Add support to arm64 (#796)

Author: helderjs

.github/actions/build-push-image/action.yaml

@@ -0,0 +1,85 @@
+name: Build Container Image
+description: Builds the operator container image for the given architecture
+inputs:
+  platforms:
+    description: The list of platforms for which the image will be built
+    required: true
+  version:
+    description: The version of the operator will be built
+    required: true
+  repository:
+    description: The name of repository to build image
+    required: true
+  docker_username:
+    description: The username to access the docker registry
+    required: true
+  docker_password:
+    description: The password to access the docker registry
+    required: true
+  push_to_quay:
+    description: Also push image to quay.io
+    required: false
+    default: "false"
+  quay_username:
+    description: The username to access the docker registry
+    required: false
+  quay_password:
+    description: The password to access the docker registry
+    required: false
+  forked:
+    description: Flag to checkout source code from forked repository
+    required: false
+    default: "false"
+runs:
+  using: "composite"
+  steps:
+    - name: Check out code
+      uses: actions/[email protected]
+      if: ${{ inputs.forked == false }}
+      with:
+        submodules: true
+        fetch-depth: 0
+    - name: Check out code for forked PR
+      uses: actions/[email protected]
+      if: ${{ inputs.forked == true }}
+      with:
+        ref: ${{github.event.pull_request.head.sha}}
+        repository: ${{github.event.pull_request.head.repo.full_name}}
+        submodules: true
+    - name: "Set up QEMU"
+      uses: docker/setup-qemu-action@v2
+      with:
+        platforms: ${{ inputs.platforms }}
+    - name: "Set up Docker Buildx"
+      uses: docker/setup-buildx-action@v2
+      with:
+        platforms: ${{ inputs.platforms }}
+    - name: Login to docker registry
+      uses: docker/login-action@v2
+      with:
+        username: ${{ inputs.docker_username }}
+        password: ${{ inputs.docker_password }}
+    - name: Build and Push Operator to Docker Registry
+      uses: docker/build-push-action@v3
+      with:
+        context: .
+        build-args: VERSION=${{ inputs.version }}
+        platforms: ${{ inputs.platforms }}
+        tags: ${{ inputs.repository }}:${{ inputs.version }}
+        push: true
+    - name: Login to quay.io registry
+      if: ${{ inputs.push_to_quay == true }}
+      uses: docker/login-action@v2
+      with:
+        registry: quay.io
+        username: ${{ inputs.quay_username }}
+        password: ${{ inputs.quay_password }}
+    - name: Build and Push Operator to Docker Registry
+      if: ${{ inputs.push_to_quay == true }}
+      uses: docker/build-push-action@v3
+      with:
+        context: .
+        build-args: VERSION=${{ inputs.version }}
+        platforms: ${{ inputs.platforms }}
+        tags: quay.io/${{ inputs.repository }}:${{ inputs.version }}
+        push: true

.github/actions/certify-openshift-images/Dockerfile

@@ -1,6 +1,14 @@
 FROM alpine:latest
 
+RUN apk update && \
+    apk add --no-cache curl jq
+
+RUN curl -LO https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/1.4.3/preflight-linux-amd64  && \
+    chmod +x ./preflight-linux-amd64 && \
+    sudo mv ./preflight-linux-amd64 /usr/local/bin/preflight
+
 COPY entrypoint.sh /home/entrypoint.sh
 RUN chmod +x /home/entrypoint.sh
+
 # Code file to execute when the docker container starts up (`entrypoint.sh`)
 ENTRYPOINT ["/home/entrypoint.sh"]

.github/actions/certify-openshift-images/action.yaml

@@ -1,5 +1,27 @@
 name: 'certify-openshift-images'
-description: 'push image to RedHat Connect for certification'
+description: 'Push image to RedHat Connect for certification'
+inputs:
+  repository:
+    description: The name of repository of the image to be certified
+    required: true
+  version:
+    description: The version of the image to be certified
+    required: true
+  quay_password:
+    description: The password to access the quay.io registry
+    required: true
+  rhcc_token:
+    description: The Redhat certification central API token
+    required: true
+  rhcc_project:
+    description: The Redhat certification central project id
+    required: true
 runs:
   using: 'docker'
   image: 'Dockerfile'
+  env:
+    REPOSITORY: ${{ inputs.repository }}
+    VERSION: ${{ inputs.version }}
+    QUAY_PASSWORD: ${{ inputs.quay_password }}
+    RHCC_TOKEN: ${{ inputs.rhcc_token }}
+    RHCC_PROJECT: ${{ inputs.rhcc_project }}

.github/actions/certify-openshift-images/entrypoint.sh

@@ -2,49 +2,19 @@
 
 set -eou pipefail
 
-if [ -z "${IMAGE+x}" ]; then
-  echo "IMAGE is not set"
-  exit 1
-fi
-
-if [ -z "${VERSION+x}" ]; then
-  echo "VERSION is not set"
-  exit 1
-fi
-
-if [ -z "${RH_CERTIFICATION_OSPID+x}" ]; then
-  echo "RH_CERTIFICATION_OSPID is not set"
-  exit 1
-fi
-
-if [ -z "${RH_CERTIFICATION_TOKEN+x}" ]; then
-  echo "RH_CERTIFICATION_TOKEN is not set"
-  exit 1
-fi
-
-if [ -z "${RH_CERTIFICATION_PYXIS_API_TOKEN+x}" ]; then
-  echo "RH_CERTIFICATION_PYXIS_API_TOKEN is not set"
-  exit 1
-fi
-
-if [ -z "${CONTAINER_ENGINE+x}" ]; then
-  echo "CONTAINER_ENGINE is not set, defaulting to podman"
-  CONTAINER_ENGINE=podman
-fi
-
-preflight --version
-${CONTAINER_ENGINE} --version
-
-${CONTAINER_ENGINE} login -u unused -p "${RH_CERTIFICATION_TOKEN}" scan.connect.redhat.com --authfile ./authfile.json
-
-IMG_SHA=$("${CONTAINER_ENGINE}" inspect --format='{{ index .RepoDigests 0}}' "${IMAGE}":"${VERSION}")
-
-# Do the preflight check first
-preflight check container "${IMG_SHA}" --docker-config=./authfile.json
-
-# Send results to RedHat if preflight finished without errors
-preflight check container "${IMG_SHA}" \
-  --submit \
-  --pyxis-api-token="${RH_CERTIFICATION_PYXIS_API_TOKEN}" \
-  --certification-project-id="${RH_CERTIFICATION_OSPID}" \
-  --docker-config=./authfile.json
+docker login -u unused -p "${QUAY_PASSWORD}" quay.io
+
+DIGESTS=$(docker manifest inspect "${REPOSITORY}:${VERSION}" | jq -r .manifests[].digest)
+
+for DIGEST in $DIGESTS; do
+  echo "Checking image $DIGEST"
+  # Do the preflight check first
+  preflight check container "${DIGEST}" --docker-config="${HOME}/.docker/config.json"
+
+  # Send results to RedHat if preflight finished without errors
+  preflight check container "${DIGEST}" \
+    --submit \
+    --pyxis-api-token="${RHCC_TOKEN}" \
+    --certification-project-id="${RHCC_PROJECT}" \
+    --docker-config="${HOME}/.docker/config.json"
+done

.github/workflows/release-certify.yaml

@@ -19,15 +19,7 @@ jobs:
     if: ${{ (github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/')) || github.event.inputs.version != '' }}
     runs-on: ubuntu-latest
     env:
-      DOCKER_RELEASE_REPO: mongodb/mongodb-atlas-kubernetes-operator
-      REDHAT_SCAN_RELEASE_REGISTRY: scan.connect.redhat.com
-      REDHAT_SCAN_OPERATOR_REPO: ospid-4b67df2e-b2d2-42ef-994e-e35dcff33ad4/mongodb-atlas-kubernetes-operator
-      REDHAT_SCAN_BUNDLE_REPO: ospid-c531b655-554d-4c70-b592-c64723a5b840/mongodb-atlas-kubernetes-operator-bundle
-      REDHAT_RELEASE_REGISTRY: registry.connect.redhat.com
-      REDHAT_OPERATOR_REPO: mongodb/mongodb-atlas-kubernetes-operator
-      QUAY_RELEASE_REGISTRY: quay.io
-      QUAY_OPERATOR_REPO: mongodb/mongodb-atlas-kubernetes-operator
-      QUAY_ROBOT_NAME: mongodb+mongodb_atlas_kubernetes
+      IMAGE_REPOSITORY: mongodb/mongodb-atlas-kubernetes-operator
     steps:
       - name: Print Env and Get version
         id: tag
@@ -44,7 +36,6 @@ jobs:
           tag="v${version}"
           echo "version=$version" >> $GITHUB_OUTPUT
           echo "tag=$tag" >> $GITHUB_OUTPUT
-
       - name: Trigger helm post release workflow
         run: |
           curl \
@@ -54,61 +45,34 @@ jobs:
             -H "X-GitHub-Api-Version: 2022-11-28" \
             https://api.github.com/repos/mongodb/helm-charts/actions/workflows/post-atlas-operator-release.yaml/dispatches \
             -d '{"ref":"main","inputs":{"version":"'"${{ steps.tag.outputs.version }}"'"}}'
-
-      - name: Check out code into the Go module directory
+      - name: Check out code
         uses: actions/[email protected]
         with:
           submodules: true
-          fetch-depth: 0 #needs for tags
-
+          fetch-depth: 0
+      - name: Build and Push image
+        uses: ./.github/actions/build-push-image
+        with:
+          repository: ${{ env.IMAGE_REPOSITORY }}
+          version: ${{ steps.tag.outputs.tag }}
+          platforms: linux/amd64,linux/arm64
+          docker_username: ${{ secrets.DOCKER_USERNAME }}
+          docker_password: ${{ secrets.DOCKER_PASSWORD }}
+          push_to_quay: true
+          quay_username: mongodb+mongodb_atlas_kubernetes
+          quay_password: ${{ secrets.QUAY_PASSWORD }}
+      - name: Certify Openshift images
+        uses: ./.github/actions/certify-openshift-images
+        with:
+          repository: ${{ env.IMAGE_REPOSITORY }}
+          version: ${{ steps.tag.outputs.tag }}
+          quay_password: ${{ secrets.QUAY_PASSWORD }}
+          rhcc_token: ${{ secrets.RH_CERTIFICATION_PYXIS_API_TOKEN }}
+          rhcc_project: ${{ secrets.RH_CERTIFICATION_OSPID }}
       - name: Create configuration package
         run: |
           set -x
           tar czvf atlas-operator-all-in-one-${{ steps.tag.outputs.version }}.tar.gz -C deploy all-in-one.yaml
-
-      - name: Login to docker registry
-        uses: docker/login-action@v2
-        with:
-          registry: ${{ env.DOCKER_REGISTRY }}
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-      - name: Prepare docker image tag
-        id: prepare-docker-image-tag
-        run: |
-          REPOSITORY=${{ env.DOCKER_RELEASE_REPO }}
-          TAG=${{ steps.tag.outputs.version }}
-          TAGS="${REPOSITORY}:${TAG}"
-          echo "tags=$TAGS" >> $GITHUB_OUTPUT
-      - name: Push Atlas Operator to Registry
-        uses: docker/build-push-action@v3
-        with:
-          context: .
-          push: true
-          tags: ${{ steps.prepare-docker-image-tag.outputs.tags }}
-          build-args: VERSION=${{ steps.tag.outputs.tag }}
-
-      - name: Login to Quay registry
-        uses: docker/login-action@v2
-        with:
-          registry: ${{ env.QUAY_RELEASE_REGISTRY  }}
-          username: ${{ env.QUAY_ROBOT_NAME }}
-          password: ${{ secrets.QUAY_PASSWORD }}
-      - name: Prepare docker Quay image tag
-        id: prepare-quay-image-tag
-        run: |
-          REGISTRY=${{ env.QUAY_RELEASE_REGISTRY }}
-          REPOSITORY=${{ env.QUAY_OPERATOR_REPO }}
-          TAG=${{ steps.tag.outputs.version }}
-          TAGS="${REGISTRY}/${REPOSITORY}:${TAG}"
-          echo "tags=$TAGS" >> $GITHUB_OUTPUT
-      - name: Push Atlas Operator to Quay Registry
-        uses: docker/build-push-action@v3
-        with:
-          context: .
-          push: true
-          tags: ${{ steps.prepare-quay-image-tag.outputs.tags }}
-          build-args: VERSION=${{ steps.tag.outputs.tag }}
-
       - name: Create Release
         id: create_release
         uses: actions/create-release@v1
@@ -120,7 +84,6 @@ jobs:
           body_path: docs/release-notes/release-notes.md
           draft: true
           prerelease: false
-
       - name: Upload Release Asset
         id: upload-release-asset
         uses: actions/upload-release-asset@v1