Merge pull request #446 from IBM/s390x

enable multi-architecture and s390x

Dockerfile

@@ -1,6 +1,6 @@
 # This first stage of the build uses go-toolset to build the portieris binary creates 
 # a simplified operating system image that satisfies vulnerability scanning requirements 
-FROM registry.access.redhat.com/ubi8/go-toolset:1.19.10-10 as installer
+FROM --platform=$BUILDPLATFORM registry.access.redhat.com/ubi8/go-toolset:1.19.10-16 as builder
 ARG PORTIERIS_VERSION=undefined
 
 # switch to root user as we need to run yum and rpm to ensure packages are up to date
@@ -13,11 +13,19 @@ RUN mkdir -p /opt/app-root/src/github.com/IBM/portieris
 # Create directory to store the built binary
 RUN mkdir -p /opt/app-root/bin
 COPY . ./
-RUN CGO_ENABLED=0 GOOS=linux go build \
+
+RUN go mod download
+
+ARG TARGETOS TARGETARCH
+RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build \
     -ldflags="-X github.com/IBM/portieris/internal/info.Version=$PORTIERIS_VERSION" -a \
     -tags containers_image_openpgp -o /opt/app-root/bin/portieris ./cmd/portieris
 RUN go version -m -v /opt/app-root/bin/portieris | (grep dep || true) | awk '{print "{\"Path\": \""$2 "\", \"Version\": \"" $3 "\"}"}' > /deps.jsonl
 
+FROM registry.access.redhat.com/ubi8/go-toolset:1.19.10-16 as installer
+ARG TARGETOS TARGETARCH
+USER root
+RUN yum update -y
 # prep target rootfs for scratch container
 WORKDIR /
 RUN mkdir /image && \
@@ -26,30 +34,30 @@ RUN mkdir /image && \
 	ln -s usr/lib64 /image/lib64 && \
 	ln -s usr/lib /image/lib && \
 	mkdir -p /image/{usr/bin,usr/lib64,usr/lib,root,home,proc,etc,sys,var,dev}
-# see files.txt for a list of needed files from the UBI image to copy into our
+# see files-{amd64,s390x}.txt for a list of needed files from the UBI image to copy into our
 # final "FROM scratch" image; this would need to be modified if any additional
 # content was required from UBI for the Portieris binary to function.
-COPY files.txt /tmp
-RUN tar cf /tmp/files.tar -T /tmp/files.txt && tar xf /tmp/files.tar -C /image/ \
+COPY files-${TARGETARCH}.txt /tmp
+RUN tar cf /tmp/files.tar -T /tmp/files-${TARGETARCH}.txt && tar xf /tmp/files.tar -C /image/ \
   && strip --strip-unneeded /image/usr/lib64/*[0-9].so
 RUN rpm --root /image --initdb \
-  && PACKAGES=$(rpm -qf $(cat /tmp/files.txt) | grep -v "is not owned by any package" | sort -u) \
+  && PACKAGES=$(rpm -qf $(cat /tmp/files-${TARGETARCH}.txt) | grep -v "is not owned by any package" | sort -u) \
   && echo dnf install -y 'dnf-command(download)' \
   && dnf download --destdir / ${PACKAGES} \
   && rpm --root /image -ivh --justdb --nodeps `for i in ${PACKAGES}; do echo $i.rpm; done`
 
 
 # Check dependencies for vulnerabilities
-FROM sonatypecommunity/nancy:alpine
-COPY --from=installer /deps.jsonl /
+FROM --platform=$BUILDPLATFORM sonatypecommunity/nancy:alpine
+COPY --from=builder /deps.jsonl /
 COPY /.nancy-ignore /
 RUN cat /deps.jsonl | nancy --skip-update-check --loud sleuth --no-color
 
 #################################################################################
 # Finally, copy the minimal image contents and the built binary into the scratch image
 FROM scratch
 COPY --from=installer /image/ /
-COPY --from=installer /opt/app-root/bin/portieris /portieris
+COPY --from=builder /opt/app-root/bin/portieris /portieris
 # Create /tmp for logs and /run for working directory
 RUN [ "/portieris", "--mkdir",  "/tmp,/run" ]
 WORKDIR /run

Makefile

@@ -5,7 +5,7 @@ VERSION=v0.13.7
 TAG=$(VERSION)
 GOTAGS='containers_image_openpgp'
 
-.PHONY: test nancy push test-deps alltests copyright-check copyright fmt detect-secrets image
+.PHONY: test nancy test-deps alltests copyright-check copyright fmt detect-secrets image image.oci-archive image.amd64 image.s390x
 
 portieris:
 	CGO_ENABLED=0 go build \
@@ -21,12 +21,16 @@ nancy: deps.jsonl
 detect-secrets:
 	detect-secrets audit .secrets.baseline
 
-image: 
-	docker build --build-arg PORTIERIS_VERSION=$(VERSION) -t portieris:$(TAG) .
+image: image.amd64
 
-push:
-	docker tag portieris:$(TAG) $(HUB)/portieris:$(TAG)
-	docker push $(HUB)/portieris:$(TAG)
+image.oci-archive:
+	docker buildx build -o type=oci,dest=./portieris.tar --platform linux/amd64,linux/s390x --build-arg PORTIERIS_VERSION=$(VERSION) -t portieris:$(TAG) .
+
+image.amd64: 
+	docker buildx build --load --platform linux/amd64 --build-arg PORTIERIS_VERSION=$(VERSION) -t portieris-amd64-linux:$(TAG) .
+
+image.s390x: 
+	docker buildx build --load --platform linux/s390x --build-arg PORTIERIS_VERSION=$(VERSION) -t portieris-s390x-linux:$(TAG) .
 
 test-deps:
 	go install golang.org/x/lint/golint@latest

files-s390x.txt

@@ -0,0 +1,21 @@
+etc/pki
+root/buildinfo
+usr/lib64/ld-2.28.so
+usr/lib64/libc-2.28.so
+usr/lib64/libc.so
+usr/lib64/libc.so.6
+usr/lib64/libssl.so
+usr/lib64/libssl.so.1.1
+usr/lib64/libdl-2.28.so
+usr/lib64/libdl.so
+usr/lib64/libdl.so.2
+usr/lib64/libpthread-2.28.so
+usr/lib64/libpthread.so
+usr/lib64/libpthread.so.0
+usr/lib64/libm-2.28.so
+usr/lib64/libm.so
+usr/lib64/libm.so.6
+etc/ssl/certs
+etc/redhat-release
+usr/share/zoneinfo
+usr/lib/golang/api/README