Support building both amd64 and arm64 docker images

- docker buildx doesn't allow to easily separate build and push step
so `make docker-package` and `make docker-push` needed to be merged
into one command

- Using locally built image in FROM directive seems impossible
with `docker buildx` - remote docker registry is required.
So all dockerfiles were merged into one.
See: docker/buildx#301 (comment)

- AWS_AIM_AUTHENTICATOR_VERSION and GOOGLE_CLOUD_SDK_VERSION were bumped
  to versions where arm64 binaries are available

.github/workflows/build.yml

@@ -90,10 +90,6 @@ jobs:
         run: |
           make docker-test ${{ steps.build_type.outputs.make_args }}
 
-      - name: Package
-        run: |
-          make docker-package ${{ steps.build_type.outputs.make_args }}
-
       - name: Login to docker registry
         run: |
           if [[ ${{ steps.build_type.outputs.registry }} = "docker.io" ]]
@@ -105,12 +101,13 @@ jobs:
             docker login -u ${{ secrets.JFROG_USER }} -p "${{ secrets.JFROG_PASSWORD }}" armory-docker-local.jfrog.io
           fi
 
-      - name: Push
+      - name: Package and Push
         run: |
-          make docker-push ${{ steps.build_type.outputs.make_args }}
           if [[ ${{ github.ref }} = "refs/heads/master" ]]
           then
-            make docker-push-dev ${{ steps.build_type.outputs.make_args }}
+            make docker-package-push-with-dev ${{ steps.build_type.outputs.make_args }}
+          else
+          make docker-package-push ${{ steps.build_type.outputs.make_args }}
           fi
 
       - name: Push git tag

Makefile

@@ -74,32 +74,34 @@ test: Makefile ## Run unit tests. Doesn't need to compile the code.
 .PHONY: docker-test
 docker-test: Makefile ## Runs "make test" in a docker container
 	@echo "Running \"make test\" in docker"
-	@docker build \
-	--build-arg BUILDER=docker-local/$(REGISTRY_ORG)/spinnaker-operator-builder:$(VERSION) \
-	-f build-tools/Dockerfile.test build-tools
+	@docker buildx build \
+	--target tests \
+	-f build-tools/Dockerfile .
 
 .PHONY: integration-test
 integration-test: build-dirs Makefile ## Run integration tests. See requirements in integration_tests/README.md
 	@go test -tags=integration -mod=vendor -timeout=40m -run IntegrationTests/Operator= ./integration_tests/...
 
-.PHONY: docker-package
-docker-package: Makefile ## Builds the docker image to distribute
-	@echo "Packaging final docker image"
-	@docker build \
+.PHONY: docker-package-push
+docker-package-push: Makefile ## Builds and pushes the docker image to distribute
+	@echo "Packaging and pushing final docker image"
+	@docker  buildx build \
+	--platform=linux/arm64,linux/amd64 \
 	-t $(REGISTRY)/$(REGISTRY_ORG)/spinnaker-operator:$(VERSION) \
-	--build-arg BUILDER=docker-local/$(REGISTRY_ORG)/spinnaker-operator-builder:$(VERSION) \
 	--build-arg CACHE_DATE=$(shell date +%s) \
-	-f build-tools/Dockerfile build-tools
-	@echo "Successfully built image with tag $(REGISTRY)/$(REGISTRY_ORG)/spinnaker-operator:$(VERSION)"
-
-.PHONY: docker-push
-docker-push: ## Pushes the docker image to the docker registry with the full "version" tag
-	@docker push $(REGISTRY)/$(REGISTRY_ORG)/spinnaker-operator:$(VERSION)
-
-.PHONY: docker-push-dev
-docker-push-dev: ## Pushes the docker image under "dev" tag
-	@docker tag $(REGISTRY)/$(REGISTRY_ORG)/spinnaker-operator:$(VERSION) $(REGISTRY)/$(REGISTRY_ORG)/spinnaker-operator:dev
-	@docker push $(REGISTRY)/$(REGISTRY_ORG)/spinnaker-operator:dev
+	-f build-tools/Dockerfile .
+	@echo "Successfully built and pushed image with tag $(REGISTRY)/$(REGISTRY_ORG)/spinnaker-operator:$(VERSION)"
+
+.PHONY: docker-package-push-with-dev
+docker-package-push-with-dev: Makefile ## Builds and pushes the docker image to distribute
+	@echo "Packaging and pushing final docker image"
+	@docker buildx build \
+	--platform=linux/arm64,linux/amd64 \
+	-t $(REGISTRY)/$(REGISTRY_ORG)/spinnaker-operator:$(VERSION) \
+	-t $(REGISTRY)/$(REGISTRY_ORG)/spinnaker-operator:dev
+	--build-arg CACHE_DATE=$(shell date +%s) \
+	-f build-tools/Dockerfile .
+	@echo "Successfully built and pushed image with tags: $(REGISTRY)/$(REGISTRY_ORG)/spinnaker-operator:$(VERSION) $(REGISTRY)/$(REGISTRY_ORG)/spinnaker-operator:dev"
 
 .PHONY: reverse-proxy
 reverse-proxy: ## Installs a reverse proxy in Kubernetes to be able to debug locally

build-tools/Dockerfile

@@ -1,39 +1,70 @@
-ARG BUILDER
-FROM ${BUILDER} as builder
+# avoid emulation at build step: https://www.docker.com/blog/faster-multi-platform-builds-dockerfile-cross-compilation-guide/
+FROM --platform=$BUILDPLATFORM golang:1.18.0-alpine3.15  as builder
+
+ARG VERSION
+ARG BUILDARCH
+
+# vendor flags conflict with `go get`
+# so we fetch golint before running make
+# and setting the env variable
+RUN apk update && apk add git make bash build-base gcc bc
+RUN go install golang.org/x/lint/[email protected]
+
+ENV GO111MODULE=on GOOS=linux GOARCH=${BUILDARCH}
+WORKDIR /opt/spinnaker-operator/build/
+ADD ./ /opt/spinnaker-operator/build/
+RUN go mod vendor && go mod tidy
+
+# Build both architectures without emulation
+RUN make build VERSION=${VERSION} OS=linux ARCH=amd64
+RUN make build VERSION=${VERSION} OS=linux ARCH=arm64
+
+
+FROM --platform=$BUILDPLATFORM builder as tests
+ARG BUILDARCH
+
+ENV GO111MODULE=on GOOS=linux GOARCH=${TARGETARCH}
+WORKDIR /opt/spinnaker-operator/build/
+RUN make test OS=linux ARCH=${BUILDARCH}
+
+
 
 FROM python:3.7-alpine3.15
+ARG TARGETARCH
 
 ENV OPERATOR=/usr/local/bin/spinnaker-operator \
     USER_UID=1001 \
     USER_NAME=spinnaker-operator \
-    AWS_AIM_AUTHENTICATOR_VERSION=0.4.0 \
+    AWS_AIM_AUTHENTICATOR_VERSION=0.5.5 \
     KUBECTL_RELEASE=1.17.7 \
     AWS_CLI_VERSION=1.18.109 \
     OPERATOR_HOME=/opt/spinnaker-operator \
-    GOOGLE_CLOUD_SDK_VERSION=313.0.1 \
+    GOOGLE_CLOUD_SDK_VERSION=379.0.0 \
     PATH="$PATH:/usr/local/bin/:/opt/google-cloud-sdk/bin/:/usr/local/bin/aws-iam-authenticator"
 
 EXPOSE 8383
+
 RUN apk update                        \
 	&& apk add ca-certificates bash curl wget unzip \
 	&& adduser -D -u ${USER_UID} ${USER_NAME} \
 	&& apk upgrade
 
 # Google cloud SDK with anthos removed for CVE and because we don't need it
-RUN wget -nv https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${GOOGLE_CLOUD_SDK_VERSION}-linux-x86_64.tar.gz \
+RUN [ $TARGETARCH == 'amd64' ] &&  export GCP_ARCH="x86_64" || export GCP_ARCH="arm" \
+  && wget -nv https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${GOOGLE_CLOUD_SDK_VERSION}-linux-${GCP_ARCH}.tar.gz \
   && mkdir -p /opt && cd /opt \
-  && tar -xzf /google-cloud-sdk-${GOOGLE_CLOUD_SDK_VERSION}-linux-x86_64.tar.gz \
-  && rm /google-cloud-sdk-${GOOGLE_CLOUD_SDK_VERSION}-linux-x86_64.tar.gz \
+  && tar -xzf /google-cloud-sdk-${GOOGLE_CLOUD_SDK_VERSION}-linux-${GCP_ARCH}.tar.gz \
+  && rm /google-cloud-sdk-${GOOGLE_CLOUD_SDK_VERSION}-linux-${GCP_ARCH}.tar.gz \
   && CLOUDSDK_PYTHON="python3" /opt/google-cloud-sdk/install.sh --usage-reporting=false --bash-completion=false  --additional-components app-engine-java app-engine-go \
   && rm -rf ~/.config/gcloud \
   && gcloud components remove --quiet anthoscli \
   && rm -rf /opt/google-cloud-sdk/.install/.backup
 
-# kubectl + AWS IAM authenticator
-RUN wget https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_RELEASE}/bin/linux/amd64/kubectl \
+ # kubectl + AWS IAM authenticator
+RUN wget https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_RELEASE}/bin/linux/${TARGETARCH}/kubectl \
   && chmod +x kubectl \
   && mv ./kubectl /usr/local/bin/kubectl \
-  && wget -O aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v${AWS_AIM_AUTHENTICATOR_VERSION}/aws-iam-authenticator_${AWS_AIM_AUTHENTICATOR_VERSION}_linux_amd64 \
+  && wget -O aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v${AWS_AIM_AUTHENTICATOR_VERSION}/aws-iam-authenticator_${AWS_AIM_AUTHENTICATOR_VERSION}_linux_${TARGETARCH} \
   && chmod +x ./aws-iam-authenticator \
   && mv ./aws-iam-authenticator /usr/local/bin/aws-iam-authenticator
 
@@ -47,8 +78,8 @@ USER ${USER_NAME}
 ARG CACHE_DATE
 
 RUN echo "CACHE_DATE: ${CACHE_DATE}"
-COPY --from=builder /opt/spinnaker-operator/build/build/bin/linux_amd64/spinnaker-operator ${OPERATOR}
-COPY --from=builder /opt/spinnaker-operator/build/build/bin/linux_amd64/MANIFEST ${OPERATOR_HOME}/MANIFEST
+COPY --from=builder /opt/spinnaker-operator/build/build/bin/linux_${TARGETARCH}/spinnaker-operator ${OPERATOR}
+COPY --from=builder /opt/spinnaker-operator/build/build/bin/linux_${TARGETARCH}/MANIFEST ${OPERATOR_HOME}/MANIFEST
 COPY --from=builder /opt/spinnaker-operator/build/build-tools/entrypoint /usr/local/bin/entrypoint
 
 ENTRYPOINT ["/usr/local/bin/entrypoint"]