From 2113bdb08c490641fc37a482ad6e4019e0b67075 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Tue, 14 Apr 2026 14:20:11 +0200 Subject: [PATCH 1/3] Use env variables for overriding images --- Makefile | 2 +- config/console-plugin/deployment.yaml | 2 +- config/console-plugin/kustomization.yaml | 4 ---- config/manager/manager.yaml | 2 +- 4 files changed, 3 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index e8e7be888..ce39ff4d7 100644 --- a/Makefile +++ b/Makefile @@ -69,7 +69,7 @@ IMAGE_TAG_BASE ?= $(UPLOADREGISTRY)/$(OPERATOR_NAME)-operator BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) # Image URL to use all building/pushing image targets -IMG ?= $(IMAGE_TAG_BASE):$(VERSION) +export IMG ?= $(IMAGE_TAG_BASE):$(VERSION) OPERATOR_IMG ?= $(OPERATOR_NAME)-operator:$(VERSION) # always release the console with the same tag as the operator and the other way around! diff --git a/config/console-plugin/deployment.yaml b/config/console-plugin/deployment.yaml index e3be4b01e..78be6aa43 100644 --- a/config/console-plugin/deployment.yaml +++ b/config/console-plugin/deployment.yaml @@ -20,7 +20,7 @@ spec: app.kubernetes.io/component: patterns-operator-console-plugin spec: containers: - - image: console-plugin + - image: ${CONSOLE_PLUGIN_IMAGE} name: patterns-operator-console-plugin env: - name: OPERATOR_NAMESPACE diff --git a/config/console-plugin/kustomization.yaml b/config/console-plugin/kustomization.yaml index 3a2c31de8..ebb94649a 100644 --- a/config/console-plugin/kustomization.yaml +++ b/config/console-plugin/kustomization.yaml @@ -5,7 +5,3 @@ resources: - service.yaml - deployment.yaml - configmap.yaml -images: -- name: console-plugin - newName: kuemper.int.rhx/bandini/patterns-operator-console - newTag: 6.6.6 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index de264e617..1f966d2dd 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -31,7 +31,7 @@ spec: - /manager args: - --leader-elect - image: controller:latest + image: ${IMG} name: manager securityContext: allowPrivilegeEscalation: false From e6e1a601f8b051680156b873299ca80f402cbd10 Mon Sep 17 00:00:00 2001 From: Akos Eros Date: Tue, 14 Apr 2026 10:38:32 +0200 Subject: [PATCH 2/3] feat: Add console image build make target and gh workflow for release --- .github/workflows/build-push.yaml | 60 ++++++++++++++++++++++++++++++- .github/workflows/console.yaml | 2 +- Makefile | 53 ++++++++++++++++----------- hack/operator-build-deploy.sh | 2 +- 4 files changed, 93 insertions(+), 24 deletions(-) diff --git a/.github/workflows/build-push.yaml b/.github/workflows/build-push.yaml index 1598335f9..664ff93ea 100644 --- a/.github/workflows/build-push.yaml +++ b/.github/workflows/build-push.yaml @@ -14,6 +14,7 @@ permissions: env: REGISTRY: localhost NAME: patterns-operator + CONSOLE_NAME: patterns-operator-console TAG: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || (github.ref_name == 'main' && 'latest' || github.ref_name) }} jobs: @@ -61,8 +62,41 @@ jobs: path: /tmp/image-${{ matrix.targetarch }}.tar retention-days: 1 + build-console: + strategy: + matrix: + include: + - targetarch: amd64 + runner: ubuntu-latest + - targetarch: arm64 + runner: ubuntu-24.04-arm + + runs-on: ${{ matrix.runner }} + permissions: + contents: read + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + + - name: Build console container image and save tarball + env: + TARGETARCH: ${{ matrix.targetarch }} + CONSOLE_PLUGIN_IMAGE: ${{ env.CONSOLE_NAME }}:${{ env.TAG }} + run: | + make "console-build-${TARGETARCH}" + buildah push "${CONSOLE_PLUGIN_IMAGE}-${TARGETARCH}" "docker-archive:/tmp/console-image-${TARGETARCH}.tar:${CONSOLE_PLUGIN_IMAGE}-${TARGETARCH}" + + - name: Upload image artifact + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 + with: + name: console-image-${{ matrix.targetarch }}-${{ github.run_id }} + path: /tmp/console-image-${{ matrix.targetarch }}.tar + retention-days: 1 + pre-push-check: - needs: [build-container] + needs: [build-container, build-console] if: github.event_name != 'pull_request' runs-on: ubuntu-latest steps: @@ -115,10 +149,24 @@ jobs: name: image-arm64-${{ github.run_id }} path: /tmp + - name: Download console AMD64 image + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 + with: + name: console-image-amd64-${{ github.run_id }} + path: /tmp + + - name: Download console ARM64 image + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 + with: + name: console-image-arm64-${{ github.run_id }} + path: /tmp + - name: Load tarballs into local containers-storage run: | buildah pull docker-archive:/tmp/image-amd64.tar buildah pull docker-archive:/tmp/image-arm64.tar + buildah pull docker-archive:/tmp/console-image-amd64.tar + buildah pull docker-archive:/tmp/console-image-arm64.tar - name: Log into Quay env: @@ -134,6 +182,7 @@ jobs: env: UPLOADREGISTRY: ${{ matrix.upload_registry }} OPERATOR_IMG: ${{ env.NAME }}:${{ env.TAG }} + CONSOLE_PLUGIN_IMAGE: ${{ env.CONSOLE_NAME }}:${{ env.TAG }} run: | make buildah-manifest buildah manifest add --arch=amd64 "${REGISTRY}/${OPERATOR_IMG}" "${REGISTRY}/${OPERATOR_IMG}-amd64" @@ -141,6 +190,12 @@ jobs: make buildah-push DIGEST=$(skopeo inspect --format "{{.Digest}}" "docker://${UPLOADREGISTRY}/${OPERATOR_IMG}") echo "digest=$DIGEST" >> "$GITHUB_OUTPUT" + make console-multiarch-manifest + buildah manifest add --arch=arm64 "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}" "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}-arm64" + buildah manifest add --arch=amd64 "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}" "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}-amd64" + make console-push + CONSOLE_DIGEST=$(skopeo inspect --format "{{.Digest}}" "docker://${UPLOADREGISTRY}/${CONSOLE_PLUGIN_IMAGE}") + echo "console_digest=$CONSOLE_DIGEST" >> "$GITHUB_OUTPUT" - name: Install cosign uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1 @@ -152,8 +207,11 @@ jobs: - name: Sign the published Docker image env: DIGEST: ${{ steps.manifest-push.outputs.digest }} + CONSOLE_DIGEST: ${{ steps.manifest-push.outputs.console_digest }} UPLOADREGISTRY: ${{ matrix.upload_registry }} OPERATOR_IMG: ${{ env.NAME }}:${{ env.TAG }} + CONSOLE_PLUGIN_IMAGE: ${{ env.CONSOLE_NAME }}:${{ env.TAG }} run: | cat "${XDG_RUNTIME_DIR}/containers/auth.json" > ~/.docker/config.json cosign sign --yes "${UPLOADREGISTRY}/${OPERATOR_IMG}@${DIGEST}" + cosign sign --yes "${UPLOADREGISTRY}/${CONSOLE_PLUGIN_IMAGE}@${CONSOLE_DIGEST}" diff --git a/.github/workflows/console.yaml b/.github/workflows/console.yaml index ce50b335d..21581a2c0 100644 --- a/.github/workflows/console.yaml +++ b/.github/workflows/console.yaml @@ -21,4 +21,4 @@ jobs: persist-credentials: false - name: Build the console container run: | - make console-build + make console-build-amd64 diff --git a/Makefile b/Makefile index ce39ff4d7..1cb27237e 100644 --- a/Makefile +++ b/Makefile @@ -74,8 +74,8 @@ OPERATOR_IMG ?= $(OPERATOR_NAME)-operator:$(VERSION) # always release the console with the same tag as the operator and the other way around! # Image base URL of the console plugin -CONSOLE_PLUGIN_IMAGE_BASE ?= $(IMAGE_TAG_BASE)-console -CONSOLE_PLUGIN_IMAGE ?= $(CONSOLE_PLUGIN_IMAGE_BASE):$(VERSION) +CONSOLE_PLUGIN_IMAGE_BASE ?= $(OPERATOR_NAME)-operator-console +export CONSOLE_PLUGIN_IMAGE ?= $(CONSOLE_PLUGIN_IMAGE_BASE):$(VERSION) CONSOLE_PLUGIN_DOCKERFILE ?= console-plugin.Dockerfile # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. @@ -306,9 +306,7 @@ endef .PHONY: bundle bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files. $(OPERATOR_SDK) generate kustomize manifests -q - cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) - cd config/console-plugin && $(KUSTOMIZE) edit set image console-plugin=$(CONSOLE_PLUGIN_IMAGE) - $(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS) + $(KUSTOMIZE) build config/manifests | envsubst | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS) $(MAKE) bundle-fixes bundle-date ./hack/set_openshift_minimum_version.sh $(OPERATOR_SDK) bundle validate ./bundle @@ -359,22 +357,6 @@ ifneq ($(origin CATALOG_BASE_IMG), undefined) FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG) endif -# Generate Dockerfile using the template. It uses envsubst to replace the value of the version label in the container -.PHONY: generate-dockerfile-console-plugin -generate-dockerfile-console-plugin: - VERSION=$(VERSION) SUPPORTED_OCP_VERSIONS=$(SUPPORTED_OCP_VERSIONS) envsubst < templates/console-plugin.Dockerfile.template > $(CONSOLE_PLUGIN_DOCKERFILE) - -.PHONY: console-build -console-build: generate-dockerfile-console-plugin ## Build the console image - @echo "Building console image with cache optimization..." - @podman pull $(CONSOLE_PLUGIN_IMAGE_BASE):latest 2>/dev/null || true - podman build -f $(CURPATH)/$(CONSOLE_PLUGIN_DOCKERFILE) -t ${CONSOLE_PLUGIN_IMAGE} . - podman tag ${CONSOLE_PLUGIN_IMAGE} $(CONSOLE_PLUGIN_IMAGE_BASE):latest - -.PHONY: console-push -console-push: ## Push the console image - podman push $(CONSOLE_PLUGIN_IMAGE) - # Build an OLM catalog image by adding the bundle image to a simple catalog using the # operator package manager tool, 'opm'. For more information see: # https://olm.operatorframework.io/docs/reference/catalog-templates @@ -417,3 +399,32 @@ super-linter: ## Runs super linter locally -v $(PWD):/tmp/lint:rw,z \ -w /tmp/lint \ ghcr.io/super-linter/super-linter@sha256:6c71bd17ab38ceb7acb5b93ef72f5c2288b5456a5c82693ded3ee8bb501bba7f # slim-v8.1.0 + +##@ Console plugin tasks +# Generate Dockerfile using the template. It uses envsubst to replace the value of the version label in the container +.PHONY: generate-dockerfile-console-plugin +generate-dockerfile-console-plugin: + VERSION=$(VERSION) SUPPORTED_OCP_VERSIONS=$(SUPPORTED_OCP_VERSIONS) envsubst < templates/console-plugin.Dockerfile.template > $(CONSOLE_PLUGIN_DOCKERFILE) + +.PHONY: console-multiarch-manifest +console-multiarch-manifest: ## creates the buildah manifest for multi-arch images + # The rm is needed due to bug https://www.github.com/containers/podman/issues/19757 + buildah manifest rm "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}" || /bin/true + buildah manifest create "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}" + +.PHONY: console-build-amd64 +console-build-amd64: generate-dockerfile-console-plugin console-multiarch-manifest ## build the console in amd64 + @echo "Building the console amd64" + buildah build --platform linux/amd64 --format docker -f $(CONSOLE_PLUGIN_DOCKERFILE) -t "${CONSOLE_PLUGIN_IMAGE}-amd64" + buildah manifest add --arch=amd64 "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}" "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}-amd64" + +.PHONY: console-build-arm64 +console-build-arm64: generate-dockerfile-console-plugin console-multiarch-manifest ## build the console in amd64 + @echo "Building the console arm64" + buildah build --platform linux/arm64 --format docker -f $(CONSOLE_PLUGIN_DOCKERFILE) -t "${CONSOLE_PLUGIN_IMAGE}-arm64" + buildah manifest add --arch=arm64 "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}" "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}-arm64" + +.PHONY: console-push +console-push: ## Uploads the container to quay.io/validatedpatterns/${CONSOLE_PLUGIN_IMAGE} + @echo "Uploading the ${REGISTRY}/${CONSOLE_PLUGIN_IMAGE} container to ${UPLOADREGISTRY}/${CONSOLE_PLUGIN_IMAGE}" + buildah manifest push --all "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}" "docker://${UPLOADREGISTRY}/${CONSOLE_PLUGIN_IMAGE}" diff --git a/hack/operator-build-deploy.sh b/hack/operator-build-deploy.sh index 453a7dbb4..aaf599036 100755 --- a/hack/operator-build-deploy.sh +++ b/hack/operator-build-deploy.sh @@ -75,7 +75,7 @@ if [ $ret -ne 0 ]; then fi make VERSION=${VERSION} UPLOADREGISTRY="${UPLOADREGISTRY}" CHANNELS=fast USE_IMAGE_DIGESTS="" \ - manifests bundle generate docker-build docker-push console-build console-push bundle-build bundle-push catalog-build \ + manifests bundle generate docker-build docker-push console-build-amd64 console-push bundle-build bundle-push catalog-build \ catalog-push catalog-install # If the operator already exists in openshift-operators, keep using that namespace; From d7b71beddecfa1b0ba6eae206194c67553423e09 Mon Sep 17 00:00:00 2001 From: Akos Eros Date: Tue, 14 Apr 2026 16:03:19 +0200 Subject: [PATCH 3/3] fix: Change console image to ubi9 to avoid some issues on older cpus --- templates/console-plugin.Dockerfile.template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/console-plugin.Dockerfile.template b/templates/console-plugin.Dockerfile.template index 776e34a5f..febee45ea 100644 --- a/templates/console-plugin.Dockerfile.template +++ b/templates/console-plugin.Dockerfile.template @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi10/nodejs-22:latest AS build +FROM registry.access.redhat.com/ubi9/nodejs-22:latest AS build USER root RUN command -v yarn || npm i -g yarn @@ -8,7 +8,7 @@ COPY console/ . RUN sed -r -i "s|\"version\": \"0.0.1\"|\"version\": \"${VERSION}\"|;" ./package.json RUN yarn install && yarn build -FROM registry.access.redhat.com/ubi10/nginx-126:latest +FROM registry.access.redhat.com/ubi9/nginx-126:latest LABEL \ com.redhat.openshift.versions="${SUPPORTED_OCP_VERSIONS}" \ com.redhat.component="Console plugin image for OpenShift Pattern Operator" \