K8SPSMDB-948: Multi arch build (#1356)

sergelogvinov · hors · web-flow · commit b9f94ba753e0 · 2024-01-17T15:15:21.000+02:00
An easy way to build PSMDB for different architectures.

Signed-off-by: Serge Logvinov &lt;serge.logvinov@sinextra.dev&gt;
Co-authored-by: Viacheslav Sarzhan &lt;slava.sarzhan@percona.com&gt;
diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml
@@ -30,7 +30,7 @@ jobs:
       - uses: actions/checkout@v4.1.1
       - uses: actions/setup-go@v5
         with:
-          go-version: '^1.17'
+          go-version: '^1.21'
       - run: go install mvdan.cc/sh/v3/cmd/shfmt@latest
       - run: $(go env GOPATH)/bin/shfmt -f . | grep -v 'vendor' | xargs $(go env GOPATH)/bin/shfmt -bn -ci -s -w
       - name: suggester / shfmt
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -1,22 +1,56 @@
 name: Scan docker
 on: [pull_request]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: docker.io
+
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: perconalab/percona-server-mongodb-operator
+
 jobs:
   build:
     name: Build
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4.1.1
-      - name: Build an image from Dockerfile
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build an image from Dockerfile (linux/arm64)
         run: |
-          export IMAGE=perconalab/percona-server-mongodb-operator:${{ github.sha }}
+          export IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-arm64
           export DOCKER_PUSH=0
           export DOCKER_SQUASH=0
+          export DOCKER_DEFAULT_PLATFORM='linux/arm64'
           ./e2e-tests/build
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@0.16.1
         with:
-          image-ref: 'docker.io/perconalab/percona-server-mongodb-operator:${{ github.sha }}'
+          image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-arm64'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+
+      - name: Build an image from Dockerfile (linux/amd64)
+        run: |
+          export IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64
+          export DOCKER_PUSH=0
+          export DOCKER_SQUASH=0
+          export DOCKER_DEFAULT_PLATFORM='linux/amd64'
+          ./e2e-tests/build
+
+      - name: Run Trivy vulnerability scanner image (linux/amd64)
+        uses: aquasecurity/trivy-action@0.14.0
+        with:
+          image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64'
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -7,7 +7,7 @@ jobs:
     steps:
       - uses: actions/setup-go@v5
         with:
-          go-version: '^1.19'
+          go-version: '^1.21'
       - uses: actions/checkout@v4.1.1
       - name: go test
         run: go test -v ./...
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -323,6 +323,7 @@ EOF
                                 docker login -u '${USER}' -p '${PASS}'
                                 export RELEASE=0
                                 export IMAGE=\$DOCKER_TAG
+                                docker buildx create --use
                                 ./e2e-tests/build
                                 docker logout
                             "
@@ -349,7 +350,7 @@ EOF
                             -v $WORKSPACE/src/github.com/percona/percona-server-mongodb-operator:/go/src/github.com/percona/percona-server-mongodb-operator \
                             -w /go/src/github.com/percona/percona-server-mongodb-operator \
                             -e GOFLAGS='-buildvcs=false' \
-                            golang:1.19 sh -c '
+                            golang:1.21 sh -c '
                                 go install github.com/google/go-licenses@v1.0.0;
                                 /go/bin/go-licenses csv github.com/percona/percona-server-mongodb-operator/cmd/manager \
                                     | cut -d , -f 3 \
@@ -377,7 +378,7 @@ EOF
                             -v $WORKSPACE/src/github.com/percona/percona-server-mongodb-operator:/go/src/github.com/percona/percona-server-mongodb-operator \
                             -w /go/src/github.com/percona/percona-server-mongodb-operator \
                             -e GOFLAGS='-buildvcs=false' \
-                            golang:1.19 sh -c 'go build -v -o percona-server-mongodb-operator github.com/percona/percona-server-mongodb-operator/cmd/manager'
+                            golang:1.21 sh -c 'go build -v -o percona-server-mongodb-operator github.com/percona/percona-server-mongodb-operator/cmd/manager'
                     "
                 '''
 
diff --git a/build/Dockerfile b/build/Dockerfile
@@ -7,17 +7,16 @@ ARG GIT_COMMIT
 ARG GIT_BRANCH
 ARG GO_LDFLAGS
 ARG GOOS=linux
-ARG GOARCH=amd64
 ARG CGO_ENABLED=0
 
 RUN go mod download \
     && mkdir -p build/_output/bin \
-    && GOOS=$GOOS GOARCH=$GOARCH CGO_ENABLED=$CGO_ENABLED GO_LDFLAGS=$GO_LDFLAGS \
+    && GOOS=$GOOS CGO_ENABLED=$CGO_ENABLED GO_LDFLAGS=$GO_LDFLAGS \
        go build -ldflags "-w -s -X main.GitCommit=$GIT_COMMIT -X main.GitBranch=$GIT_BRANCH" \
            -o build/_output/bin/percona-server-mongodb-operator \
                cmd/manager/main.go \
     && cp -r build/_output/bin/percona-server-mongodb-operator /usr/local/bin/percona-server-mongodb-operator \
-    && GOOS=$GOOS GOARCH=$GOARCH CGO_ENABLED=$CGO_ENABLED GO_LDFLAGS=$GO_LDFLAGS \
+    && GOOS=$GOOS CGO_ENABLED=$CGO_ENABLED GO_LDFLAGS=$GO_LDFLAGS \
        go build -ldflags "-w -s -X main.GitCommit=$GIT_COMMIT -X main.GitBranch=$GIT_BRANCH" \
            -o build/_output/bin/mongodb-healthcheck \
                cmd/mongodb-healthcheck/main.go \
diff --git a/e2e-tests/build b/e2e-tests/build
@@ -14,28 +14,31 @@ fi
 if [[ ${DOCKER_SQUASH:-1} == 1 ]]; then
 	squash="--squash"
 fi
+if [[ ${DOCKER_PUSH:-1} == 1 ]]; then
+	imgresult="--push=true"
+else
+	imgresult="--load"
+fi
 
 build_operator() {
 	if [ "${RELEASE:-1}" = 0 ]; then
 		GO_LDFLAGS="-race"
 	fi
 
 	export IMAGE
-	export DOCKER_DEFAULT_PLATFORM=${DOCKER_DEFAULT_PLATFORM:-linux/amd64}
+	export DOCKER_DEFAULT_PLATFORM=${DOCKER_DEFAULT_PLATFORM:-"linux/amd64,linux/arm64"}
 	export GO_LDFLAGS="-w -s -trimpath $GO_LDFLAGS"
 	pushd ${src_dir}
-	docker build \
+	docker buildx build \
+		--platform $DOCKER_DEFAULT_PLATFORM \
 		--build-arg GIT_COMMIT=$GIT_COMMIT \
 		--build-arg GIT_BRANCH=$GIT_BRANCH \
 		--build-arg GO_LDFLAGS="$GO_LDFLAGS" \
+		$imgresult \
 		$squash \
 		$no_cache \
 		-t "${IMAGE}" -f build/Dockerfile .
 	popd
-
-	if [ "${DOCKER_PUSH:-1}" = 1 ]; then
-		docker push ${IMAGE}
-	fi
 }
 
 until docker ps; do sleep 1; done
