diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 341b76af..91307dde 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -24,26 +24,21 @@ on: jobs: build-image: - runs-on: linux-amd64-cpu4 + strategy: + matrix: + arch: + - amd64 + - arm64 + dist: [distroless] + runs-on: linux-${{ matrix.arch }}-cpu4 permissions: contents: read id-token: write packages: write - strategy: - matrix: - dist: [ubi9] steps: - uses: actions/checkout@v5 name: Check out code - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - image: tonistiigi/binfmt:master - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: @@ -56,10 +51,32 @@ jobs: - name: Build image env: IMAGE_NAME: ghcr.io/nvidia/k8s-driver-manager - VERSION: ${{ inputs.version }} + VERSION: ${{ inputs.version }}-${{ matrix.arch }} PUSH_ON_BUILD: "true" - BUILD_MULTI_ARCH_IMAGES: "true" GOPROXY: ${{ steps.setup-go-proxy.outputs.goproxy-url }} + DOCKER_BUILD_PLATFORM_OPTIONS: "--platform=linux/${{ matrix.arch }}" run: | echo "${VERSION}" make -f deployments/container/Makefile build-${{ matrix.dist }} + + create-manifest: + needs: build-image + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v5 + name: Check out code + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build Manifest + env: + MULTIARCH_IMAGE: ghcr.io/nvidia/k8s-driver-manager:${{ inputs.version }} + run: | + docker manifest create \ + ${MULTIARCH_IMAGE} \ + ghcr.io/nvidia/k8s-driver-manager:${{ inputs.version }}-amd64 \ + ghcr.io/nvidia/k8s-driver-manager:${{ inputs.version }}-arm64 + docker manifest push ${MULTIARCH_IMAGE} diff --git a/deployments/container/Dockerfile.ubi9 b/deployments/container/Dockerfile.distroless similarity index 100% rename from deployments/container/Dockerfile.ubi9 rename to deployments/container/Dockerfile.distroless diff --git a/deployments/container/Makefile b/deployments/container/Makefile index 93103c6a..79e427ae 100644 --- a/deployments/container/Makefile +++ b/deployments/container/Makefile @@ -14,10 +14,6 @@ BUILD_MULTI_ARCH_IMAGES ?= no DOCKER ?= docker -BUILDX = -ifeq ($(BUILD_MULTI_ARCH_IMAGES),true) -BUILDX = buildx -endif ##### Global variables ##### include $(CURDIR)/versions.mk @@ -38,8 +34,8 @@ OUT_IMAGE_VERSION ?= $(IMAGE_VERSION) OUT_IMAGE = $(OUT_IMAGE_NAME):$(OUT_IMAGE_VERSION) ##### Public rules ##### -DISTRIBUTIONS := ubi9 -DEFAULT_PUSH_TARGET := ubi9 +DISTRIBUTIONS := distroless +DEFAULT_PUSH_TARGET := distroless PUSH_TARGETS := $(patsubst %, push-%, $(DISTRIBUTIONS)) BUILD_TARGETS := $(patsubst %, build-%, $(DISTRIBUTIONS)) @@ -53,24 +49,30 @@ else include $(CURDIR)/deployments/container/multi-arch.mk endif +# Both distroless and build-distroless trigger a build of the relevant image +$(DISTRIBUTIONS): %: build-% + build-%: DOCKERFILE_SUFFIX = $(*) build-%: DOCKERFILE = $(CURDIR)/deployments/container/Dockerfile.$(DOCKERFILE_SUFFIX) - -# Both ubi9 and build-ubi9 trigger a build of the relevant image -$(DISTRIBUTIONS): %: build-% $(BUILD_TARGETS): build-%: - DOCKER_BUILDKIT=1 \ - $(DOCKER) $(BUILDX) build --pull \ - $(DOCKER_BUILD_OPTIONS) \ - $(DOCKER_BUILD_PLATFORM_OPTIONS) \ - --tag $(IMAGE) \ - --build-arg GOLANG_VERSION="$(GOLANG_VERSION)" \ - --build-arg VERSION="$(VERSION)" \ - --build-arg GIT_COMMIT="$(GIT_COMMIT)" \ - --build-arg CVE_UPDATES="$(CVE_UPDATES)" \ - --build-arg GOPROXY="$(GOPROXY)" \ - --file $(DOCKERFILE) \ - $(CURDIR) + $(DOCKER) build --pull \ + $(DOCKER_BUILD_OPTIONS) \ + $(DOCKER_BUILD_PLATFORM_OPTIONS) \ + --tag $(IMAGE) \ + --build-arg GOLANG_VERSION="$(GOLANG_VERSION)" \ + --build-arg VERSION="$(VERSION)" \ + --build-arg GIT_COMMIT="$(GIT_COMMIT)" \ + --build-arg CVE_UPDATES="$(CVE_UPDATES)" \ + --build-arg GOPROXY="$(GOPROXY)" \ + --file $(DOCKERFILE) \ + $(CURDIR) +ifeq ($(PUSH_ON_BUILD),true) + $(DOCKER) push "$(IMAGE)" +endif + +# Handle the default build target. +.PHONY: build +build: $(DEFAULT_PUSH_TARGET) .PHONY: bump-commit BUMP_COMMIT := Bump to version $(VERSION) diff --git a/deployments/container/multi-arch.mk b/deployments/container/multi-arch.mk index d0f4f06a..55afe73d 100644 --- a/deployments/container/multi-arch.mk +++ b/deployments/container/multi-arch.mk @@ -15,7 +15,7 @@ PUSH_ON_BUILD ?= false ATTACH_ATTESTATIONS ?= false DOCKER_BUILD_OPTIONS = --output=type=image,push=$(PUSH_ON_BUILD) --provenance=$(ATTACH_ATTESTATIONS) --sbom=$(ATTACH_ATTESTATIONS) -DOCKER_BUILD_PLATFORM_OPTIONS = --platform=linux/amd64,linux/arm64 +DOCKER_BUILD_PLATFORM_OPTIONS ?= --platform=linux/amd64,linux/arm64 REGCTL ?= regctl $(PUSH_TARGETS): push-%: diff --git a/deployments/container/native-only.mk b/deployments/container/native-only.mk index f1d04bb6..8ea40e8b 100644 --- a/deployments/container/native-only.mk +++ b/deployments/container/native-only.mk @@ -12,7 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -DOCKER_BUILD_PLATFORM_OPTIONS = --platform=linux/amd64 +PUSH_ON_BUILD ?= false +DOCKER_BUILD_PLATFORM_OPTIONS ?= --platform=linux/amd64 $(PUSH_TARGETS): push-%: $(DOCKER) tag "$(IMAGE)" "$(OUT_IMAGE)"