Skip to content

Commit

Permalink
Merge pull request #6 from ComplianceAsCode/multi-arch
Browse files Browse the repository at this point in the history
Support Building multi-arch container imagers
  • Loading branch information
Vincent056 authored Jun 7, 2024
2 parents 71cd27f + 8e6f135 commit c57bc6d
Show file tree
Hide file tree
Showing 3 changed files with 103 additions and 134 deletions.
110 changes: 42 additions & 68 deletions .github/workflows/release-latest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@ on:
jobs:
# Push to latest
operator-container-push-latest:
strategy:
matrix:
platform:
- linux/amd64
- linux/ppc64le
- linux/s390x
permissions:
contents: read
id-token: write
Expand All @@ -18,8 +24,15 @@ jobs:
tag: latest
dockerfile_path: build/Dockerfile
vendor: 'Compliance Operator Authors'

platforms: ${{ matrix.platform }}

bundle-container-push-latest:
strategy:
matrix:
platform:
- linux/amd64
- linux/ppc64le
- linux/s390x
permissions:
contents: read
id-token: write
Expand All @@ -31,8 +44,15 @@ jobs:
tag: latest
dockerfile_path: bundle.Dockerfile
vendor: 'Compliance Operator Authors'

platforms: ${{ matrix.platform }}

openscap-container-push-latest:
strategy:
matrix:
platform:
- linux/amd64
- linux/ppc64le
- linux/s390x
permissions:
contents: read
id-token: write
Expand All @@ -44,72 +64,26 @@ jobs:
tag: latest
dockerfile_path: images/openscap/Dockerfile
vendor: 'Compliance Operator Authors'
platforms: ${{ matrix.platform }}

catalog-container-push-latest:
runs-on: ubuntu-latest
needs: bundle-container-push-latest
if: always() # remove this after we fix signing

catalog-container-push-pr:
strategy:
matrix:
platform:
- linux/amd64
- linux/ppc64le
- linux/s390x
permissions:
packages: write
contents: read

outputs:
image-digest: ${{ steps.container_info.outputs.image-digest }}
image-tags: ${{ steps.container_info.outputs.image-tags }}

steps:
- name: Checkout
uses: actions/checkout@v4.1.4

- name: Login to ghcr.io
uses: docker/login-action@v3.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up QEMU
uses: docker/setup-qemu-action@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Docker metadata
id: meta
uses: docker/metadata-action@v4
with:
images: ghcr.io/complianceascode/compliance-operator-catalog
tags: |
type=raw,value=latest
type=sha,format=long
type=raw,value=latest,enable=true
labels: |
org.opencontainers.image.source=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}
org.opencontainers.image.title=compliance-operator-catalog
org.opencontainers.image.version=latest
org.opencontainers.image.licenses='Apache-2.0'
org.opencontainers.image.vendor='Compliance Operator Authors'
- name: Generate catalog dockerfile
id: generate_catalog_dockerfile
run: |
make catalog-docker BUNDLE_IMGS=ghcr.io/complianceascode/compliance-operator-bundle:latest
- name: Build container images and push
id: docker_build
uses: docker/build-push-action@v5
with:
context: .
file: catalog.Dockerfile
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
push: true
platforms: 'linux/amd64'

- name: Get container info
id: container_info
run: |
image_tags="latest,sha-$(git rev-parse HEAD)"
echo "::set-output name=image-digest::${{ steps.docker_build.outputs.digest }}"
echo "::set-output name=image-tags::${image_tags}"
id-token: write
packages: write
uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
with:
name: compliance-operator-catalog
registry_org: complianceascode
tag: latest
dockerfile_path: catalog.Dockerfile
vendor: 'Compliance Operator Authors'
prepare_command: |
make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:latest
platforms: ${{ matrix.platform }}
28 changes: 28 additions & 0 deletions .github/workflows/release-pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,12 @@ jobs:
echo "pr_number=$(cat pr_number)" >> "$GITHUB_OUTPUT"
operator-container-push-pr:
strategy:
matrix:
platform:
- linux/amd64
- linux/ppc64le
- linux/s390x
needs: get-pr-number
permissions:
contents: read
Expand All @@ -54,8 +60,15 @@ jobs:
dockerfile_path: build/Dockerfile
vendor: 'Compliance Operator Authors'
checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head
platforms: ${{ matrix.platform }}

bundle-container-push-pr:
strategy:
matrix:
platform:
- linux/amd64
- linux/ppc64le
- linux/s390x
needs: get-pr-number
permissions:
contents: read
Expand All @@ -69,8 +82,15 @@ jobs:
dockerfile_path: bundle.Dockerfile
vendor: 'Compliance Operator Authors'
checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head
platforms: ${{ matrix.platform }}

openscap-container-push-pr:
strategy:
matrix:
platform:
- linux/amd64
- linux/ppc64le
- linux/s390x
needs: get-pr-number
permissions:
contents: read
Expand All @@ -84,8 +104,15 @@ jobs:
dockerfile_path: images/openscap/Dockerfile
vendor: 'Compliance Operator Authors'
checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head
platforms: ${{ matrix.platform }}

catalog-container-push-pr:
strategy:
matrix:
platform:
- linux/amd64
- linux/ppc64le
- linux/s390x
needs:
- get-pr-number
- bundle-container-push-pr
Expand All @@ -103,6 +130,7 @@ jobs:
checkout_ref: refs/pull/${{ needs.get-pr-number.outputs.pr-number }}/head
prepare_command: |
make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:${{ needs.get-pr-number.outputs.pr-number }}
platforms: ${{ matrix.platform }}

comment-pr:
needs:
Expand Down
99 changes: 33 additions & 66 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@ on:

jobs:
container-main:
strategy:
matrix:
platform:
- linux/amd64
- linux/ppc64le
- linux/s390x
permissions:
contents: read
id-token: write
Expand All @@ -18,8 +24,15 @@ jobs:
tag: ${GITHUB_REF_NAME}
dockerfile_path: build/Dockerfile
vendor: 'Compliance Operator Authors'
platforms: ${{ matrix.platform }}

bundle-container:
strategy:
matrix:
platform:
- linux/amd64
- linux/ppc64le
- linux/s390x
permissions:
contents: read
id-token: write
Expand All @@ -31,72 +44,26 @@ jobs:
tag: ${GITHUB_REF_NAME}
dockerfile_path: bundle.Dockerfile
vendor: 'Compliance Operator Authors'
platforms: ${{ matrix.platform }}

catalog-container:
runs-on: ubuntu-latest
needs: bundle-container
if: always() # remove this after we fix signing

catalog-container-push-pr:
strategy:
matrix:
platform:
- linux/amd64
- linux/ppc64le
- linux/s390x
permissions:
packages: write
contents: read

outputs:
image-digest: ${{ steps.container_info.outputs.image-digest }}
image-tags: ${{ steps.container_info.outputs.image-tags }}

steps:
- name: Checkout
uses: actions/checkout@v4.1.4

- name: Login to ghcr.io
uses: docker/login-action@v3.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up QEMU
uses: docker/setup-qemu-action@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Docker metadata
id: meta
uses: docker/metadata-action@v4
with:
images: ghcr.io/complianceascode/compliance-operator-catalog
tags: |
type=raw,value=${GITHUB_REF_NAME}
type=sha,format=long
type=raw,value=${GITHUB_REF_NAME},enable=true
labels: |
org.opencontainers.image.source=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}
org.opencontainers.image.title=compliance-operator-catalog
org.opencontainers.image.version=${GITHUB_REF_NAME}
org.opencontainers.image.licenses='Apache-2.0'
org.opencontainers.image.vendor='Compliance Operator Authors'
- name: Generate catalog dockerfile
id: generate_catalog_dockerfile
run: |
make catalog-docker BUNDLE_IMGS=ghcr.io/complianceascode/compliance-operator-bundle:${GITHUB_REF_NAME}
- name: Build container images and push
id: docker_build
uses: docker/build-push-action@v5
with:
context: .
file: catalog.Dockerfile
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
push: true
platforms: 'linux/amd64'

- name: Get container info
id: container_info
run: |
image_tags="${GITHUB_REF_NAME},sha-$(git rev-parse HEAD)"
echo "::set-output name=image-digest::${{ steps.docker_build.outputs.digest }}"
echo "::set-output name=image-tags::${image_tags}"
id-token: write
packages: write
uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
with:
name: compliance-operator-catalog
registry_org: complianceascode
tag: ${GITHUB_REF_NAME}
dockerfile_path: catalog.Dockerfile
vendor: 'Compliance Operator Authors'
prepare_command: |
make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:${GITHUB_REF_NAME}
platforms: ${{ matrix.platform }}

0 comments on commit c57bc6d

Please sign in to comment.