diff --git a/.github/workflows/image-push.yml b/.github/workflows/image-push.yml index 1060886..603d3b1 100644 --- a/.github/workflows/image-push.yml +++ b/.github/workflows/image-push.yml @@ -23,12 +23,6 @@ jobs: run: | echo "$(make -s log | grep TAG)" >> "$GITHUB_ENV" - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: "Read secrets" uses: rancher-eio/read-vault-secrets@main with: @@ -42,26 +36,24 @@ jobs: username: ${{ env.DOCKER_USERNAME }} password: ${{ env.DOCKER_PASSWORD }} - - name: Build thin plugin image - uses: docker/build-push-action@v6 + - name: Build and push thin plugin image + uses: rancher/ecm-distro-tools/actions/publish-image@master with: - context: . - push: true - tags: rancher/hardened-multus-cni:${{ github.event.release.tag_name }} - file: Dockerfile - target: multus-thin - platforms: linux/amd64, linux/arm64 - build-args: | - TAG=${{ env.TAG }} - - - name: Build thick plugin image - uses: docker/build-push-action@v6 + image: hardened-multus-cni + tag: ${{ github.event.release.tag_name }} + public-repo: rancher + public-username: ${{ env.DOCKER_USERNAME }} + public-password: ${{ env.DOCKER_PASSWORD }} + push-to-prime: false + make-target: push-image-thin + + - name: Build and push thick plugin image + uses: rancher/ecm-distro-tools/actions/publish-image@master with: - context: . - push: true - tags: rancher/hardened-multus-thick:${{ github.event.release.tag_name }} - file: Dockerfile - target: multus-thick - platforms: linux/amd64, linux/arm64 - build-args: | - TAG=${{ env.TAG }} + image: hardened-multus-thick + tag: ${{ github.event.release.tag_name }} + public-repo: rancher + public-username: ${{ env.DOCKER_USERNAME }} + public-password: ${{ env.DOCKER_PASSWORD }} + push-to-prime: false + make-target: push-image-thick diff --git a/Makefile b/Makefile index 37e2272..e071ce3 100644 --- a/Makefile +++ b/Makefile @@ -10,6 +10,16 @@ else ARCH=$(UNAME_M) endif +ifndef TARGET_PLATFORMS + ifeq ($(UNAME_M), x86_64) + TARGET_PLATFORMS:=linux/amd64 + else ifeq ($(UNAME_M), aarch64) + TARGET_PLATFORMS:=linux/arm64 + else + TARGET_PLATFORMS:=linux/$(UNAME_M) + endif +endif + BUILD_META=-build$(shell date +%Y%m%d) ORG ?= rancher PKG ?= github.com/k8snetworkplumbingwg/multus-cni @@ -37,6 +47,21 @@ image-build-thin: --load \ . +.PHONY: push-image-thin +push-image-thin: + docker buildx build \ + --sbom=true \ + --attest type=provenance,mode=max \ + --platform=$(TARGET_PLATFORMS) \ + --build-arg PKG=$(PKG) \ + --build-arg SRC=$(SRC) \ + --build-arg TAG=$(TAG:$(BUILD_META)=) \ + --target multus-thin \ + --tag $(ORG)/hardened-multus-cni:$(TAG) \ + --tag $(ORG)/hardened-multus-cni:$(TAG)-$(ARCH) \ + --push \ + . + .PHONY: image-build-thick image-build-thick: docker buildx build \ @@ -50,6 +75,21 @@ image-build-thick: --load \ . +.PHONY: push-image-thick +push-image-thick: + docker buildx build \ + --sbom=true \ + --attest type=provenance,mode=max \ + --platform=$(TARGET_PLATFORMS) \ + --build-arg PKG=$(PKG) \ + --build-arg SRC=$(SRC) \ + --build-arg TAG=$(TAG:$(BUILD_META)=) \ + --target multus-thick \ + --tag $(ORG)/hardened-multus-thick:$(TAG) \ + --tag $(ORG)/hardened-multus-thick:$(TAG)-$(ARCH) \ + --push \ + . + .PHONY: image-push image-push: docker push $(ORG)/hardened-multus-cni:$(TAG)-$(ARCH)