From 544ad2fc0ddb21c670a96a3d089698957bf633bc Mon Sep 17 00:00:00 2001
From: Adam Dyess <adam.dyess@canonical.com>
Date: Tue, 13 Feb 2024 14:41:06 -0600
Subject: [PATCH 1/9] Attempt builds on arm64 workers

---
 .github/workflows/pull_request.yaml | 3 ++-
 rockcraft.yaml                      | 3 +--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index 6271fdb..05690d1 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -8,12 +8,13 @@ on:
 jobs:
   build-and-push-arch-specifics:
     name: Build Rocks and Push Arch Specific Images
-    uses: canonical/k8s-workflows/.github/workflows/build_rocks.yaml@main
+    uses: canonical/k8s-workflows/.github/workflows/build_rocks.yaml@KU-158/arm-builder
     with:
       owner: ${{ github.repository_owner }}
       trivy-image-config: "trivy.yaml"
       multiarch-awareness: true
       cache-action: ${{ (github.event_name == 'push') && 'save' || 'restore' }}
+      platform-labels: '{"amd64": ["x86"], "arm64": ["Ubuntu_ARM64_4C_16G_01"]}'
   build-and-push-multiarch-manifest:
     name: Combine Rocks and Push Multiarch Manifest
     uses: canonical/k8s-workflows/.github/workflows/assemble_multiarch_image.yaml@main
diff --git a/rockcraft.yaml b/rockcraft.yaml
index 1168fb4..afefcad 100644
--- a/rockcraft.yaml
+++ b/rockcraft.yaml
@@ -8,8 +8,7 @@ base: bare
 build-base: ubuntu@22.04
 platforms:
   amd64:
-  # TODO: Add after workflows support bulding arm64 ROCKs
-  # arm64:
+  arm64:
 
 services:
   coredns:

From e83328bdbfc33867baf05c2e53ce3a86195e2005 Mon Sep 17 00:00:00 2001
From: Adam Dyess <adam.dyess@canonical.com>
Date: Tue, 13 Feb 2024 14:47:10 -0600
Subject: [PATCH 2/9] Test only arm64

---
 rockcraft.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/rockcraft.yaml b/rockcraft.yaml
index afefcad..b28b28f 100644
--- a/rockcraft.yaml
+++ b/rockcraft.yaml
@@ -7,7 +7,6 @@ license: Apache-2.0
 base: bare
 build-base: ubuntu@22.04
 platforms:
-  amd64:
   arm64:
 
 services:

From 85ce2aa80cf6514b9635e9518724769eedb1b4b3 Mon Sep 17 00:00:00 2001
From: Adam Dyess <adam.dyess@canonical.com>
Date: Tue, 13 Feb 2024 15:43:38 -0600
Subject: [PATCH 3/9] reintroduce the amd64 worker

---
 rockcraft.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rockcraft.yaml b/rockcraft.yaml
index b28b28f..afefcad 100644
--- a/rockcraft.yaml
+++ b/rockcraft.yaml
@@ -7,6 +7,7 @@ license: Apache-2.0
 base: bare
 build-base: ubuntu@22.04
 platforms:
+  amd64:
   arm64:
 
 services:

From 96371c7bf787d0616fae37dd24fb5a72db492f9c Mon Sep 17 00:00:00 2001
From: Adam Dyess <adam.dyess@canonical.com>
Date: Tue, 13 Feb 2024 15:46:40 -0600
Subject: [PATCH 4/9] correctly identify amd64 worker labels

---
 .github/workflows/pull_request.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index 05690d1..44fb213 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -14,7 +14,7 @@ jobs:
       trivy-image-config: "trivy.yaml"
       multiarch-awareness: true
       cache-action: ${{ (github.event_name == 'push') && 'save' || 'restore' }}
-      platform-labels: '{"amd64": ["x86"], "arm64": ["Ubuntu_ARM64_4C_16G_01"]}'
+      platform-labels: '{"amd64": ["self-hosted", "linux", "X64"], "arm64": ["Ubuntu_ARM64_4C_16G_01"]}'
   build-and-push-multiarch-manifest:
     name: Combine Rocks and Push Multiarch Manifest
     uses: canonical/k8s-workflows/.github/workflows/assemble_multiarch_image.yaml@main

From 68c620891ce563fecd32123537426390336076e7 Mon Sep 17 00:00:00 2001
From: Adam Dyess <adam.dyess@canonical.com>
Date: Tue, 13 Feb 2024 16:34:00 -0600
Subject: [PATCH 5/9] assemble multiarch with different workflow branch

---
 .github/workflows/pull_request.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index 44fb213..5d87aeb 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -17,7 +17,7 @@ jobs:
       platform-labels: '{"amd64": ["self-hosted", "linux", "X64"], "arm64": ["Ubuntu_ARM64_4C_16G_01"]}'
   build-and-push-multiarch-manifest:
     name: Combine Rocks and Push Multiarch Manifest
-    uses: canonical/k8s-workflows/.github/workflows/assemble_multiarch_image.yaml@main
+    uses: canonical/k8s-workflows/.github/workflows/assemble_multiarch_image.yaml@KU-158/arm-builder
     needs: [build-and-push-arch-specifics]
     with:
       rock-metas: ${{ needs.build-and-push-arch-specifics.outputs.rock-metas }}

From 0371e00352054d07bcebd4d783ed7f570ee83fe0 Mon Sep 17 00:00:00 2001
From: Adam Dyess <adam.dyess@canonical.com>
Date: Wed, 14 Feb 2024 09:54:40 -0600
Subject: [PATCH 6/9] Ignore self-hosted runners

---
 .github/workflows/pull_request.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index 5d87aeb..8735041 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -14,7 +14,7 @@ jobs:
       trivy-image-config: "trivy.yaml"
       multiarch-awareness: true
       cache-action: ${{ (github.event_name == 'push') && 'save' || 'restore' }}
-      platform-labels: '{"amd64": ["self-hosted", "linux", "X64"], "arm64": ["Ubuntu_ARM64_4C_16G_01"]}'
+      platform-labels: '{"arm64": ["Ubuntu_ARM64_4C_16G_01"]}'
   build-and-push-multiarch-manifest:
     name: Combine Rocks and Push Multiarch Manifest
     uses: canonical/k8s-workflows/.github/workflows/assemble_multiarch_image.yaml@KU-158/arm-builder

From 9e383e3e44bded4c98754acee1821ca3a705c9bf Mon Sep 17 00:00:00 2001
From: Adam Dyess <adam.dyess@canonical.com>
Date: Wed, 14 Feb 2024 10:39:51 -0600
Subject: [PATCH 7/9] reintroduce trivy scan

---
 .github/workflows/pull_request.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index 8735041..5d4c304 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -15,6 +15,13 @@ jobs:
       multiarch-awareness: true
       cache-action: ${{ (github.event_name == 'push') && 'save' || 'restore' }}
       platform-labels: '{"arm64": ["Ubuntu_ARM64_4C_16G_01"]}'
+  scan-images:
+    needs: build-and-push-arch-specifics
+    uses: canonical/k8s-workflows/.github/workflows/scan_images.yaml@KU-158/arm-builder
+    secrets: inherit
+    with:
+      images: ${{ needs.build-and-push-arch-specifics.outputs.images }}
+      trivy-image-config: ./trivy.yaml
   build-and-push-multiarch-manifest:
     name: Combine Rocks and Push Multiarch Manifest
     uses: canonical/k8s-workflows/.github/workflows/assemble_multiarch_image.yaml@KU-158/arm-builder

From 08d2dba52773f57453a505b691c6e750cc79ef69 Mon Sep 17 00:00:00 2001
From: Adam Dyess <adam.dyess@canonical.com>
Date: Wed, 14 Feb 2024 12:20:42 -0600
Subject: [PATCH 8/9] Push trivy results on push

---
 .github/workflows/pull_request.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index 5d4c304..47ab1eb 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -16,10 +16,11 @@ jobs:
       cache-action: ${{ (github.event_name == 'push') && 'save' || 'restore' }}
       platform-labels: '{"arm64": ["Ubuntu_ARM64_4C_16G_01"]}'
   scan-images:
-    needs: build-and-push-arch-specifics
     uses: canonical/k8s-workflows/.github/workflows/scan_images.yaml@KU-158/arm-builder
+    needs: [build-and-push-arch-specifics]
     secrets: inherit
     with:
+      upload-result: ${{ github.event_name == 'push' }}
       images: ${{ needs.build-and-push-arch-specifics.outputs.images }}
       trivy-image-config: ./trivy.yaml
   build-and-push-multiarch-manifest:

From aa32474231cd4722bd1d152760edb688cd447905 Mon Sep 17 00:00:00 2001
From: Adam Dyess <adam.dyess@canonical.com>
Date: Tue, 20 Feb 2024 08:53:06 -0600
Subject: [PATCH 9/9] Apply suggestions from code review

Use main branch rather than a merged feature branch
---
 .github/workflows/pull_request.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index 47ab1eb..4fd8ea6 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -8,7 +8,7 @@ on:
 jobs:
   build-and-push-arch-specifics:
     name: Build Rocks and Push Arch Specific Images
-    uses: canonical/k8s-workflows/.github/workflows/build_rocks.yaml@KU-158/arm-builder
+    uses: canonical/k8s-workflows/.github/workflows/build_rocks.yaml@main
     with:
       owner: ${{ github.repository_owner }}
       trivy-image-config: "trivy.yaml"
@@ -16,7 +16,7 @@ jobs:
       cache-action: ${{ (github.event_name == 'push') && 'save' || 'restore' }}
       platform-labels: '{"arm64": ["Ubuntu_ARM64_4C_16G_01"]}'
   scan-images:
-    uses: canonical/k8s-workflows/.github/workflows/scan_images.yaml@KU-158/arm-builder
+    uses: canonical/k8s-workflows/.github/workflows/scan_images.yaml@main
     needs: [build-and-push-arch-specifics]
     secrets: inherit
     with:
@@ -25,7 +25,7 @@ jobs:
       trivy-image-config: ./trivy.yaml
   build-and-push-multiarch-manifest:
     name: Combine Rocks and Push Multiarch Manifest
-    uses: canonical/k8s-workflows/.github/workflows/assemble_multiarch_image.yaml@KU-158/arm-builder
+    uses: canonical/k8s-workflows/.github/workflows/assemble_multiarch_image.yaml@main
     needs: [build-and-push-arch-specifics]
     with:
       rock-metas: ${{ needs.build-and-push-arch-specifics.outputs.rock-metas }}