Support both arm64 and amd64 architectures
What does this MR do?
- Removes future builds which are not being used
- Builds image for both arm64 and amd64 using the respective runners.
- When we make a release we push the following images:
- vx.y.z-arm64: This is an actual image build for arm64
- vx.y.z-amd64: This is an actual image build for amd64
- vx.y.z: This is just a reference (manfiest). The size will be 0 bytes. The user will use this path to download the image. Depending on what machine he is in the correct arch will be chosen
Further info
I tested the release process using registry.gitlab.com/gitlab-org/security-products/analyzers/trivy-k8s-wrapper/exp
and running the release job. Be aware that I haven't tested the last part of the release job where we push the image to registry.gitlab.com/gitlab-org/security-products/trivy-k8s-wrapper
.
Below you can see the manifest that I was able to create.
docker manifest inspect registry.gitlab.com/gitlab-org/security-products/analyzers/trivy-k8s-wrapper/exp:0.2.13
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"manifests": [
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"size": 1580,
"digest": "sha256:92ac63186e873f46d8c1133efeadbe0befb21ec615f02c2d39e0c4ad1e301a05",
"platform": {
"architecture": "amd64", <-----------------------------------------------------------------
"os": "linux"
}
},
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"size": 1580,
"digest": "sha256:a5d5b793405878ff8937a42e560a702dc74992a819b4afcd6685da111b696f73",
"platform": {
"architecture": "arm64",<-----------------------------------------------------------------
"os": "linux"
}
}
]
}
When we look at the images it should look like this:
Notice the 0 bytes in the actual version. The same is done in the gitlab-agent releases for fips: https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/container_registry/3516669
Testing
I tested the release job by enabling the release job on a MR pipeline. I pushed the release on the trivy-k8s-wrapper/exp
instead of trivy-k8s-wrapper
to avoid polluting our container registry. You can see the logs of the release job here.
Why are we doing this?
So that OCS can run on arm64 clusters