From 840c5bef9374d077dc6f613f3020256f57903b1b Mon Sep 17 00:00:00 2001 From: Serge Logvinov Date: Mon, 9 Oct 2023 16:20:27 +0300 Subject: [PATCH] K8SPSMDB-948: Multi arch build An easy way to build PSMDB for different architectures. Signed-off-by: Serge Logvinov --- .github/workflows/reviewdog.yml | 2 +- .github/workflows/scan.yml | 40 ++++++++++++++++++++++++++++++--- .github/workflows/test.yml | 2 +- Jenkinsfile | 5 +++-- build/Dockerfile | 5 ++--- e2e-tests/build | 15 ++++++++----- 6 files changed, 53 insertions(+), 16 deletions(-) diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml index 18eb497fc1..dc27cef986 100644 --- a/.github/workflows/reviewdog.yml +++ b/.github/workflows/reviewdog.yml @@ -30,7 +30,7 @@ jobs: - uses: actions/checkout@v4.1.1 - uses: actions/setup-go@v5 with: - go-version: '^1.17' + go-version: '^1.21' - run: go install mvdan.cc/sh/v3/cmd/shfmt@latest - run: $(go env GOPATH)/bin/shfmt -f . | grep -v 'vendor' | xargs $(go env GOPATH)/bin/shfmt -bn -ci -s -w - name: suggester / shfmt diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 48af1f89a4..501cf6a6c4 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -1,5 +1,13 @@ name: Scan docker on: [pull_request] + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: docker.io + + # github.repository as / + IMAGE_NAME: perconalab/percona-server-mongodb-operator + jobs: build: name: Build @@ -7,16 +15,42 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4.1.1 - - name: Build an image from Dockerfile + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build an image from Dockerfile (linux/arm64) run: | - export IMAGE=perconalab/percona-server-mongodb-operator:${{ github.sha }} + export IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-arm64 export DOCKER_PUSH=0 export DOCKER_SQUASH=0 + export DOCKER_DEFAULT_PLATFORM='linux/arm64' ./e2e-tests/build - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.16.1 with: - image-ref: 'docker.io/perconalab/percona-server-mongodb-operator:${{ github.sha }}' + image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-arm64' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + + - name: Build an image from Dockerfile (linux/amd64) + run: | + export IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64 + export DOCKER_PUSH=0 + export DOCKER_SQUASH=0 + export DOCKER_DEFAULT_PLATFORM='linux/amd64' + ./e2e-tests/build + + - name: Run Trivy vulnerability scanner image (linux/amd64) + uses: aquasecurity/trivy-action@0.14.0 + with: + image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64' format: 'table' exit-code: '1' ignore-unfixed: true diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 66e4317c2f..efbb25d753 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,7 +7,7 @@ jobs: steps: - uses: actions/setup-go@v5 with: - go-version: '^1.19' + go-version: '^1.21' - uses: actions/checkout@v4.1.1 - name: go test run: go test -v ./... diff --git a/Jenkinsfile b/Jenkinsfile index cabc82ad2f..c59088ba7e 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -323,6 +323,7 @@ EOF docker login -u '${USER}' -p '${PASS}' export RELEASE=0 export IMAGE=\$DOCKER_TAG + docker buildx create --use ./e2e-tests/build docker logout " @@ -349,7 +350,7 @@ EOF -v $WORKSPACE/src/github.com/percona/percona-server-mongodb-operator:/go/src/github.com/percona/percona-server-mongodb-operator \ -w /go/src/github.com/percona/percona-server-mongodb-operator \ -e GOFLAGS='-buildvcs=false' \ - golang:1.19 sh -c ' + golang:1.21 sh -c ' go install github.com/google/go-licenses@v1.0.0; /go/bin/go-licenses csv github.com/percona/percona-server-mongodb-operator/cmd/manager \ | cut -d , -f 3 \ @@ -377,7 +378,7 @@ EOF -v $WORKSPACE/src/github.com/percona/percona-server-mongodb-operator:/go/src/github.com/percona/percona-server-mongodb-operator \ -w /go/src/github.com/percona/percona-server-mongodb-operator \ -e GOFLAGS='-buildvcs=false' \ - golang:1.19 sh -c 'go build -v -o percona-server-mongodb-operator github.com/percona/percona-server-mongodb-operator/cmd/manager' + golang:1.21 sh -c 'go build -v -o percona-server-mongodb-operator github.com/percona/percona-server-mongodb-operator/cmd/manager' " ''' diff --git a/build/Dockerfile b/build/Dockerfile index 2bcac6e8ed..4961601e52 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -7,17 +7,16 @@ ARG GIT_COMMIT ARG GIT_BRANCH ARG GO_LDFLAGS ARG GOOS=linux -ARG GOARCH=amd64 ARG CGO_ENABLED=0 RUN go mod download \ && mkdir -p build/_output/bin \ - && GOOS=$GOOS GOARCH=$GOARCH CGO_ENABLED=$CGO_ENABLED GO_LDFLAGS=$GO_LDFLAGS \ + && GOOS=$GOOS CGO_ENABLED=$CGO_ENABLED GO_LDFLAGS=$GO_LDFLAGS \ go build -ldflags "-w -s -X main.GitCommit=$GIT_COMMIT -X main.GitBranch=$GIT_BRANCH" \ -o build/_output/bin/percona-server-mongodb-operator \ cmd/manager/main.go \ && cp -r build/_output/bin/percona-server-mongodb-operator /usr/local/bin/percona-server-mongodb-operator \ - && GOOS=$GOOS GOARCH=$GOARCH CGO_ENABLED=$CGO_ENABLED GO_LDFLAGS=$GO_LDFLAGS \ + && GOOS=$GOOS CGO_ENABLED=$CGO_ENABLED GO_LDFLAGS=$GO_LDFLAGS \ go build -ldflags "-w -s -X main.GitCommit=$GIT_COMMIT -X main.GitBranch=$GIT_BRANCH" \ -o build/_output/bin/mongodb-healthcheck \ cmd/mongodb-healthcheck/main.go \ diff --git a/e2e-tests/build b/e2e-tests/build index 06acdb1d85..4414ab36f8 100755 --- a/e2e-tests/build +++ b/e2e-tests/build @@ -14,6 +14,11 @@ fi if [[ ${DOCKER_SQUASH:-1} == 1 ]]; then squash="--squash" fi +if [[ ${DOCKER_PUSH:-1} == 1 ]]; then + imgresult="--push=true" +else + imgresult="--load" +fi build_operator() { if [ "${RELEASE:-1}" = 0 ]; then @@ -21,21 +26,19 @@ build_operator() { fi export IMAGE - export DOCKER_DEFAULT_PLATFORM=${DOCKER_DEFAULT_PLATFORM:-linux/amd64} + export DOCKER_DEFAULT_PLATFORM=${DOCKER_DEFAULT_PLATFORM:-"linux/amd64,linux/arm64"} export GO_LDFLAGS="-w -s -trimpath $GO_LDFLAGS" pushd ${src_dir} - docker build \ + docker buildx build \ + --platform $DOCKER_DEFAULT_PLATFORM \ --build-arg GIT_COMMIT=$GIT_COMMIT \ --build-arg GIT_BRANCH=$GIT_BRANCH \ --build-arg GO_LDFLAGS="$GO_LDFLAGS" \ + $imgresult \ $squash \ $no_cache \ -t "${IMAGE}" -f build/Dockerfile . popd - - if [ "${DOCKER_PUSH:-1}" = 1 ]; then - docker push ${IMAGE} - fi } until docker ps; do sleep 1; done