Merge pull request #9932 from akshay196/image-contains-correct-binary…

…-9758

🌱 Ensure build images contains correct binary and for correct architecture

Makefile

@@ -1078,7 +1078,7 @@ release-binary: $(RELEASE_DIR)
 
 .PHONY: release-staging
 release-staging: ## Build and push container images to the staging bucket
-	REGISTRY=$(STAGING_REGISTRY) $(MAKE) docker-build-all docker-push-all release-alias-tag
+	REGISTRY=$(STAGING_REGISTRY) $(MAKE) docker-build-all docker-image-verify docker-push-all release-alias-tag
 
 .PHONY: release-staging-nightly
 release-staging-nightly: ## Tag and push container images to the staging bucket. Example image tag: cluster-api-controller:nightly_main_20210121
@@ -1130,6 +1130,10 @@ promote-images: $(KPROMO)
 ## Docker
 ## --------------------------------------
 
+.PHONY: docker-image-verify
+docker-image-verify: ## Verifies all built images to contain the correct binary in the expected arch
+	ALL_ARCH="$(ALL_ARCH)" TAG="$(TAG)" ./hack/docker-image-verify.sh
+
 .PHONY: docker-push-all
 docker-push-all: $(addprefix docker-push-,$(ALL_ARCH))  ## Push the docker images to be included in the release for all architectures + related multiarch manifests
 	$(MAKE) ALL_ARCH="$(ALL_ARCH)" $(addprefix docker-push-manifest-,$(ALL_DOCKER_BUILD))

hack/docker-image-verify.sh

@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+# Copyright 2023 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+_tmp="$(pwd)/_tmp"
+cleanup() {
+  rm -rf "${_tmp}"
+}
+trap "cleanup" EXIT SIGINT
+cleanup
+mkdir -p "${_tmp}"
+
+function TESTIMAGE() {
+  IMAGE="${1}"
+  ARCH="${2}"
+  GREPGOPATH="${3}"
+  BINARYPATH="${4:-manager}"
+
+  echo "> Testing $IMAGE"
+
+  docker save "${IMAGE}" -o "${_tmp}"/img.tar
+  mkdir -p "${_tmp}"/extracted-img "${_tmp}"/extracted
+  tar -xf "${_tmp}"/img.tar -C "${_tmp}"/extracted-img/
+  while IFS= read -r -d '' layer
+  do
+    tar -xf "${layer}" -C "${_tmp}"/extracted
+  done <   <(find "${_tmp}"/extracted-img/ -name "*.tar" -print0)
+
+  go version -m "${_tmp}"/extracted/"${BINARYPATH}" | grep -E $'\tpath' | grep -E -q -e "${GREPGOPATH}" || (echo "FAILED ${IMAGE} expected value for path: \"${GREPGOPATH}\""; go version -m "${_tmp}"/extracted/"${BINARYPATH}" | grep -E $'\tpath'; exit 1)
+  go version -m "${_tmp}"/extracted/"${BINARYPATH}" | grep -q -E "GOARCH=${ARCH}$" || (echo "Failed ${IMAGE} expected GOARCH to be \"$ARCH\""; go version -m "${_tmp}"/extracted/"${BINARYPATH}" | grep "GOARCH="; exit 1)
+
+  rm -rf "${_tmp}"/img.tar "${_tmp}"/extracted-img "${_tmp}"/extracted
+}
+
+for arch in ${ALL_ARCH}; do
+  TESTIMAGE "${REGISTRY}/cluster-api-controller-${arch}:${TAG}" "${arch}" "sigs.k8s.io/cluster-api$"
+  TESTIMAGE "${REGISTRY}/kubeadm-bootstrap-controller-${arch}:${TAG}" "${arch}" "sigs.k8s.io/cluster-api/bootstrap/kubeadm$"
+  TESTIMAGE "${REGISTRY}/kubeadm-control-plane-controller-${arch}:${TAG}" "${arch}" "sigs.k8s.io/cluster-api/controlplane/kubeadm$"
+  TESTIMAGE "${REGISTRY}/capd-manager-${arch}:${TAG}" "${arch}" "command-line-arguments$"
+  TESTIMAGE "${REGISTRY}/capim-manager-${arch}:${TAG}" "${arch}" "sigs.k8s.io/cluster-api/test/infrastructure/inmemory$"
+  TESTIMAGE "${REGISTRY}/test-extension-${arch}:${TAG}" "${arch}" "sigs.k8s.io/cluster-api/test/extension$"
+  TESTIMAGE "${REGISTRY}/clusterctl-${arch}:${TAG}" "${arch}" "sigs.k8s.io/cluster-api/cmd/clusterctl$" "clusterctl"
+done