diff --git a/.github/workflows/csi_wrapper_images.yaml b/.github/workflows/csi_wrapper_images.yaml new file mode 100644 index 000000000..dff00aac0 --- /dev/null +++ b/.github/workflows/csi_wrapper_images.yaml @@ -0,0 +1,57 @@ +# (C) Copyright Confidential Containers Contributors 2023. +# SPDX-License-Identifier: Apache-2.0 +# +# Build and push csi wrapper images for each arch. +--- +name: csi wrapper images +on: + push: + branches: + - 'staging' + - 'csi-wrapper-images' + paths: + - 'volumes/csi-wrapper/**' + +env: + go_version: 1.19 + +jobs: + build_push_job: + name: build and push + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + binary: [csi-controller-wrapper, csi-node-wrapper, csi-podvm-wrapper] + + steps: + - name: Checkout the code + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Setup Golang version ${{ env.go_version }} + uses: actions/setup-go@v3 + with: + go-version: ${{ env.go_version }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to quay Container Registry + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_PASSWORD }} + - name: Build and push + uses: docker/build-push-action@v3 + with: + tags: | + quay.io/confidential-containers/${{matrix.binary}}:latest + quay.io/confidential-containers/${{matrix.binary}}:${{ github.sha }} + push: true + context: volumes/csi-wrapper + platforms: linux/amd64, linux/s390x, linux/ppc64le + file: | + volumes/csi-wrapper/Dockerfile.csi_wrappers + build-args: | + "BINARY=${{matrix.binary}}" + "SOURCE_FROM=remote" diff --git a/volumes/csi-wrapper/Dockerfile.csi_wrappers b/volumes/csi-wrapper/Dockerfile.csi_wrappers new file mode 100644 index 000000000..185f6144b --- /dev/null +++ b/volumes/csi-wrapper/Dockerfile.csi_wrappers @@ -0,0 +1,42 @@ +# Copyright Confidential Containers Contributors +# +# SPDX-License-Identifier: Apache-2.0 +# +# Builds csi wrappers images inside container + +ARG SOURCE_FROM=remote + +##### Builder Dev Image ##### +FROM --platform=${BUILDPLATFORM} golang:1.19 AS builder-local +WORKDIR /src +COPY go.mod go.sum ./cloud-api-adaptor/volumes/csi-wrapper/ +COPY Makefile ./cloud-api-adaptor/volumes/csi-wrapper/ +COPY cmd ./cloud-api-adaptor/volumes/csi-wrapper/cmd +COPY pkg ./cloud-api-adaptor/volumes/csi-wrapper/pkg + +##### Builder Release Image ##### +FROM --platform=${BUILDPLATFORM} golang:1.19 AS builder-remote +ARG BINARY +ARG CAA_SRC="https://github.com/confidential-containers/cloud-api-adaptor" +ARG CAA_SRC_REF="staging" + +WORKDIR /src + +RUN echo $CAA_SRC +RUN echo $CAA_SRC_REF +RUN git clone ${CAA_SRC} -b ${CAA_SRC_REF} cloud-api-adaptor + +FROM builder-${SOURCE_FROM} AS builder +ARG TARGETARCH +ARG BINARY + +RUN cd cloud-api-adaptor/volumes/csi-wrapper/ && make ARCH=${TARGETARCH} ${BINARY} + +# Use distroless as minimal base image to package the manager binary +# Refer to https://github.com/GoogleContainerTools/distroless for more details +FROM --platform=${TARGETPLATFORM} gcr.io/distroless/static:nonroot +ARG BINARY +WORKDIR / +COPY --from=builder /src/cloud-api-adaptor/volumes/csi-wrapper/build/${BINARY}/${BINARY} /usr/bin/${BINARY} + +ENTRYPOINT ["/usr/bin/${BINARY}"] diff --git a/volumes/csi-wrapper/Makefile b/volumes/csi-wrapper/Makefile index 806ee4ced..7bfaafc9a 100644 --- a/volumes/csi-wrapper/Makefile +++ b/volumes/csi-wrapper/Makefile @@ -3,15 +3,15 @@ SOURCEDIRS := ./cmd ./pkg PACKAGES := $(shell go list $(addsuffix /...,$(SOURCEDIRS))) SOURCES := $(shell find $(SOURCEDIRS) -name '*.go' -print) -# Determine the go arch (amd64 for x86, ppc64le for power, s390x for z) -GO_BLD_ARCH=$(shell go env GOHOSTARCH) +ARCH ?= $(subst x86_64,amd64,$(shell uname -m)) +GOOPTIONS ?= GOOS=linux GOARCH=$(ARCH) CGO_ENABLED=0 BUILD_ROOT=${PWD} all: build build: $(BINARIES) $(BINARIES): $(SOURCES) - CGO_ENABLED=0 GOOS=linux GOARCH=$(GO_BLD_ARCH) go build -o "$(BUILD_ROOT)/build/$@/$@" "cmd/$@/main.go" + $(GOOPTIONS) go build -o "$(BUILD_ROOT)/build/$@/$@" "cmd/$@/main.go" test: go test -cover $(PACKAGES) @@ -28,19 +28,31 @@ clean: rm -fr $(BUILD_ROOT)/build/* .PHONY: csi-node-wrapper-docker -csi-node-wrapper-docker: csi-node-wrapper - cp hack/dockers/csi-node-wrapper/Dockerfile $(BUILD_ROOT)/build/csi-node-wrapper/ - docker build -t csi-node-wrapper:local $(BUILD_ROOT)/build/csi-node-wrapper +csi-node-wrapper-docker: + docker build -t csi-node-wrapper:local \ + --build-arg BINARY=csi-node-wrapper \ + --build-arg SOURCE_FROM=local \ + --build-arg TARGETARCH=s390x \ + --build-arg TARGETPLATFORM=s390x \ + -f Dockerfile.csi_wrappers . .PHONY: csi-controller-wrapper-docker -csi-controller-wrapper-docker: csi-controller-wrapper - cp hack/dockers/csi-controller-wrapper/Dockerfile $(BUILD_ROOT)/build/csi-controller-wrapper/ - docker build -t csi-controller-wrapper:local $(BUILD_ROOT)/build/csi-controller-wrapper +csi-controller-wrapper-docker: + docker build -t csi-controller-wrapper:local \ + --build-arg BINARY=csi-controller-wrapper \ + --build-arg SOURCE_FROM=local \ + --build-arg TARGETARCH=s390x \ + --build-arg TARGETPLATFORM=s390x \ + -f Dockerfile.csi_wrappers . .PHONY: csi-podvm-wrapper-docker -csi-podvm-wrapper-docker: csi-podvm-wrapper - cp hack/dockers/csi-podvm-wrapper/Dockerfile $(BUILD_ROOT)/build/csi-podvm-wrapper/ - docker build -t csi-podvm-wrapper:local $(BUILD_ROOT)/build/csi-podvm-wrapper +csi-podvm-wrapper-docker: + docker build -t csi-podvm-wrapper:local \ + --build-arg BINARY=csi-podvm-wrapper \ + --build-arg SOURCE_FROM=local \ + --build-arg TARGETARCH=s390x \ + --build-arg TARGETPLATFORM=s390x \ + -f Dockerfile.csi_wrappers . .PHONY: import-csi-node-wrapper-docker import-csi-node-wrapper-docker: csi-node-wrapper-docker