PCP-5193: release workflow and cicd changes

.github/workflows/spectro-release.yaml

@@ -0,0 +1,71 @@
+name: Spectro Release
+run-name: Release for Cluster API CloudStack ${{ github.event.inputs.release_version }}
+on:
+  workflow_dispatch:
+    inputs:
+      release_version:
+        description: 'Cluster API Version to Build'
+        required: true
+        default: '0.0.0'
+      rel_type:
+        type: choice
+        description: Type of release
+        default: 'rc'
+        options:
+        - release
+        - rc
+jobs:
+  builder:
+    runs-on: ubuntu-latest
+    env:
+      SPECTRO_VERSION: ${{ github.event.inputs.release_version }}
+      LEGACY_REGISTRY: us-docker.pkg.dev/palette-images/palette/cluster-api-cloudstack
+      FIPS_REGISTRY: us-docker.pkg.dev/palette-images-fips/palette/cluster-api-cloudstack
+    steps:
+      - uses: mukunku/tag-exists-action@v1.2.0
+        id: checkTag
+        with:
+          tag: v${{ github.event.inputs.release_version }}-spectro
+      - if: ${{ steps.checkTag.outputs.exists == 'true' }}
+        run: |
+          echo "Tag already exists for v${{ github.event.inputs.release_version }}-spectro..."
+          exit 1
+      - if: ${{ github.event.inputs.rel_type == 'rc' }}
+        run: | 
+          echo "LEGACY_REGISTRY=us-east1-docker.pkg.dev/spectro-images/dev/cluster-api-cloudstack" >> $GITHUB_ENV
+          echo "FIPS_REGISTRY=us-east1-docker.pkg.dev/spectro-images/dev-fips/cluster-api-cloudstack" >> $GITHUB_ENV
+      - uses: actions/checkout@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Login to dev private registry
+        uses: docker/login-action@v1
+        with:
+          registry: ${{ secrets.DEV_REGISTRY_URL }}
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+      - name: Build Image
+        env:
+          REGISTRY: ${{ env.LEGACY_REGISTRY }}
+        run: |
+          make docker-build-all
+          make docker-push-all
+      - name: Build Image - FIPS Mode
+        env:
+          FIPS_ENABLE: yes
+          REGISTRY: ${{ env.FIPS_REGISTRY }}
+        run: |
+          make docker-build-all
+          make docker-push-all
+      - name: Create Release
+        if: ${{ github.event.inputs.rel_type == 'release' }}
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: v${{ github.event.inputs.release_version }}-spectro
+          release_name: Release v${{ github.event.inputs.release_version }}-spectro
+          body: |
+            Release version v${{ github.event.inputs.release_version }}-spectro
+          draft: false
+          prerelease: false

Dockerfile

@@ -1,8 +1,47 @@
-# Use distroless as minimal base image to package the manager binary
-# Refer to https://github.com/GoogleContainerTools/distroless for more details
+ARG BUILDER_GOLANG_VERSION
+ARG ARCH
+
+FROM --platform=$ARCH us-docker.pkg.dev/palette-images/build-base-images/golang:${BUILDER_GOLANG_VERSION}-alpine as toolchain
+
+ARG goproxy=https://proxy.golang.org
+ENV GOPROXY=$goproxy
+
+ARG CRYPTO_LIB
+ENV GOEXPERIMENT=${CRYPTO_LIB:+boringcrypto}
+
+FROM toolchain as builder
+WORKDIR /workspace
+
+RUN apk update
+RUN apk add git gcc g++ curl
+
+COPY go.mod go.mod
+COPY go.sum go.sum
+
+RUN  --mount=type=cache,target=/root/.local/share/golang \
+     --mount=type=cache,target=/go/pkg/mod \
+     go mod download
+
+COPY ./ ./
+
+ARG ARCH
+ARG LDFLAGS
+RUN  --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.local/share/golang \
+    if [ ${CRYPTO_LIB} ]; \
+    then \
+      GOARCH=${ARCH} go-build-fips.sh -a -o manager . ;\
+    else \
+      GOARCH=${ARCH} go-build-static.sh -a -o manager . ;\
+    fi
+RUN if [ "${CRYPTO_LIB}" ]; then assert-static.sh manager; fi
+RUN if [ "${CRYPTO_LIB}" ]; then assert-fips.sh manager; fi
+
+ENTRYPOINT [ "/start.sh", "/workspace/manager" ]
+
 FROM gcr.io/distroless/static:nonroot
 WORKDIR /
-COPY bin/manager-linux-amd64 ./manager
+COPY --from=builder /workspace/manager .
 USER 65532:65532
-
-ENTRYPOINT ["/manager"]
+ENTRYPOINT ["/manager"]

Makefile

@@ -42,17 +42,31 @@ STAGING_REGISTRY := gcr.io/k8s-staging-capi-cloudstack
 STAGING_BUCKET ?= artifacts.k8s-staging-capi-cloudstack.appspot.com
 BUCKET ?= $(STAGING_BUCKET)
 PROD_REGISTRY ?= registry.k8s.io/capi-cloudstack
-REGISTRY ?= $(STAGING_REGISTRY)
 RELEASE_TAG ?= $(shell git describe --abbrev=0 2>/dev/null)
 PULL_BASE_REF ?= $(RELEASE_TAG)
 RELEASE_ALIAS_TAG ?= $(PULL_BASE_REF)
 
+BUILDER_GOLANG_VERSION ?= 1.23
+
+FIPS_ENABLE ?= ""
+BUILD_ARGS = --build-arg CRYPTO_LIB=${FIPS_ENABLE} --build-arg BUILDER_GOLANG_VERSION=${BUILDER_GOLANG_VERSION}
+
+RELEASE_LOC := release
+ifeq ($(FIPS_ENABLE),yes)
+  RELEASE_LOC := release-fips
+endif
+
+SPECTRO_VERSION ?= 4.7.0-dev
+TAG ?= v0.6.1-spectro-${SPECTRO_VERSION}
+ARCH ?= amd64
+ALL_ARCH = amd64 arm64
+
+REGISTRY ?= us-east1-docker.pkg.dev/spectro-images/dev/$(USER)/${RELEASE_LOC}
+
 # Image URL to use all building/pushing image targets
-REGISTRY ?= $(STAGING_REGISTRY)
 IMAGE_NAME ?= capi-cloudstack-controller
-TAG ?= dev
 CONTROLLER_IMG ?= $(REGISTRY)/$(IMAGE_NAME)
-IMG ?= $(CONTROLLER_IMG):$(TAG)
+IMG ?= $(CONTROLLER_IMG)-$(ARCH):$(TAG)
 IMG_LOCAL ?= localhost:5000/$(IMAGE_NAME):$(TAG)
 MANIFEST_FILE := infrastructure-components
 CONFIG_DIR := config
@@ -213,15 +227,28 @@ undeploy: $(KUSTOMIZE) ## Undeploy controller from the K8s cluster specified in
 # Using a flag file here as docker build doesn't produce a target file.
 DOCKER_BUILD_INPUTS=$(MANAGER_BIN_INPUTS) Dockerfile
 .PHONY: docker-build
-docker-build: generate-deepcopy generate-conversion build-for-docker .dockerflag.mk ## Build docker image containing the controller manager.
+docker-build: generate-deepcopy generate-conversion .dockerflag.mk ## Build docker image containing the controller manager.
 .dockerflag.mk: $(DOCKER_BUILD_INPUTS)
-	docker build -t ${IMG} .
+	docker buildx build --load --platform linux/${ARCH} ${BUILD_ARGS} --build-arg ARCH=$(ARCH) -t ${IMG} .
 	@touch .dockerflag.mk
 
+.PHONY: docker-build-all ## Build all the architecture docker images
+docker-build-all: $(addprefix docker-build-,$(ALL_ARCH))
+
+docker-build-%:
+	$(MAKE) ARCH=$* docker-build
+
 .PHONY: docker-push
 docker-push: .dockerflag.mk ## Push docker image with the manager.
 	docker push ${IMG}
 
+.PHONY: docker-push-all ## Push all the architecture docker images
+docker-push-all: $(addprefix docker-push-,$(ALL_ARCH))
+	$(MAKE) docker-push
+
+docker-push-%:
+	$(MAKE) ARCH=$* docker-push
+
 ##@ Tilt
 ## --------------------------------------
 ## Tilt Development
@@ -358,4 +385,4 @@ release-templates: ## Generate release templates
 
 .PHONY: upload-staging-artifacts
 upload-staging-artifacts: ## Upload release artifacts to the staging bucket
-	gsutil cp $(RELEASE_DIR)/* gs://$(STAGING_BUCKET)/components/$(RELEASE_ALIAS_TAG)/
+	gsutil cp $(RELEASE_DIR)/* gs://$(STAGING_BUCKET)/components/$(RELEASE_ALIAS_TAG)/