Added multiarch build support for teleport-operator

Makefile

@@ -16,7 +16,6 @@ VERSION=12.0.0-dev
 DOCKER_IMAGE_QUAY ?= quay.io/gravitational/teleport
 DOCKER_IMAGE_ECR ?= public.ecr.aws/gravitational/teleport
 DOCKER_IMAGE_STAGING ?= 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport
-DOCKER_IMAGE_OPERATOR_STAGING ?= 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator
 
 
 GOPATH ?= $(shell go env GOPATH)
@@ -1035,23 +1034,6 @@ publish-ci: image-ci
 	fi
 	if [ -f e/Makefile ]; then $(MAKE) -C e publish-ci; fi
 
-# Docker image build for Teleport Operator
-.PHONY: image-operator-ci
-image-operator-ci:
-	make -C operator docker-build IMG="$(DOCKER_IMAGE_OPERATOR_STAGING):$(VERSION)"
-
-# DOCKER_CLI_EXPERIMENTAL=enabled is set to allow inspecting the manifest for present images.
-# https://docs.docker.com/engine/reference/commandline/cli/#experimental-features
-# The internal staging images use amazon ECR's immutable repository settings. This makes overwrites impossible currently.
-# This can cause issues when drone tagging pipelines must be re-run due to failures.
-# Currently the work around for this is to not attempt to push to the image when it already exists.
-.PHONY: publish-operator-ci
-publish-operator-ci: image-operator-ci
-	@if DOCKER_CLI_EXPERIMENTAL=enabled docker manifest inspect "$(DOCKER_IMAGE_OPERATOR_STAGING):$(VERSION)" >/dev/null 2>&1; then \
-		echo "$(DOCKER_IMAGE_OPERATOR_STAGING):$(VERSION) already exists. ";                                                         \
-	else                                                                                                                             \
-		docker push "$(DOCKER_IMAGE_OPERATOR_STAGING):$(VERSION)";                                                                   \
-	fi
 
 .PHONY: print-version
 print-version:

build.assets/images.mk

@@ -1,5 +1,7 @@
 # Those variables are extracted from build.assets/Makefile so they can be imported
 # by other Makefiles
+# These values may need to be updated in `dronegen/container_image_products.go` if
+# they change here
 BUILDBOX_VERSION ?= teleport11
 
 BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:$(BUILDBOX_VERSION)

dronegen/common.go

@@ -33,6 +33,16 @@ const (
 	// ProductionRegistryQuay is the production image registry that hosts images on quay.io. Will be deprecated in the future.
 	// See RFD 73 - https://github.com/gravitational/teleport/blob/c18c09f5d562dd46a509154eab4295ad39decc3c/rfd/0073-public-image-registry.md
 	ProductionRegistryQuay = "quay.io"
+
+	// Go version used by internal tools
+	GoVersion = "1.18"
+
+	// The name of this service must match k8s.io/apimachinery/pkg/util/validation `IsDNS1123Subdomain`
+	// so that it is resolvable
+	// See https://github.com/drone-runners/drone-runner-kube/blob/master/engine/compiler/compiler.go#L398
+	// for details
+	LocalRegistryHostname string = "drone-docker-registry"
+	LocalRegistrySocket   string = LocalRegistryHostname + ":5000"
 )
 
 var (
@@ -105,12 +115,20 @@ func pushTriggerForBranch(branches ...string) trigger {
 	return t
 }
 
+func cronTrigger(cronJobNames []string) trigger {
+	return trigger{
+		Cron: triggerRef{Include: cronJobNames},
+		Repo: triggerRef{Include: []string{"gravitational/teleport"}},
+	}
+}
+
 func cloneRepoCommands(cloneDirectory, commit string) []string {
 	return []string{
 		fmt.Sprintf("mkdir -pv %q", cloneDirectory),
 		fmt.Sprintf("cd %q", cloneDirectory),
-		`git init && git remote add origin ${DRONE_REMOTE_URL}`,
-		`git fetch origin --tags`,
+		"git init",
+		"git remote add origin ${DRONE_REMOTE_URL}",
+		"git fetch origin --tags",
 		fmt.Sprintf("git checkout -qf %q", commit),
 	}
 }
@@ -215,6 +233,27 @@ func dockerService(v ...volumeRef) service {
 	}
 }
 
+// Starts a container registry service at `LocalRegistrySocket`
+// This can be pushed/pulled to via `docker push/pull <LocalRegistrySocket>:5000/image:tag`
+func dockerRegistryService() service {
+	return service{
+		Name:  LocalRegistryHostname,
+		Image: "registry:2",
+	}
+}
+
+// dockerVolumes returns a slice of volumes
+// It includes the Docker socket volume by default, plus any extra volumes passed in
+func dockerVolumes(v ...volume) []volume {
+	return append(v, volumeDocker)
+}
+
+// dockerVolumeRefs returns a slice of volumeRefs
+// It includes the Docker socket volumeRef as a default, plus any extra volumeRefs passed in
+func dockerVolumeRefs(v ...volumeRef) []volumeRef {
+	return append(v, volumeRefDocker)
+}
+
 // releaseMakefileTarget gets the correct Makefile target for a given arch/fips/centos combo
 func releaseMakefileTarget(b buildType) string {
 	makefileTarget := fmt.Sprintf("release-%s", b.arch)
@@ -251,17 +290,23 @@ func waitForDockerStep() step {
 	}
 }
 
-func verifyValidPromoteRunSteps(checkoutPath, commit string, isParallelismEnabled bool) []step {
-	tagStep := verifyTaggedStep()
-	cloneStep := cloneRepoStep(checkoutPath, commit)
-	verifyStep := verifyNotPrereleaseStep(checkoutPath)
-
-	if isParallelismEnabled {
-		cloneStep.DependsOn = []string{tagStep.Name}
-		verifyStep.DependsOn = []string{cloneStep.Name}
+// waitForDockerStep returns a step which checks that the Docker registry is ready
+func waitForDockerRegistryStep() step {
+	return step{
+		Name:  "Wait for docker registry",
+		Image: "alpine",
+		Commands: []string{
+			"apk add curl",
+			fmt.Sprintf(`timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %%{http_code} http://%s/)" != "200" ]; do sleep 1; done'`, LocalRegistrySocket),
+		},
 	}
+}
 
-	return []step{tagStep, cloneStep, verifyStep}
+func verifyValidPromoteRunSteps() []step {
+	tagStep := verifyTaggedStep()
+	verifyStep := verifyNotPrereleaseStep()
+
+	return []step{tagStep, verifyStep}
 }
 
 func verifyTaggedStep() step {
@@ -283,13 +328,20 @@ func cloneRepoStep(clonePath, commit string) step {
 	}
 }
 
-func verifyNotPrereleaseStep(checkoutPath string) step {
+func verifyNotPrereleaseStep() step {
+	clonePath := "/tmp/repo"
+	commands := []string{
+		"apk add git",
+	}
+	commands = append(commands, cloneRepoCommands(clonePath, "${DRONE_TAG}")...)
+	commands = append(commands,
+		fmt.Sprintf("cd %q", path.Join(clonePath, "build.assets", "tooling")),
+		"go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> This is a prerelease, not continuing promotion for ${DRONE_TAG}' && exit 78)",
+	)
+
 	return step{
-		Name:  "Check if tag is prerelease",
-		Image: "golang:1.18-alpine",
-		Commands: []string{
-			fmt.Sprintf("cd %q", path.Join(checkoutPath, "build.assets", "tooling")),
-			"go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> This is a prerelease, not continuing promotion for ${DRONE_TAG}' && exit 78)",
-		},
+		Name:     "Check if tag is prerelease",
+		Image:    fmt.Sprintf("golang:%s-alpine", GoVersion),
+		Commands: commands,
 	}
 }