Attempt to fix multiarch workflow

.github/workflows/push_image.yml

@@ -1,14 +1,15 @@
 name: Build and push to quay.io
 on:
   push:
-    branches: [ main ]
+    branches: [ main, workflow-test ]
 
 env:
-  REGISTRY_USER: netobserv+github_ci
-  REGISTRY: quay.io/netobserv
-  IMAGE: network-observability-operator
-  ORG: netobserv
-  VERSION: main
+  WF_REGISTRY_USER: netobserv+github_ci
+  WF_REGISTRY: quay.io/netobserv
+  WF_IMAGE: network-observability-operator
+  WF_ORG: netobserv
+  WF_MULTIARCH_TARGETS: amd64 arm64 ppc64le
+  WF_VERSION: ${{ github.ref_name }}
 
 jobs:
   push-image:
@@ -29,40 +30,41 @@ jobs:
       - name: docker login to quay.io
         uses: docker/login-action@v2
         with:
-          username: ${{ env.REGISTRY_USER }}
+          username: ${{ env.WF_REGISTRY_USER }}
           password: ${{ secrets.QUAY_SECRET }}
           registry: quay.io
       - name: get short sha
         run: echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
       - name: build images
-        run: IMAGE_ORG=${{ env.ORG }} IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.VERSION }} make image-build
+        run: |
+          MULTIARCH_TARGETS="${{ env.WF_MULTIARCH_TARGETS }}" IMAGE_ORG=${{ env.WF_ORG }} IMAGE=${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }}:${{ env.WF_VERSION }} make image-build
+          MULTIARCH_TARGETS="${{ env.WF_MULTIARCH_TARGETS }}" IMAGE_ORG=${{ env.WF_ORG }} IMAGE=${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }}:${{ env.short_sha }} OCI_BUILD_OPTS="--label quay.expires-after=2w" make image-build
       - name: push images
-        run: IMAGE_ORG=${{ env.ORG }} IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.VERSION }} make image-push
+        run: |
+          MULTIARCH_TARGETS="${{ env.WF_MULTIARCH_TARGETS }}" IMAGE_ORG=${{ env.WF_ORG }} IMAGE=${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }}:${{ env.WF_VERSION }} make image-push
+          MULTIARCH_TARGETS="${{ env.WF_MULTIARCH_TARGETS }}" IMAGE_ORG=${{ env.WF_ORG }} IMAGE=${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }}:${{ env.short_sha }} make image-push
       - name: build and push manifest
-        run: IMAGE_ORG=${{ env.ORG }} VERSION=${{ env.VERSION }} make ci-manifest
-      - name: print image url
-        run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
+        run: |
+          IMAGE_ORG=${{ env.WF_ORG }} IMAGE=${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }}:${{ env.WF_VERSION }} make manifest-build manifest-push
+          IMAGE_ORG=${{ env.WF_ORG }} IMAGE=${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }}:${{ env.short_sha }} make manifest-build manifest-push
       - name: build bundle
-        run: IMAGE_ORG=${{ env.ORG }} VERSION=${{ env.VERSION }} PLG_VERSION=${{ env.VERSION }} FLP_VERSION=${{ env.VERSION }} BPF_VERSION=${{ env.VERSION }} BUNDLE_VERSION=0.0.0-${{ env.VERSION }} make bundle bundle-build
+        run: IMAGE_ORG=${{ env.WF_ORG }} VERSION=${{ env.WF_VERSION }} PLG_VERSION=${{ env.WF_VERSION }} FLP_VERSION=${{ env.WF_VERSION }} BPF_VERSION=${{ env.WF_VERSION }} BUNDLE_VERSION=0.0.0-${{ env.WF_VERSION }} make bundle bundle-build
       - name: push bundle to quay.io
         id: push-bundle
         uses: redhat-actions/push-to-registry@v2
         with:
-          image: ${{ env.IMAGE }}-bundle
-          tags: v0.0.0-${{ env.VERSION }}
-          registry: ${{ env.REGISTRY }}
+          image: ${{ env.WF_IMAGE }}-bundle
+          tags: v0.0.0-${{ env.WF_VERSION }}
+          registry: ${{ env.WF_REGISTRY }}
       - name: build catalog
-        run: IMAGE_ORG=${{ env.ORG }} BUNDLE_VERSION=0.0.0-${{ env.VERSION }} make catalog-build
+        run: IMAGE_ORG=${{ env.WF_ORG }} BUNDLE_VERSION=0.0.0-${{ env.WF_VERSION }} make catalog-build
       - name: push catalog to quay.io
         id: push-catalog
         uses: redhat-actions/push-to-registry@v2
         with:
-          image: ${{ env.IMAGE }}-catalog
-          tags: v0.0.0-${{ env.VERSION }}
-          registry: ${{ env.REGISTRY }}
-      - name: print images reference
-        run: |
-          echo "Images: ${{ steps.push-to-quay.outputs.registry-paths }}, ${{ steps.push-bundle.outputs.registry-paths }}, ${{ steps.push-catalog.outputs.registry-paths }}"
+          image: ${{ env.WF_IMAGE }}-catalog
+          tags: v0.0.0-${{ env.WF_VERSION }}
+          registry: ${{ env.WF_REGISTRY }}
 
   codecov:
     name: Codecov upload

.github/workflows/push_image_pr.yml

@@ -4,11 +4,10 @@ on:
     types: [labeled]
 
 env:
-  REGISTRY_USER: netobserv+github_ci
-  REGISTRY: quay.io/netobserv
-  IMAGE: network-observability-operator
-  ORG: netobserv
-  VERSION: temp
+  WF_REGISTRY_USER: netobserv+github_ci
+  WF_REGISTRY: quay.io/netobserv
+  WF_IMAGE: network-observability-operator
+  WF_ORG: netobserv
 
 jobs:
   push-pr-image:
@@ -32,35 +31,35 @@ jobs:
       - name: docker login to quay.io
         uses: docker/login-action@v2
         with:
-          username: ${{ env.REGISTRY_USER }}
+          username: ${{ env.WF_REGISTRY_USER }}
           password: ${{ secrets.QUAY_SECRET }}
           registry: quay.io
       - name: get short sha
         run: echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
-      - name: build images
-        run: IMAGE_ORG=${{ env.ORG }} IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.short_sha }} make image-build
-      - name: push images
-        run: IMAGE_ORG=${{ env.ORG }} IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.short_sha }} make image-push
+      - name: build image
+        run: OCI_BUILD_OPTS="--label quay.expires-after=2w" IMAGE_ORG=${{ env.WF_ORG }} IMAGE=${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }}:${{ env.short_sha }} make image-build
+      - name: push image
+        run: IMAGE_ORG=${{ env.WF_ORG }} IMAGE=${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }}:${{ env.short_sha }} make image-push
       - name: build and push manifest
-        run: IMAGE_ORG=${{ env.ORG }} IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.short_sha }} make ci-manifest
+        run: IMAGE_ORG=${{ env.WF_ORG }} IMAGE=${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }}:${{ env.short_sha }} make manifest-build manifest-push
       - name: build bundle
-        run: IMAGE_ORG=${{ env.ORG }} VERSION=${{ env.short_sha }} PLG_VERSION=main FLP_VERSION=main BPF_VERSION=main BUNDLE_VERSION=0.0.0-${{ env.short_sha }} make bundle shortlived-bundle-build
+        run: IMAGE_ORG=${{ env.WF_ORG }} VERSION=${{ env.short_sha }} PLG_VERSION=main FLP_VERSION=main BPF_VERSION=main BUNDLE_VERSION=0.0.0-${{ env.short_sha }} make bundle shortlived-bundle-build
       - name: push bundle to quay.io
         id: push-bundle
         uses: redhat-actions/push-to-registry@v2
         with:
-          image: ${{ env.IMAGE }}-bundle
+          image: ${{ env.WF_IMAGE }}-bundle
           tags: v0.0.0-${{ env.short_sha }}
-          registry: ${{ env.REGISTRY }}
+          registry: ${{ env.WF_REGISTRY }}
       - name: build catalog
-        run: IMAGE_ORG=${{ env.ORG }} BUNDLE_VERSION=0.0.0-${{ env.short_sha }} make shortlived-catalog-build
+        run: IMAGE_ORG=${{ env.WF_ORG }} BUNDLE_VERSION=0.0.0-${{ env.short_sha }} make shortlived-catalog-build
       - name: push catalog to quay.io
         id: push-catalog
         uses: redhat-actions/push-to-registry@v2
         with:
-          image: ${{ env.IMAGE }}-catalog
+          image: ${{ env.WF_IMAGE }}-catalog
           tags: v0.0.0-${{ env.short_sha }}
-          registry: ${{ env.REGISTRY }}
+          registry: ${{ env.WF_REGISTRY }}
       - uses: actions/github-script@v5
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
@@ -70,9 +69,9 @@ jobs:
               owner: context.repo.owner,
               repo: context.repo.repo,
               body: `New images:
-            * ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.short_sha }}
-            * ${{ env.REGISTRY }}/${{ env.IMAGE }}-bundle:v0.0.0-${{ env.short_sha }}
-            * ${{ env.REGISTRY }}/${{ env.IMAGE }}-catalog:v0.0.0-${{ env.short_sha }}
+            * ${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }}:${{ env.short_sha }}
+            * ${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }}-bundle:v0.0.0-${{ env.short_sha }}
+            * ${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }}-catalog:v0.0.0-${{ env.short_sha }}
 
             They will expire after two weeks.
 
@@ -85,7 +84,7 @@ jobs:
               namespace: openshift-marketplace
             spec:
               sourceType: grpc
-              image: ${{ env.REGISTRY }}/${{ env.IMAGE }}-catalog:v0.0.0-${{ env.short_sha }}
+              image: ${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }}-catalog:v0.0.0-${{ env.short_sha }}
               displayName: NetObserv development catalog
               publisher: Me
               updateStrategy:

.github/workflows/release.yml

@@ -4,10 +4,11 @@ on:
     tags: ['*']
 
 env:
-  REGISTRY_USER: netobserv+github_ci
-  REGISTRY_PASSWORD: ${{ secrets.QUAY_SECRET }}
-  REGISTRY: quay.io/netobserv
-  IMAGE: network-observability-operator
+  WF_REGISTRY_USER: netobserv+github_ci
+  WF_REGISTRY: quay.io/netobserv
+  WF_IMAGE: network-observability-operator
+  WF_ORG: netobserv
+  WF_MULTIARCH_TARGETS: amd64 arm64 ppc64le
 
 jobs:
   push-image:
@@ -22,8 +23,8 @@ jobs:
       - name: docker login to quay.io
         uses: docker/login-action@v2
         with:
-          username: ${{ env.REGISTRY_USER }}
-          password: ${{ env.REGISTRY_PASSWORD }}
+          username: ${{ env.WF_REGISTRY_USER }}
+          password: ${{ secrets.QUAY_SECRET }}
           registry: quay.io
       - name: validate tag
         run: |
@@ -43,31 +44,29 @@ jobs:
         with:
           go-version: ${{ matrix.go }}
       - name: build operator
-        run: IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.tag }} make image-build
+        run: |
+          MULTIARCH_TARGETS="${{ env.WF_MULTIARCH_TARGETS }}" IMAGE_ORG=${{ env.WF_ORG }} IMAGE=${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }}:${{ env.tag }} make image-build
       - name: push operator
-        run: IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.tag }} make image-push
-      - name: build manifest
-        run: IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.tag }} make manifest-build
-      - name: push manifest
-        run: IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.tag }} make manifest-push
+        run: |
+          MULTIARCH_TARGETS="${{ env.WF_MULTIARCH_TARGETS }}" IMAGE_ORG=${{ env.WF_ORG }} IMAGE=${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }}:${{ env.tag }} make image-push
+      - name: build and push manifest
+        run: |
+          IMAGE_ORG=${{ env.WF_ORG }} IMAGE=${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }}:${{ env.tag }} make manifest-build manifest-push
       - name: build bundle
-        run: BUNDLE_VERSION=${{ env.tag }} IMAGE_TAG_BASE=${{ env.REGISTRY }}/${{ env.IMAGE }} make bundle-build
+        run: IMAGE_ORG=${{ env.WF_ORG }} BUNDLE_VERSION=${{ env.tag }} IMAGE_TAG_BASE=${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }} make bundle-build
       - name: push bundle to quay.io
         id: push-bundle
         uses: redhat-actions/push-to-registry@v2
         with:
-          image: ${{ env.IMAGE }}-bundle
+          image: ${{ env.WF_IMAGE }}-bundle
           tags: v${{ env.tag }}
-          registry: ${{ env.REGISTRY }}
+          registry: ${{ env.WF_REGISTRY }}
       - name: build catalog
-        run: BUNDLE_VERSION=${{ env.tag }} IMAGE_TAG_BASE=${{ env.REGISTRY }}/${{ env.IMAGE }} make catalog-build
+        run: BUNDLE_VERSION=${{ env.tag }} IMAGE_TAG_BASE=${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }} make catalog-build
       - name: push catalog to quay.io
         id: push-catalog
         uses: redhat-actions/push-to-registry@v2
         with:
-          image: ${{ env.IMAGE }}-catalog
+          image: ${{ env.WF_IMAGE }}-catalog
           tags: v${{ env.tag }}
-          registry: ${{ env.REGISTRY }}
-      - name: print images reference
-        run: |
-          echo "Images: ${{ steps.push-operator.outputs.registry-paths }}, ${{ steps.push-bundle.outputs.registry-paths }}, ${{ steps.push-catalog.outputs.registry-paths }}"
+          registry: ${{ env.WF_REGISTRY }}

.mk/shortcuts.mk

@@ -14,18 +14,6 @@ push-manifest: manifest-push ## Push MULTIARCH_TARGETS manifest
 .PHONY: images
 images: image-build image-push manifest-build manifest-push ## Build and push MULTIARCH_TARGETS images and related manifest
 
-.PHONY: build-ci-manifest
-build-ci-manifest: ci-manifest-build ## Build CI manifest
-
-.PHONY: push-ci-manifest
-push-ci-manifest: ci-manifest-push ## Push CI manifest
-
-.PHONY: ci-manifest
-ci-manifest: ci-manifest-build ci-manifest-push ## Build and push CI manifest
-
-.PHONY: ci
-ci: images ci-manifest ## Build and push CI images and manifest
-
 .PHONY: build-catalog
 build-catalog: catalog-build ## Build a catalog image
 

DEVELOPMENT.md

@@ -213,3 +213,15 @@ make set-release-kind-downstream
 ```
 
 Most notably change will concern the monitoring part which will use the platoform monitoring stack instead of the user workload monitoring stack.
+
+## Testing the github workflow
+
+Testing github workflows can sometimes be tricky as it's not always possible to run everything locally, and they depend on triggers such as merging a commit, or pushing a tag on the upstream.
+
+One thing you should do if you modified the workflows and/or the Makefiles, is to run the `hack/test-workflow.sh` script. It is not a silver bullet, but it will test a bunch of things in the workflows, such as expecting some images to be built, and correctly referenced in the CSV. But it cannot cover everything, like it won't push anything to the image registry.
+
+The second thing you can do is to push your commits to the upstream `workflow-test` branch. The `push_image.yml` workflow is triggered on that branch, just like when something is merged on the `main` branch. So, you can open the [corresponding page](https://github.com/netobserv/network-observability-operator/actions/workflows/push_image.yml) in Github to monitor the jobs triggered. Make sure on Quay that you get the expected images for the [Operator](https://quay.io/repository/netobserv/network-observability-operator?tab=tags), the [bundle](https://quay.io/repository/netobserv/network-observability-operator-bundle?tab=tags) and the [catalog](https://quay.io/repository/netobserv/network-observability-operator-catalog?tab=tags).
+
+Then, you can test the upstream release process by [following the doc](./RELEASE.md). Don't do a full release of course, but just create a release candidate (e.g. set version to 1.0.3-rc0). When the tag is pushed, it will trigger the corresponding workflow ([view on github](https://github.com/netobserv/network-observability-operator/actions/workflows/release.yml)). As above, you should check that the images are well created in Quay.. It's fine if you tag from the `workflow-test` branch (or any branch). You can remove the tag after you tested.
+
+Finally, to test the per-PR workflow (pre-merge testing), just open a dummy PR against the upstream branch `workflow-test` (where you pushed your workflow changes), and add the usual `ok-to-test` label. This will trigger the corresponding `push_image_pr.yml` workflow ([view on github](https://github.com/netobserv/network-observability-operator/actions/workflows/push_image_pr.yml)). As above, you should check that the images are well created in Quay.

Makefile

@@ -14,7 +14,7 @@ endif
 
 # Go architecture and targets images to build
 GOARCH ?= amd64
-MULTIARCH_TARGETS := amd64 arm64 ppc64le
+MULTIARCH_TARGETS ?= amd64
 
 # In CI, to be replaced by `netobserv`
 IMAGE_ORG ?= $(USER)
@@ -77,6 +77,7 @@ BUNDLE_IMAGE ?= $(IMAGE_TAG_BASE)-bundle:v$(BUNDLE_VERSION)
 # Image URL to use all building/pushing image targets
 IMAGE ?= $(IMAGE_TAG_BASE):$(VERSION)
 IMAGE_SHA = $(IMAGE_TAG_BASE):$(BUILD_SHA)
+OCI_BUILD_OPTS ?=
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
 CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false"
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
@@ -111,7 +112,7 @@ include .bingo/Variables.mk
 # build a single arch target provided as argument
 define build_target
 	echo 'building image for arch $(1)'; \
-	DOCKER_BUILDKIT=1 $(OCI_BIN) buildx build --load --build-arg TARGETPLATFORM=linux/$(1) --build-arg TARGETARCH=$(1) --build-arg BUILDPLATFORM=linux/amd64 -t ${IMAGE}-$(1) -f Dockerfile .;
+	DOCKER_BUILDKIT=1 $(OCI_BIN) buildx build --load --build-arg TARGETPLATFORM=linux/$(1) --build-arg TARGETARCH=$(1) --build-arg BUILDPLATFORM=linux/amd64 ${OCI_BUILD_OPTS} -t ${IMAGE}-$(1) -f Dockerfile .;
 endef
 
 # push a single arch target image
@@ -121,9 +122,9 @@ define push_target
 endef
 
 # manifest create a single arch target provided as argument
-define manifest_create_target
-	echo 'manifest create for arch $(1)'; \
-	DOCKER_BUILDKIT=1 $(OCI_BIN) manifest add ${IMAGE} ${IMAGE}-$(target);
+define manifest_add_target
+	echo 'manifest add target $(1)'; \
+	DOCKER_BUILDKIT=1 $(OCI_BIN) manifest add ${IMAGE} ${IMAGE}-$(1);
 endef
 
 ##@ General
@@ -308,7 +309,7 @@ ifeq (${OCI_BIN}, docker)
 else
 	trap 'exit' INT; \
 	DOCKER_BUILDKIT=1 $(OCI_BIN) manifest create ${IMAGE} ||:
-	$(foreach target,$(MULTIARCH_TARGETS),$(call manifest_create_target,$(target)))
+	$(foreach target,$(MULTIARCH_TARGETS),$(call manifest_add_target,$(target)))
 endif
 
 .PHONY: manifest-push
@@ -320,23 +321,6 @@ else
 	DOCKER_BUILDKIT=1 $(OCI_BIN) manifest push ${IMAGE} docker://${IMAGE};
 endif
 
-.PHONY: ci-manifest-build
-ci-manifest-build: manifest-build ## Build CI manifest
-	$(OCI_BIN) build --build-arg BASE_IMAGE=$(IMAGE) -t $(IMAGE_SHA) -f shortlived.Dockerfile .
-ifeq ($(VERSION), main)
-# Also tag "latest" only for branch "main"
-	$(OCI_BIN) build -t $(IMAGE) -t $(IMAGE_TAG_BASE):latest .
-endif
-
-.PHONY: ci-manifest-push
-ci-manifest-push: ## Push CI manifest
-	$(OCI_BIN) push $(IMAGE_SHA)
-ifeq ($(VERSION), main)
-# Also tag "latest" only for branch "main"
-	$(OCI_BIN) push ${IMAGE}
-	$(OCI_BIN) push $(IMAGE_TAG_BASE):latest
-endif
-
 ##@ Deployment
 
 install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.