From a9c6d46f7d49c85bdc4d61bfd1c0be4bbae98f45 Mon Sep 17 00:00:00 2001
From: Polina Bungina <27892524+hughcapet@users.noreply.github.com>
Date: Mon, 17 Apr 2023 20:28:27 +0700
Subject: [PATCH] Add pipeline to publish ghcr multi-arch image (#2268)

Refactor operator image build process
Add a pipeline to build and publish arm64/amd64 image in ghcr on every
pushed tag
---
 .github/workflows/publish_ghcr_image.yaml | 56 +++++++++++++++++++++++
 .github/workflows/run_e2e.yaml            |  2 -
 Makefile                                  |  8 +---
 docker/Dockerfile                         | 17 ++++++-
 docker/build_operator.sh                  | 31 +++++++++++++
 5 files changed, 104 insertions(+), 10 deletions(-)
 create mode 100644 .github/workflows/publish_ghcr_image.yaml
 create mode 100644 docker/build_operator.sh

diff --git a/.github/workflows/publish_ghcr_image.yaml b/.github/workflows/publish_ghcr_image.yaml
new file mode 100644
index 000000000..356e62601
--- /dev/null
+++ b/.github/workflows/publish_ghcr_image.yaml
@@ -0,0 +1,56 @@
+name: Publish multiarch postgres-operator image on ghcr.io
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+on:
+  push:
+    tags:
+      - '*'
+jobs:
+  publish:
+    name: Build, test and push image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - uses: actions/setup-go@v2
+        with:
+          go-version: "^1.18.9"
+
+      - name: Run unit tests
+        run: make deps mocks test
+
+      - name: Define image name
+        id: image
+        run: |
+            IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${GITHUB_REF/refs\/tags\//}"
+            echo "NAME=$IMAGE" >> $GITHUB_OUTPUT
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to GHCR
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push multiarch image to ghcr
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: docker/Dockerfile
+          push: true
+          build-args: BASE_IMAGE=alpine:3.15
+          tags: "${{ steps.image.outputs.NAME }}"
+          platforms: linux/amd64,linux/arm64
diff --git a/.github/workflows/run_e2e.yaml b/.github/workflows/run_e2e.yaml
index d04673dc4..64f91dbe7 100644
--- a/.github/workflows/run_e2e.yaml
+++ b/.github/workflows/run_e2e.yaml
@@ -19,8 +19,6 @@ jobs:
       run: make deps mocks
     - name: Code generation
       run: make codegen
-    - name: Compile
-      run: make linux
     - name: Run unit tests
       run: make test
     - name: Run end-2-end tests
diff --git a/Makefile b/Makefile
index 792c43075..754382b5a 100644
--- a/Makefile
+++ b/Makefile
@@ -60,17 +60,13 @@ linux: ${SOURCES}
 macos: ${SOURCES}
 	GOOS=darwin GOARCH=amd64 CGO_ENABLED=${CGO_ENABLED} go build -o build/macos/${BINARY} ${BUILD_FLAGS} -ldflags "$(LDFLAGS)" $^
 
-docker-context: scm-source.json linux
-	mkdir -p docker/build/
-	cp build/linux/${BINARY} scm-source.json docker/build/
-
-docker: ${DOCKERDIR}/${DOCKERFILE} docker-context
+docker: ${DOCKERDIR}/${DOCKERFILE} scm-source.json
 	echo `(env)`
 	echo "Tag ${TAG}"
 	echo "Version ${VERSION}"
 	echo "CDP tag ${CDP_TAG}"
 	echo "git describe $(shell git describe --tags --always --dirty)"
-	cd "${DOCKERDIR}" && docker build --rm -t "$(IMAGE):$(TAG)$(CDP_TAG)$(DEBUG_FRESH)$(DEBUG_POSTFIX)" -f "${DOCKERFILE}" .
+	docker build --rm -t "$(IMAGE):$(TAG)$(CDP_TAG)$(DEBUG_FRESH)$(DEBUG_POSTFIX)" -f "${DOCKERDIR}/${DOCKERFILE}" --build-arg VERSION="${VERSION}" .
 
 indocker-race:
 	docker run --rm -v "${GOPATH}":"${GOPATH}" -e GOPATH="${GOPATH}" -e RACE=1 -w ${PWD} golang:1.18.9 bash -c "make linux"
diff --git a/docker/Dockerfile b/docker/Dockerfile
index becfcf308..bad0dc71b 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,11 +1,24 @@
-FROM registry.opensource.zalan.do/library/alpine-3.15:latest
+ARG BASE_IMAGE=registry.opensource.zalan.do/library/alpine-3.15:latest
+ARG VERSION=latest
+
+FROM ubuntu:20.04 as builder
+
+ARG VERSION
+
+COPY  . /go/src/github.com/zalando/postgres-operator
+WORKDIR /go/src/github.com/zalando/postgres-operator
+
+ENV OPERATOR_LDFLAGS="-X=main.version=${VERSION}"
+RUN bash docker/build_operator.sh
+
+FROM ${BASE_IMAGE}
 LABEL maintainer="Team ACID @ Zalando <team-acid@zalando.de>"
 
 # We need root certificates to deal with teams api over https
 RUN apk --no-cache add curl
 RUN apk --no-cache add ca-certificates
 
-COPY build/* /
+COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* /
 
 RUN addgroup -g 1000 pgo
 RUN adduser -D -u 1000 -G pgo -g 'Postgres Operator' pgo
diff --git a/docker/build_operator.sh b/docker/build_operator.sh
new file mode 100644
index 000000000..9f812da04
--- /dev/null
+++ b/docker/build_operator.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+
+arch=$(dpkg --print-architecture)
+
+set -ex
+
+# Install dependencies
+
+apt-get update
+apt-get install -y wget
+
+(
+    cd /tmp
+    wget -q "https://storage.googleapis.com/golang/go1.18.9.linux-${arch}.tar.gz" -O go.tar.gz
+    tar -xf go.tar.gz
+    mv go /usr/local
+    ln -s /usr/local/go/bin/go /usr/bin/go
+    go version
+)
+
+# Build
+
+export PATH="$PATH:$HOME/go/bin"
+export GOPATH="$HOME/go"
+mkdir -p build
+cp scm-source.json build/
+
+GO111MODULE=on go mod vendor
+CGO_ENABLED=0 go build -o build/postgres-operator -v -ldflags "$OPERATOR_LDFLAGS" cmd/main.go