Skip to content

Commit

Permalink
Deploy a multiarch image (#706)
Browse files Browse the repository at this point in the history
Previously, the "main" image was always an amd64 image, and there was
a secondary arm64 image that could be used with an explicit tag. This
makes the amd64 image also have an explicit tag, and replaces the normal
tagged image with a manifest file that will correctly route to the appropriate
architecture.

Co-authored-by: Bennett Sala <salabenn@amazon.com>
  • Loading branch information
BennettJames and Bennett Sala authored May 31, 2023
1 parent fe56781 commit bf319eb
Show file tree
Hide file tree
Showing 4 changed files with 163 additions and 131 deletions.
2 changes: 1 addition & 1 deletion .github/actions/integration-test/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ runs:
make test
- name: Configure AWS Credentials (build)
uses: aws-actions/configure-aws-credentials@v1-node16
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: us-west-2
role-to-assume: ${{ inputs.aws_role }}
Expand Down
63 changes: 63 additions & 0 deletions .github/actions/push-image/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
name: "Push Image"
description: "Deploys the controller image into a given region"

inputs:
src_host:
description: "URL of the source ECR repository to pull images from"
required: true
src_image_name:
description: "Name of the source image"
default: "amazon/appmesh-controller"
required: false
image_tag:
description: "Root tag of the image to pull and push"
required: true
region:
description: "AWS region to push images to"
required: true
dst_host:
description: "URL of the target ECR repository to push images to"
required: true
dst_image_name:
description: "Name of the destination image"
default: "amazon/appmesh-controller"
required: false
role:
description: "IAM role to assume to perform the deploys"
required: true

runs:
using: "composite"
steps:
- name: Configure AWS Credentials For Region
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: "${{ inputs.region }}"
role-to-assume: "${{ inputs.role }}"
role-session-name: RegionalImageDeploy
env:
AWS_DEFAULT_REGION: ""
AWS_REGION: ""
AWS_ACCESS_KEY_ID: ""
AWS_SECRET_ACCESS_KEY: ""
AWS_SESSION_TOKEN: ""

- name: Push Images To Region
shell: bash
env:
SRC: "${{ inputs.src_host }}/${{ inputs.src_image_name }}:${{ inputs.image_tag }}"
DST: "${{ inputs.dst_host }}/${{ inputs.dst_image_name }}:${{ inputs.image_tag }}"
run: |
if [[ "${{ inputs.dst_host }}" =~ "public.ecr.aws" ]]; then
aws ecr-public get-login-password --region "us-east-1" | \
docker login --username AWS --password-stdin "public.ecr.aws"
else
aws ecr get-login-password --region "${{ inputs.region }}" | \
docker login --username AWS --password-stdin "${{ inputs.dst_host }}"
fi
docker tag "${SRC}-linux_amd64" "${DST}-linux_amd64"
docker push "${DST}-linux_amd64"
docker tag "${SRC}-linux_arm64" "${DST}-linux_arm64"
docker push "${DST}-linux_arm64"
docker manifest create "$DST" "${DST}-linux_amd64" "${DST}-linux_arm64"
docker manifest push "$DST"
22 changes: 9 additions & 13 deletions .github/workflows/beta-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,8 @@ permissions:
id-token: write
contents: read

env:
IMAGE_HOST: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com"
IMAGE: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com/amazon/appmesh-controller"
IMAGE_TAG: "${{ github.event.inputs.tag }}"
IMAGE_TAG_AMD: "${{ github.event.inputs.tag }}-linux_amd64"
IMAGE_TAG_ARM: "${{ github.event.inputs.tag }}-linux_arm64"

jobs:

integration-test:
name: Integration Test
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -47,17 +41,19 @@ jobs:
ref: refs/tags/${{ github.event.inputs.tag }}

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1-node16
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.BETA_AWS_ROLE }}
role-session-name: ImagePusher

- name: Build Images
env:
IMAGE: "${{ secrets.BETA_AWS_ACCOUNT }}.dkr.ecr.us-west-2.amazonaws.com/amazon/appmesh-controller:${{ github.event.inputs.tag }}"
run: |
aws ecr get-login-password --region us-west-2 | \
docker login --username AWS --password-stdin $IMAGE_HOST
# Note: right now, this pushes the amd image under the default. This
# behavior should be changed to supporting multiarch shortly.
docker buildx build --platform linux/amd64 -t "${IMAGE}:${IMAGE_TAG}" . --push
docker buildx build --platform linux/arm64 -t "${IMAGE}:${IMAGE_TAG_ARM}" . --push
docker login --username AWS --password-stdin "${IMAGE}"
docker buildx build --platform linux/amd64 -t "${IMAGE}-linux_amd64" . --push
docker buildx build --platform linux/arm64 -t "${IMAGE}-linux_arm64" . --push
docker manifest create "${IMAGE}" "${IMAGE}-linux_amd64" "${IMAGE}-linux_arm64"
docker manifest push "${IMAGE}"
Loading

0 comments on commit bf319eb

Please sign in to comment.