scripts: update utility scripts

- Refactor the build and push scripts.
- Add common.sh for shared functionality.
- Add create_manifest.sh to facilitate multi-arch image release process.

Signed-off-by: Erdem Meydanli <meydanli@amazon.com>

Author: meerd

.gitignore

@@ -1,2 +1,3 @@
+.ecr.uri
 k8s-ne-device-plugin
 vendor/

RELEASE

@@ -0,0 +1 @@
+0.1

scripts/build.sh

@@ -1,5 +1,8 @@
-#!/bin/bash -e
+#!/bin/bash
+# Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
 
-TOP_DIR=$(dirname $(realpath $0))/..
-docker build --target builder -t ne-k8s-device-plugin-build:latest $TOP_DIR -f $TOP_DIR/container/Dockerfile
-docker build --target device_plugin -t aws-nitro-enclaves-k8s-device-plugin:latest $TOP_DIR -f $TOP_DIR/container/Dockerfile
+source "$(dirname $(realpath $0))/common.sh"
+
+docker build --target builder -t $BUILDER_IMAGE $TOP_DIR -f $TOP_DIR/container/Dockerfile
+docker build --target device_plugin -t $IMAGE $TOP_DIR -f $TOP_DIR/container/Dockerfile

scripts/common.sh

@@ -0,0 +1,98 @@
+#!/bin/bash
+# Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+readonly SUCCESS=0
+readonly FAILURE=255
+
+readonly SCRIPTS_DIR=$(dirname $(realpath $0))
+readonly TOP_DIR=$(cd $SCRIPTS_DIR/.. && pwd)
+readonly ECR_CONFIG_FILE_PATH="$SCRIPTS_DIR/.ecr.uri"
+readonly RELEASE_FILE="RELEASE"
+
+readonly BUILDER_IMAGE=ne-k8s-device-plugin-build:latest
+readonly REPOSITORY_NAME=aws-nitro-enclaves-k8s-device-plugin
+readonly RELEASE=$(cat $TOP_DIR/$RELEASE_FILE)
+readonly TAG=$RELEASE-$(arch)
+readonly IMAGE=$REPOSITORY_NAME:$TAG
+
+say() {
+  echo "$@"
+}
+
+die() {
+  say "[ERROR] $@"
+  exit $FAILURE
+}
+
+[[ -f $TOP_DIR/$RELEASE_FILE ]] || \
+  die "Cannot find $RELEASE_FILE file in $TOP_DIR directory."
+
+_set_config_item() {
+  local var=$1; shift
+  local prompt="$@"
+
+  local value=""
+  while [[ $value = "" ]];
+  do
+      printf "$prompt"
+      read value
+  done
+
+  echo "$var=$value" >> "$ECR_CONFIG_FILE_PATH"
+}
+
+_load_ecr_config() {
+  [[ -f $ECR_CONFIG_FILE_PATH ]] || {
+      printf "No configuration found!\n"
+      _set_config_item ECR_URL "Please enter an ECR URL:"
+      _set_config_item ECR_REGION "Please enter AWS region of the ECR repository:"
+  }
+
+  source "$ECR_CONFIG_FILE_PATH"
+  [[ -z "$ECR_URL" || -z "$ECR_REGION" ]] && {
+      say "$(basename $ECR_CONFIG_FILE_PATH) seems corrupted. Try using" \
+      "'rm -f $ECR_CONFIG_FILE_PATH' to remove this configuration."
+      exit 1
+  }
+
+  return 0
+}
+
+_ecr_login() {
+  is_a_public_ecr_registry
+
+  if [[ $? -eq $SUCCESS ]]; then
+      aws ecr-public get-login-password --region "$ECR_REGION" | docker login --username AWS --password-stdin $ECR_URL
+  else
+      aws ecr get-login-password --region "$ECR_REGION" | docker login --username AWS --password-stdin $ECR_URL
+  fi
+}
+
+# Loads configuration and logs in to a registry.
+#
+ecr_login() {
+    _load_ecr_config || die "Error while loading configuration file!"
+    say "Using ECR registry url: $ECR_URL. (region: $ECR_REGION)."
+    _ecr_login || die "Failed to log in to the ECR registry."
+}
+
+# Check if the current ECR URL is a public one or not.
+# 
+is_a_public_ecr_registry() {
+  [[ "$ECR_URL" =~ ^public.ecr.aws* ]] && { return $SUCCESS; }
+  return $FAILURE
+}
+
+# Generic user confirmation function
+# 
+confirm() {
+  read -p "$@ (yes/no)" yn
+  case yn in
+    yes) ;;
+    *)
+      say "Aborting..."
+      exit $FAILURE
+      ;;
+  esac
+}

scripts/create_manifest.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+# Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+source "$(dirname $(realpath $0))/common.sh"
+
+main() {
+  ecr_login
+
+  docker manifest create --amend $ECR_URL/$REPOSITORY_NAME \
+    $ECR_URL/$REPOSITORY_NAME:$RELEASE-x86_64 \
+    $ECR_URL/$REPOSITORY_NAME:$RELEASE-aarch64 || \
+    die "Cannot create manifest for multiarch image." \
+      " Please ensure that both x86_64 and aarch64 images" \
+      " already exist in the repository."
+
+  docker manifest inspect $ECR_URL/$IMAGE
+  
+  is_a_public_ecr_registry && {
+    confirm "You are about to make changes on a" \
+      " publicly available manifest. Are you sure want to continue? (yes/no)"
+  }
+
+  docker manifest push $ECR_URL/$REPOSITORY_NAME:latest
+}
+
+main

scripts/push.sh

@@ -1,11 +1,25 @@
 #!/bin/bash
-# Temporary file for development purposes only. Will be removed.
+# Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
 
-set -eu pipefail
+source "$(dirname $(realpath $0))/common.sh"
 
-URI=709843417989.dkr.ecr.eu-central-1.amazonaws.com
-REPOSITORY=709843417989.dkr.ecr.eu-central-1.amazonaws.com/plugin_devel:latest
+main() {
+  ecr_login
 
-aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin $URI
-docker tag aws-nitro-enclaves-k8s-device-plugin:latest $REPOSITORY
-docker push $REPOSITORY
+  aws ecr --region $ECR_REGION describe-repositories \
+    --repository-names "$REPOSITORY_NAME" > /dev/null || \
+    die "There is no repository named $REPOSITORY_NAME in" \
+    "$ECR_REGION region."
+
+  is_a_public_ecr_registry && {
+    confirm "You are about to make changes on a public repository." \
+            " Are you sure want to continue?"
+  }
+
+  docker tag $IMAGE $ECR_URL/$IMAGE
+  say "Pushing $IMAGE to $ECR_URL..."
+  docker push $ECR_URL/$IMAGE
+}
+
+main