Skip to content

Commit

Permalink
Add an architecture suffix to images pushed for multi-platform
Browse files Browse the repository at this point in the history
In order to reduce the likelihood of users accidentally forgetting to
specify unique tags for each architecture, we can add a suffix to the
pushed image if an arch-specific one doesn't exist.

Signed-off-by: arewm <[email protected]>
  • Loading branch information
arewm committed Jul 24, 2024
1 parent 6dd763a commit 493fc55
Show file tree
Hide file tree
Showing 9 changed files with 59 additions and 48 deletions.
4 changes: 2 additions & 2 deletions hack/generate-buildah-remote.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ go build -o /tmp/remote-generator ./remote/main.go

for version in 0.1 0.2; do
/tmp/remote-generator --buildah-task="${SCRIPTDIR}/../task/buildah/${version}/buildah.yaml" \
--remote-task="${SCRIPTDIR}/../task/buildah-remote/${version}/buildah-remote.yaml"
--remote-task="${SCRIPTDIR}/../task/buildah-remote/${version}/buildah-remote.yaml" --task-version="$version"
/tmp/remote-generator --buildah-task="${SCRIPTDIR}/../task/buildah-oci-ta/${version}/buildah-oci-ta.yaml" \
--remote-task="${SCRIPTDIR}/../task/buildah-remote-oci-ta/${version}/buildah-remote-oci-ta.yaml"
--remote-task="${SCRIPTDIR}/../task/buildah-remote-oci-ta/${version}/buildah-remote-oci-ta.yaml" --task-version="$version"
done
24 changes: 18 additions & 6 deletions task-generator/remote/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,18 +33,20 @@ import (
func main() {
var buildahTask string
var buildahRemoteTask string
var taskVersion string

flag.StringVar(&buildahTask, "buildah-task", "", "The location of the buildah task")
flag.StringVar(&buildahRemoteTask, "remote-task", "", "The location of the buildah-remote task to overwrite")
flag.StringVar(&taskVersion, "task-version", "", "The version of the task to overwrite")

opts := zap.Options{
Development: true,
}
opts.BindFlags(flag.CommandLine)
klog.InitFlags(flag.CommandLine)
flag.Parse()
if buildahTask == "" || buildahRemoteTask == "" {
println("Must specify both buildah-task and remote-task params")
if buildahTask == "" || buildahRemoteTask == "" || taskVersion == "" {
println("Must specify both buildah-task, remote-task, and task-version params")
os.Exit(1)
}

Expand All @@ -53,7 +55,7 @@ func main() {

decodingScheme := runtime.NewScheme()
utilruntime.Must(tektonapi.AddToScheme(decodingScheme))
convertToSsh(&task)
convertToSsh(&task, taskVersion)
y := printers.YAMLPrinter{}
b := bytes.Buffer{}
_ = y.PrintObj(&task, &b)
Expand Down Expand Up @@ -87,7 +89,7 @@ func streamFileYamlToTektonObj(path string, obj runtime.Object) runtime.Object {
return decodeBytesToTektonObjbytes(bytes, obj)
}

func convertToSsh(task *tektonapi.Task) {
func convertToSsh(task *tektonapi.Task, taskVersion string) {

builderImage := ""
syncVolumes := map[string]bool{}
Expand All @@ -96,9 +98,16 @@ func convertToSsh(task *tektonapi.Task) {
syncVolumes[i.Name] = true
}
}
adjustRemoteImage := "if [[ \"${IMAGE##*-}\" != \"${PLATFORM##*-}\" ]]; then"
adjustRemoteImage += "\n export IMAGE=\"${IMAGE}-${PLATFORM##*-}\"\nfi\n"


for stepPod := range task.Spec.Steps {
step := &task.Spec.Steps[stepPod]
if step.Name != "build" {
if step.Name == "inject-sbom-and-push" && taskVersion == "0.2" {
step.Script = adjustRemoteImage + "\n" + step.Script
continue
} else if step.Name != "build" {
continue
}
podmanArgs := ""
Expand Down Expand Up @@ -130,7 +139,9 @@ PORT_FORWARD=" -L 80:$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR:80"
PODMAN_PORT_FORWARD=" -e JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR=localhost"
fi
`

if taskVersion == "0.2" {
ret += adjustRemoteImage
}
env := "$PODMAN_PORT_FORWARD \\\n"

// disable podman subscription-manager integration
Expand Down Expand Up @@ -229,4 +240,5 @@ fi
},
})
task.Spec.StepTemplate.Env = append(task.Spec.StepTemplate.Env, v1.EnvVar{Name: "BUILDER_IMAGE", Value: builderImage})
task.Spec.StepTemplate.Env = append(task.Spec.StepTemplate.Env, v1.EnvVar{Name: "PLATFORM", Value: "$(params.PLATFORM)"})
}
2 changes: 1 addition & 1 deletion task/build-image-manifest/0.1/build-image-manifest.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ spec:
requests:
memory: 512Mi
cpu: 250m
args: ["$(params.IMAGES[*])"]
args: [$(params.IMAGES)]
script: |
#!/bin/bash
# Fixing group permission on /var/lib/containers
Expand Down
15 changes: 5 additions & 10 deletions task/buildah-oci-ta/0.2/buildah-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -570,14 +570,9 @@ spec:
add:
- SETFCAP
runAsUser: 0
- name: upload-sbom
image: quay.io/redhat-appstudio/cosign:v2.1.1@sha256:c883d6f8d39148f2cea71bff4622d196d89df3e510f36c140c097b932f0dd5d5
args:
- attach
- sbom
- --sbom
- sbom-cyclonedx.json
- --type
- cyclonedx
- $(params.IMAGE)
- computeResources: {}
image: quay.io/konflux-ci/appstudio-utils:ab6b0b8e40e440158e7288c73aff1cf83a2cc8a9@sha256:24179f0efd06c65d16868c2d7eb82573cce8e43533de6cea14fec3b7446e0b14
name: upload-sbom
script: |
cosign attach sbom --sbom sbom-cyclonedx.json --type cyclonedx $(cat $(results.IMAGE_REF.path))
workingDir: /var/workdir
2 changes: 2 additions & 0 deletions task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,8 @@ spec:
value: $(params.YUM_REPOS_D_TARGET)
- name: BUILDER_IMAGE
value: quay.io/konflux-ci/buildah:latest@sha256:9ef792d74bcc1d330de6be58b61f2cdbfa1c23b74a291eb2136ffd452d373050
- name: PLATFORM
value: $(params.PLATFORM)
volumeMounts:
- mountPath: /shared
name: shared
Expand Down
23 changes: 13 additions & 10 deletions task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,8 @@ spec:
value: $(params.YUM_REPOS_D_TARGET)
- name: BUILDER_IMAGE
value: quay.io/konflux-ci/buildah:latest@sha256:9ef792d74bcc1d330de6be58b61f2cdbfa1c23b74a291eb2136ffd452d373050
- name: PLATFORM
value: $(params.PLATFORM)
volumeMounts:
- mountPath: /shared
name: shared
Expand Down Expand Up @@ -236,6 +238,9 @@ spec:
PORT_FORWARD=" -L 80:$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR:80"
PODMAN_PORT_FORWARD=" -e JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR=localhost"
fi
if [[ "${IMAGE##*-}" != "${PLATFORM##*-}" ]]; then
export IMAGE="${IMAGE}-${PLATFORM##*-}"
fi
rsync -ra /shared/ "$SSH_HOST:$BUILD_DIR/volumes/shared/"
rsync -ra /var/workdir/ "$SSH_HOST:$BUILD_DIR/volumes/workdir/"
Expand Down Expand Up @@ -600,6 +605,10 @@ spec:
image: quay.io/konflux-ci/buildah:latest@sha256:9ef792d74bcc1d330de6be58b61f2cdbfa1c23b74a291eb2136ffd452d373050
name: inject-sbom-and-push
script: |
if [[ "${IMAGE##*-}" != "${PLATFORM##*-}" ]]; then
export IMAGE="${IMAGE}-${PLATFORM##*-}"
fi
base_image_name=$(buildah inspect --format '{{ index .ImageAnnotations "org.opencontainers.image.base.name"}}' $IMAGE | cut -f1 -d'@')
base_image_digest=$(buildah inspect --format '{{ index .ImageAnnotations "org.opencontainers.image.base.digest"}}' $IMAGE)
container=$(buildah from --pull-never $IMAGE)
Expand Down Expand Up @@ -645,17 +654,11 @@ spec:
- mountPath: /var/lib/containers
name: varlibcontainers
workingDir: /var/workdir
- args:
- attach
- sbom
- --sbom
- sbom-cyclonedx.json
- --type
- cyclonedx
- $(params.IMAGE)
computeResources: {}
image: quay.io/redhat-appstudio/cosign:v2.1.1@sha256:c883d6f8d39148f2cea71bff4622d196d89df3e510f36c140c097b932f0dd5d5
- computeResources: {}
image: quay.io/konflux-ci/appstudio-utils:ab6b0b8e40e440158e7288c73aff1cf83a2cc8a9@sha256:24179f0efd06c65d16868c2d7eb82573cce8e43533de6cea14fec3b7446e0b14
name: upload-sbom
script: |
cosign attach sbom --sbom sbom-cyclonedx.json --type cyclonedx $(cat $(results.IMAGE_REF.path))
workingDir: /var/workdir
volumes:
- name: activation-key
Expand Down
2 changes: 2 additions & 0 deletions task/buildah-remote/0.1/buildah-remote.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,8 @@ spec:
value: $(params.SKIP_UNUSED_STAGES)
- name: BUILDER_IMAGE
value: quay.io/konflux-ci/buildah:latest@sha256:9ef792d74bcc1d330de6be58b61f2cdbfa1c23b74a291eb2136ffd452d373050
- name: PLATFORM
value: $(params.PLATFORM)
volumeMounts:
- mountPath: /shared
name: shared
Expand Down
23 changes: 13 additions & 10 deletions task/buildah-remote/0.2/buildah-remote.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,8 @@ spec:
value: $(params.SKIP_UNUSED_STAGES)
- name: BUILDER_IMAGE
value: quay.io/konflux-ci/buildah:latest@sha256:9ef792d74bcc1d330de6be58b61f2cdbfa1c23b74a291eb2136ffd452d373050
- name: PLATFORM
value: $(params.PLATFORM)
volumeMounts:
- mountPath: /shared
name: shared
Expand Down Expand Up @@ -218,6 +220,9 @@ spec:
PORT_FORWARD=" -L 80:$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR:80"
PODMAN_PORT_FORWARD=" -e JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR=localhost"
fi
if [[ "${IMAGE##*-}" != "${PLATFORM##*-}" ]]; then
export IMAGE="${IMAGE}-${PLATFORM##*-}"
fi
rsync -ra $(workspaces.source.path)/ "$SSH_HOST:$BUILD_DIR/workspaces/source/"
rsync -ra /shared/ "$SSH_HOST:$BUILD_DIR/volumes/shared/"
Expand Down Expand Up @@ -582,6 +587,10 @@ spec:
image: quay.io/konflux-ci/buildah:latest@sha256:9ef792d74bcc1d330de6be58b61f2cdbfa1c23b74a291eb2136ffd452d373050
name: inject-sbom-and-push
script: |
if [[ "${IMAGE##*-}" != "${PLATFORM##*-}" ]]; then
export IMAGE="${IMAGE}-${PLATFORM##*-}"
fi
base_image_name=$(buildah inspect --format '{{ index .ImageAnnotations "org.opencontainers.image.base.name"}}' $IMAGE | cut -f1 -d'@')
base_image_digest=$(buildah inspect --format '{{ index .ImageAnnotations "org.opencontainers.image.base.digest"}}' $IMAGE)
container=$(buildah from --pull-never $IMAGE)
Expand Down Expand Up @@ -627,17 +636,11 @@ spec:
- mountPath: /var/lib/containers
name: varlibcontainers
workingDir: $(workspaces.source.path)
- args:
- attach
- sbom
- --sbom
- sbom-cyclonedx.json
- --type
- cyclonedx
- $(params.IMAGE)
computeResources: {}
image: quay.io/redhat-appstudio/cosign:v2.1.1@sha256:c883d6f8d39148f2cea71bff4622d196d89df3e510f36c140c097b932f0dd5d5
- computeResources: {}
image: quay.io/konflux-ci/appstudio-utils:ab6b0b8e40e440158e7288c73aff1cf83a2cc8a9@sha256:24179f0efd06c65d16868c2d7eb82573cce8e43533de6cea14fec3b7446e0b14
name: upload-sbom
script: |
cosign attach sbom --sbom sbom-cyclonedx.json --type cyclonedx $(cat $(results.IMAGE_REF.path))
workingDir: $(workspaces.source.path)
volumes:
- emptyDir: {}
Expand Down
12 changes: 3 additions & 9 deletions task/buildah/0.2/buildah.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -527,15 +527,9 @@ spec:
workingDir: $(workspaces.source.path)

- name: upload-sbom
image: quay.io/redhat-appstudio/cosign:v2.1.1@sha256:c883d6f8d39148f2cea71bff4622d196d89df3e510f36c140c097b932f0dd5d5
args:
- attach
- sbom
- --sbom
- sbom-cyclonedx.json
- --type
- cyclonedx
- $(params.IMAGE)
image: quay.io/konflux-ci/appstudio-utils:ab6b0b8e40e440158e7288c73aff1cf83a2cc8a9@sha256:24179f0efd06c65d16868c2d7eb82573cce8e43533de6cea14fec3b7446e0b14
script: |
cosign attach sbom --sbom sbom-cyclonedx.json --type cyclonedx $(cat $(results.IMAGE_REF.path))
workingDir: $(workspaces.source.path)

volumes:
Expand Down

0 comments on commit 493fc55

Please sign in to comment.