diff --git a/Makefile b/Makefile index 2352a4e453ed..1232e4dca4ef 100644 --- a/Makefile +++ b/Makefile @@ -1078,7 +1078,7 @@ release-binary: $(RELEASE_DIR) .PHONY: release-staging release-staging: ## Build and push container images to the staging bucket - REGISTRY=$(STAGING_REGISTRY) $(MAKE) docker-build-all docker-push-all release-alias-tag + REGISTRY=$(STAGING_REGISTRY) $(MAKE) docker-build-all docker-image-verify docker-push-all release-alias-tag .PHONY: release-staging-nightly release-staging-nightly: ## Tag and push container images to the staging bucket. Example image tag: cluster-api-controller:nightly_main_20210121 @@ -1130,6 +1130,10 @@ promote-images: $(KPROMO) ## Docker ## -------------------------------------- +.PHONY: docker-image-verify +docker-image-verify: ## Verifies all built images to contain the correct binary in the expected arch + ALL_ARCH="$(ALL_ARCH)" TAG="$(TAG)" ./hack/docker-image-verify.sh + .PHONY: docker-push-all docker-push-all: $(addprefix docker-push-,$(ALL_ARCH)) ## Push the docker images to be included in the release for all architectures + related multiarch manifests $(MAKE) ALL_ARCH="$(ALL_ARCH)" $(addprefix docker-push-manifest-,$(ALL_DOCKER_BUILD)) diff --git a/hack/docker-image-verify.sh b/hack/docker-image-verify.sh new file mode 100755 index 000000000000..697a89bac589 --- /dev/null +++ b/hack/docker-image-verify.sh @@ -0,0 +1,58 @@ +#!/usr/bin/env bash +# Copyright 2023 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit +set -o nounset +set -o pipefail + +_tmp="$(pwd)/_tmp" +cleanup() { + rm -rf "${_tmp}" +} +trap "cleanup" EXIT SIGINT +cleanup +mkdir -p "${_tmp}" + +function TESTIMAGE() { + IMAGE="${1}" + ARCH="${2}" + GREPGOPATH="${3}" + BINARYPATH="${4:-manager}" + + echo "> Testing $IMAGE" + + docker save "${IMAGE}" -o "${_tmp}"/img.tar + mkdir -p "${_tmp}"/extracted-img "${_tmp}"/extracted + tar -xf "${_tmp}"/img.tar -C "${_tmp}"/extracted-img/ + while IFS= read -r -d '' layer + do + tar -xf "${layer}" -C "${_tmp}"/extracted + done < <(find "${_tmp}"/extracted-img/ -name "*.tar" -print0) + + go version -m "${_tmp}"/extracted/"${BINARYPATH}" | grep -E $'\tpath' | grep -E -q -e "${GREPGOPATH}" || (echo "FAILED ${IMAGE} expected value for path: \"${GREPGOPATH}\""; go version -m "${_tmp}"/extracted/"${BINARYPATH}" | grep -E $'\tpath'; exit 1) + go version -m "${_tmp}"/extracted/"${BINARYPATH}" | grep -q -E "GOARCH=${ARCH}$" || (echo "Failed ${IMAGE} expected GOARCH to be \"$ARCH\""; go version -m "${_tmp}"/extracted/"${BINARYPATH}" | grep "GOARCH="; exit 1) + + rm -rf "${_tmp}"/img.tar "${_tmp}"/extracted-img "${_tmp}"/extracted +} + +for arch in ${ALL_ARCH}; do + TESTIMAGE "${REGISTRY}/cluster-api-controller-${arch}:${TAG}" "${arch}" "sigs.k8s.io/cluster-api$" + TESTIMAGE "${REGISTRY}/kubeadm-bootstrap-controller-${arch}:${TAG}" "${arch}" "sigs.k8s.io/cluster-api/bootstrap/kubeadm$" + TESTIMAGE "${REGISTRY}/kubeadm-control-plane-controller-${arch}:${TAG}" "${arch}" "sigs.k8s.io/cluster-api/controlplane/kubeadm$" + TESTIMAGE "${REGISTRY}/capd-manager-${arch}:${TAG}" "${arch}" "command-line-arguments$" + TESTIMAGE "${REGISTRY}/capim-manager-${arch}:${TAG}" "${arch}" "sigs.k8s.io/cluster-api/test/infrastructure/inmemory$" + TESTIMAGE "${REGISTRY}/test-extension-${arch}:${TAG}" "${arch}" "sigs.k8s.io/cluster-api/test/extension$" + TESTIMAGE "${REGISTRY}/clusterctl-${arch}:${TAG}" "${arch}" "sigs.k8s.io/cluster-api/cmd/clusterctl$" "clusterctl" +done