From 0f0fb43fcca9f6bee4d7d874aa94701077205666 Mon Sep 17 00:00:00 2001 From: Rehan Khan Date: Tue, 24 Sep 2024 11:38:06 +0530 Subject: [PATCH 1/7] Added support for s390x and ppc64le via catalog source Co-authored-by: Rehan Khan Co-authored-by: Deepali Kushwah Signed-off-by: Rehan Khan --- .github/workflows/build-images.yaml | 63 ++++++++++------------------- README.md | 11 ----- script/build_catalog.sh | 40 ++++++++++++++++++ 3 files changed, 62 insertions(+), 52 deletions(-) create mode 100644 script/build_catalog.sh diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml index 6400acd3..5603cc31 100644 --- a/.github/workflows/build-images.yaml +++ b/.github/workflows/build-images.yaml @@ -192,48 +192,29 @@ jobs: else echo "VERSION=${{ github.sha }}" >> $GITHUB_ENV fi - - name: Install qemu dependency - run: | - sudo apt-get update - sudo apt-get install -y qemu-user-static - - name: Run make catalog (main) - if: ${{ github.ref_name == env.MAIN_BRANCH_NAME }} - run: | - make catalog \ - REGISTRY=${{ env.IMG_REGISTRY_HOST }} ORG=${{ env.IMG_REGISTRY_ORG }} \ - VERSION=${{ env.VERSION }} \ - IMAGE_TAG=${{ github.sha }} \ - AUTHORINO_VERSION=${{ env.LATEST_AUTHORINO_GITREF }} \ - CHANNELS=${{ inputs.channels }} - - name: Run make catalog (release) - if: ${{ github.ref_name != env.MAIN_BRANCH_NAME }} - run: | - make catalog \ - REGISTRY=${{ env.IMG_REGISTRY_HOST }} ORG=${{ env.IMG_REGISTRY_ORG }} \ - VERSION=${{ env.VERSION }} \ - AUTHORINO_VERSION=${{ github.event.inputs.authorinoVersion }} \ - CHANNELS=${{ inputs.channels }} - - name: Git diff - run: git diff - - name: Build Image - id: build-image - uses: redhat-actions/buildah-build@v2 + - name: Install opm from OpenShift Mirror + uses: redhat-actions/openshift-tools-installer@v1 with: - image: ${{ env.OPERATOR_NAME }}-catalog - tags: ${{ env.IMG_TAGS }} - platforms: linux/amd64,linux/arm64 - context: ./catalog - dockerfiles: | - ./catalog/${{ env.OPERATOR_NAME }}-catalog.Dockerfile - - name: Push Image - if: ${{ !env.ACT }} - id: push-to-quay - uses: redhat-actions/push-to-registry@v2 + opm: "4.14.4" + - name: Set permissions for build script + run: chmod +x ./script/build_catalog.sh + - name: Login to Quay.io + uses: docker/login-action@v1 with: - image: ${{ steps.build-image.outputs.image }} - tags: ${{ steps.build-image.outputs.tags }} - registry: ${{ env.IMG_REGISTRY_HOST }}/${{ env.IMG_REGISTRY_ORG }} + registry: ${{ secrets.IMG_REGISTRY_HOST || 'quay.io' }} username: ${{ secrets.IMG_REGISTRY_USERNAME }} password: ${{ secrets.IMG_REGISTRY_TOKEN }} - - name: Print Image URL - run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}" + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: build and push catalog (main) + if: ${{ github.ref_name == env.MAIN_BRANCH_NAME }} + shell: bash + env: + TAG: ${{ env.IMG_TAGS }} + run: ./script/build_catalog.sh + - name: build and push catalog (release) + if: ${{ github.ref_name != env.MAIN_BRANCH_NAME }} + shell: bash + env: + TAG: ${{ env.IMG_TAGS }} + run: ./script/build_catalog.sh \ No newline at end of file diff --git a/README.md b/README.md index 239b0e0d..93317778 100644 --- a/README.md +++ b/README.md @@ -77,17 +77,6 @@ spec: EOF ``` -## Deploy authorino operator using operator-sdk -1. Install operator-sdk bin - ```sh - make operator-sdk - ``` -2. Run operator-sdk bundle command - ``` - ./bin/operator-sdk run bundle quay.io/kuadrant/authorino-operator-bundle:latest - ``` -Note: For s390x & ppc64le , use operator-sdk to install authorino-operator - ## Requesting an Authorino instance Once the Operator is up and running, you can request instances of Authorino by creating `Authorino` CRs. E.g.: diff --git a/script/build_catalog.sh b/script/build_catalog.sh new file mode 100644 index 00000000..7a7df464 --- /dev/null +++ b/script/build_catalog.sh @@ -0,0 +1,40 @@ +#!/usr/bin/env bash +# builds the OLM catalog index and pushes it to quay.io. +# +# To push to your own registry, override the IMG_REGISTRY_HOST , IMG_REGISTRY_ORG , OPERATOR_NAME and TAG env vars, +# i.e: +# IMG_REGISTRY_HOST=quay.io IMG_REGISTRY_ORG=yourusername OPERATOR_NAME=authorino-operator TAG=latest ./script/build_catalog.sh +# +# REQUIREMENTS: +# * a valid login session to a container registry. +# * `docker` +# * `opm` +# + +# Iterate over tag list i.e. latest 8a17c81d5e9f04545753e5501dddc4a0ac2c7e03 +IFS=' ' read -r -a tags <<< "$TAG" + +for tag in "${tags[@]}" +do + # Build & push catalog images for each architecture using the tag + opm index add --build-tool docker --tag "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-amd64" --bundles "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-bundle:${tag}" --binary-image "quay.io/operator-framework/opm:v1.28.0-amd64" + docker push ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-amd64 + + opm index add --build-tool docker --tag "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-ppc64le" --bundles "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-bundle:${tag}" --binary-image "quay.io/operator-framework/opm:v1.28.0-ppc64le" + docker push ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-ppc64le + + opm index add --build-tool docker --tag "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-arm64" --bundles "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-bundle:${tag}" --binary-image "quay.io/operator-framework/opm:v1.28.0-arm64" + docker push ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-arm64 + + opm index add --build-tool docker --tag "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-s390x" --bundles "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-bundle:${tag}" --binary-image "quay.io/operator-framework/opm:v1.28.0-s390x" + docker push ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-s390x + + # Create a multi-architecture manifest + docker manifest create --amend ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag} \ + ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-amd64 \ + ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-arm64 \ + ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-ppc64le \ + ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-s390x + + docker manifest push ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag} +done \ No newline at end of file From c27902ae3ef78761e233e25cc824e85bd0eafd46 Mon Sep 17 00:00:00 2001 From: Rehan Khan Date: Mon, 4 Nov 2024 13:20:55 +0530 Subject: [PATCH 2/7] Made changes with to build via file based catalog Signed-off-by: Rehan Khan --- .github/workflows/build-images.yaml | 16 ++++----- make/catalog.mk | 13 +++++++ script/build_catalog.sh | 55 +++++++++++++++-------------- 3 files changed, 49 insertions(+), 35 deletions(-) diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml index 5603cc31..915684d0 100644 --- a/.github/workflows/build-images.yaml +++ b/.github/workflows/build-images.yaml @@ -192,20 +192,18 @@ jobs: else echo "VERSION=${{ github.sha }}" >> $GITHUB_ENV fi - - name: Install opm from OpenShift Mirror - uses: redhat-actions/openshift-tools-installer@v1 - with: - opm: "4.14.4" - - name: Set permissions for build script - run: chmod +x ./script/build_catalog.sh + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 - name: Login to Quay.io uses: docker/login-action@v1 with: - registry: ${{ secrets.IMG_REGISTRY_HOST || 'quay.io' }} + registry: ${{ env.IMG_REGISTRY_HOST }} username: ${{ secrets.IMG_REGISTRY_USERNAME }} password: ${{ secrets.IMG_REGISTRY_TOKEN }} - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + - name: Set permissions for build script + run: chmod +x ./script/build_catalog.sh + - name: Git diff + run: git diff - name: build and push catalog (main) if: ${{ github.ref_name == env.MAIN_BRANCH_NAME }} shell: bash diff --git a/make/catalog.mk b/make/catalog.mk index fe9e0ef4..c7068a24 100644 --- a/make/catalog.mk +++ b/make/catalog.mk @@ -32,6 +32,19 @@ catalog: $(OPM) ## Generate catalog content and validate. $(MAKE) $(CATALOG_FILE) BUNDLE_IMG=$(BUNDLE_IMG) cd $(PROJECT_DIR)/catalog && $(OPM) validate authorino-operator-catalog +.PHONY: catalog-multiarch +catalog-multiarch: $(OPM) ## Generate catalog content using architechture specific binaries and validate. + #Initializing the Catalog + @echo "Building catalog for architecture: $(arch)" + -rm -rf $(PROJECT_DIR)/catalog/authorino-operator-catalog + -rm -rf $(PROJECT_DIR)/catalog/authorino-operator-catalog.Dockerfile + -mkdir -p $(PROJECT_DIR)/catalog/authorino-operator-catalog + cd $(PROJECT_DIR)/catalog && $(OPM) generate dockerfile authorino-operator-catalog -i "quay.io/operator-framework/opm:v1.28.0-${arch}" + @echo "creating dir" + $(MAKE) $(CATALOG_FILE) BUNDLE_IMG=$(BUNDLE_IMG) + @echo "leaving dir" + cd $(PROJECT_DIR)/catalog && $(OPM) validate authorino-operator-catalog + # Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'. # Ref https://olm.operatorframework.io/docs/tasks/creating-a-catalog/#catalog-creation-with-raw-file-based-catalogs .PHONY: catalog-build diff --git a/script/build_catalog.sh b/script/build_catalog.sh index 7a7df464..883e85bb 100644 --- a/script/build_catalog.sh +++ b/script/build_catalog.sh @@ -1,6 +1,5 @@ #!/usr/bin/env bash -# builds the OLM catalog index and pushes it to quay.io. -# +# Builds the OLM catalog index and pushes it to quay.io. # To push to your own registry, override the IMG_REGISTRY_HOST , IMG_REGISTRY_ORG , OPERATOR_NAME and TAG env vars, # i.e: # IMG_REGISTRY_HOST=quay.io IMG_REGISTRY_ORG=yourusername OPERATOR_NAME=authorino-operator TAG=latest ./script/build_catalog.sh @@ -9,32 +8,36 @@ # * a valid login session to a container registry. # * `docker` # * `opm` -# - -# Iterate over tag list i.e. latest 8a17c81d5e9f04545753e5501dddc4a0ac2c7e03 -IFS=' ' read -r -a tags <<< "$TAG" -for tag in "${tags[@]}" -do - # Build & push catalog images for each architecture using the tag - opm index add --build-tool docker --tag "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-amd64" --bundles "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-bundle:${tag}" --binary-image "quay.io/operator-framework/opm:v1.28.0-amd64" - docker push ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-amd64 +set -e # Exit on error - opm index add --build-tool docker --tag "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-ppc64le" --bundles "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-bundle:${tag}" --binary-image "quay.io/operator-framework/opm:v1.28.0-ppc64le" - docker push ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-ppc64le - - opm index add --build-tool docker --tag "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-arm64" --bundles "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-bundle:${tag}" --binary-image "quay.io/operator-framework/opm:v1.28.0-arm64" - docker push ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-arm64 - - opm index add --build-tool docker --tag "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-s390x" --bundles "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-bundle:${tag}" --binary-image "quay.io/operator-framework/opm:v1.28.0-s390x" - docker push ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-s390x +# Split tags into an array +IFS=' ' read -r -a tags <<< "$TAG" +first_tag="${tags[0]}" +architectures=("amd64" "arm64" "ppc64le" "s390x") +# Build and push catalog images for each architecture +for arch in "${architectures[@]}"; do + make catalog-multiarch arch="${arch}" + image_tag="${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-${arch}" + make catalog-build CATALOG_IMG="${image_tag}" + docker push "${image_tag}" & + wait +done - # Create a multi-architecture manifest - docker manifest create --amend ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag} \ - ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-amd64 \ - ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-arm64 \ - ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-ppc64le \ - ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}-s390x +# Tag and push the manifest for tags +for tag in "${tags[@]}"; do + echo "Creating manifest for $TAG" + docker manifest create --amend "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" \ + ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-amd64 \ + ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-arm64 \ + ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-ppc64le \ + ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-s390x + docker manifest push "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" + docker rmi "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" || true +done - docker manifest push ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag} +# Clean up images +for arch in "${architectures[@]}"; do + image_tag="${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-${arch}" + docker rmi "${image_tag}" || true done \ No newline at end of file From 79a53e68d31b2c4764dfa65c761c062f98e24d65 Mon Sep 17 00:00:00 2001 From: Rehan Khan Date: Mon, 4 Nov 2024 16:10:55 +0530 Subject: [PATCH 3/7] Made the manifest creation dynamic and pushed build script as executible Signed-off-by: Rehan Khan --- .github/workflows/build-images.yaml | 3 +-- script/build_catalog.sh | 15 +++++++-------- 2 files changed, 8 insertions(+), 10 deletions(-) mode change 100644 => 100755 script/build_catalog.sh diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml index 915684d0..831d2df3 100644 --- a/.github/workflows/build-images.yaml +++ b/.github/workflows/build-images.yaml @@ -24,6 +24,7 @@ env: OPERATOR_NAME: authorino-operator BUILD_CONFIG_FILE: build.yaml LATEST_AUTHORINO_GITREF: ${{ vars.AUTHORINO_SHA != '' && vars.AUTHORINO_SHA || 'latest' }} + ARCHITECTURES: "amd64 arm64 ppc64le s390x" jobs: build: @@ -200,8 +201,6 @@ jobs: registry: ${{ env.IMG_REGISTRY_HOST }} username: ${{ secrets.IMG_REGISTRY_USERNAME }} password: ${{ secrets.IMG_REGISTRY_TOKEN }} - - name: Set permissions for build script - run: chmod +x ./script/build_catalog.sh - name: Git diff run: git diff - name: build and push catalog (main) diff --git a/script/build_catalog.sh b/script/build_catalog.sh old mode 100644 new mode 100755 index 883e85bb..1d27ee4a --- a/script/build_catalog.sh +++ b/script/build_catalog.sh @@ -14,9 +14,9 @@ set -e # Exit on error # Split tags into an array IFS=' ' read -r -a tags <<< "$TAG" first_tag="${tags[0]}" -architectures=("amd64" "arm64" "ppc64le" "s390x") +architectures=(${ARCHITECTURES}) # Build and push catalog images for each architecture -for arch in "${architectures[@]}"; do +for arch in "${architectures[@]}"; do make catalog-multiarch arch="${arch}" image_tag="${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-${arch}" make catalog-build CATALOG_IMG="${image_tag}" @@ -24,14 +24,13 @@ for arch in "${architectures[@]}"; do wait done -# Tag and push the manifest for tags +# Tag and push the manifest for additional tags for tag in "${tags[@]}"; do echo "Creating manifest for $TAG" - docker manifest create --amend "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" \ - ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-amd64 \ - ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-arm64 \ - ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-ppc64le \ - ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-s390x + docker manifest create --amend "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" \ + $(for arch in "${architectures[@]}"; do + echo "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${FIRST_TAG}-${arch}" + done) docker manifest push "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" docker rmi "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" || true done From 4686eaa8fcc81572d15504e55642928e7db8bcc8 Mon Sep 17 00:00:00 2001 From: Rehan Khan Date: Mon, 4 Nov 2024 16:12:31 +0530 Subject: [PATCH 4/7] Revert "Made the manifest creation dynamic and pushed build script as executible" This reverts commit 4900e43a8acd90e126ef0290d412598436d9e4e0. Signed-off-by: Rehan Khan --- .github/workflows/build-images.yaml | 3 ++- script/build_catalog.sh | 15 ++++++++------- 2 files changed, 10 insertions(+), 8 deletions(-) mode change 100755 => 100644 script/build_catalog.sh diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml index 831d2df3..915684d0 100644 --- a/.github/workflows/build-images.yaml +++ b/.github/workflows/build-images.yaml @@ -24,7 +24,6 @@ env: OPERATOR_NAME: authorino-operator BUILD_CONFIG_FILE: build.yaml LATEST_AUTHORINO_GITREF: ${{ vars.AUTHORINO_SHA != '' && vars.AUTHORINO_SHA || 'latest' }} - ARCHITECTURES: "amd64 arm64 ppc64le s390x" jobs: build: @@ -201,6 +200,8 @@ jobs: registry: ${{ env.IMG_REGISTRY_HOST }} username: ${{ secrets.IMG_REGISTRY_USERNAME }} password: ${{ secrets.IMG_REGISTRY_TOKEN }} + - name: Set permissions for build script + run: chmod +x ./script/build_catalog.sh - name: Git diff run: git diff - name: build and push catalog (main) diff --git a/script/build_catalog.sh b/script/build_catalog.sh old mode 100755 new mode 100644 index 1d27ee4a..883e85bb --- a/script/build_catalog.sh +++ b/script/build_catalog.sh @@ -14,9 +14,9 @@ set -e # Exit on error # Split tags into an array IFS=' ' read -r -a tags <<< "$TAG" first_tag="${tags[0]}" -architectures=(${ARCHITECTURES}) +architectures=("amd64" "arm64" "ppc64le" "s390x") # Build and push catalog images for each architecture -for arch in "${architectures[@]}"; do +for arch in "${architectures[@]}"; do make catalog-multiarch arch="${arch}" image_tag="${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-${arch}" make catalog-build CATALOG_IMG="${image_tag}" @@ -24,13 +24,14 @@ for arch in "${architectures[@]}"; do wait done -# Tag and push the manifest for additional tags +# Tag and push the manifest for tags for tag in "${tags[@]}"; do echo "Creating manifest for $TAG" - docker manifest create --amend "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" \ - $(for arch in "${architectures[@]}"; do - echo "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${FIRST_TAG}-${arch}" - done) + docker manifest create --amend "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" \ + ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-amd64 \ + ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-arm64 \ + ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-ppc64le \ + ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-s390x docker manifest push "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" docker rmi "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" || true done From d018ed8bb26a3e7cd514537a6c516a8aea803587 Mon Sep 17 00:00:00 2001 From: Rehan Khan Date: Mon, 4 Nov 2024 16:17:46 +0530 Subject: [PATCH 5/7] Made the manifest creation dynamic and pushed build script as executible Signed-off-by: Rehan Khan --- .github/workflows/build-images.yaml | 3 +-- script/build_catalog.sh | 10 +++++----- 2 files changed, 6 insertions(+), 7 deletions(-) mode change 100644 => 100755 script/build_catalog.sh diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml index 915684d0..831d2df3 100644 --- a/.github/workflows/build-images.yaml +++ b/.github/workflows/build-images.yaml @@ -24,6 +24,7 @@ env: OPERATOR_NAME: authorino-operator BUILD_CONFIG_FILE: build.yaml LATEST_AUTHORINO_GITREF: ${{ vars.AUTHORINO_SHA != '' && vars.AUTHORINO_SHA || 'latest' }} + ARCHITECTURES: "amd64 arm64 ppc64le s390x" jobs: build: @@ -200,8 +201,6 @@ jobs: registry: ${{ env.IMG_REGISTRY_HOST }} username: ${{ secrets.IMG_REGISTRY_USERNAME }} password: ${{ secrets.IMG_REGISTRY_TOKEN }} - - name: Set permissions for build script - run: chmod +x ./script/build_catalog.sh - name: Git diff run: git diff - name: build and push catalog (main) diff --git a/script/build_catalog.sh b/script/build_catalog.sh old mode 100644 new mode 100755 index 883e85bb..43f0c13d --- a/script/build_catalog.sh +++ b/script/build_catalog.sh @@ -14,7 +14,7 @@ set -e # Exit on error # Split tags into an array IFS=' ' read -r -a tags <<< "$TAG" first_tag="${tags[0]}" -architectures=("amd64" "arm64" "ppc64le" "s390x") +architectures=(${ARCHITECTURES}) # Build and push catalog images for each architecture for arch in "${architectures[@]}"; do make catalog-multiarch arch="${arch}" @@ -28,14 +28,14 @@ done for tag in "${tags[@]}"; do echo "Creating manifest for $TAG" docker manifest create --amend "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" \ - ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-amd64 \ - ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-arm64 \ - ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-ppc64le \ - ${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-s390x + $(for arch in "${architectures[@]}"; do + echo "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-${arch}" + done) docker manifest push "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" docker rmi "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" || true done + # Clean up images for arch in "${architectures[@]}"; do image_tag="${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-${arch}" From c513206f36157b0d6a5e9761487fcdb874a82fd1 Mon Sep 17 00:00:00 2001 From: Rehan Khan Date: Mon, 4 Nov 2024 16:18:55 +0530 Subject: [PATCH 6/7] Small correction made Signed-off-by: Rehan Khan --- script/build_catalog.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/build_catalog.sh b/script/build_catalog.sh index 43f0c13d..a176f97c 100755 --- a/script/build_catalog.sh +++ b/script/build_catalog.sh @@ -27,7 +27,7 @@ done # Tag and push the manifest for tags for tag in "${tags[@]}"; do echo "Creating manifest for $TAG" - docker manifest create --amend "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" \ + docker manifest create --amend "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" \ $(for arch in "${architectures[@]}"; do echo "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-${arch}" done) From 7a7a37c29e67b0c37e75552f71ce378b87f05cca Mon Sep 17 00:00:00 2001 From: Rehan Khan Date: Wed, 6 Nov 2024 11:47:45 +0530 Subject: [PATCH 7/7] Made changes to build images using buildah Signed-off-by: Rehan Khan --- .github/workflows/build-images.yaml | 97 +++++++++++++++++++++++++---- make/catalog.mk | 25 +++----- script/build_catalog.sh | 43 ------------- utils/create-manifest.sh | 37 +++++++++++ 4 files changed, 131 insertions(+), 71 deletions(-) delete mode 100755 script/build_catalog.sh create mode 100755 utils/create-manifest.sh diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml index 831d2df3..f1fce3c3 100644 --- a/.github/workflows/build-images.yaml +++ b/.github/workflows/build-images.yaml @@ -163,6 +163,9 @@ jobs: name: Build and push catalog image needs: [build, build-bundle] runs-on: ubuntu-20.04 + strategy: + matrix: + arch: [ amd64, arm64, ppc64le, s390x ] if: github.ref_name == 'main' || startsWith(github.ref, 'refs/tags/v') # We cannot use `env.MAIN_BRANCH_NAME` because `env` context is not available to `job.if`. See https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability steps: - name: Set up Go 1.21.x @@ -170,6 +173,81 @@ jobs: with: go-version: 1.21.x id: go + - name: Check out code + uses: actions/checkout@v3 + - name: Add latest tag + if: ${{ github.ref_name == env.MAIN_BRANCH_NAME }} + id: add-latest-tag + run: | + echo "IMG_TAGS=latest-${{ matrix.arch }} ${{ env.IMG_TAGS }}" >> $GITHUB_ENV + - name: Add release tag + if: ${{ github.ref_name != env.MAIN_BRANCH_NAME }} + id: add-branch-tag + run: | + TAG_NAME=${GITHUB_REF_NAME/\//-} + echo "TAG_NAME=${TAG_NAME}" >> $GITHUB_ENV + echo "IMG_TAGS=${TAG_NAME}-${{ matrix.arch }} ${{ env.IMG_TAGS }}" >> $GITHUB_ENV + - name: Set Operator version + id: operator-version + run: | + tag=${GITHUB_REF_NAME} + if [[ ${tag} =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-.+)?$ ]]; then + echo "VERSION=${tag#v}" >> $GITHUB_ENV + else + echo "VERSION=${{ github.sha }}" >> $GITHUB_ENV + fi + - name: Install qemu dependency + run: | + sudo apt-get update + sudo apt-get install -y qemu-user-static + - name: Run make catalog (main) + if: ${{ github.ref_name == env.MAIN_BRANCH_NAME }} + run: | + make catalog \ + REGISTRY=${{ env.IMG_REGISTRY_HOST }} ORG=${{ env.IMG_REGISTRY_ORG }} \ + VERSION=${{ env.VERSION }} \ + IMAGE_TAG=${{ github.sha }} \ + AUTHORINO_VERSION=${{ env.LATEST_AUTHORINO_GITREF }} \ + CHANNELS=${{ inputs.channels }} \ + CATALOG_ARCH=${{ matrix.arch }} + - name: Run make catalog (release) + if: ${{ github.ref_name != env.MAIN_BRANCH_NAME }} + run: | + make catalog \ + REGISTRY=${{ env.IMG_REGISTRY_HOST }} ORG=${{ env.IMG_REGISTRY_ORG }} \ + VERSION=${{ env.VERSION }} \ + AUTHORINO_VERSION=${{ github.event.inputs.authorinoVersion }} \ + CHANNELS=${{ inputs.channels }} \ + CATALOG_ARCH=${{ matrix.arch }} + - name: Git diff + run: git diff + - name: Build Image + id: build-image + uses: redhat-actions/buildah-build@v2 + with: + image: ${{ env.OPERATOR_NAME }}-catalog + tags: ${{ env.IMG_TAGS }} + platforms: linux/${{ matrix.arch }} + context: ./catalog + dockerfiles: | + ./catalog/${{ env.OPERATOR_NAME }}-catalog.Dockerfile + - name: Push Image + if: ${{ !env.ACT }} + id: push-to-quay + uses: redhat-actions/push-to-registry@v2 + with: + image: ${{ steps.build-image.outputs.image }} + tags: ${{ steps.build-image.outputs.tags }} + registry: ${{ env.IMG_REGISTRY_HOST }}/${{ env.IMG_REGISTRY_ORG }} + username: ${{ secrets.IMG_REGISTRY_USERNAME }} + password: ${{ secrets.IMG_REGISTRY_TOKEN }} + - name: Print Image URL + run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths}}" + create-manifests: + name: Create and push catalog image manifests + needs: [build, build-bundle,build-catalog] + runs-on: ubuntu-20.04 + steps: - name: Check out code uses: actions/checkout@v3 - name: Add latest tag @@ -193,25 +271,18 @@ jobs: else echo "VERSION=${{ github.sha }}" >> $GITHUB_ENV fi - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + - name: Install qemu dependency + run: | + sudo apt-get update + sudo apt-get install -y qemu-user-static - name: Login to Quay.io uses: docker/login-action@v1 with: registry: ${{ env.IMG_REGISTRY_HOST }} username: ${{ secrets.IMG_REGISTRY_USERNAME }} password: ${{ secrets.IMG_REGISTRY_TOKEN }} - - name: Git diff - run: git diff - - name: build and push catalog (main) - if: ${{ github.ref_name == env.MAIN_BRANCH_NAME }} - shell: bash - env: - TAG: ${{ env.IMG_TAGS }} - run: ./script/build_catalog.sh - - name: build and push catalog (release) - if: ${{ github.ref_name != env.MAIN_BRANCH_NAME }} + - name: Creating and Pushing Manifests shell: bash env: TAG: ${{ env.IMG_TAGS }} - run: ./script/build_catalog.sh \ No newline at end of file + run: ./utils/create-manifest.sh \ No newline at end of file diff --git a/make/catalog.mk b/make/catalog.mk index c7068a24..72e90312 100644 --- a/make/catalog.mk +++ b/make/catalog.mk @@ -3,12 +3,20 @@ # The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0). CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:$(IMAGE_TAG) +OPM_DOCKERFILE_VERSION ?= 1.28.0 + +ifeq ($(origin CATALOG_ARCH),undefined) +OPM_DOCKERFILE_TAG = latest +else +OPM_DOCKERFILE_TAG = v$(OPM_DOCKERFILE_VERSION)-$(CATALOG_ARCH) +endif + CATALOG_FILE = $(PROJECT_DIR)/catalog/authorino-operator-catalog/operator.yaml CATALOG_DOCKERFILE = $(PROJECT_DIR)/catalog/authorino-operator-catalog.Dockerfile $(CATALOG_DOCKERFILE): $(OPM) -mkdir -p $(PROJECT_DIR)/catalog/authorino-operator-catalog - cd $(PROJECT_DIR)/catalog && $(OPM) generate dockerfile authorino-operator-catalog + cd $(PROJECT_DIR)/catalog && $(OPM) generate dockerfile authorino-operator-catalog -i "quay.io/operator-framework/opm:${OPM_DOCKERFILE_TAG}" catalog-dockerfile: $(CATALOG_DOCKERFILE) ## Generate catalog dockerfile. $(CATALOG_FILE): $(OPM) $(YQ) @@ -32,19 +40,6 @@ catalog: $(OPM) ## Generate catalog content and validate. $(MAKE) $(CATALOG_FILE) BUNDLE_IMG=$(BUNDLE_IMG) cd $(PROJECT_DIR)/catalog && $(OPM) validate authorino-operator-catalog -.PHONY: catalog-multiarch -catalog-multiarch: $(OPM) ## Generate catalog content using architechture specific binaries and validate. - #Initializing the Catalog - @echo "Building catalog for architecture: $(arch)" - -rm -rf $(PROJECT_DIR)/catalog/authorino-operator-catalog - -rm -rf $(PROJECT_DIR)/catalog/authorino-operator-catalog.Dockerfile - -mkdir -p $(PROJECT_DIR)/catalog/authorino-operator-catalog - cd $(PROJECT_DIR)/catalog && $(OPM) generate dockerfile authorino-operator-catalog -i "quay.io/operator-framework/opm:v1.28.0-${arch}" - @echo "creating dir" - $(MAKE) $(CATALOG_FILE) BUNDLE_IMG=$(BUNDLE_IMG) - @echo "leaving dir" - cd $(PROJECT_DIR)/catalog && $(OPM) validate authorino-operator-catalog - # Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'. # Ref https://olm.operatorframework.io/docs/tasks/creating-a-catalog/#catalog-creation-with-raw-file-based-catalogs .PHONY: catalog-build @@ -62,4 +57,4 @@ deploy-catalog: $(KUSTOMIZE) $(YQ) ## Deploy operator to the K8s cluster specifi $(KUSTOMIZE) build config/deploy/olm | kubectl apply -f - undeploy-catalog: $(KUSTOMIZE) ## Undeploy controller from the K8s cluster specified in ~/.kube/config using OLM catalog image. - $(KUSTOMIZE) build config/deploy/olm | kubectl delete -f - + $(KUSTOMIZE) build config/deploy/olm | kubectl delete -f - \ No newline at end of file diff --git a/script/build_catalog.sh b/script/build_catalog.sh deleted file mode 100755 index a176f97c..00000000 --- a/script/build_catalog.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/usr/bin/env bash -# Builds the OLM catalog index and pushes it to quay.io. -# To push to your own registry, override the IMG_REGISTRY_HOST , IMG_REGISTRY_ORG , OPERATOR_NAME and TAG env vars, -# i.e: -# IMG_REGISTRY_HOST=quay.io IMG_REGISTRY_ORG=yourusername OPERATOR_NAME=authorino-operator TAG=latest ./script/build_catalog.sh -# -# REQUIREMENTS: -# * a valid login session to a container registry. -# * `docker` -# * `opm` - -set -e # Exit on error - -# Split tags into an array -IFS=' ' read -r -a tags <<< "$TAG" -first_tag="${tags[0]}" -architectures=(${ARCHITECTURES}) -# Build and push catalog images for each architecture -for arch in "${architectures[@]}"; do - make catalog-multiarch arch="${arch}" - image_tag="${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-${arch}" - make catalog-build CATALOG_IMG="${image_tag}" - docker push "${image_tag}" & - wait -done - -# Tag and push the manifest for tags -for tag in "${tags[@]}"; do - echo "Creating manifest for $TAG" - docker manifest create --amend "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" \ - $(for arch in "${architectures[@]}"; do - echo "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-${arch}" - done) - docker manifest push "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" - docker rmi "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" || true -done - - -# Clean up images -for arch in "${architectures[@]}"; do - image_tag="${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-${arch}" - docker rmi "${image_tag}" || true -done \ No newline at end of file diff --git a/utils/create-manifest.sh b/utils/create-manifest.sh new file mode 100755 index 00000000..f960f1e9 --- /dev/null +++ b/utils/create-manifest.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +# Builds the OLM catalog index manifests and pushes it to quay.io. +# To push to your own registry, override the IMG_REGISTRY_HOST, IMG_REGISTRY_ORG, OPERATOR_NAME, and TAG env vars, +# i.e: +# IMG_REGISTRY_HOST=quay.io IMG_REGISTRY_ORG=yourusername OPERATOR_NAME=authorino-operator TAG=latest ./script/build_catalog.sh +# +set -e # Exit on error +IFS=' ' read -r -a tags <<< "$TAG" +architectures=(${ARCHITECTURES}) +first_tag="${tags[0]}" + + for arch in "${architectures[@]}"; do + # Pull the image for all the architecture + podman pull "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-${arch}" + done + +for tag in "${tags[@]}"; do + echo "Creating manifest for $tag" + podman manifest create "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" + + for arch in "${architectures[@]}"; do + podman manifest add "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" "docker://${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-${arch}" + podman manifest annotate "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" \ + --os "linux" \ + --arch "${arch}" + done + # Push the manifest to the repository + podman manifest push --all "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" + # Remove the manifest image after pushing + podman rmi "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${tag}" || true +done + +# Clean up images + for arch in "${architectures[@]}"; do + echo "Removing image for architecture: ${arch} and tag: ${tag}-${arch}" + podman rmi "${IMG_REGISTRY_HOST}/${IMG_REGISTRY_ORG}/${OPERATOR_NAME}-catalog:${first_tag}-${arch}" || true + done \ No newline at end of file