Build multiarch (amd64 and arm64) images

[zregvart]

Explain the changes

1. Makes changes to the scripts in build/tools to build and push multiarch images. Now runs two docker build commands to build images for individual architectures, and an additional docker manifest create to create the multiarch manifest. When pushing docker manifest push is used instead of docker push.

Issues: Fixed #xxx / Gap #xxx

1. n/a

Testing Instructions:

1. Try manually running a release using the scripts in build/tools

• Doc added/updated
• Tests added

Summary by CodeRabbit

• New Features

  • Introduces multi-architecture OCI images (amd64 and arm64). A single versioned tag now automatically selects the correct architecture via a manifest.
  • Adds per-architecture image tags that include OS/arch (e.g., linux-amd64-, linux-arm64-) for explicit pulls.
  • Improves compatibility for ARM-based environments (e.g., Apple Silicon).

• Chores

  • Updates release process to publish and push multi-arch manifests instead of individual images, ensuring the versioned tag references all supported architectures.

[tangledbytes]

Hi, thanks for the PR. Can you please rebase it? I think after that all the tests would start passing.

[coderabbitai]

Walkthrough

Introduces multi-architecture OCI image builds in builder.sh by parameterizing build_oci with OS/arch, adding build_oci_for_all to build amd64/arm64 images and create a versioned manifest, and updating main to use it. In releaser.sh, replaces pushing images with pushing the multi-arch manifest.

Changes

Cohort / File(s)	Summary
Build tooling: multi-arch image build and manifest creation build/tools/builder.sh	Refactors build_oci(tag_prefix, os, arch) to build platform-specific images; adds build_oci_for_all(repository) to build linux/amd64 and linux/arm64 images; creates and tags a Docker manifest aggregating per-arch images; main now calls build_oci_for_all.
Release tooling: push manifest instead of images build/tools/releaser.sh	In create_oci_release, switches from docker push of images to docker manifest push for both docker and quay images; login/tagging flow unchanged.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer/CI
    participant B as builder.sh
    participant D as Docker CLI/Buildx
    participant R as Registry

    Dev->>B: invoke build_oci_for_all(repository)
    B->>D: build_oci(tag_prefix, linux, amd64)
    D-->>R: push image linux/amd64
    B->>D: build_oci(tag_prefix, linux, arm64)
    D-->>R: push image linux/arm64
    B->>D: manifest create version tag
    D-->>R: push manifest (refs amd64/arm64 images)

Loading

sequenceDiagram
    participant Rel as releaser.sh
    participant D as Docker CLI
    participant R as Registry (Docker/Quay)

    Rel->>D: docker manifest push repository/noobaa-operator:<version>
    D-->>R: upload multi-arch manifest

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (1)

build/tools/releaser.sh (1)

193-211: Retag and push per-architecture images before creating and pushing manifest lists

The current releaser.sh only runs docker manifest push for the combined image tags, but never pushes the individual per-arch (“linux-amd64-…”, “linux-arm64-…”) images. Since the manifest list references those leaf images, the push will fail unless they exist in the registry.

Please update build/tools/releaser.sh (around lines 193–211) as follows:

1. Capture the version and repo roots:

   version="$(get_noobaa_version)"
   docker_repo="$DOCKERHUB_USERNAME/noobaa-operator"
   quay_repo="quay.io/$QUAY_USERNAME/noobaa-operator"

2. For each registry, loop over architectures to tag and push the leaf images:

   for arch in amd64 arm64; do
     src="$OCI_ORG/noobaa-operator:linux-${arch}-${version}"
     dst="${docker_repo}:linux-${arch}-${version}"
     docker tag "$src" "$dst"
     docker push "$dst"
   done

3. Create and push the manifest list for each registry:

   docker manifest create "${docker_repo}:${version}" \
     --amend "${docker_repo}:linux-amd64-${version}" \
     --amend "${docker_repo}:linux-arm64-${version}"
   docker manifest push "${docker_repo}:${version}"
   # Repeat the same for ${quay_repo}

Proposed diff snippet:

-  local quay_image="quay.io/$QUAY_USERNAME/noobaa-operator:$(get_noobaa_version)"
-  local docker_image="$DOCKERHUB_USERNAME/noobaa-operator:$(get_noobaa_version)"
+  version="$(get_noobaa_version)"
+  docker_repo="$DOCKERHUB_USERNAME/noobaa-operator"
+  quay_repo="quay.io/$QUAY_USERNAME/noobaa-operator"

-  echo "Tagging the images..."
-  docker tag "$OCI_ORG/noobaa-operator:${version}" $quay_image
-  docker tag "$OCI_ORG/noobaa-operator:${version}" $docker_image
+  echo "Tagging and pushing per-arch images to Docker Hub..."
+  for arch in amd64 arm64; do
+    src="$OCI_ORG/noobaa-operator:linux-${arch}-${version}"
+    dst="${docker_repo}:linux-${arch}-${version}"
+    docker tag "$src" "$dst"
+    docker push "$dst"
+  done

   echo "Logging in to docker.io..."
   echo "$DOCKERHUB_TOKEN" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin

-  echo "Pushing the images to docker.io..."
-  docker manifest push $docker_image
+  echo "Creating and pushing multi-arch manifest to Docker Hub..."
+  docker manifest create "${docker_repo}:${version}" \
+    --amend "${docker_repo}:linux-amd64-${version}" \
+    --amend "${docker_repo}:linux-arm64-${version}"
+  docker manifest push "${docker_repo}:${version}"

   echo "Logging in to quay.io..."
   echo "$QUAY_TOKEN" | docker login -u "$QUAY_USERNAME" --password-stdin quay.io

-  echo "Pushing the images to quay.io..."
-  docker manifest push $quay_image
+  echo "Tagging and pushing per-arch images to Quay.io..."
+  for arch in amd64 arm64; do
+    src="$OCI_ORG/noobaa-operator:linux-${arch}-${version}"
+    dst="${quay_repo}:linux-${arch}-${version}"
+    docker tag "$src" "$dst"
+    docker push "$dst"
+  done
+
+  echo "Creating and pushing multi-arch manifest to Quay.io..."
+  docker manifest create "${quay_repo}:${version}" \
+    --amend "${quay_repo}:linux-amd64-${version}" \
+    --amend "${quay_repo}:linux-arm64-${version}"
+  docker manifest push "${quay_repo}:${version}"

🧹 Nitpick comments (3)

build/tools/builder.sh (3)

106-110: Quote expansions and address ShellCheck warnings; ensure cross-arch builds are reproducible

• SC2046: Quote command substitutions and variables to avoid word-splitting.
• Building for a non-native arch with plain docker build --platform relies on BuildKit/binfmt emulation being available. If not guaranteed in CI, this may silently produce host-arch images. Consider verifying BuildKit is enabled and/or using docker buildx build.

Patch:

-  docker build --platform $os/$arch --build-arg NOOBAA_BIN_PATH=$(generate_full_bin_path $os $arch) -t $tag_prefix/noobaa-operator:${os}-${arch}-$(get_noobaa_version) -f build/Dockerfile .
+  docker build \
+    --platform "${os}/${arch}" \
+    --build-arg NOOBAA_BIN_PATH="$(generate_full_bin_path "$os" "$arch")" \
+    -t "${tag_prefix}/noobaa-operator:${os}-${arch}-$(get_noobaa_version)" \
+    -f build/Dockerfile .

If BuildKit/buildx is available, prefer:

• docker buildx create/use
• docker buildx build --platform linux/amd64,linux/arm64 --push ...

Ensure CI runners have binfmt_misc set up for arm64 when running on amd64 hosts, or switch to buildx with QEMU baked in.

---

117-121: Avoid masking return values; assign local version separately

SC2155: Declare and assign separately for clarity and to avoid masking return values in subshell failure cases.

-  local version=$(get_noobaa_version)
+  local version
+  version="$(get_noobaa_version)"

---

112-121: Create manifest close to where images are pushed, or push images here

This function creates a local manifest referencing tags under "${repository}" but does not push the per-arch images nor the manifest. Since releaser.sh pushes manifests to user/org-specific repos, the manifest should be created per target repo after retagging and pushing the per-arch images (see releaser.sh review). Alternatively, push the per-arch images and the manifest here to "${repository}" and have releaser mirror across repos.

Suggested direction:

• Either remove the manifest creation here and move it entirely to releaser.sh per target repo, or
• Add optional push logic here (docker push per-arch tags, then docker manifest push) gated behind a flag.

Confirm desired source of truth for manifests: built once under "${OCI_ORG}" and mirrored, or created separately per target repository.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between de1d328 and bf4c9a2.

📒 Files selected for processing (2)

• build/tools/builder.sh (2 hunks)
• build/tools/releaser.sh (1 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (1)

build/tools/builder.sh (1)

build/tools/utils.sh (1)

• get_noobaa_version (44-51)

🪛 Shellcheck (0.10.0)

build/tools/builder.sh

[warning] 109-109: Quote this to prevent word splitting.

(SC2046)

---

[warning] 109-109: Quote this to prevent word splitting.

(SC2046)

---

[warning] 117-117: Declare and assign separately to avoid masking return values.

(SC2155)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (12)

• GitHub Check: run-azure-vault-test
• GitHub Check: run-kms-kmip-test
• GitHub Check: cnpg-deployment-test
• GitHub Check: run-kms-tls-token-test
• GitHub Check: run-cli-tests
• GitHub Check: run-kms-key-rotate-test
• GitHub Check: run-hac-test
• GitHub Check: run-operator-tests
• GitHub Check: run-kms-dev-test
• GitHub Check: run-core-config-map-tests
• GitHub Check: run-admission-test
• GitHub Check: run-kms-tls-sa-test

🔇 Additional comments (1)

build/tools/builder.sh (1)

223-224: Good: switching main flow to build multi-arch artifacts

Using build_oci_for_all aligns the build with the new multi-arch release flow.

[liranmauda]

@tangledbytes Could you take a look?