csi-wrapper: Build csi-wrapper images via GHA

- clean Dockerfile
- support local dev and remote release build
- build three csi-wrappers images in one Dockerfile

fixes #1030
Signed-off-by: Da Li Liu <[email protected]>

.github/workflows/csi_wrapper_images.yaml

@@ -0,0 +1,57 @@
+# (C) Copyright Confidential Containers Contributors 2023.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Build and push csi wrapper images for each arch.
+---
+name: csi wrapper images
+on:
+  push:
+    branches:
+      - 'staging'
+      - 'csi-wrapper-images'
+    paths:
+    - 'volumes/csi-wrapper/**'
+
+env:
+  go_version: 1.19
+
+jobs:
+  build_push_job:
+    name: build and push
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        binary: [csi-controller-wrapper, csi-node-wrapper, csi-podvm-wrapper]
+
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Setup Golang version ${{ env.go_version }}
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ env.go_version }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to quay Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          tags: |
+            quay.io/confidential-containers/${{matrix.binary}}:latest
+            quay.io/confidential-containers/${{matrix.binary}}:${{ github.sha }}
+          push: true
+          context: volumes/csi-wrapper
+          platforms: linux/amd64, linux/s390x, linux/ppc64le
+          file: |
+            volumes/csi-wrapper/Dockerfile.csi_wrappers
+          build-args: |
+            "BINARY=${{matrix.binary}}"
+            "SOURCE_FROM=remote"

volumes/csi-wrapper/Dockerfile.csi_wrappers

@@ -0,0 +1,42 @@
+# Copyright Confidential Containers Contributors
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Builds csi wrappers images inside container
+
+ARG SOURCE_FROM=remote
+
+##### Builder Dev Image #####
+FROM --platform=${BUILDPLATFORM} golang:1.19 AS builder-local
+WORKDIR /src
+COPY go.mod go.sum ./cloud-api-adaptor/volumes/csi-wrapper/
+COPY Makefile ./cloud-api-adaptor/volumes/csi-wrapper/
+COPY cmd   ./cloud-api-adaptor/volumes/csi-wrapper/cmd
+COPY pkg   ./cloud-api-adaptor/volumes/csi-wrapper/pkg
+
+##### Builder Release Image #####
+FROM --platform=${BUILDPLATFORM} golang:1.19 AS builder-remote
+ARG BINARY
+ARG CAA_SRC="https://github.com/confidential-containers/cloud-api-adaptor"
+ARG CAA_SRC_REF="staging"
+
+WORKDIR /src
+
+RUN echo $CAA_SRC
+RUN echo $CAA_SRC_REF
+RUN git clone ${CAA_SRC} -b ${CAA_SRC_REF} cloud-api-adaptor
+
+FROM builder-${SOURCE_FROM} AS builder
+ARG TARGETARCH
+ARG BINARY
+
+RUN cd cloud-api-adaptor/volumes/csi-wrapper/ && make ARCH=${TARGETARCH} ${BINARY}
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM --platform=${TARGETPLATFORM} gcr.io/distroless/static:nonroot
+ARG BINARY
+WORKDIR /
+COPY --from=builder /src/cloud-api-adaptor/volumes/csi-wrapper/build/${BINARY}/${BINARY} /usr/bin/${BINARY}
+
+ENTRYPOINT ["/usr/bin/${BINARY}"]

volumes/csi-wrapper/Makefile

@@ -3,15 +3,15 @@ SOURCEDIRS := ./cmd ./pkg
 PACKAGES   := $(shell go list $(addsuffix /...,$(SOURCEDIRS)))
 SOURCES    := $(shell find $(SOURCEDIRS) -name '*.go' -print)
 
-# Determine the go arch (amd64 for x86, ppc64le for power, s390x for z)
-GO_BLD_ARCH=$(shell go env GOHOSTARCH)
+ARCH        ?= $(subst x86_64,amd64,$(shell uname -m))
+GOOPTIONS   ?= GOOS=linux GOARCH=$(ARCH) CGO_ENABLED=0
 BUILD_ROOT=${PWD}
 
 all: build
 build: $(BINARIES)
 
 $(BINARIES): $(SOURCES)
-	CGO_ENABLED=0 GOOS=linux GOARCH=$(GO_BLD_ARCH) go build  -o "$(BUILD_ROOT)/build/$@/$@" "cmd/$@/main.go"
+	$(GOOPTIONS) go build  -o "$(BUILD_ROOT)/build/$@/$@" "cmd/$@/main.go"
 
 test:
 	go test -cover $(PACKAGES)
@@ -28,19 +28,31 @@ clean:
 	rm -fr $(BUILD_ROOT)/build/*
 
 .PHONY: csi-node-wrapper-docker
-csi-node-wrapper-docker: csi-node-wrapper
-	cp hack/dockers/csi-node-wrapper/Dockerfile $(BUILD_ROOT)/build/csi-node-wrapper/
-	docker build -t csi-node-wrapper:local $(BUILD_ROOT)/build/csi-node-wrapper
+csi-node-wrapper-docker:
+	docker build -t csi-node-wrapper:local \
+		--build-arg BINARY=csi-node-wrapper \
+		--build-arg SOURCE_FROM=local \
+		--build-arg TARGETARCH=s390x \
+		--build-arg TARGETPLATFORM=s390x \
+		-f Dockerfile.csi_wrappers .
 
 .PHONY: csi-controller-wrapper-docker
-csi-controller-wrapper-docker: csi-controller-wrapper
-	cp hack/dockers/csi-controller-wrapper/Dockerfile $(BUILD_ROOT)/build/csi-controller-wrapper/
-	docker build -t csi-controller-wrapper:local $(BUILD_ROOT)/build/csi-controller-wrapper
+csi-controller-wrapper-docker:
+	docker build -t csi-controller-wrapper:local \
+		--build-arg BINARY=csi-controller-wrapper \
+		--build-arg SOURCE_FROM=local \
+		--build-arg TARGETARCH=s390x \
+		--build-arg TARGETPLATFORM=s390x \
+		-f Dockerfile.csi_wrappers .
 
 .PHONY: csi-podvm-wrapper-docker
-csi-podvm-wrapper-docker: csi-podvm-wrapper
-	cp hack/dockers/csi-podvm-wrapper/Dockerfile $(BUILD_ROOT)/build/csi-podvm-wrapper/
-	docker build -t csi-podvm-wrapper:local $(BUILD_ROOT)/build/csi-podvm-wrapper
+csi-podvm-wrapper-docker:
+	docker build -t csi-podvm-wrapper:local \
+		--build-arg BINARY=csi-podvm-wrapper \
+		--build-arg SOURCE_FROM=local \
+		--build-arg TARGETARCH=s390x \
+		--build-arg TARGETPLATFORM=s390x \
+		-f Dockerfile.csi_wrappers .
 
 .PHONY: import-csi-node-wrapper-docker
 import-csi-node-wrapper-docker: csi-node-wrapper-docker