Enable linux arm builds for OPA envoy plugin #577
Conversation
tjons
force-pushed
the
tjons/4965-opa-envoy-plugin-arm64
branch
from
3fb6fba
to
3b3a347
Compare
tjons
changed the title
|
Great job, if there's anything else I can help with. |
tjons
force-pushed
the
tjons/4965-opa-envoy-plugin-arm64
branch
from
3b3a347
to
658ed19
Compare
|
Thanks for working on this much requested feature. I'll review it this week. |
ashutosh-narkar
force-pushed
the
tjons/4965-opa-envoy-plugin-arm64
branch
from
658ed19
to
ab360ef
Compare
There was a problem hiding this comment.
@tjons overall this looks good. One high-level comment is to keep this similar to OPAs build process and build only static images for arm64.
Makefile
Outdated
| .PHONY: image-quick-% | ||
| image-quick-%: | ||
| $(DOCKER) build --platform=linux/$(GOARCH) -t $(IMAGE):$(VERSION) --build-arg BASE=chainguard/glibc-dynamic -f Dockerfile . | ||
|
|
||
| .PHONY: image-quick-static | ||
| image-quick-static: | ||
| $(MAKE) image-quick-static-$(GOARCH) | ||
|
|
||
| .PHONY: image-quick-static-% | ||
| image-quick-static-%: | ||
| $(DOCKER) build --platform=linux/$* --push -t $(IMAGE):$(VERSION)-static --build-arg BASE=chainguard/static:latest -f Dockerfile . |
There was a problem hiding this comment.
We should build only static images for arm64. It would be a good idea to structure this similar to OPA's Makefile.
Makefile
Outdated
| $(DOCKER) buildx build --platform=$(DOCKER_PLATFORMS) \ | ||
| --push -t $(IMAGE):$(VERSION_ISTIO) \ | ||
| --build-arg BASE=chainguard/glibc-dynamic:latest \ | ||
| -f Dockerfile . |
There was a problem hiding this comment.
This too would be good if we base this off OPA's Makefile and only static for arm64.
|
@tjons if possible it would be great to get this change in for the next release of the plugin which will come out end of next week. Thanks! |
|
I will get it done this weekend! Sorry for the wait... been busy. Feel free to make any changes you want too, maintainers are allowed to push to my fork. I should have some good time tomorrow, very excited to see this release! |
tjons
force-pushed
the
tjons/4965-opa-envoy-plugin-arm64
branch
2 times, most recently
from
b7daf22
to
5ee1223
Compare
|
@ashutosh-narkar ready for another look! I think this looks a lot more like OPA's Makefile now, although with the caveat that we are building arm/amd images in the same build step here. In OPA itself, we build those in two different github actions. I added a small workaround for that (adding a |
tjons
force-pushed
the
tjons/4965-opa-envoy-plugin-arm64
branch
from
5ee1223
to
985cfea
Compare
|
@tjons this seems fine. Have you tested the workflow and generated any sample artifacts? |
|
@ashutosh-narkar I've tested the make commands on my linux box but not the full GHA workflow, as there should be no changes there. You can see the results here: https://hub.docker.com/repository/docker/tylerschade268/opa/tags |
tjons
force-pushed
the
tjons/4965-opa-envoy-plugin-arm64
branch
from
985cfea
to
69c13ef
Compare
Is this from the latest changes? I would have expected to see |
tjons
force-pushed
the
tjons/4965-opa-envoy-plugin-arm64
branch
from
69c13ef
to
89bf684
Compare
Good catch - they were missing the |
tjons
force-pushed
the
tjons/4965-opa-envoy-plugin-arm64
branch
2 times, most recently
from
a7cbe1f
to
4cf2358
Compare
Looks good. We'll also need to update the Post Tag workflow to generate |
|
I may have missed it but looking at your changes you may have already handled generating |
tjons
force-pushed
the
tjons/4965-opa-envoy-plugin-arm64
branch
from
4cf2358
to
8d9b9fd
Compare
Thanks - added that now! |
Signed-off-by: Tyler Schade <[email protected]>
ashutosh-narkar
force-pushed
the
tjons/4965-opa-envoy-plugin-arm64
branch
from
8d9b9fd
to
9aebc87
Compare
This PR resolves open-policy-agent/opa#4965 by adding ARM builds to the CI process.
make deploy-ciwill now build binaries, start a docker builder for cross-platform builds and push manifests for static and dynamic multiarch builds.You can see the results here in my docker hub repository: https://hub.docker.com/repository/docker/tylerschade268/opa/tags.
I'm no expert on build tooling so all suggestions are welcome. I consider this a first draft rather than a "please merge immediately" PR.
This Makefile is definitely a little messy and I question whether we need all of these targets as some of them don't seem necessary anymore. I also question if we need different tags for Istio and Envoy as the images are identical. Regardless, I'd like to leave both of those questions for another day.