build(scorecard): update multiarch build steps (#610)

.github/workflows/ci.yaml

@@ -34,6 +34,8 @@ env:
   CI_PLATFORMS: linux/amd64,linux/arm64
   REPOSITORY: ${{ github.event.pull_request.head.repo.full_name }}
   REF: ${{ github.event.pull_request.head.ref }}
+  OPENSUSE_UNOFFICIAL_LIBCONTAINERS_KEY_URL: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04/Release.key"
+  OPENSUSE_UNOFFICIAL_LIBCONTAINERS_SOURCE_URL: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04"
 
 jobs:
   controller-test:
@@ -74,18 +76,19 @@ jobs:
     - uses: jpkrohling/setup-operator-sdk@v1.1.0
       with:
         operator-sdk-version: v1.28.0
-    - name: Install qemu
-      continue-on-error: false
+    - name: Install podman v4
       run: |
-        sudo apt-get update
-        sudo apt-get install -y qemu-user-static
+        echo "deb $OPENSUSE_UNOFFICIAL_LIBCONTAINERS_SOURCE_URL/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list
+        curl -fsSL $OPENSUSE_UNOFFICIAL_LIBCONTAINERS_KEY_URL | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg
+        sudo apt update
+        sudo apt install podman
     - name: Build scorecard image for test
       id: build-scorecard
       run: |
         CUSTOM_SCORECARD_IMG=ghcr.io/${{ github.repository_owner }}/cryostat-operator-scorecard:ci-$GITHUB_SHA \
-        PLATFORMS=${{ env.CI_PLATFORMS }} \
+        PLATFORMS=linux/amd64 \
         MANIFEST_PUSH=false \
-          make scorecard-build
+        make scorecard-build
         echo "tag=ci-$GITHUB_SHA" >> $GITHUB_OUTPUT
     - name: Push scorecard image to ghcr.io for test
       id: push-scorecard-to-ghcr
@@ -159,11 +162,12 @@ jobs:
     if: ${{ github.event_name == 'push' && github.repository_owner == 'cryostatio' }}
     steps:
     - uses: actions/checkout@v2
-    - name: Install qemu
-      continue-on-error: false
+    - name: Install podman v4
       run: |
-        sudo apt-get update
-        sudo apt-get install -y qemu-user-static
+        echo "deb $OPENSUSE_UNOFFICIAL_LIBCONTAINERS_SOURCE_URL/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list
+        curl -fsSL $OPENSUSE_UNOFFICIAL_LIBCONTAINERS_KEY_URL | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null
+        sudo apt update
+        sudo apt install podman
     - name: Build operator image
       run: |
         IMAGE_NAMESPACE=${{ env.CI_REGISTRY }} SKIP_TESTS=true PLATFORMS=${{ env.CI_PLATFORMS }} MANIFEST_PUSH=false make oci-buildx
@@ -238,12 +242,12 @@ jobs:
           EXIST=true
         fi
         echo "exist=$EXIST" >> $GITHUB_OUTPUT
-    - name: Install qemu
-      continue-on-error: false
+    - name: Install podman v4
       run: |
-        sudo apt-get update
-        sudo apt-get install -y qemu-user-static
-      if: ${{ steps.check-tag-exists.outputs.exist == 'false' }}
+        echo "deb $OPENSUSE_UNOFFICIAL_LIBCONTAINERS_SOURCE_URL/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list
+        curl -fsSL $OPENSUSE_UNOFFICIAL_LIBCONTAINERS_KEY_URL | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null
+        sudo apt update
+        sudo apt install podman
     - name: Build scorecard image
       run: |
         CUSTOM_SCORECARD_IMG=${CI_SCORECARD_IMG}:${{ steps.get-image-tag.outputs.tag }} \

Makefile

@@ -274,31 +274,25 @@ oci-build: manifests generate fmt vet test-envtest
 # If IMAGE_BUILDER is docker, you need to:
 # - able to use docker buildx. More info: https://docs.docker.com/build/buildx/
 # - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/
-# If IMAGE_BUILDER is podman, you need to:
-# - install qemu-user-static.
 # To properly provided solutions that supports more than one platform you should use this option.
 .PHONY: oci-buildx
 oci-buildx: manifests generate fmt vet test-envtest ## Build OCI image for the manager for cross-platform support
-ifeq ($(IMAGE_BUILDER), docker)
 # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile
 	sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross
+ifeq ($(IMAGE_BUILDER), docker)
 	- $(IMAGE_BUILDER) buildx create --name project-v3-builder
 	$(IMAGE_BUILDER) buildx use project-v3-builder
 	- $(IMAGE_BUILDER) buildx build --push --platform=$(PLATFORMS) --tag $(OPERATOR_IMG) -f Dockerfile.cross .
 	- $(IMAGE_BUILDER) buildx rm project-v3-builder
-	rm Dockerfile.cross
 else ifeq ($(IMAGE_BUILDER), podman)
-	for platform in $$(echo $(PLATFORMS) | sed "s/,/ /g"); do \
-		os=$$(echo $${platform} | cut -d/ -f 1); \
-		arch=$$(echo $${platform} | cut -d/ -f 2); \
-		BUILDAH_FORMAT=docker $(IMAGE_BUILDER) buildx build --manifest $(OPERATOR_IMG) --platform $${platform} --build-arg TARGETOS=$${os} --build-arg TARGETARCH=$${arch} . ; \
-	done
+	BUILDAH_FORMAT=docker $(IMAGE_BUILDER) build -f Dockerfile.cross --manifest $(OPERATOR_IMG) --platform $(PLATFORMS) . ; \
 	if [ "${MANIFEST_PUSH}" = "true" ] ; then \
 		$(IMAGE_BUILDER) manifest push $(OPERATOR_IMG) $(OPERATOR_IMG) ; \
 	fi
 else
 	$(error unsupported IMAGE_BUILDER: $(IMAGE_BUILDER))
 endif
+	rm Dockerfile.cross
 
 .PHONY: cert_manager
 cert_manager: remove_cert_manager
@@ -440,26 +434,22 @@ custom-scorecard-tests: fmt vet
 scorecard-build: custom-scorecard-tests
 	printf '# Code generated by hack/custom.config.yaml.in. DO NOT EDIT.\n' > config/scorecard/patches/custom.config.yaml
 	envsubst < hack/custom.config.yaml.in >> config/scorecard/patches/custom.config.yaml
-ifeq ($(IMAGE_BUILDER), docker)
 # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile
 	sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' internal/images/custom-scorecard-tests/Dockerfile > internal/images/custom-scorecard-tests/Dockerfile.cross
+ifeq ($(IMAGE_BUILDER), docker)
 	- $(IMAGE_BUILDER) buildx create --name project-v3-builder
 	$(IMAGE_BUILDER) buildx use project-v3-builder
 	- $(IMAGE_BUILDER) buildx build --push --platform=$(PLATFORMS) --tag $(CUSTOM_SCORECARD_IMG) -f internal/images/custom-scorecard-tests/Dockerfile.cross .
 	- $(IMAGE_BUILDER) buildx rm project-v3-builder
-	rm internal/images/custom-scorecard-tests/Dockerfile.cross
 else ifeq ($(IMAGE_BUILDER), podman)
-	for platform in $$(echo $(PLATFORMS) | sed "s/,/ /g"); do \
-		os=$$(echo $${platform} | cut -d/ -f 1); \
-		arch=$$(echo $${platform} | cut -d/ -f 2); \
-		BUILDAH_FORMAT=docker $(IMAGE_BUILDER) buildx build --manifest $(CUSTOM_SCORECARD_IMG) --platform $${platform} --build-arg TARGETOS=$${os} --build-arg TARGETARCH=$${arch} . ; \
-	done
+	BUILDAH_FORMAT=docker $(IMAGE_BUILDER) build -f internal/images/custom-scorecard-tests/Dockerfile.cross --manifest $(CUSTOM_SCORECARD_IMG) --platform $(PLATFORMS) . ; \
 	if [ "${MANIFEST_PUSH}" = "true" ] ; then \
 		$(IMAGE_BUILDER) manifest push $(CUSTOM_SCORECARD_IMG) $(CUSTOM_SCORECARD_IMG) ; \
 	fi
 else
 	$(error unsupported IMAGE_BUILDER: $(IMAGE_BUILDER))
 endif
+	rm internal/images/custom-scorecard-tests/Dockerfile.cross
 
 # Local development/testing helpers
 ifneq ($(origin SAMPLE_APP_NAMESPACE), undefined)

bundle/manifests/cryostat-operator.clusterserviceversion.yaml

@@ -54,7 +54,7 @@ metadata:
     capabilities: Seamless Upgrades
     categories: Monitoring, Developer Tools
     containerImage: quay.io/cryostat/cryostat-operator:2.4.0-dev
-    createdAt: "2023-08-16T19:16:28Z"
+    createdAt: "2023-08-24T00:50:46Z"
     description: JVM monitoring and profiling tool
     operatorframework.io/initialization-resource: |-
       {

bundle/tests/scorecard/config.yaml

@@ -69,7 +69,7 @@ stages:
   - entrypoint:
     - cryostat-scorecard-tests
     - operator-install
-    image: quay.io/cryostat/cryostat-operator-scorecard:2.4.0-20230816190348
+    image: quay.io/cryostat/cryostat-operator-scorecard:2.4.0-20230824004852
     labels:
       suite: cryostat
       test: operator-install
@@ -79,7 +79,7 @@ stages:
   - entrypoint:
     - cryostat-scorecard-tests
     - cryostat-cr
-    image: quay.io/cryostat/cryostat-operator-scorecard:2.4.0-20230816190348
+    image: quay.io/cryostat/cryostat-operator-scorecard:2.4.0-20230824004852
     labels:
       suite: cryostat
       test: cryostat-cr

config/scorecard/patches/custom.config.yaml

@@ -8,7 +8,7 @@
     entrypoint:
     - cryostat-scorecard-tests
     - operator-install
-    image: "quay.io/cryostat/cryostat-operator-scorecard:2.4.0-20230816190348"
+    image: "quay.io/cryostat/cryostat-operator-scorecard:2.4.0-20230824004852"
     labels:
       suite: cryostat
       test: operator-install
@@ -18,7 +18,7 @@
     entrypoint:
     - cryostat-scorecard-tests
     - cryostat-cr
-    image: "quay.io/cryostat/cryostat-operator-scorecard:2.4.0-20230816190348"
+    image: "quay.io/cryostat/cryostat-operator-scorecard:2.4.0-20230824004852"
     labels:
       suite: cryostat
       test: cryostat-cr

internal/images/custom-scorecard-tests/Dockerfile

@@ -14,6 +14,8 @@
 
 # Build the manager binary
 FROM docker.io/library/golang:1.20 as builder
+ARG TARGETOS
+ARG TARGETARCH
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -29,7 +31,7 @@ COPY internal/images/custom-scorecard-tests/main.go internal/images/custom-score
 COPY internal/test/scorecard/ internal/test/scorecard/
 
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o cryostat-scorecard-tests \
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} GO111MODULE=on go build -a -o cryostat-scorecard-tests \
     internal/images/custom-scorecard-tests/main.go
 
 FROM registry.access.redhat.com/ubi8/ubi-minimal:latest