multiarch console

.github/workflows/build-push.yaml

@@ -14,6 +14,7 @@ permissions:
 env:
   REGISTRY: localhost
   NAME: patterns-operator
+  CONSOLE_NAME: patterns-operator-console
   TAG: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || (github.ref_name == 'main' && 'latest' || github.ref_name) }}
 
 jobs:
@@ -61,8 +62,41 @@ jobs:
           path: /tmp/image-${{ matrix.targetarch }}.tar
           retention-days: 1
 
+  build-console:
+    strategy:
+      matrix:
+        include:
+          - targetarch: amd64
+            runner: ubuntu-latest
+          - targetarch: arm64
+            runner: ubuntu-24.04-arm
+
+    runs-on: ${{ matrix.runner }}
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          persist-credentials: false
+
+      - name: Build console container image and save tarball
+        env:
+          TARGETARCH: ${{ matrix.targetarch }}
+          CONSOLE_PLUGIN_IMAGE: ${{ env.CONSOLE_NAME }}:${{ env.TAG }}
+        run: |
+          make "console-build-${TARGETARCH}"
+          buildah push "${CONSOLE_PLUGIN_IMAGE}-${TARGETARCH}" "docker-archive:/tmp/console-image-${TARGETARCH}.tar:${CONSOLE_PLUGIN_IMAGE}-${TARGETARCH}"
+
+      - name: Upload image artifact
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
+        with:
+          name: console-image-${{ matrix.targetarch }}-${{ github.run_id }}
+          path: /tmp/console-image-${{ matrix.targetarch }}.tar
+          retention-days: 1
+
   pre-push-check:
-    needs: [build-container]
+    needs: [build-container, build-console]
     if: github.event_name != 'pull_request'
     runs-on: ubuntu-latest
     steps:
@@ -115,10 +149,24 @@ jobs:
           name: image-arm64-${{ github.run_id }}
           path: /tmp
 
+      - name: Download console AMD64 image
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
+        with:
+          name: console-image-amd64-${{ github.run_id }}
+          path: /tmp
+
+      - name: Download console ARM64 image
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
+        with:
+          name: console-image-arm64-${{ github.run_id }}
+          path: /tmp
+
       - name: Load tarballs into local containers-storage
         run: |
           buildah pull docker-archive:/tmp/image-amd64.tar
           buildah pull docker-archive:/tmp/image-arm64.tar
+          buildah pull docker-archive:/tmp/console-image-amd64.tar
+          buildah pull docker-archive:/tmp/console-image-arm64.tar
 
       - name: Log into Quay
         env:
@@ -134,13 +182,20 @@ jobs:
         env:
           UPLOADREGISTRY: ${{ matrix.upload_registry }}
           OPERATOR_IMG: ${{ env.NAME }}:${{ env.TAG }}
+          CONSOLE_PLUGIN_IMAGE: ${{ env.CONSOLE_NAME }}:${{ env.TAG }}
         run: |
           make buildah-manifest
           buildah manifest add --arch=amd64 "${REGISTRY}/${OPERATOR_IMG}" "${REGISTRY}/${OPERATOR_IMG}-amd64"
           buildah manifest add --arch=arm64 "${REGISTRY}/${OPERATOR_IMG}" "${REGISTRY}/${OPERATOR_IMG}-arm64"
           make buildah-push
           DIGEST=$(skopeo inspect --format "{{.Digest}}" "docker://${UPLOADREGISTRY}/${OPERATOR_IMG}")
           echo "digest=$DIGEST" >> "$GITHUB_OUTPUT"
+          make console-multiarch-manifest
+          buildah manifest add --arch=arm64 "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}" "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}-arm64"
+          buildah manifest add --arch=amd64 "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}" "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}-amd64"
+          make console-push
+          CONSOLE_DIGEST=$(skopeo inspect --format "{{.Digest}}" "docker://${UPLOADREGISTRY}/${CONSOLE_PLUGIN_IMAGE}")
+          echo "console_digest=$CONSOLE_DIGEST" >> "$GITHUB_OUTPUT"
 
       - name: Install cosign
         uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
@@ -152,8 +207,11 @@ jobs:
       - name: Sign the published Docker image
         env:
           DIGEST: ${{ steps.manifest-push.outputs.digest }}
+          CONSOLE_DIGEST: ${{ steps.manifest-push.outputs.console_digest }}
           UPLOADREGISTRY: ${{ matrix.upload_registry }}
           OPERATOR_IMG: ${{ env.NAME }}:${{ env.TAG }}
+          CONSOLE_PLUGIN_IMAGE: ${{ env.CONSOLE_NAME }}:${{ env.TAG }}
         run: |
           cat "${XDG_RUNTIME_DIR}/containers/auth.json" > ~/.docker/config.json
           cosign sign --yes "${UPLOADREGISTRY}/${OPERATOR_IMG}@${DIGEST}"
+          cosign sign --yes "${UPLOADREGISTRY}/${CONSOLE_PLUGIN_IMAGE}@${CONSOLE_DIGEST}"

.github/workflows/console.yaml

@@ -21,4 +21,4 @@ jobs:
         persist-credentials: false
     - name: Build the console container
       run: |
-        make console-build
+        make console-build-amd64

Makefile

@@ -69,13 +69,13 @@ IMAGE_TAG_BASE ?= $(UPLOADREGISTRY)/$(OPERATOR_NAME)-operator
 BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION)
 
 # Image URL to use all building/pushing image targets
-IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
+export IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
 OPERATOR_IMG ?= $(OPERATOR_NAME)-operator:$(VERSION)
 
 # always release the console with the same tag as the operator and the other way around!
 # Image base URL of the console plugin
-CONSOLE_PLUGIN_IMAGE_BASE ?= $(IMAGE_TAG_BASE)-console
-CONSOLE_PLUGIN_IMAGE ?= $(CONSOLE_PLUGIN_IMAGE_BASE):$(VERSION)
+CONSOLE_PLUGIN_IMAGE_BASE ?= $(OPERATOR_NAME)-operator-console
+export CONSOLE_PLUGIN_IMAGE ?= $(CONSOLE_PLUGIN_IMAGE_BASE):$(VERSION)
 CONSOLE_PLUGIN_DOCKERFILE ?= console-plugin.Dockerfile
 
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
@@ -306,9 +306,7 @@ endef
 .PHONY: bundle
 bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files.
 	$(OPERATOR_SDK) generate kustomize manifests -q
-	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
-	cd config/console-plugin && $(KUSTOMIZE) edit set image console-plugin=$(CONSOLE_PLUGIN_IMAGE)
-	$(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS)
+	$(KUSTOMIZE) build config/manifests | envsubst | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS)
 	$(MAKE) bundle-fixes bundle-date
 	./hack/set_openshift_minimum_version.sh
 	$(OPERATOR_SDK) bundle validate ./bundle
@@ -359,22 +357,6 @@ ifneq ($(origin CATALOG_BASE_IMG), undefined)
 FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG)
 endif
 
-# Generate Dockerfile using the template. It uses envsubst to replace the value of the version label in the container
-.PHONY: generate-dockerfile-console-plugin
-generate-dockerfile-console-plugin:
-	VERSION=$(VERSION) SUPPORTED_OCP_VERSIONS=$(SUPPORTED_OCP_VERSIONS) envsubst < templates/console-plugin.Dockerfile.template > $(CONSOLE_PLUGIN_DOCKERFILE)
-
-.PHONY: console-build
-console-build: generate-dockerfile-console-plugin ## Build the console image
-	@echo "Building console image with cache optimization..."
-	@podman pull $(CONSOLE_PLUGIN_IMAGE_BASE):latest 2>/dev/null || true
-	podman build -f $(CURPATH)/$(CONSOLE_PLUGIN_DOCKERFILE) -t ${CONSOLE_PLUGIN_IMAGE} .
-	podman tag ${CONSOLE_PLUGIN_IMAGE} $(CONSOLE_PLUGIN_IMAGE_BASE):latest
-
-.PHONY: console-push
-console-push: ## Push the console image
-	podman push $(CONSOLE_PLUGIN_IMAGE)
-
 # Build an OLM catalog image by adding the bundle image to a simple catalog using the
 # operator package manager tool, 'opm'. For more information see:
 # https://olm.operatorframework.io/docs/reference/catalog-templates
@@ -417,3 +399,32 @@ super-linter: ## Runs super linter locally
 					-v $(PWD):/tmp/lint:rw,z \
 					-w /tmp/lint \
 					ghcr.io/super-linter/super-linter@sha256:6c71bd17ab38ceb7acb5b93ef72f5c2288b5456a5c82693ded3ee8bb501bba7f # slim-v8.1.0
+
+##@ Console plugin tasks
+# Generate Dockerfile using the template. It uses envsubst to replace the value of the version label in the container
+.PHONY: generate-dockerfile-console-plugin
+generate-dockerfile-console-plugin:
+	VERSION=$(VERSION) SUPPORTED_OCP_VERSIONS=$(SUPPORTED_OCP_VERSIONS) envsubst < templates/console-plugin.Dockerfile.template > $(CONSOLE_PLUGIN_DOCKERFILE)
+
+.PHONY: console-multiarch-manifest
+console-multiarch-manifest: ## creates the buildah manifest for multi-arch images
+	# The rm is needed due to bug https://www.github.com/containers/podman/issues/19757
+	buildah manifest rm "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}" || /bin/true
+	buildah manifest create "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}"
+
+.PHONY: console-build-amd64
+console-build-amd64: generate-dockerfile-console-plugin console-multiarch-manifest ## build the console in amd64
+	@echo "Building the console amd64"
+	buildah build --platform linux/amd64 --format docker -f $(CONSOLE_PLUGIN_DOCKERFILE) -t "${CONSOLE_PLUGIN_IMAGE}-amd64"
+	buildah manifest add --arch=amd64 "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}" "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}-amd64"
+
+.PHONY: console-build-arm64
+console-build-arm64: generate-dockerfile-console-plugin console-multiarch-manifest ## build the console in amd64
+	@echo "Building the console arm64"
+	buildah build --platform linux/arm64 --format docker -f $(CONSOLE_PLUGIN_DOCKERFILE) -t "${CONSOLE_PLUGIN_IMAGE}-arm64"
+	buildah manifest add --arch=arm64 "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}" "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}-arm64"
+
+.PHONY: console-push
+console-push: ## Uploads the container to quay.io/validatedpatterns/${CONSOLE_PLUGIN_IMAGE}
+	@echo "Uploading the ${REGISTRY}/${CONSOLE_PLUGIN_IMAGE} container to ${UPLOADREGISTRY}/${CONSOLE_PLUGIN_IMAGE}"
+	buildah manifest push --all "${REGISTRY}/${CONSOLE_PLUGIN_IMAGE}" "docker://${UPLOADREGISTRY}/${CONSOLE_PLUGIN_IMAGE}"

config/console-plugin/deployment.yaml

@@ -20,7 +20,7 @@ spec:
         app.kubernetes.io/component: patterns-operator-console-plugin
     spec:
       containers:
-      - image: console-plugin
+      - image: ${CONSOLE_PLUGIN_IMAGE}
         name: patterns-operator-console-plugin
         env:
         - name: OPERATOR_NAMESPACE

config/console-plugin/kustomization.yaml

@@ -5,7 +5,3 @@ resources:
 - service.yaml
 - deployment.yaml
 - configmap.yaml
-images:
-- name: console-plugin
-  newName: kuemper.int.rhx/bandini/patterns-operator-console
-  newTag: 6.6.6

config/manager/manager.yaml

@@ -31,7 +31,7 @@ spec:
         - /manager
         args:
         - --leader-elect
-        image: controller:latest
+        image: ${IMG}
         name: manager
         securityContext:
           allowPrivilegeEscalation: false

hack/operator-build-deploy.sh

@@ -75,7 +75,7 @@ if [ $ret -ne 0 ]; then
 fi
 
 make VERSION=${VERSION} UPLOADREGISTRY="${UPLOADREGISTRY}" CHANNELS=fast USE_IMAGE_DIGESTS="" \
-    manifests bundle generate docker-build docker-push console-build console-push bundle-build bundle-push catalog-build \
+    manifests bundle generate docker-build docker-push console-build-amd64 console-push bundle-build bundle-push catalog-build \
     catalog-push catalog-install
 
 # If the operator already exists in openshift-operators, keep using that namespace;

templates/console-plugin.Dockerfile.template

@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi10/nodejs-22:latest AS build
+FROM registry.access.redhat.com/ubi9/nodejs-22:latest AS build
 USER root
 RUN command -v yarn || npm i -g yarn
 
@@ -8,7 +8,7 @@ COPY console/ .
 RUN sed -r -i "s|\"version\": \"0.0.1\"|\"version\": \"${VERSION}\"|;" ./package.json
 RUN yarn install && yarn build
 
-FROM registry.access.redhat.com/ubi10/nginx-126:latest
+FROM registry.access.redhat.com/ubi9/nginx-126:latest
 LABEL \
     com.redhat.openshift.versions="${SUPPORTED_OCP_VERSIONS}" \
     com.redhat.component="Console plugin image for OpenShift Pattern Operator" \