K8SPG-451 add arm support (#569)

hors · web-flow · commit fafb01802b83 · 2023-11-09T19:51:14.000+02:00
* K8SPG-451 add arm support

* fix trivy scan

* start to use go 1.21

* use build script

* use env var
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -1,22 +1,57 @@
 name: Scan docker
 on: [pull_request]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: docker.io
+
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: perconalab/percona-postgresql-operator
+
 jobs:
   build:
     name: Build
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-      - name: Build an image from Dockerfile
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build an image from Dockerfile (linux/arm64)
         run: |
-          export IMAGE=perconalab/percona-postgresql-operator:${{ github.sha }}
+          export IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-arm64
           export DOCKER_PUSH=0
           export DOCKER_SQUASH=0
+          export DOCKER_DEFAULT_PLATFORM='linux/arm64'
           ./e2e-tests/build
-      - name: Run Trivy vulnerability scanner
+
+      - name: Run Trivy vulnerability scanner image (linux/arm64)
         uses: aquasecurity/trivy-action@0.13.1
         with:
-          image-ref: 'docker.io/perconalab/percona-postgresql-operator:${{ github.sha }}'
+          image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-arm64'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+
+      - name: Build an image from Dockerfile (linux/amd64)
+        run: |
+          export IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64
+          export DOCKER_PUSH=0
+          export DOCKER_SQUASH=0
+          export DOCKER_DEFAULT_PLATFORM='linux/amd64'
+          ./e2e-tests/build
+
+      - name: Run Trivy vulnerability scanner image (linux/amd64)
+        uses: aquasecurity/trivy-action@0.13.1
+        with:
+          image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64'
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -325,6 +325,7 @@ pipeline {
                                 docker login -u '${USER}' -p '${PASS}'
                                 export RELEASE=0
                                 export IMAGE=\$DOCKER_TAG
+                                docker buildx create --use
                                 ./e2e-tests/build
                                 docker logout
                             "
@@ -507,4 +508,4 @@ pipeline {
             deleteDir()
         }
     }
-}
+}
diff --git a/build/postgres-operator/Dockerfile b/build/postgres-operator/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.20 AS go_builder
+FROM golang:1.21 AS go_builder
 WORKDIR /go/src/github.com/percona/percona-postgresql-operator
 
 COPY . .
@@ -8,11 +8,10 @@ ARG GIT_COMMIT
 ARG GIT_BRANCH
 ARG GO_LDFLAGS
 ARG GOOS=linux
-ARG GOARCH=amd64
 ARG CGO_ENABLED=0
 
 RUN mkdir -p build/_output/bin \
-    && CGO_ENABLED=$CGO_ENABLED GOOS=$GOOS GOARCH=$GOARCH GO_LDFLAGS=$GO_LDFLAGS \
+    && CGO_ENABLED=$CGO_ENABLED GOOS=$GOOS GO_LDFLAGS=$GO_LDFLAGS \
        go build -ldflags "-w -s -X main.GitCommit=$GIT_COMMIT -X main.GitBranch=$GIT_BRANCH" \
            -o build/_output/bin/postgres-operator \
                ./cmd/postgres-operator \
diff --git a/e2e-tests/build b/e2e-tests/build
@@ -20,29 +20,34 @@ if [[ ${DOCKER_SQUASH:-1} == 1 ]]; then
 	squash="--squash"
 fi
 
+
+if [[ ${DOCKER_PUSH:-1} == 1 ]]; then
+	imgresult="--push=true"
+else
+	imgresult="--load"
+fi
+
 BUILD_COMPONENT=${COMPONENT:-"postgres-operator"}
 
 build_operator() {
 	if [ "${RELEASE:-1}" = 0 ]; then
 		GO_LDFLAGS="-race"
 	fi
 
-	export DOCKER_DEFAULT_PLATFORM=${DOCKER_DEFAULT_PLATFORM:-"linux/amd64"}
+	export DOCKER_DEFAULT_PLATFORM=${DOCKER_DEFAULT_PLATFORM:-"linux/amd64,linux/arm64"}
 	export GO_LDFLAGS="-w -s -trimpath ${GO_LDFLAGS}"
 	pushd "${ROOT_REPO}" || exit
-	docker build \
+	docker buildx build \
+		--platform $DOCKER_DEFAULT_PLATFORM \
 		--build-arg GIT_COMMIT="${GIT_COMMIT}" \
 		--build-arg GIT_BRANCH="${GIT_BRANCH}" \
 		--build-arg BUILD_TIME="${BUILD_TIME}" \
 		--build-arg GO_LDFLAGS="${GO_LDFLAGS}" \
+		$imgresult \
 		$squash \
 		$no_cache \
 		-t "${IMAGE}" -f build/${BUILD_COMPONENT}/Dockerfile .
 	popd || exit
-
-	if [ "${DOCKER_PUSH:-1}" = 1 ]; then
-		docker push "${IMAGE}"
-	fi
 }
 
 if [[ $BUILD == "0" ]]; then

Original file line number	Diff line number	Diff line change
`@@ -325,6 +325,7 @@ pipeline {`
`325`	`325`	`docker login -u '${USER}' -p '${PASS}'`
`326`	`326`	`export RELEASE=0`
`327`	`327`	`export IMAGE=\$DOCKER_TAG`
	`328`	`+ docker buildx create --use`
`328`	`329`	`./e2e-tests/build`
`329`	`330`	`docker logout`
`330`	`331`	`"`
`@@ -507,4 +508,4 @@ pipeline {`
`507`	`508`	`deleteDir()`
`508`	`509`	`}`
`509`	`510`	`}`
`510`		`-}`
	`511`	`+}`