From 20901f8a7aa1ed997bc87c5655b80a5f0b912451 Mon Sep 17 00:00:00 2001
From: Alan Protasio <approtas@amazon.com>
Date: Thu, 15 Dec 2022 08:34:09 -0800
Subject: [PATCH] Building Arm Images (#5041)

* wip

Signed-off-by: Alan Protasio <approtas@amazon.com>

* est

Signed-off-by: Alan Protasio <approtas@amazon.com>

* quay

Signed-off-by: Alan Protasio <approtas@amazon.com>

* using different repository for the archteture specific images

Signed-off-by: Alan Protasio <approtas@amazon.com>

* testing linux repos

Signed-off-by: Alan Protasio <approtas@amazon.com>

* testing manifes on both platforms

Signed-off-by: Alan Protasio <approtas@amazon.com>

* enabling deploy stage only on master

Signed-off-by: Alan Protasio <approtas@amazon.com>

* changelog

Signed-off-by: Alan Protasio <approtas@amazon.com>

* using amd64 image for e2e teests

Signed-off-by: Alan Protasio <approtas@amazon.com>

Signed-off-by: Alan Protasio <approtas@amazon.com>
Signed-off-by: Alan Protasio <alanprot@gmail.com>
---
 .github/workflows/scripts/install-docker.sh |  4 ++++
 .github/workflows/test-build-deploy.yml     |  2 +-
 CHANGELOG.md                                |  1 +
 Makefile                                    | 26 +++++++++++++++------
 cmd/cortex/Dockerfile                       |  4 +++-
 cmd/query-tee/Dockerfile                    |  4 +++-
 cmd/test-exporter/Dockerfile                |  3 ++-
 cmd/thanosconvert/Dockerfile                |  3 ++-
 push-images                                 | 23 ++++++++++++++----
 9 files changed, 53 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/scripts/install-docker.sh b/.github/workflows/scripts/install-docker.sh
index ea694615db..d6a215e927 100755
--- a/.github/workflows/scripts/install-docker.sh
+++ b/.github/workflows/scripts/install-docker.sh
@@ -4,4 +4,8 @@ set -x
 VER="20.10.19"
 curl -L -o /tmp/docker-$VER.tgz https://download.docker.com/linux/static/stable/x86_64/docker-$VER.tgz
 tar -xz -C /tmp -f /tmp/docker-$VER.tgz
+mkdir -vp ~/.docker/cli-plugins/
+curl --silent -L "https://github.com/docker/buildx/releases/download/v0.3.0/buildx-v0.3.0.linux-amd64" > ~/.docker/cli-plugins/docker-buildx
+chmod a+x ~/.docker/cli-plugins/docker-buildx
 mv /tmp/docker/* /usr/bin
+docker run --privileged --rm tonistiigi/binfmt --install all
diff --git a/.github/workflows/test-build-deploy.yml b/.github/workflows/test-build-deploy.yml
index c18b72d4a0..6d7d438d0c 100644
--- a/.github/workflows/test-build-deploy.yml
+++ b/.github/workflows/test-build-deploy.yml
@@ -139,7 +139,7 @@ jobs:
         run: |
           export CORTEX_IMAGE_PREFIX="${IMAGE_PREFIX:-quay.io/cortexproject/}"
           export IMAGE_TAG=$(make image-tag)
-          export CORTEX_IMAGE="${CORTEX_IMAGE_PREFIX}cortex:$IMAGE_TAG"
+          export CORTEX_IMAGE="${CORTEX_IMAGE_PREFIX}cortex:$IMAGE_TAG-amd64"
           export CORTEX_CHECKOUT_DIR="/go/src/github.com/cortexproject/cortex"
           echo "Running integration tests with image: $CORTEX_IMAGE"
           go test -tags=requires_docker -timeout 2400s -v -count=1 ./integration/...
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7e83de1980..dce00988f5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@
 
 * [CHANGE] Alertmanager: Local file disclosure vulnerability in OpsGenie configuration has been fixed. #5045
 * [BUGFIX] Fix panic when otel and xray tracing is enabled. #5044
+* [FEATURE] Build ARM docker images. #5041
 
 ## 1.14.0 2022-12-02
 
diff --git a/Makefile b/Makefile
index 7399626834..005c459770 100644
--- a/Makefile
+++ b/Makefile
@@ -9,6 +9,9 @@
 VERSION=$(shell cat "./VERSION" 2> /dev/null)
 GOPROXY_VALUE=$(shell go env GOPROXY)
 
+# ARCHS
+ARCHS       = amd64 arm64
+
 # Boiler plate for building Docker containers.
 # All this must go at top of file I'm afraid.
 IMAGE_PREFIX ?= quay.io/cortexproject/
@@ -37,8 +40,9 @@ SED ?= $(shell which gsed 2>/dev/null || which sed)
 # Dependencies (i.e. things that go in the image) still need to be explicitly
 # declared.
 %/$(UPTODATE): %/Dockerfile
-	@echo
-	$(SUDO) docker build --build-arg=revision=$(GIT_REVISION) --build-arg=goproxyValue=$(GOPROXY_VALUE) -t $(IMAGE_PREFIX)$(shell basename $(@D)) -t $(IMAGE_PREFIX)$(shell basename $(@D)):$(IMAGE_TAG) $(@D)/
+	for arch in $(ARCHS); do \
+		$(SUDO) docker buildx build --platform linux/$$arch --build-arg=revision=$(GIT_REVISION) --build-arg=goproxyValue=$(GOPROXY_VALUE) -t $(IMAGE_PREFIX)$(shell basename $(@D)) -t $(IMAGE_PREFIX)$(shell basename $(@D)):$(IMAGE_TAG)-$$arch $(@D)/ ; \
+	done
 	@echo
 	@echo Please use push-multiarch-build-image to build and push build image for all supported architectures.
 	touch $@
@@ -160,7 +164,11 @@ else
 exes: $(EXES)
 
 $(EXES):
-	CGO_ENABLED=0 go build $(GO_FLAGS) -o $@ ./$(@D)
+	@for arch in $(ARCHS); do \
+  		echo "Building $@ for $$arch";\
+  		CGO_ENABLED=0 GOARCH=$$arch GOOS=linux go build $(GO_FLAGS) -o $@-$$arch ./$(@D); \
+  	done
+
 
 protos: $(PROTO_GOS)
 
@@ -272,16 +280,20 @@ clean-protos:
 
 save-images:
 	@mkdir -p docker-images
-	for image_name in $(IMAGE_NAMES); do \
+	@for image_name in $(IMAGE_NAMES); do \
 		if ! echo $$image_name | grep build; then \
-			docker save $$image_name:$(IMAGE_TAG) -o docker-images/$$(echo $$image_name | tr "/" _):$(IMAGE_TAG); \
+		  	for arch in $(ARCHS); do \
+				docker save $$image_name:$(IMAGE_TAG)-$$arch -o docker-images/$$(echo $$image_name | tr "/" _):$(IMAGE_TAG)-$$arch; \
+			done;\
 		fi \
 	done
 
 load-images:
-	for image_name in $(IMAGE_NAMES); do \
+	@for image_name in $(IMAGE_NAMES); do \
 		if ! echo $$image_name | grep build; then \
-			docker load -i docker-images/$$(echo $$image_name | tr "/" _):$(IMAGE_TAG); \
+		  	for arch in $(ARCHS); do \
+				docker load -i docker-images/$$(echo $$image_name | tr "/" _):$(IMAGE_TAG)-$$arch; \
+			done;\
 		fi \
 	done
 
diff --git a/cmd/cortex/Dockerfile b/cmd/cortex/Dockerfile
index ab995a5332..52fbb0c8d2 100644
--- a/cmd/cortex/Dockerfile
+++ b/cmd/cortex/Dockerfile
@@ -1,7 +1,9 @@
 FROM       alpine:3.14
+ARG TARGETARCH
+
 RUN        apk add --no-cache ca-certificates
 COPY       migrations /migrations/
-COPY       cortex /bin/cortex
+COPY       cortex-$TARGETARCH /bin/cortex
 EXPOSE     80
 ENTRYPOINT [ "/bin/cortex" ]
 
diff --git a/cmd/query-tee/Dockerfile b/cmd/query-tee/Dockerfile
index 622ed403ea..8974e5bd27 100644
--- a/cmd/query-tee/Dockerfile
+++ b/cmd/query-tee/Dockerfile
@@ -1,6 +1,8 @@
 FROM       alpine:3.14
+ARG TARGETARCH
+
 RUN        apk add --no-cache ca-certificates
-COPY       query-tee /
+COPY       query-tee-$TARGETARCH /query-tee
 ENTRYPOINT ["/query-tee"]
 
 ARG revision
diff --git a/cmd/test-exporter/Dockerfile b/cmd/test-exporter/Dockerfile
index 927d6d9a27..0ec8f1ffef 100644
--- a/cmd/test-exporter/Dockerfile
+++ b/cmd/test-exporter/Dockerfile
@@ -1,6 +1,7 @@
 FROM       alpine:3.14
+ARG TARGETARCH
 RUN        apk add --no-cache ca-certificates
-COPY       test-exporter /
+COPY       test-exporter-$TARGETARCH /test-exporter
 ENTRYPOINT ["/test-exporter"]
 
 ARG revision
diff --git a/cmd/thanosconvert/Dockerfile b/cmd/thanosconvert/Dockerfile
index 2a97a9c765..9e4faa4a1a 100644
--- a/cmd/thanosconvert/Dockerfile
+++ b/cmd/thanosconvert/Dockerfile
@@ -1,6 +1,7 @@
 FROM       alpine:3.14
+ARG TARGETARCH
 RUN        apk add --no-cache ca-certificates
-COPY       thanosconvert /
+COPY       thanosconvert-$TARGETARCH /thanosconvert
 ENTRYPOINT ["/thanosconvert"]
 
 ARG revision
diff --git a/push-images b/push-images
index c6cae70c62..fe32c85a17 100755
--- a/push-images
+++ b/push-images
@@ -29,8 +29,16 @@ done
 
 push_image() {
     local image="$1"
-    echo "Pushing ${image}:${IMAGE_TAG}"
-    docker push ${image}:${IMAGE_TAG}
+
+    for arch in amd64 arm64; do \
+      echo "Pushing ${image}-linux:${IMAGE_TAG}-$arch"
+      docker tag ${image}:${IMAGE_TAG}-$arch ${image}-linux:${IMAGE_TAG}-$arch
+      docker push ${image}-linux:${IMAGE_TAG}-$arch
+    done;
+
+    docker manifest create ${image}:${IMAGE_TAG} --amend ${image}-linux:${IMAGE_TAG}-amd64 --amend ${image}-linux:${IMAGE_TAG}-arm64
+    docker manifest push ${image}:${IMAGE_TAG}
+
 
     if [ -n "${NO_QUAY}" ]; then
         return
@@ -38,10 +46,15 @@ push_image() {
 
     # remove the quay prefix and push to docker hub
     docker_hub_image=${image#$QUAY_PREFIX}
-    docker tag ${image}:${IMAGE_TAG} ${docker_hub_image}:${IMAGE_TAG}
+    for arch in amd64 arm64; do \
+      docker tag ${image}:${IMAGE_TAG}-$arch ${docker_hub_image}-linux:${IMAGE_TAG}-$arch
+
+      echo "Pushing ${docker_hub_image}-linux:${IMAGE_TAG}-$arch"
+      docker push ${docker_hub_image}-linux:${IMAGE_TAG}-$arch
+    done;
 
-    echo "Pushing ${docker_hub_image}:${IMAGE_TAG}"
-    docker push ${docker_hub_image}:${IMAGE_TAG}
+    docker manifest create ${docker_hub_image}:${IMAGE_TAG} --amend ${docker_hub_image}-linux:${IMAGE_TAG}-amd64 --amend ${docker_hub_image}-linux:${IMAGE_TAG}-arm64
+    docker manifest push ${docker_hub_image}:${IMAGE_TAG}
 }
 
 for image in ${IMAGES}; do