env.VERSION }}
           registry: ${{ env.REGISTRY }}
       - name: build catalog
-        run: BUNDLE_VERSION=0.0.0-main make catalog-build
+        run: IMAGE_ORG=${{ env.ORG }} BUNDLE_VERSION=0.0.0-${{ env.VERSION }} make catalog-build
       - name: push catalog to quay.io
         id: push-catalog
         uses: redhat-actions/push-to-registry@v2
         with:
           image: ${{ env.IMAGE }}-catalog
-          tags: v0.0.0-main
+          tags: v0.0.0-${{ env.VERSION }}
           registry: ${{ env.REGISTRY }}
       - name: print images reference
         run: |

.github/workflows/push_image_pr.yml

@@ -7,6 +7,8 @@ env:
   REGISTRY_USER: netobserv+github_ci
   REGISTRY: quay.io/netobserv
   IMAGE: network-observability-operator
+  ORG: netobserv
+  VERSION: temp
 
 jobs:
   push-pr-image:
@@ -27,25 +29,22 @@ jobs:
         uses: actions/checkout@v3
         with:
           ref: "refs/pull/${{ github.event.number }}/merge"
-      - name: build images
-        run: IMG=${{ env.REGISTRY }}/${{ env.IMAGE }}:temp make ci-images-build
-      - name: podman login to quay.io
-        uses: redhat-actions/podman-login@v1
+      - name: docker login to quay.io
+        uses: docker/login-action@v2
         with:
           username: ${{ env.REGISTRY_USER }}
           password: ${{ secrets.QUAY_SECRET }}
           registry: quay.io
       - name: get short sha
         run: echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
-      - name: push to quay.io
-        id: push-to-quay
-        uses: redhat-actions/push-to-registry@v2
-        with:
-          image: ${{ env.IMAGE }}
-          tags: ${{ env.short_sha }}
-          registry: ${{ env.REGISTRY }}
+      - name: build images
+        run: IMAGE_ORG=${{ env.ORG }} IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.short_sha }} make image-build
+      - name: push images
+        run: IMAGE_ORG=${{ env.ORG }} IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.short_sha }} make image-push
+      - name: build and push manifest
+        run: IMAGE_ORG=${{ env.ORG }} VERSION=${{ env.VERSION }} make ci-manifest
       - name: build bundle
-        run: VERSION=${{ env.short_sha }} PLG_VERSION=main FLP_VERSION=main BPF_VERSION=main BUNDLE_VERSION=0.0.0-${{ env.short_sha }} make bundle shortlived-bundle-build
+        run: IMAGE_ORG=${{ env.ORG }} VERSION=${{ env.short_sha }} PLG_VERSION=main FLP_VERSION=main BPF_VERSION=main BUNDLE_VERSION=0.0.0-${{ env.short_sha }} make bundle shortlived-bundle-build
       - name: push bundle to quay.io
         id: push-bundle
         uses: redhat-actions/push-to-registry@v2
@@ -54,7 +53,7 @@ jobs:
           tags: v0.0.0-${{ env.short_sha }}
           registry: ${{ env.REGISTRY }}
       - name: build catalog
-        run: BUNDLE_VERSION=0.0.0-${{ env.short_sha }} make shortlived-catalog-build
+        run: IMAGE_ORG=${{ env.ORG }} BUNDLE_VERSION=0.0.0-${{ env.short_sha }} make shortlived-catalog-build
       - name: push catalog to quay.io
         id: push-catalog
         uses: redhat-actions/push-to-registry@v2

.github/workflows/release.yml

@@ -19,6 +19,12 @@ jobs:
     steps:
       - name: checkout
         uses: actions/checkout@v3
+      - name: docker login to quay.io
+        uses: docker/login-action@v2
+        with:
+          username: ${{ env.REGISTRY_USER }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+          registry: quay.io
       - name: validate tag
         run: |
           tag=`git describe --exact-match --tags 2> /dev/null`
@@ -37,20 +43,13 @@ jobs:
         with:
           go-version: ${{ matrix.go }}
       - name: build operator
-        run: IMG=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.tag }} make image-build
-      - name: podman login to quay.io
-        uses: redhat-actions/podman-login@v1
-        with:
-          username: ${{ env.REGISTRY_USER }}
-          password: ${{ env.REGISTRY_PASSWORD }}
-          registry: quay.io
-      - name: push operator to quay.io
-        id: push-operator
-        uses: redhat-actions/push-to-registry@v2
-        with:
-          image: ${{ env.IMAGE }}
-          tags: ${{ env.tag }}
-          registry: ${{ env.REGISTRY }}
+        run: IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.tag }} make image-build
+      - name: push operator
+        run: IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.tag }} make image-push
+      - name: build manifest
+        run: IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.tag }} make manifest-build
+      - name: push manifest
+        run: IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.tag }} make manifest-push
       - name: build bundle
         run: BUNDLE_VERSION=${{ env.tag }} IMAGE_TAG_BASE=${{ env.REGISTRY }}/${{ env.IMAGE }} make bundle-build
       - name: push bundle to quay.io

.mk/local.mk

@@ -54,7 +54,7 @@ local-deploy-operator:
 
 .PHONY: deploy-kind
 deploy-kind: generate kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
-	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMAGE}
 	$(SED) -i -r 's~ebpf-agent:.+~ebpf-agent:main~' ./config/manager/manager.yaml
 	$(SED) -i -r 's~flowlogs-pipeline:.+~flowlogs-pipeline:main~' ./config/manager/manager.yaml
 	$(SED) -i -r 's~console-plugin:.+~console-plugin:main~' ./config/manager/manager.yaml

.mk/shortcuts.mk

@@ -0,0 +1,45 @@
+##@ shortcuts helpers
+.PHONY: build-image
+build-image: image-build ## Build MULTIARCH_TARGETS images
+
+.PHONY: push-image
+push-image: image-push ## Push MULTIARCH_TARGETS images
+
+.PHONY: build-manifest
+build-manifest: manifest-build ## Build MULTIARCH_TARGETS manifest
+
+.PHONY: push-manifest
+push-manifest: manifest-push ## Push MULTIARCH_TARGETS manifest
+
+.PHONY: images
+images: image-build image-push manifest-build manifest-push ## Build and push MULTIARCH_TARGETS images and related manifest
+
+.PHONY: build-ci-manifest
+build-ci-manifest: ci-manifest-build ## Build CI manifest
+
+.PHONY: push-ci-manifest
+push-ci-manifest: ci-manifest-push ## Push CI manifest
+
+.PHONY: ci-manifest
+ci-manifest: ci-manifest-build ci-manifest-push ## Build and push CI manifest
+
+.PHONY: ci
+ci: images ci-manifest ## Build and push CI images and manifest
+
+.PHONY: build-catalog
+build-catalog: catalog-build ## Build a catalog image
+
+.PHONY: push-catalog
+push-catalog: catalog-push ## Push a catalog image
+
+.PHONY: catalog
+catalog: catalog-build catalog-push ## Build and push a catalog image
+
+.PHONY: build-bundle
+build-bundle: bundle-build ## Build the bundle image
+
+.PHONY: push-bundle
+push-bundle: bundle-push ## Push the bundle image
+
+.PHONY: bundle-all
+bundle-all: bundle bundle-build bundle-push ## Build and push the bundle image

DEVELOPMENT.md

@@ -10,10 +10,10 @@ make build test
 
 ## Build and deploy a Docker image
 
-A way to test code changes is to build a Docker image from local sources, push it to your own Docker repository, and deploy it to an existing cluster. Do the following, but replace IMG value with your own registry and account:
+A way to test code changes is to build a Docker image from local sources, push it to your own Docker repository, and deploy it to an existing cluster. Do the following, but replace IMAGE value with your own registry and account:
 
 ```bash
-IMG="quay.io/youraccount/network-observability-operator:test" make image-build image-push deploy
+IMAGE="quay.io/youraccount/network-observability-operator:test" make image-build image-push deploy
 ```
 
 After the operator is deployed, set up Loki, which is used to store flows, install a `FlowCollector` custom resource to collect network flows, and optionally install Grafana to provide a user interface and dashboards.
@@ -55,7 +55,7 @@ It is recommended to switch to the corresponding release Git tag before deployin
 
 When `VERSION` is not provided, it defaults to the latest build on `main` branch.
 
-You can also provide any custom `IMG` to `make deploy`.
+You can also provide any custom `IMAGE` to `make deploy`.
 
 ## Before commiting, make sure bundle is correct
 
@@ -106,18 +106,18 @@ bundle for local testing, you should execute the following commands:
 
 ```bash
 export USER=<container-registry-username>
-export IMG=quay.io/$USER/network-observability-operator:v0.0.1
-export BUNDLE_IMG=quay.io/$USER/network-observability-operator-bundle:v0.0.1
+export IMAGE=quay.io/$USER/network-observability-operator:v0.0.1
+export BUNDLE_IMAGE=quay.io/$USER/network-observability-operator-bundle:v0.0.1
 make image-build image-push
-make bundle bundle-build bundle-push
+make bundle-push
 ```
 
 Optionally, you might validate the bundle:
 
 ```bash
-bin/operator-sdk bundle validate $BUNDLE_IMG
+bin/operator-sdk bundle validate $BUNDLE_IMAGE
 # or for podman
-bin/operator-sdk bundle validate -b podman $BUNDLE_IMG
+bin/operator-sdk bundle validate -b podman $BUNDLE_IMAGE
 ```
 
 > Note: the base64 logo can be generated with: `base64 -w 0 <image file>`, then manually pasted in the [CSV manifest file](./config/manifests/bases/netobserv-operator.clusterserviceversion.yaml) under `spec.icon`.
@@ -127,7 +127,7 @@ bin/operator-sdk bundle validate -b podman $BUNDLE_IMG
 This mode is recommended to quickly test the operator during its development:
 
 ```bash
-bin/operator-sdk run bundle $BUNDLE_IMG
+bin/operator-sdk run bundle $BUNDLE_IMAGE
 ```
 
 To cleanup:
@@ -144,7 +144,7 @@ operators' catalog and installing/configuring it manually through the UI.
 First, create and push a catalog image:
 
 ```bash
-export CATALOG_IMG=quay.io/$USER/network-observability-operator-catalog:v$VERSION
+export CATALOG_IMAGE=quay.io/$USER/network-observability-operator-catalog:v$VERSION
 make catalog-build catalog-push catalog-deploy
 ```
 

Dockerfile

@@ -1,7 +1,12 @@
+# We do not use --platform feature to auto fill this ARG because of incompatibility between podman and docker
+ARG TARGETPLATFORM=linux/amd64
+ARG BUILDPLATFORM=linux/amd64
 # Build the manager binary
-FROM docker.io/library/golang:1.19 as builder
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.19 as builder
 ARG BUILD_VERSION="unknown"
 
+ARG TARGETPLATFORM
+ARG TARGETARCH=amd64
 WORKDIR /opt/app-root
 
 # Copy the go manifests and source
@@ -14,10 +19,10 @@ COPY controllers/ controllers/
 COPY pkg/ pkg/
 
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -ldflags "-X 'main.buildVersion=$BUILD_VERSION' -X 'main.buildDate=`date +%Y-%m-%d\ %H:%M`'" -mod vendor -a -o manager main.go
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH GO111MODULE=on go build -ldflags "-X 'main.buildVersion=$BUILD_VERSION' -X 'main.buildDate=`date +%Y-%m-%d\ %H:%M`'" -mod vendor -a -o manager main.go
 
 # Create final image from minimal + built binary
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.1
+FROM --platform=$TARGETPLATFORM registry.access.redhat.com/ubi9/ubi-minimal:9.1
 WORKDIR /
 COPY --from=builder /opt/app-root/manager .
 USER 65532:65532