ci: Add multiarch to cockpit workflow (#327)

* add multiarch to cockpit workflow * replace amd image digest with manifest digest, also linter * add checkout action * update cargo version if PR * only set-version for stackable-cockpit
stackabletech · Oct 21, 2024 · f73001a · f73001a
1 parent c85421f
commit f73001a
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 4 deletions.
diff --git a/.github/workflows/pr_cockpit.yml b/.github/workflows/pr_cockpit.yml
@@ -70,10 +70,15 @@ jobs:
             core.setFailed('Committed Helm charts were not up to date, please regenerate and re-commit!')
 
   publish:
-    name: Publish Docker Image
+    name: Publish ${{ matrix.runner.arch }} Image
     permissions:
       id-token: write
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.runner.name }}
+    strategy:
+      matrix:
+        runner:
+          - {name: "ubuntu-latest", arch: "amd64"}
+          - {name: "ubicloud-standard-8-arm", arch: "arm64"}
     env:
       NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
       OCI_REGISTRY_SDP_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }}
@@ -128,3 +133,40 @@ jobs:
         if: ${{ !github.event.pull_request.head.repo.fork }}
         name: Output Image Name and Tag
         run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> "$GITHUB_OUTPUT"
+
+  create_manifest_list:
+    name: Build and publish manifest list
+    needs:
+      - publish
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    env:
+      NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
+      OCI_REGISTRY_SDP_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }}
+      OCI_REGISTRY_SDP_USERNAME: "robot$sdp+github-action-build"
+      OCI_REGISTRY_SDP_CHARTS_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_CHARTS_GITHUB_ACTION_BUILD_SECRET }}
+      OCI_REGISTRY_SDP_CHARTS_USERNAME: "robot$sdp-charts+github-action-build"
+    steps:
+      - name: Install cosign
+        uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
+      - name: Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          submodules: recursive
+      # This step checks if the current run was triggered by a push to a pr (or a pr being created).
+      # If this is the case it changes the version of this project in all Cargo.toml files to include the suffix
+      # "-pr<prnumber>" so that the published artifacts can be linked to this PR.
+      - uses: stackabletech/cargo-install-action@main
+        with:
+          crate: cargo-edit
+          bin: cargo-set-version
+      - name: Update version if PR
+        if: ${{ github.event_name == 'pull_request' }}
+        run: cargo set-version --offline --package stackable-cockpit 0.0.0-pr${{ github.event.pull_request.number }}
+      - name: Build manifest list
+        run: |
+          # Creating manifest list
+          make -e docker-manifest-list-build
+          # Pushing and signing manifest list
+          make -e docker-manifest-list-publish
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,13 +1,14 @@
 # Using inlined version of ubi8-rust-builder, ends at ## END OF ubi8-rust-builder
 # Each modification (apart from removing ONBUILD clauses) should be preceded by a ## PATCH comment explaining the change
 #FROM docker.stackable.tech/stackable/ubi8-rust-builder AS builder
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.7@sha256:3e1adcc31c6073d010b8043b070bd089d7bf37ee2c397c110211a6273453433f AS builder
+FROM registry.access.redhat.com/ubi8/ubi-minimal@sha256:987ae81ce046652ee4a2c3df54dad5e82faa1b078dab5d09f7cfaae11784ed30 AS builder
 LABEL maintainer="Stackable GmbH"
 
 # https://github.com/hadolint/hadolint/wiki/DL4006
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 # Update image and install everything needed for Rustup & Rust
+# hadolint ignore=DL3041
 RUN microdnf update --disablerepo=* --enablerepo=ubi-8-appstream-rpms --enablerepo=ubi-8-baseos-rpms -y \
   && rm -rf /var/cache/yum \
   && microdnf install --disablerepo=* --enablerepo=ubi-8-appstream-rpms --enablerepo=ubi-8-baseos-rpms curl findutils gcc gcc-c++ make cmake openssl-devel pkg-config systemd-devel unzip tar xz clang krb5-libs libkadm5 -y \
@@ -57,8 +58,8 @@ COPY docker/ubi8-rust-builder/copy_artifacts.sh /
 WORKDIR /src
 COPY . /src
 
-# hadolint ignore=SC1091
 ## PATCH: disabled cyclonedx, run yarn install, build stackable-cockpitd with ui feature enabled
+# hadolint ignore=SC1091
 RUN . "$HOME/.cargo/env" && yarn && cargo build --release --workspace --features stackable-cockpitd/ui
 # ONBUILD RUN . "$HOME/.cargo/env" && cargo auditable build --release --workspace && cargo cyclonedx --output-pattern package --all --output-cdx
 
@@ -79,6 +80,7 @@ RUN find /src/target/release \
 RUN echo "The following files will be copied to the runtime image: $(ls /app)"
 ## END OF ubi8-rust-builder
 
+# hadolint ignore=DL3006
 FROM registry.access.redhat.com/ubi8/ubi-minimal AS operator
 
 ARG VERSION
@@ -93,12 +95,14 @@ LABEL name="Stackable Cockpit" \
   description="Deploy and manage Stackable clusters."
 
 # Update image
+# hadolint ignore=DL3041
 RUN microdnf install -y yum \
   && yum -y update-minimal --security --sec-severity=Important --sec-severity=Critical \
   && yum clean all \
   && microdnf clean all
 
 # Install kerberos client libraries
+# hadolint ignore=DL3041
 RUN microdnf install -y krb5-libs libkadm5 && microdnf clean all
 
 #COPY LICENSE /licenses/LICENSE