feat: add arm build

.github/workflows/ci.yml

@@ -230,13 +230,6 @@ jobs:
           key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
           restore-keys: ${{ runner.os }}-pkg-
 
-      - name: Build Artifacts
-        env:
-          # We're using docker buildx, which doesn't actually load the images it
-          # builds by default. Specifying --load does so.
-          BUILD_ARGS: "--load"
-        run: make docker.build
-
       - name: Login to Docker
         uses: docker/login-action@v1
         if: env.GHCR_USERNAME != ''
@@ -245,9 +238,11 @@ jobs:
           username: ${{ secrets.GHCR_USERNAME }}
           password: ${{ secrets.GHCR_TOKEN }}
 
-      - name: Publish Artifacts
+      - name: Build & Publish Artifacts
         if: env.GHCR_USERNAME != ''
-        run: make docker.push
+        env:
+          BUILD_ARGS: "--push --platform linux/amd64,linux/arm64"
+        run: make docker.build
 
       - name: Promote Artifacts to main release channel
         if: github.ref == 'refs/heads/main' && env.GHCR_USERNAME != ''

.github/workflows/e2e.yml

@@ -71,7 +71,15 @@ jobs:
         node_image: kindest/node:v1.20.7
         name: external-secrets
 
+    - name: Setup Docker Buildx
+      uses: docker/setup-buildx-action@v1
+      with:
+        version: ${{ env.DOCKER_BUILDX_VERSION }}
+        install: true
+
     - name: Run e2e Tests
+      env:
+        BUILD_ARGS: "--load"
       run: |
         export PATH=$PATH:$(go env GOPATH)/bin
         go get github.com/onsi/ginkgo/ginkgo
@@ -128,7 +136,15 @@ jobs:
         node_image: kindest/node:v1.20.7
         name: external-secrets
 
+    - name: Setup Docker Buildx
+      uses: docker/setup-buildx-action@v1
+      with:
+        version: ${{ env.DOCKER_BUILDX_VERSION }}
+        install: true
+
     - name: Run e2e Tests
+      env:
+        BUILD_ARGS: "--load"
       run: |
         export PATH=$PATH:$(go env GOPATH)/bin
         go get github.com/onsi/ginkgo/ginkgo

.gitignore

@@ -12,7 +12,7 @@ cover.out
 # helm chart dependencies
 **/charts/*.tgz
 **/charts/**/requirements.lock
-
+.tagmanifest
 deploy/charts/external-secrets/templates/crds/*.yaml
 
 site/

Dockerfile

@@ -1,6 +1,7 @@
 FROM alpine:3.14.0
-
-COPY bin/external-secrets /bin/external-secrets
+ARG TARGETOS
+ARG TARGETARCH
+COPY bin/external-secrets-${TARGETOS}-${TARGETARCH} /bin/external-secrets
 
 # Run as UID for nobody
 USER 65534

Makefile

@@ -5,10 +5,13 @@ SHELL         := /bin/bash
 MAKEFLAGS     += --warn-undefined-variables
 .SHELLFLAGS   := -euo pipefail -c
 
+ARCH = amd64 arm64
+BUILD_ARGS ?=
+
 # default target is build
 .DEFAULT_GOAL := all
 .PHONY: all
-all: build
+all: $(addprefix build-,$(ARCH))
 
 # Image registry for build/push image targets
 IMAGE_REGISTRY ?= ghcr.io/external-secrets/external-secrets
@@ -34,7 +37,7 @@ ifeq ($(shell git tag),)
 VERSION := $(shell echo "v0.0.0-$$(git rev-list HEAD --count)-g$$(git describe --dirty --always)" | sed 's/-/./2' | sed 's/-/./2')
 else
 # use tags
-VERSION := $(shell git describe --dirty --always --tags | sed 's/-/./2' | sed 's/-/./2')
+VERSION := $(shell git describe --dirty --always --tags --exclude 'helm*' | sed 's/-/./2' | sed 's/-/./2')
 endif
 
 # ====================================================================================
@@ -88,10 +91,14 @@ test.e2e: generate ## Run e2e tests
 	@$(OK) go test unit-tests
 
 .PHONY: build
-build: generate ## Build binary
-	@$(INFO) go build
-	@CGO_ENABLED=0 go build -o $(OUTPUT_DIR)/external-secrets main.go
-	@$(OK) go build
+build: $(addprefix build-,$(ARCH))
+
+.PHONY: build-%
+build-%: generate ## Build binary for the specified arch
+	@$(INFO) go build $*
+	@CGO_ENABLED=0 GOOS=linux GOARCH=$* \
+		go build -o '$(OUTPUT_DIR)/external-secrets-linux-$*' main.go
+	@$(OK) go build $*
 
 # Check install of golanci-lint
 lint.check:
@@ -194,7 +201,7 @@ serve-docs:
 
 build.all: docker.build helm.build
 
-docker.build: build ## Build the docker image
+docker.build: $(addprefix build-,$(ARCH)) ## Build the docker image
 	@$(INFO) docker build
 	@docker build . $(BUILD_ARGS) -t $(IMAGE_REGISTRY):$(VERSION)
 	@$(OK) docker build
@@ -210,11 +217,15 @@ RELEASE_TAG ?= main
 SOURCE_TAG ?= $(VERSION)
 
 docker.promote:
-	@$(INFO) docker pull $(SOURCE_TAG)
-	@docker pull $(IMAGE_REGISTRY):$(SOURCE_TAG)
-	@docker tag $(IMAGE_REGISTRY):$(SOURCE_TAG) $(IMAGE_REGISTRY):$(RELEASE_TAG)
-	@docker push $(IMAGE_REGISTRY):$(RELEASE_TAG)
-	@$(OK) docker push $(RELEASE_TAG)
+	@$(INFO) promoting $(SOURCE_TAG) to $(RELEASE_TAG)
+	docker manifest inspect $(IMAGE_REGISTRY):$(SOURCE_TAG) > .tagmanifest
+	for digest in $$(jq -r '.manifests[].digest' < .tagmanifest); do \
+		docker pull $(IMAGE_REGISTRY)@$$digest; \
+	done
+	docker manifest create $(IMAGE_REGISTRY):$(RELEASE_TAG) \
+		$$(jq -j '"--amend $(IMAGE_REGISTRY)@" + .manifests[].digest + " "' < .tagmanifest)
+	docker manifest push $(IMAGE_REGISTRY):$(RELEASE_TAG)
+	@$(OK) docker push $(RELEASE_TAG) \
 
 # ====================================================================================
 # Help

e2e/Makefile

@@ -5,6 +5,7 @@ SHELL       := /bin/bash
 IMG_TAG     = test
 IMG         = local/external-secrets-e2e:$(IMG_TAG)
 K8S_VERSION = "1.20.7"
+BUILD_ARGS  ?=
 export FOCUS := $(FOCUS)
 
 start-kind: ## Start kind cluster
@@ -18,7 +19,7 @@ test: e2e-image ## Run e2e tests against current kube context
 	$(MAKE) -C ../ docker.build \
 		IMAGE_REGISTRY=local/external-secrets \
 		VERSION=$(IMG_TAG) \
-		BUILD_ARGS="--build-arg ARCHS=amd64"
+		ARCH=amd64
 	kind load docker-image --name="external-secrets" local/external-secrets:$(IMG_TAG)
 	kind load docker-image --name="external-secrets" $(IMG)
 	./run.sh
@@ -31,7 +32,7 @@ e2e-image: e2e-bin
 	mkdir -p k8s
 	$(MAKE) -C ../ helm.generate
 	cp -r ../deploy ./k8s
-	docker build -t $(IMG) .
+	docker build $(BUILD_ARGS) -t $(IMG) .
 
 stop-kind: ## Stop kind cluster
 	kind delete cluster \