From beaad3bab23ece2f9d5cf2dc93c8e91c3a6c295a Mon Sep 17 00:00:00 2001 From: Huang Huang Date: Mon, 8 Nov 2021 20:06:44 +0800 Subject: [PATCH] Support arm64 architecture (#1036) * Support arm64 architecture * remove .github/workflows/test_docker.yml Co-authored-by: Yoav Rotem --- .github/workflows/publish.yml | 4 +++- Dockerfile | 5 ++--- makefile | 29 +++++++++-------------------- 3 files changed, 14 insertions(+), 24 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 49133c3..10abab8 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -52,9 +52,11 @@ jobs: uses: docker/build-push-action@v2 with: context: . - platforms: linux/amd64 + platforms: linux/amd64,linux/arm64 builder: ${{ steps.buildx.outputs.name }} push: true + build-args: | + KUBEBENCH_VERSION=${{ steps.get_version.outputs.version }} tags: | ${{ env.DOCKERHUB_ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }} public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }} diff --git a/Dockerfile b/Dockerfile index abae2c3..5bbcc83 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,13 @@ FROM golang:1.17.2 AS build WORKDIR /go/src/github.com/aquasecurity/kube-bench/ +COPY makefile makefile COPY go.mod go.sum ./ COPY main.go . COPY check/ check/ COPY cmd/ cmd/ COPY internal/ internal/ ARG KUBEBENCH_VERSION -ARG GOOS=linux -ARG GOARCH=amd64 -RUN GO111MODULE=on CGO_ENABLED=0 GOOS=$GOOS GOARCH=$GOARCH go build -a -ldflags "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=${KUBEBENCH_VERSION} -w" -o /go/bin/kube-bench +RUN make build && cp kube-bench /go/bin/kube-bench FROM alpine:3.14.2 AS run WORKDIR /opt/kube-bench/ diff --git a/makefile b/makefile index 4949fc9..5945e1a 100644 --- a/makefile +++ b/makefile @@ -7,7 +7,8 @@ IMAGE_NAME ?= $(DOCKER_ORG)/$(BINARY):$(VERSION) GOOS ?= linux BUILD_OS := linux uname := $(shell uname -s) -ARCHS ?= amd64 arm64 +BUILDX_PLATFORM ?= linux/amd64,linux/arm64,linux/arm +DOCKER_ORGS ?= aquasec public.ecr.aws/aquasecurity GOARCH ?= $@ ifneq ($(findstring Microsoft,$(shell uname -r)),) @@ -25,29 +26,17 @@ KIND_IMAGE ?= kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618 # build a multi-arch image and push to Docker hub .PHONY: docker -docker: publish manifests - -# build and push an arch-specific image -.PHONY: $(ARCHS) manifests publish -publish: $(ARCHS) -$(ARCHS): - @echo "Building Docker image for $@" - docker build -t ${DOCKER_ORG}/${BINARY}:$(GOOS)-$(GOARCH)-${VERSION} \ - --build-arg GOOS=$(GOOS) --build-arg GOARCH=$(GOARCH) ./ - @echo "Push $@ Docker image to ${DOCKER_ORG}/${BINARY}" - docker push ${DOCKER_ORG}/${BINARY}:$(GOOS)-$(GOARCH)-${VERSION} - docker manifest create --amend "${DOCKER_ORG}/${BINARY}:${VERSION}" "${DOCKER_ORG}/${BINARY}:$(GOOS)-$(GOARCH)-${VERSION}" - docker manifest annotate "${DOCKER_ORG}/${BINARY}:${VERSION}" "${DOCKER_ORG}/${BINARY}:$(GOOS)-$(GOARCH)-${VERSION}" --os=$(GOOS) --arch=$(GOARCH) - -# push the multi-arch manifest -manifests: - @echo "Push manifest for ${DOCKER_ORG}/${BINARY}:${VERSION}" - docker manifest push "${DOCKER_ORG}/${BINARY}:${VERSION}" +docker: + set -xe; \ + for org in $(DOCKER_ORGS); do \ + docker buildx build --tag $${org}/kube-bench:${VERSION} \ + --platform $(BUILDX_PLATFORM) --push . ; \ + done build: $(BINARY) $(BINARY): $(SOURCES) - GOOS=$(GOOS) go build -ldflags "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=$(KUBEBENCH_VERSION)" -o $(BINARY) . + GOOS=$(GOOS) CGO_ENABLED=0 go build -ldflags "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=$(KUBEBENCH_VERSION)" -o $(BINARY) . # builds the current dev docker version build-docker: