build plugin and images for multiple architectures

This adds support for building and publishing linux-amd64 and linux-arm64 versions of the plugin. We only build new tags with os-arch naming since the docker plugin system does not seem to have support for the manifest type: `application/vnd.docker.distribution.manifest.list.v2+json`. Signed-off-by: Lars Haugan <[email protected]>
open-policy-agent · Feb 13, 2024 · 8f6cd60 · 8f6cd60
1 parent 5f0c78a
commit 8f6cd60
Show file tree

Hide file tree

Showing 7 changed files with 72 additions and 9 deletions.
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -18,6 +18,12 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v4
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
       - name: Log in to the Container registry
         uses: docker/login-action@v3
         with:
@@ -31,4 +37,8 @@ jobs:
           TAG_NAME: edge
         run: |-
           REPO=${{ env.REPO }} VERSION=${{ env.TAG_NAME }} make plugin
+          docker plugin push "${{ env.REPO }}:${{ env.TAG_NAME }}-linux-amd64"
+          docker plugin push "${{ env.REPO }}:${{ env.TAG_NAME }}-linux-arm64"
           docker plugin push "${{ env.REPO }}:${{ env.TAG_NAME }}"
+
+          # docker does not currently support multi-arch plugins so we cannot create a list manifest
diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml
@@ -10,7 +10,11 @@ jobs:
     steps:
     - name: Check out code
       uses: actions/checkout@v3
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
 
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
     - name: Build (Linux)
       run: make build
 

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -18,6 +18,12 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v4
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
       - name: Set TAG_NAME in Environment
       # Subsequent jobs will be have the computed tag name
         run: echo "TAG_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV
@@ -34,4 +40,6 @@ jobs:
           REPO: ghcr.io/${{ github.repository }}
         run: |-
           REPO=${{ env.REPO }} VERSION=${{ env.TAG_NAME }} make plugin
-          docker plugin push "${{ env.REPO }}:${{ env.TAG_NAME }}"
+          docker plugin push "${{ env.REPO }}:${{ env.TAG_NAME }}-linux-amd64"
+          docker plugin push "${{ env.REPO }}:${{ env.TAG_NAME }}-linux-arm64"
+          docker plugin push "${{ env.REPO }}:${{ env.TAG_NAME }}"
diff --git a/Dockerfile b/Dockerfile
@@ -2,11 +2,13 @@ FROM alpine:latest as certs
 RUN apk --update add ca-certificates
 
 FROM scratch
+ARG TARGETOS
+ARG TARGETARCH
 
 LABEL maintainer="Torin Sandall <[email protected]>"
 
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 
-COPY opa-docker-authz /opa-docker-authz
+COPY opa-docker-authz-${TARGETOS}-${TARGETARCH} /opa-docker-authz
 
 ENTRYPOINT ["/opa-docker-authz"]
diff --git a/Makefile b/Makefile
@@ -1,7 +1,7 @@
 .PHONY: all build
 
 VERSION ?= 0.8
-GO_VERSION := 1.21.4
+GO_VERSION := 1.22.0
 GOLANGCI_LINT_VERSION := v1.55.2
 REPO ?= openpolicyagent/opa-docker-authz-v2
 

diff --git a/build.sh b/build.sh
@@ -7,10 +7,23 @@ OPA_VERSION=$(go list -m -f '{{.Version}}' github.com/open-policy-agent/opa)
 
 echo "Building opa-docker-authz version: $VERSION (OPA version: $OPA_VERSION)"
 
-echo -e "\nBuilding opa-docker-authz ..."
-CGO_ENABLED=0 go build -ldflags \
-    "-X github.com/open-policy-agent/opa-docker-authz/version.Version=$VERSION -X github.com/open-policy-agent/opa-docker-authz/version.OPAVersion=$OPA_VERSION" \
-    -buildvcs=false \
-    -o opa-docker-authz
+
+platforms=("linux/amd64" "linux/arm64")
+for platform in "${platforms[@]}"
+do
+	platform_split=(${platform//\// })
+	GOOS=${platform_split[0]}
+	GOARCH=${platform_split[1]}
+
+	echo -e "\nBuilding opa-docker-authz for $platform ..."
+	CGO_ENABLED=0 GOOS=$GOOS GOARCH=$GOARCH go build -ldflags \
+	    "-X github.com/open-policy-agent/opa-docker-authz/version.Version=$VERSION -X github.com/open-policy-agent/opa-docker-authz/version.OPAVersion=$OPA_VERSION" \
+	    -buildvcs=false \
+	    -o opa-docker-authz-$GOOS-$GOARCH
+	if [ $? -ne 0 ]; then
+   		echo 'An error has occurred! Aborting the script execution...'
+		exit 1
+	fi
+done
 
 echo -e "\n... done!"
diff --git a/plugin.sh b/plugin.sh
@@ -6,7 +6,7 @@ set -ex
 mkdir ./rootfs
 
 echo "Creating root filesystem for plugin ..."
-docker image build -t rootfsimage .
+docker image build --load -t rootfsimage .
 id=`docker container create rootfsimage true`
 docker container export "$id" | tar -x -C ./rootfs
 
@@ -17,3 +17,29 @@ echo "Cleanup..."
 docker container rm -f "$id" > /dev/null
 docker image rm -f rootfsimage > /dev/null
 rm -rf ./rootfs
+
+
+platforms=("linux/amd64" "linux/arm64")
+for platform in "${platforms[@]}"
+do
+	platform_split=(${platform//\// })
+	GOOS=${platform_split[0]}
+	GOARCH=${platform_split[1]}
+
+	[ -d ./rootfs ] && rm -rf ./rootfs
+	mkdir ./rootfs
+
+	echo "Creating root filesystem for plugin ..."
+	docker buildx build --load --platform ${platform} -t rootfsimage-${GOOS}-${GOARCH} .
+	#docker image build -t rootfsimage .
+	id=`docker container create --platform ${platform} rootfsimage-${GOOS}-${GOARCH} true`
+	docker container export "$id" | tar -x -C ./rootfs
+
+	echo "Creating plugin "${REPO}:${VERSION}-${GOOS}-${GOARCH}" ..."
+	docker plugin create "${REPO}:${VERSION}-${GOOS}-${GOARCH}" .
+
+	echo "Cleanup..."
+	docker container rm -f "$id" > /dev/null
+	docker image rm -f rootfsimage-${GOOS}-${GOARCH} > /dev/null
+	rm -rf ./rootfs
+done