ppc64le helm image build

.travis.yml

@@ -39,6 +39,7 @@ x_base_steps:
     stage: test
     env:
     - CLUSTER=openshift
+    os: linux
     <<: *go_before_install
     install:
       - make install
@@ -68,6 +69,24 @@ x_base_steps:
     services:
       - docker
 
+  # Manifest list deploy job
+  - &manifest-deploy
+    stage: "Deploy multi-arch manifest lists"
+    if: type != pull_request AND ( tag IS present OR branch = master OR commit_message =~ /\[travis deploy\]/ )
+    before_script:
+      - git config remote.origin.fetch +refs/heads/*:refs/remotes/origin/*
+      - git fetch --unshallow --tags
+      # TODO: remove the chmod command when docker-ce on travis is upgraded to 18.09.0+.
+      # We need /etc/docker to be accessible to non-root users.
+      # See https://github.com/moby/moby/pull/37847.
+      - sudo chmod 0755 /etc/docker
+    after_success:
+      - echo "Manifest list push to registry succeeded"
+    after_failure:
+      - echo "Manifest list creation or push to registry failed"
+    services:
+      - docker
+
 jobs:
   include:
     # Build and test go
@@ -103,9 +122,18 @@ jobs:
         - make image/build/ansible
         - make image/push/ansible
 
-    # Build and deploy helm-operator docker image
+    # Build and deploy amd64 helm-operator docker image
+    - <<: *deploy
+      name: Docker image for helm-operator (amd64)
+      os: linux
+      script:
+        - make image/build/helm
+        - make image/push/helm
+
+    # Build and deploy ppc64le helm-operator docker image
     - <<: *deploy
-      name: Docker image for helm-operator
+      name: Docker image for helm-operator (ppc64le)
+      os: linux-ppc64le
       script:
         - make image/build/helm
         - make image/push/helm
@@ -116,3 +144,9 @@ jobs:
       script:
         - make image/build/scorecard-proxy
         - make image/push/scorecard-proxy
+
+    # Build and deploy helm multi-arch manifest list
+    - <<: *manifest-deploy
+      name: Manifest list for helm-operator
+      script:
+        - make image/push/helm-multiarch

Makefile

@@ -24,6 +24,8 @@ ANSIBLE_IMAGE ?= $(ANSIBLE_BASE_IMAGE)
 HELM_IMAGE ?= $(HELM_BASE_IMAGE)
 SCORECARD_PROXY_IMAGE ?= $(SCORECARD_PROXY_BASE_IMAGE)
 
+HELM_ARCHES:="amd64" "ppc64le"
+
 export CGO_ENABLED:=0
 export GO111MODULE:=on
 export GOPROXY?=https://proxy.golang.org/
@@ -51,19 +53,22 @@ install:
 		" \
 		$(BUILD_PATH)
 
-ci-build: build/operator-sdk-$(VERSION)-x86_64-linux-gnu ci-install
+ci-build: build/operator-sdk-$(VERSION) ci-install
 
 ci-install:
-	mv build/operator-sdk-$(VERSION)-x86_64-linux-gnu build/operator-sdk
+	mv build/operator-sdk-$(VERSION) build/operator-sdk
 
-release_x86_64 := \
+release_builds := \
 	build/operator-sdk-$(VERSION)-x86_64-linux-gnu \
-	build/operator-sdk-$(VERSION)-x86_64-apple-darwin
+	build/operator-sdk-$(VERSION)-x86_64-apple-darwin \
+	build/operator-sdk-$(VERSION)-ppc64le-linux-gnu
 
-release: clean $(release_x86_64) $(release_x86_64:=.asc)
+release: clean $(release_builds) $(release_builds:=.asc)
 
 build/operator-sdk-%-x86_64-linux-gnu: GOARGS = GOOS=linux GOARCH=amd64
 build/operator-sdk-%-x86_64-apple-darwin: GOARGS = GOOS=darwin GOARCH=amd64
+build/operator-sdk-%-ppc64le-linux-gnu: GOARGS = GOOS=linux GOARCH=ppc64le
+
 
 build/%: $(SOURCES)
 	$(Q)$(GOARGS) go build \
@@ -88,7 +93,7 @@ build/%.asc:
 	fi; \
 	}
 
-.PHONY: install release_x86_64 release
+.PHONY: install release_builds release
 
 test: test/unit
 
@@ -166,7 +171,7 @@ image/build: image/build/ansible image/build/helm image/build/scorecard-proxy
 image/build/ansible: build/operator-sdk-dev-x86_64-linux-gnu
 	./hack/image/build-ansible-image.sh $(ANSIBLE_BASE_IMAGE):dev
 
-image/build/helm: build/operator-sdk-dev-x86_64-linux-gnu
+image/build/helm: build/operator-sdk-dev
 	./hack/image/build-helm-image.sh $(HELM_BASE_IMAGE):dev
 
 image/build/scorecard-proxy:
@@ -178,7 +183,10 @@ image/push/ansible:
 	./hack/image/push-image-tags.sh $(ANSIBLE_BASE_IMAGE):dev $(ANSIBLE_IMAGE)
 
 image/push/helm:
-	./hack/image/push-image-tags.sh $(HELM_BASE_IMAGE):dev $(HELM_IMAGE)
+	./hack/image/push-image-tags.sh $(HELM_BASE_IMAGE):dev $(HELM_IMAGE)-$(shell go env GOARCH)
+
+image/push/helm-multiarch:
+	./hack/image/push-manifest-list.sh $(HELM_IMAGE) ${HELM_ARCHES}
 
 image/push/scorecard-proxy:
 	./hack/image/push-image-tags.sh $(SCORECARD_PROXY_BASE_IMAGE):dev $(SCORECARD_PROXY_IMAGE)

hack/image/build-helm-image.sh

@@ -16,6 +16,6 @@ pushd "$BASEIMAGEDIR"
 ./scaffold-helm-image
 
 mkdir -p build/_output/bin/
-cp $ROOTDIR/build/operator-sdk-dev-x86_64-linux-gnu build/_output/bin/helm-operator
+cp $ROOTDIR/build/operator-sdk-dev build/_output/bin/helm-operator
 operator-sdk build $1
 popd

hack/image/push-image-tags.sh

@@ -1,8 +1,5 @@
 #!/usr/bin/env bash
-
-source hack/lib/common.sh
-
-semver_regex="^v(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)$"
+source hack/lib/image_lib.sh
 
 #
 # push_image_tags <source_image> <push_image>
@@ -14,12 +11,15 @@ semver_regex="^v(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)$"
 # the base image name in pushed image tags.
 #
 function push_image_tags() {
+
   source_image=$1; shift || fatal "${FUNCNAME} usage error"
   push_image=$1; shift || push_image=$source_image
 
   print_image_info $source_image
   print_git_tags
-  docker_login
+
+  docker_login $push_image
+
   check_can_push || return 0
 
   images=$(get_image_tags $push_image)
@@ -67,83 +67,6 @@ function print_git_tags() {
   fi
 }
 
-#
-# docker_login <image_name>
-#
-# docker_login performs a docker login for the server of the provided
-# image if the DOCKER_USERNAME and DOCKER_PASSWORD environment variables
-# are set.
-#
-function docker_login() {
-  if [[ -n "$DOCKER_USERNAME" && -n "$DOCKER_PASSWORD" ]]; then
-    server=$(docker_server_for_image $image_name)
-    echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin "$server"
-  fi
-}
-
-#
-# check_can_push
-#
-# check_can_push performs various checks to determine whether images
-# built from this commit should be pushed. It prints a message and 
-# returns a failure code if any check doesn't pass.
-#
-function check_can_push() {
-  if [[ "$TRAVIS" != "true" ]]; then
-    echo "Detected execution in a non-TravisCI environment. Skipping image push."
-    return 1
-  elif [[ "$TRAVIS_EVENT_TYPE" == "pull_request" ]]; then
-    echo "Detected pull request commit. Skipping image push"
-    return 1
-  elif [[ ! -f "$HOME/.docker/config.json" ]]; then
-    echo "Docker login credentials required to push. Skipping image push."
-    return 1
-  fi
-}
-
-#
-# get_image_tags <image_name>
-#
-# get_image_tags returns a list of tags that are eligible to be pushed.
-# If an image name is passed as an argument, the full <name>:<tag> will
-# be returned for each eligible tag. The criteria is:
-#   1. Is TRAVIS_BRANCH set?                 => <image_name>:$TRAVIS_BRANCH
-#   2. Is TRAVIS_TAG highest semver release? => <image_name>:latest
-#
-function get_image_tags() {
-  image_name=$1
-  [[ -n "$image_name" ]] && image_name="${image_name}:"
-
-  # Tag `:$TRAVIS_BRANCH` if it is set.
-  # Note that if the build is for a tag, $TRAVIS_BRANCH is set
-  # to the tag, so this works in both cases
-  if [[ -n "$TRAVIS_BRANCH" ]]; then
-    echo "${image_name}${TRAVIS_BRANCH}"
-  fi
-
-  # Tag `:latest` if $TRAVIS_TAG is the highest semver tag found in
-  # the repository.
-  if is_latest_tag "$TRAVIS_TAG"; then
-    echo "${image_name}latest"
-  fi
-}
-
-#
-# docker_server_for_image <image_name>
-#
-# docker_server_for_image returns the server component of the image
-# name. If the image name does not contain a server component, an
-# empty string is returned.
-#
-function docker_server_for_image() {
-  image_name=$1; shift || fatal "${FUNCNAME} usage error"
-  IFS='/' read -r -a segments <<< "$image_name"
-  if [[ "${#segments[@]}" -gt "2" ]]; then
-    echo "${segments[0]}"
-  else
-    echo ""
-  fi
-}
 
 #
 # latest_git_version
@@ -157,22 +80,4 @@ function latest_git_version() {
   git tag -l | egrep "${semver_regex}" | sort -V | tail -1
 }
 
-#
-# is_latest_tag <candidate>
-#
-# is_latest_tag returns whether the candidate tag matches
-# the latest tag from the git repository, based on semver.
-# To be the latest tag, the candidate must match the semver
-# release format.
-#
-function is_latest_tag() {
-  candidate=$1; shift || fatal "${FUNCNAME} usage error"
-  if ! [[ "$candidate" =~ $semver_regex ]]; then
-    return 1
-  fi
-
-  latest="$(latest_git_version)"
-  [[ -z "$latest" || "$candidate" == "$latest" ]]
-}
-
 push_image_tags "$@"

hack/image/push-manifest-list.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+source hack/lib/image_lib.sh
+
+#
+# push_manifest_list <source_image> <push_image> [<arch1> <arch2> <archN>]
+#
+# push_manifest_list uses the pre-pushed images for each
+# supported architecture and pushes a manifest list for each
+# of the tags from the Travis CI envionment (created during
+# the image push job).
+#
+function push_manifest_list() {
+  push_image=$1; shift || fatal "${FUNCNAME} usage error"
+  arches=$@
+
+  docker_login $push_image
+
+  check_can_push || return 0
+
+  tags=$(get_image_tags)
+  for tag in $tags; do
+    images_with_arches=$(get_arch_images $push_image $tag $arches)
+    DOCKER_CLI_EXPERIMENTAL="enabled" docker manifest create $push_image:$tag $images_with_arches
+    DOCKER_CLI_EXPERIMENTAL="enabled" docker manifest push --purge $push_image:$tag
+  done
+
+}
+
+function get_arch_images(){
+    image=$1; shift || fatal "${FUNCNAME} usage error"
+    tag=$1; shift || fatal "${FUNCNAME} usage error"
+    arches="$@"
+    for arch in $arches; do
+        echo "$image-$arch:$tag"
+    done
+}
+
+push_manifest_list "$@"