From 2035c6a5c1cb7f9bd263818de1c025c745a44d6d Mon Sep 17 00:00:00 2001 From: Vincent Shen Date: Tue, 18 Jun 2024 02:49:50 -0700 Subject: [PATCH] Adding OCP4 multi-arch support Let's skip sbom, using a forked github action for now before we have https://github.com/metal-toolbox/container-push/pull/77 landed. Modified Dockerfile so we only build certain profiles for s390x and ppc64le. Update github action to build for s390x and ppc64le. --- .github/workflows/k8s-content-pr.yaml | 2 +- .github/workflows/k8s-content.yaml | 1 + Dockerfiles/ocp4_content | 46 +++++++++++++++++++++++---- 3 files changed, 42 insertions(+), 7 deletions(-) diff --git a/.github/workflows/k8s-content-pr.yaml b/.github/workflows/k8s-content-pr.yaml index e853d89ced8..13777af3192 100644 --- a/.github/workflows/k8s-content-pr.yaml +++ b/.github/workflows/k8s-content-pr.yaml @@ -91,7 +91,7 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} push: true - platforms: 'linux/amd64' + platforms: 'linux/amd64,linux/ppc64le,linux/s390x' - name: Get container info id: container_info run: | diff --git a/.github/workflows/k8s-content.yaml b/.github/workflows/k8s-content.yaml index 13322675f48..68d09d14470 100644 --- a/.github/workflows/k8s-content.yaml +++ b/.github/workflows/k8s-content.yaml @@ -20,3 +20,4 @@ jobs: dockerfile_path: ./Dockerfiles/ocp4_content licenses: BSD vendor: ComplianceAsCode authors + platforms: 'linux/amd64,linux/ppc64le,linux/s390x' diff --git a/Dockerfiles/ocp4_content b/Dockerfiles/ocp4_content index 501c0516e61..e7092b62daa 100644 --- a/Dockerfiles/ocp4_content +++ b/Dockerfiles/ocp4_content @@ -1,5 +1,3 @@ -# This dockerfile builds the content in the current repo for OCP4 - FROM registry.fedoraproject.org/fedora-minimal:latest as builder WORKDIR /content @@ -8,10 +6,46 @@ RUN microdnf -y install cmake make git /usr/bin/python3 python3-pyyaml python3-j COPY . . -RUN ./build_product --datastream-only --debug ocp4 rhcos4 eks + +# Enable only certain profiles on ppc64le and s390x +RUN if [ "$(uname -m)" == "x86_64" ]; then \ + echo "Building OpenShift and RHCOS content for x86_64"; \ + else echo "Building OpenShift content for $(uname -m)" && \ + # Disable all profiles first + find . -name "*.profile" -exec sed -i 's/\(documentation_complete: \).*/\1false/' '{}' \; && \ + # Enable the default.profiles as they maintain a list rules to be added to the datastream + find . -name "default\.profile" -exec sed -i 's/\(documentation_complete: \).*/\1true/' '{}' \; && \ + sed -i 's/\(documentation_complete: \).*/\1true/' \ + products/ocp4/profiles/pci-dss-node-3-2.profile \ + products/ocp4/profiles/pci-dss-3-2.profile \ + products/ocp4/profiles/pci-dss-node.profile \ + products/ocp4/profiles/pci-dss.profile \ + products/ocp4/profiles/cis-node.profile \ + products/ocp4/profiles/cis.profile \ + products/ocp4/profiles/cis-node-1-4.profile \ + products/ocp4/profiles/cis-1-4.profile \ + products/ocp4/profiles/cis-node-1-5.profile \ + products/ocp4/profiles/cis-1-5.profile \ + products/ocp4/profiles/moderate-node.profile \ + products/ocp4/profiles/moderate.profile \ + products/ocp4/profiles/moderate-node-rev-4.profile \ + products/ocp4/profiles/moderate-rev-4.profile && \ + # OCPBUGS-32794: Ensure stability of rules shipped + # Before building the content we re-enable all profiles as hidden, this will include any rule selected + # by these profiles in the data stream without creating a profile for them. + grep -lr 'documentation_complete: false' ./products | xargs -I '{}' \ + sed -i -e 's/\(documentation_complete: \).*/\1true/' -e '/documentation_complete/a hidden: true' {}; \ + fi + +# Build the OpenShift, EKS, and RHCOS content for x86 architectures. Only build +# OpenShift content for ppc64le and s390x architectures since we're not +# including any RHCOS profiles on those architectures right now anyway. +RUN if [ "$(uname -m)" = "x86_64" ]; then \ + ./build_product ocp4 rhcos4 eks --datastream-only; \ + else ./build_product ocp4 --datastream-only; \ + fi FROM registry.access.redhat.com/ubi8/ubi-micro:latest + WORKDIR / -COPY --from=builder /content/build/ssg-ocp4-ds.xml . -COPY --from=builder /content/build/ssg-rhcos4-ds.xml . -COPY --from=builder /content/build/ssg-eks-ds.xml . +COPY --from=builder /content/build/ssg-*-ds.xml .