build binaries and image for arm64 and arm

.circleci/config.yml

@@ -2,10 +2,48 @@ version: 2.1
 executors:
   default:
     docker:
-    - image: circleci/golang:1.16.0
-  docker-build:
-    docker:
-    - image: docker:stable
+    - image: cimg/go:1.16.11
+
+install_buildx: &install_buildx
+  name: Install Docker buildx
+  command: |
+    mkdir -p ~/.docker/cli-plugins
+    curl -sSL -o ~/.docker/cli-plugins/docker-buildx https://github.com/docker/buildx/releases/download/v0.7.0/buildx-v0.7.0.linux-amd64
+    chmod a+x ~/.docker/cli-plugins/docker-buildx
+
+setup_docker_multiarch: &setup_docker_multiarch
+  name: Create Docker context
+  command: |
+    docker context create falco-environment
+    docker buildx install
+    docker run --rm --privileged tonistiigi/binfmt:latest --install "$BUILDX_PLATFORMS"
+    docker buildx create --name docker-multiarch falco-environment \
+      --platform linux/amd64,linux/arm/v7,linux/arm64
+    docker buildx inspect --builder docker-multiarch --bootstrap
+    docker buildx use docker-multiarch
+
+install_goreleaser: &install_goreleaser
+  name: Install goreleaser
+  command: |
+    GORELEASER_URL="https://github.com/goreleaser/goreleaser/releases/download/v1.1.0/goreleaser_Linux_x86_64.tar.gz"
+
+    curl --output goreleaser_Linux_x86_64.tar.gz \
+      --silent --show-error --location --fail --retry 3 \
+      "$GORELEASER_URL"
+
+    sudo mkdir -p /usr/local/goreleaser
+    sudo tar -C /usr/local/goreleaser -xzf goreleaser_Linux_x86_64.tar.gz
+    export PATH=$PATH:/usr/local/goreleaser
+    goreleaser --version
+
+install_awscli: &install_awscli
+  name: Install pre-requisites
+  command: |
+    DIR=$(mktemp -d) && pushd $DIR
+    curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+    unzip awscliv2.zip
+    ./aws/install -i $HOME/.local/aws-cli -b $HOME/.local/bin
+    popd && rm -r $DIR
 
 jobs:
   lint:
@@ -25,70 +63,96 @@ jobs:
   build-image:
     executor:
       name: default
+    environment:
+      DOCKER_BUILDKIT: 1
+      BUILDX_PLATFORMS: linux/amd64,linux/arm64,linux/arm/v7
+      DOCKER_CLI_EXPERIMENTAL: "enabled"
     steps:
     - checkout
     - setup_remote_docker
-    - run: make build-image
+    - run: *install_buildx
+    - run: *setup_docker_multiarch
+    - run: *install_goreleaser
+    - run:
+        command: |
+          export PATH=$PATH:/usr/local/goreleaser
+          goreleaser --snapshot --rm-dist
+          docker images
+          docker run falcosecurity/falcosidekick:latest-amd64 --help
 
   build-push-main:
     executor:
       name: default
     steps:
     - checkout
     - setup_remote_docker
-    - run: make build-image
+    - run: *install_buildx
+    - run: *setup_docker_multiarch
+    - run: *install_goreleaser
+    - run:
+        command: |
+          export PATH=$PATH:/usr/local/goreleaser
+          goreleaser --snapshot --rm-dist
+          docker run falcosecurity/falcosidekick:latest-amd64 --help
     - run:
         command: |
           echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin
-          docker push falcosecurity/falcosidekick:latest
+          docker push falcosecurity/falcosidekick:latest-amd64
+          docker push falcosecurity/falcosidekick:latest-arm64
+          docker push falcosecurity/falcosidekick:latest-armv7
+          docker manifest create --amend falcosecurity/falcosidekick:latest falcosecurity/falcosidekick:latest-amd64 \
+            falcosecurity/falcosidekick:latest-arm64 falcosecurity/falcosidekick:latest-armv7
+          docker manifest push --purge falcosecurity/falcosidekick:latest
 
   build-push-ecr:
     executor:
-      name: docker-build
+      name: default
     steps:
     - checkout
     - setup_remote_docker
+    - run: *install_buildx
+    - run: *setup_docker_multiarch
+    - run: *install_goreleaser
+    - run: *install_awscli
     - run:
         command: |
-          apk update
-          apk add --update make bash
-          make build-image
-    - run:
-        command: |
-          docker tag falcosecurity/falcosidekick:latest \
-            public.ecr.aws/falcosecurity/falcosidekick:latest
+          export PATH=$PATH:/usr/local/goreleaser
+          goreleaser --snapshot --rm-dist
+          docker run public.ecr.aws/falcosecurity/falcosidekick:latest-amd64 --help
     - run:
         command: |
-          apk update
-          apk add --update groff less py-pip
-          pip install awscli
           aws ecr-public get-login-password --region us-east-1 | \
             docker login --username AWS --password-stdin public.ecr.aws/falcosecurity
-          docker push public.ecr.aws/falcosecurity/falcosidekick:latest
+          docker push public.ecr.aws/falcosecurity/falcosidekick:latest-amd64
+          docker push public.ecr.aws/falcosecurity/falcosidekick:latest-arm64
+          docker push public.ecr.aws/falcosecurity/falcosidekick:latest-armv7
+          docker manifest create --amend public.ecr.aws/falcosecurity/falcosidekick:latest public.ecr.aws/falcosecurity/falcosidekick:latest-amd64 \
+            public.ecr.aws/falcosecurity/falcosidekick:latest-arm64 public.ecr.aws/falcosecurity/falcosidekick:latest-armv7
+          docker manifest push --purge public.ecr.aws/falcosecurity/falcosidekick:latest
 
   release:
     executor:
       name: default
+    environment:
+      DOCKER_BUILDKIT: 1
+      BUILDX_PLATFORMS: linux/amd64,linux/arm64,linux/arm/v7
+      DOCKER_CLI_EXPERIMENTAL: "enabled"
     steps:
-      - checkout
-      - setup_remote_docker
-      - run:
-          name: Install pre-requisites
-          command: |
-            DIR=$(mktemp -d) && pushd $DIR
-            curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
-            unzip awscliv2.zip
-            ./aws/install -i $HOME/.local/aws-cli -b $HOME/.local/bin
-            popd && rm -r $DIR
-      - run:
-          name: Prepare env
-          command: |
-            echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin
-            aws ecr-public get-login-password --region us-east-1 | \
-              docker login --username AWS --password-stdin public.ecr.aws/falcosecurity
-      - run:
-          name: Release
-          command: curl -sL https://git.io/goreleaser | bash
+    - checkout
+    - setup_remote_docker
+    - run: *install_buildx
+    - run: *setup_docker_multiarch
+    - run: *install_goreleaser
+    - run: *install_awscli
+    - run:
+        name: Login Registries
+        command: |
+          echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin
+          aws ecr-public get-login-password --region us-east-1 | \
+            docker login --username AWS --password-stdin public.ecr.aws/falcosecurity
+    - run:
+        name: Release
+        command: goreleaser release --rm-dist
 
 workflows:
   main:

.goreleaser.yml

@@ -1,46 +1,112 @@
 project_name: falcosidekick
+
+snapshot:
+  name_template: 'latest'
+
+checksum:
+  name_template: 'checksums.txt'
+
 builds:
   - id: "falcosidekick"
     goos:
-    - linux
+      - linux
     goarch:
-    - amd64
+      - amd64
+      - arm64
+      - arm
+    goarm:
+      - '7'
     asmflags:
       - all=-trimpath={{.Env.GOPATH}}
     gcflags:
       - all=-trimpath={{.Env.GOPATH}}
     env:
       - CGO_ENABLED=0
+    flags:
+      - -trimpath
     binary: falcosidekick
 
 dockers:
   - goos: linux
     goarch: amd64
     dockerfile: Dockerfile
+    use: buildx
+    image_templates:
+      - "falcosecurity/falcosidekick:stable-amd64"
+      - "falcosecurity/falcosidekick:{{ .Version }}-amd64"
+      - "public.ecr.aws/falcosecurity/falcosidekick:stable-amd64"
+      - "public.ecr.aws/falcosecurity/falcosidekick:{{ .Version }}-amd64"
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--platform=linux/amd64"
+    extra_files:
+      - LICENSE
+
+  - goos: linux
+    goarch: arm64
+    dockerfile: Dockerfile
+    use: buildx
+    image_templates:
+      - "falcosecurity/falcosidekick:stable-arm64"
+      - "falcosecurity/falcosidekick:{{ .Version }}-arm64"
+      - "public.ecr.aws/falcosecurity/falcosidekick:stable-arm64"
+      - "public.ecr.aws/falcosecurity/falcosidekick:{{ .Version }}-arm64"
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--platform=linux/arm64"
+    extra_files:
+      - LICENSE
+
+  - goos: linux
+    goarch: arm
+    goarm: '7'
+    dockerfile: Dockerfile
+    use: buildx
     image_templates:
-      - "falcosecurity/falcosidekick:stable"
-      - "falcosecurity/falcosidekick:{{ .Version }}"
-      - "public.ecr.aws/falcosecurity/falcosidekick:stable"
-      - "public.ecr.aws/falcosecurity/falcosidekick:{{ .Version }}"
+      - "falcosecurity/falcosidekick:stable-armv7"
+      - "falcosecurity/falcosidekick:{{ .Version }}-armv7"
+      - "public.ecr.aws/falcosecurity/falcosidekick:stable-armv7"
+      - "public.ecr.aws/falcosecurity/falcosidekick:{{ .Version }}-armv7"
     build_flag_templates:
       - "--pull"
       - "--label=org.opencontainers.image.created={{.Date}}"
       - "--label=org.opencontainers.image.name={{.ProjectName}}"
       - "--label=org.opencontainers.image.revision={{.FullCommit}}"
       - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--platform=linux/arm/v7"
     extra_files:
-      - outputs
-      - types
-      - config.go
-      - handlers.go
-      - main.go
-      - stats_prometheus.go
-      - stats.go
-      - go.mod
-      - go.sum
-      - Makefile
       - LICENSE
 
+docker_manifests:
+- name_template: 'falcosecurity/falcosidekick:stable'
+  image_templates:
+  - 'falcosecurity/falcosidekick:stable-amd64'
+  - 'falcosecurity/falcosidekick:stable-arm64'
+  - 'falcosecurity/falcosidekick:stable-armv7'
+- name_template: 'falcosecurity/falcosidekick:{{ .Version }}'
+  image_templates:
+  - 'falcosecurity/falcosidekick:{{ .Version }}-amd64'
+  - 'falcosecurity/falcosidekick:{{ .Version }}-arm64'
+  - 'falcosecurity/falcosidekick:{{ .Version }}-armv7'
+- name_template: 'public.ecr.aws/falcosecurity/falcosidekick:stable'
+  image_templates:
+  - 'public.ecr.aws/falcosecurity/falcosidekick:stable-amd64'
+  - 'public.ecr.aws/falcosecurity/falcosidekick:stable-arm64'
+  - 'public.ecr.aws/falcosecurity/falcosidekick:stable-armv7'
+- name_template: 'public.ecr.aws/falcosecurity/falcosidekick:{{ .Version }}'
+  image_templates:
+  - 'public.ecr.aws/falcosecurity/falcosidekick:{{ .Version }}-amd64'
+  - 'public.ecr.aws/falcosecurity/falcosidekick:{{ .Version }}-arm64'
+  - 'public.ecr.aws/falcosecurity/falcosidekick:{{ .Version }}-armv7'
+
 release:
   github:
   prerelease: auto

Dockerfile

@@ -1,16 +1,4 @@
-ARG BUILDER_IMAGE=golang:1.16-buster
 ARG BASE_IMAGE=alpine:3.12
-
-FROM ${BUILDER_IMAGE} AS build-stage
-
-ENV CGO_ENABLED=0
-
-WORKDIR /src
-COPY . .
-
-RUN go mod download
-RUN make falcosidekick
-
 # Final Docker image
 FROM ${BASE_IMAGE} AS final-stage
 LABEL MAINTAINER "Thomas Labarussias <issif+falcosidekick@gadz.org>"
@@ -24,8 +12,8 @@ RUN addgroup -S falcosidekick && adduser -u 1234 -S falcosidekick -G falcosideki
 USER 1234
 
 WORKDIR ${HOME}/app
-COPY --from=build-stage /src/LICENSE .
-COPY --from=build-stage /src/falcosidekick .
+COPY LICENSE .
+COPY falcosidekick .
 
 EXPOSE 2801
 

Makefile

@@ -34,8 +34,12 @@ GOLANGCI_LINT := $(TOOLS_BIN_DIR)/$(GOLANGCI_LINT_BIN)-$(GOLANGCI_LINT_VER)
 falcosidekick:
 	$(GO) build -gcflags all=-trimpath=/src -asmflags all=-trimpath=/src -a -installsuffix cgo -o $@ .
 
+.PHONY: falcosidekick-linux-amd64
+falcosidekick-linux-amd64:
+	GOOS=linux GOARCH=amd64 $(GO) build -gcflags all=-trimpath=/src -asmflags all=-trimpath=/src -a -installsuffix cgo -o falcosidekick .
+
 .PHONY: build-image
-build-image:
+build-image: falcosidekick-linux-amd64
 	$(DOCKER) build . -t falcosecurity/falcosidekick:latest
 
 ## --------------------------------------