From 20c9e80618b4a2c0a5ffd29af35d44db66b24788 Mon Sep 17 00:00:00 2001
From: Avi Deitcher <avi@deitcher.net>
Date: Tue, 4 Sep 2018 21:59:27 +0300
Subject: [PATCH 1/4] Add Dockerfiles to build for arm64, ppc64le, s390x

(cherry picked from commit 9d95e70681cd1a5ef33f8a72b08deee1cbedbf94)
---
 Dockerfile.arm64   | 9 +++++++++
 Dockerfile.ppc64le | 9 +++++++++
 Dockerfile.s390x   | 9 +++++++++
 3 files changed, 27 insertions(+)
 create mode 100644 Dockerfile.arm64
 create mode 100644 Dockerfile.ppc64le
 create mode 100644 Dockerfile.s390x

diff --git a/Dockerfile.arm64 b/Dockerfile.arm64
new file mode 100644
index 0000000..31205d0
--- /dev/null
+++ b/Dockerfile.arm64
@@ -0,0 +1,9 @@
+FROM arm64v8/alpine:3.8
+
+RUN mkdir -p /usr/local/bin
+ADD flexvol/docker/flexvol.sh /usr/local/bin/
+ADD bin/flexvol-arm64 /usr/local/bin/flexvol
+
+RUN chmod +x /usr/local/bin/flexvol.sh
+
+ENTRYPOINT ["/usr/local/bin/flexvol.sh"]
diff --git a/Dockerfile.ppc64le b/Dockerfile.ppc64le
new file mode 100644
index 0000000..076c294
--- /dev/null
+++ b/Dockerfile.ppc64le
@@ -0,0 +1,9 @@
+FROM ppc64le/alpine:3.8
+
+RUN mkdir -p /usr/local/bin
+ADD flexvol/docker/flexvol.sh /usr/local/bin/
+ADD bin/flexvol-ppc64le /usr/local/bin/flexvol
+
+RUN chmod +x /usr/local/bin/flexvol.sh
+
+ENTRYPOINT ["/usr/local/bin/flexvol.sh"]
diff --git a/Dockerfile.s390x b/Dockerfile.s390x
new file mode 100644
index 0000000..1e13fd2
--- /dev/null
+++ b/Dockerfile.s390x
@@ -0,0 +1,9 @@
+FROM s390x/alpine:3.8
+
+RUN mkdir -p /usr/local/bin
+ADD flexvol/docker/flexvol.sh /usr/local/bin/
+ADD bin/flexvol-s390x /usr/local/bin/flexvol
+
+RUN chmod +x /usr/local/bin/flexvol.sh
+
+ENTRYPOINT ["/usr/local/bin/flexvol.sh"]

From 7d1dfe7d3e4754066482438f0b3c43b13d62a035 Mon Sep 17 00:00:00 2001
From: Avi Deitcher <avi@deitcher.net>
Date: Fri, 31 Aug 2018 12:55:20 +0300
Subject: [PATCH 2/4] Add support for multi-arch manifest, with default arch on
 quay.io

(cherry picked from commit 90d386670d692e547fb2d488e32fa7d14a81dbb8)
---
 Makefile | 105 ++++++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 76 insertions(+), 29 deletions(-)

diff --git a/Makefile b/Makefile
index 0e022d1..45f8b88 100644
--- a/Makefile
+++ b/Makefile
@@ -38,16 +38,47 @@ ifeq ($(ARCH),x86_64)
     override ARCH=amd64
 endif
 
+# we want to be able to run the same recipe on multiple targets keyed on the image name
+# to do that, we would use the entire image name, e.g. calico/node:abcdefg, as the stem, or '%', in the target
+# however, make does **not** allow the usage of invalid filename characters - like / and : - in a stem, and thus errors out
+# to get around that, we "escape" those characters by converting all : to --- and all / to ___ , so that we can use them
+# in the target, we then unescape them back
+escapefs = $(subst :,---,$(subst /,___,$(1)))
+unescapefs = $(subst ---,:,$(subst ___,/,$(1)))
+
+# these macros create a list of valid architectures for pushing manifests
+space :=
+space +=
+comma := ,
+prefix_linux = $(addprefix linux/,$(strip $1))
+join_platforms = $(subst $(space),$(comma),$(call prefix_linux,$(strip $1)))
+
 
 # list of arches *not* to build when doing *-all
 #    until s390x works correctly
 EXCLUDEARCH ?= s390x
 VALIDARCHES = $(filter-out $(EXCLUDEARCH),$(ARCHES))
 
+BUILD_IMAGE?=calico/pod2daemon-flexvol
+PUSH_IMAGES?=$(BUILD_IMAGE) quay.io/calico/pod2daemon-flexvol
+RELEASE_IMAGES?=
+
+ifeq ($(RELEASE),true)
+# If this is a release, also tag and push GCR images. 
+PUSH_IMAGES+=$(RELEASE_IMAGES)
+endif
+
+# remove from the list to push to manifest any registries that do not support multi-arch
+EXCLUDE_MANIFEST_REGISTRIES ?= quay.io/
+PUSH_MANIFEST_IMAGES=$(PUSH_IMAGES:$(EXCLUDE_MANIFEST_REGISTRIES)%=)
+PUSH_NONMANIFEST_IMAGES=$(filter-out $(PUSH_MANIFEST_IMAGES),$(PUSH_IMAGES))
+
+# location of docker credentials to push manifests
+DOCKER_CONFIG ?= $(HOME)/.docker/config.json
 
 ###############################################################################
 GO_BUILD_VER?=v0.17
-GO_BUILD_CONTAINER?=calico/go-build:$(GO_BUILD_VER)
+CALICO_BUILD?=calico/go-build:$(GO_BUILD_VER)
 PROTOC_VER?=v0.1
 PROTOC_CONTAINER?=calico/protoc:$(PROTOC_VER)-$(BUILDARCH)
 
@@ -59,7 +90,6 @@ MY_GID:=$(shell id -g)
 
 PACKAGE_NAME?=github.com/projectcalico/pod2daemon
 SRC_FILES=$(shell find -name '*.go' |grep -v vendor)
-CONTAINER_NAME?=calico/pod2daemon-flexvol
 
 # Pre-configured docker run command that runs as this user with the repo
 # checked out to /code, uses the --rm flag to avoid leaving the container
@@ -71,11 +101,11 @@ DOCKER_RUN_RM:=docker run --rm --user $(MY_UID):$(MY_GID) -v ${CURDIR}:/code
 clean:
 	find . -name '*.created-$(ARCH)' -exec rm -f {} +
 
-	docker rmi $(CONTAINER_NAME):latest-$(ARCH) || true
-	docker rmi $(CONTAINER_NAME):$(VERSION)-$(ARCH) || true
+	docker rmi $(BUILD_IMAGE):latest-$(ARCH) || true
+	docker rmi $(BUILD_IMAGE):$(VERSION)-$(ARCH) || true
 ifeq ($(ARCH),amd64)
-	docker rmi $(CONTAINER_NAME):latest || true
-	docker rmi $(CONTAINER_NAME):$(VERSION) || true
+	docker rmi $(BUILD_IMAGE):latest || true
+	docker rmi $(BUILD_IMAGE):$(VERSION) || true
 endif
 DOCKER_GO_BUILD := mkdir -p .go-pkg-cache && \
                    docker run --rm -ti \
@@ -84,7 +114,7 @@ DOCKER_GO_BUILD := mkdir -p .go-pkg-cache && \
                          -v $(CURDIR)/.go-pkg-cache:/go-cache/:rw \
                          -e GOCACHE=/go-cache \
                          -w /go/src/$(PACKAGE_NAME) \
-                       $(GO_BUILD_CONTAINER)
+                       $(CALICO_BUILD)
 
 ###############################################################################
 # Building the binary
@@ -114,16 +144,16 @@ bin/flexvol-%: vendor $(SRC_FILES)
 ###############################################################################
 CONTAINER_CREATED=.pod2daemon-flexvol.created-$(ARCH)
 .PHONY: image calico/pod2daemon-flexvol
-image: $(CONTAINER_NAME)
+image: $(BUILD_IMAGE)
 image-all: $(addprefix sub-image-,$(VALIDARCHES))
 sub-image-%:
 	$(MAKE) image ARCH=$*
 
-$(CONTAINER_NAME): $(CONTAINER_CREATED)
+$(BUILD_IMAGE): $(CONTAINER_CREATED)
 $(CONTAINER_CREATED): Dockerfile.$(ARCH) bin/flexvol-$(ARCH)
-	docker build -t $(CONTAINER_NAME):latest-$(ARCH) --build-arg QEMU_IMAGE=$(CALICO_BUILD) -f Dockerfile.$(ARCH) .
+	docker build -t $(BUILD_IMAGE):latest-$(ARCH) --build-arg QEMU_IMAGE=$(CALICO_BUILD) -f Dockerfile.$(ARCH) .
 ifeq ($(ARCH),amd64)
-	docker tag $(CONTAINER_NAME):latest-$(ARCH) $(CONTAINER_NAME):latest
+	docker tag $(BUILD_IMAGE):latest-$(ARCH) $(BUILD_IMAGE):latest
 endif
 	touch $@
 
@@ -134,25 +164,42 @@ ifndef IMAGETAG
 endif
 
 ## push one arch
-push: imagetag
-	docker push $(CONTAINER_NAME):$(IMAGETAG)-$(ARCH)
-	docker push quay.io/$(CONTAINER_NAME):$(IMAGETAG)-$(ARCH)
-ifeq ($(ARCH),amd64)
-	docker push $(CONTAINER_NAME):$(IMAGETAG)
-	docker push quay.io/$(CONTAINER_NAME):$(IMAGETAG)
-endif
+push: imagetag $(addprefix sub-single-push-,$(call escapefs,$(PUSH_IMAGES)))
+sub-single-push-%:
+	docker push $(call unescapefs,$*:$(IMAGETAG)-$(ARCH))
 
 push-all: imagetag $(addprefix sub-push-,$(VALIDARCHES))
 sub-push-%:
 	$(MAKE) push ARCH=$* IMAGETAG=$(IMAGETAG)
 
+## push multi-arch manifest where supported
+push-manifests: imagetag  $(addprefix sub-manifest-,$(call escapefs,$(PUSH_MANIFEST_IMAGES)))
+sub-manifest-%:
+	# Docker login to hub.docker.com required before running this target as we are using $(DOCKER_CONFIG) holds the docker login credentials
+	# path to credentials based on manifest-tool's requirements here https://github.com/estesp/manifest-tool#sample-usage
+	docker run -t --entrypoint /bin/sh -v $(DOCKER_CONFIG):/root/.docker/config.json $(CALICO_BUILD) -c "/usr/bin/manifest-tool push from-args --platforms $(call join_platforms,$(VALIDARCHES)) --template $(call unescapefs,$*:$(IMAGETAG))-ARCH --target $(call unescapefs,$*:$(IMAGETAG))"
+
+## push default amd64 arch where multi-arch manifest is not supported
+push-non-manifests: imagetag $(addprefix sub-non-manifest-,$(call escapefs,$(PUSH_NONMANIFEST_IMAGES)))
+sub-non-manifest-%:
+ifeq ($(ARCH),amd64)
+	docker push $(call unescapefs,$*:$(IMAGETAG))
+else
+	$(NOECHO) $(NOOP)
+endif
+
 ## tag images of one arch
-tag-images: imagetag
-	docker tag $(CONTAINER_NAME):latest-$(ARCH) $(CONTAINER_NAME):$(IMAGETAG)-$(ARCH)
-	docker tag $(CONTAINER_NAME):latest-$(ARCH) quay.io/$(CONTAINER_NAME):$(IMAGETAG)-$(ARCH)
+tag-images: imagetag $(addprefix sub-single-tag-images-arch-,$(call escapefs,$(PUSH_IMAGES))) $(addprefix sub-single-tag-images-non-manifest-,$(call escapefs,$(PUSH_NONMANIFEST_IMAGES)))
+
+sub-single-tag-images-arch-%:
+	docker tag $(BUILD_IMAGE):latest-$(ARCH) $(call unescapefs,$*:$(IMAGETAG)-$(ARCH))
+
+# because some still do not support multi-arch manifest
+sub-single-tag-images-non-manifest-%:
 ifeq ($(ARCH),amd64)
-	docker tag $(CONTAINER_NAME):latest-$(ARCH) $(CONTAINER_NAME):$(IMAGETAG)
-	docker tag $(CONTAINER_NAME):latest-$(ARCH) quay.io/$(CONTAINER_NAME):$(IMAGETAG)
+	docker tag $(BUILD_IMAGE):latest-$(ARCH) $(call unescapefs,$*:$(IMAGETAG))
+else
+	$(NOECHO) $(NOOP)
 endif
 
 ## tag images of all archs
@@ -170,7 +217,7 @@ static-checks: vendor
 		-e LOCAL_USER_ID=$(LOCAL_USER_ID) \
 		-v $(CURDIR):/go/src/$(PACKAGE_NAME) \
 		-w /go/src/$(PACKAGE_NAME) \
-		$(GO_BUILD_CONTAINER) gometalinter --deadline=300s --disable-all --enable=goimports --vendor ./...
+		$(CALICO_BUILD) gometalinter --deadline=300s --disable-all --enable=goimports --vendor ./...
 
 .PHONY: fix
 ## Fix static checks
@@ -186,7 +233,7 @@ ut: $(SRC_FILES)
 	docker run --rm -v $(CURDIR):/go/src/$(PACKAGE_NAME):rw \
     -e LOCAL_USER_ID=$(LOCAL_USER_ID) \
     -w /go/src/$(PACKAGE_NAME) \
-    $(GO_BUILD_CONTAINER) go test -v ./...
+    $(CALICO_BUILD) go test -v ./...
 
 ###############################################################################
 # CI
@@ -207,8 +254,8 @@ endif
 ifndef BRANCH_NAME
 	$(error BRANCH_NAME is undefined - run using make <target> BRANCH_NAME=var or set an environment variable)
 endif
-	$(MAKE) tag-images-all push-all IMAGETAG=${BRANCH_NAME} EXCLUDEARCH="$(EXCLUDEARCH)"
-	$(MAKE) tag-images-all push-all IMAGETAG=$(shell git describe --tags --dirty --always --long) EXCLUDEARCH="$(EXCLUDEARCH)"
+	$(MAKE) tag-images-all push-all push-manifests push-non-manifests IMAGETAG=${BRANCH_NAME} EXCLUDEARCH="$(EXCLUDEARCH)"
+	$(MAKE) tag-images-all push-all push-manifests push-non-manifests IMAGETAG=$(shell git describe --tags --dirty --always --long) EXCLUDEARCH="$(EXCLUDEARCH)"
 
 ###############################################################################
 # Release
@@ -246,8 +293,8 @@ release-build: release-prereqs clean
 ## Verifies the release artifacts produces by `make release-build` are correct.
 release-verify: release-prereqs
 	# TODO: Check the reported version is correct for each release artifact. Uncomment when binary supports version command.
-	# if ! docker run $(CONTAINER_NAME):$(VERSION)-$(ARCH) version | grep 'Version:\s*$(VERSION)$$'; then \
-	#  echo "Reported version:" `docker run --rm $(CONTAINER_NAME):$(VERSION)-$(ARCH) version` "\nExpected version: $(VERSION)"; \
+	# if ! docker run $(BUILD_IMAGE):$(VERSION)-$(ARCH) version | grep 'Version:\s*$(VERSION)$$'; then \
+	#  echo "Reported version:" `docker run --rm $(BUILD_IMAGE):$(VERSION)-$(ARCH) version` "\nExpected version: $(VERSION)"; \
 	#  false; \
 	# else \
 	#   echo "Version check passed\n"; \

From 6114b74f9dd42f34ba0e658984139f0d52026879 Mon Sep 17 00:00:00 2001
From: Tom Denham <tom@tomdee.co.uk>
Date: Mon, 13 Aug 2018 14:42:07 -0700
Subject: [PATCH 3/4] Makefile: Update release to include all arches

(cherry picked from commit 583be4b970a15777441bd256a4d60aa5ed94fdcf)
---
 Makefile | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Makefile b/Makefile
index 45f8b88..c470868 100644
--- a/Makefile
+++ b/Makefile
@@ -285,10 +285,10 @@ release-tag: release-prereqs release-notes
 
 ## Produces a clean build of release artifacts at the specified version.
 release-build: release-prereqs clean
-	$(MAKE) image
-	$(MAKE) tag-images IMAGETAG=$(VERSION)
+	$(MAKE) image-all
+	$(MAKE) tag-images-all IMAGETAG=$(VERSION)
 	# Generate the `latest` images.
-	$(MAKE) tag-images IMAGETAG=latest
+	$(MAKE) tag-images-all IMAGETAG=latest
 
 ## Verifies the release artifacts produces by `make release-build` are correct.
 release-verify: release-prereqs
@@ -312,7 +312,7 @@ release-publish: release-prereqs
 	git push origin $(VERSION)
 
 	# Push images.
-	$(MAKE) push IMAGETAG=$(VERSION) ARCH=$(ARCH)
+	$(MAKE) push-all IMAGETAG=$(VERSION)
 
 	@echo "Finalize the GitHub release based on the pushed tag."
 	@echo ""
@@ -327,7 +327,7 @@ release-publish: release-prereqs
 # run this target for alpha / beta / release candidate builds, or patches to earlier Calico versions.
 ## Pushes `latest` release images. WARNING: Only run this for latest stable releases.
 release-publish-latest: release-prereqs
-	$(MAKE) push IMAGETAG=latest ARCH=$(ARCH)
+	$(MAKE) push-all IMAGETAG=latest
 
 # release-prereqs checks that the environment is configured properly to create a release.
 release-prereqs:

From d3ce75ef46519db137474b268f4285d046fea473 Mon Sep 17 00:00:00 2001
From: Tom Denham <tom@tomdee.co.uk>
Date: Tue, 4 Sep 2018 12:51:12 -0700
Subject: [PATCH 4/4] Images: Remove unneeded steps

They broke multi-arch builds

(cherry picked from commit 8fc4ca0e9d09f4ba0c0c6fe05e531dabe4354f51)
---
 Dockerfile.amd64          | 3 ---
 Dockerfile.arm64          | 3 ---
 Dockerfile.ppc64le        | 3 ---
 Dockerfile.s390x          | 3 ---
 flexvol/docker/flexvol.sh | 0
 5 files changed, 12 deletions(-)
 mode change 100644 => 100755 flexvol/docker/flexvol.sh

diff --git a/Dockerfile.amd64 b/Dockerfile.amd64
index 95b735f..27ce29d 100644
--- a/Dockerfile.amd64
+++ b/Dockerfile.amd64
@@ -1,9 +1,6 @@
 FROM alpine:3.7
 
-RUN mkdir -p /usr/local/bin
 ADD flexvol/docker/flexvol.sh /usr/local/bin/
 ADD bin/flexvol-amd64 /usr/local/bin/flexvol
 
-RUN chmod +x /usr/local/bin/flexvol.sh
-
 ENTRYPOINT ["/usr/local/bin/flexvol.sh"]
diff --git a/Dockerfile.arm64 b/Dockerfile.arm64
index 31205d0..4120efb 100644
--- a/Dockerfile.arm64
+++ b/Dockerfile.arm64
@@ -1,9 +1,6 @@
 FROM arm64v8/alpine:3.8
 
-RUN mkdir -p /usr/local/bin
 ADD flexvol/docker/flexvol.sh /usr/local/bin/
 ADD bin/flexvol-arm64 /usr/local/bin/flexvol
 
-RUN chmod +x /usr/local/bin/flexvol.sh
-
 ENTRYPOINT ["/usr/local/bin/flexvol.sh"]
diff --git a/Dockerfile.ppc64le b/Dockerfile.ppc64le
index 076c294..12d8454 100644
--- a/Dockerfile.ppc64le
+++ b/Dockerfile.ppc64le
@@ -1,9 +1,6 @@
 FROM ppc64le/alpine:3.8
 
-RUN mkdir -p /usr/local/bin
 ADD flexvol/docker/flexvol.sh /usr/local/bin/
 ADD bin/flexvol-ppc64le /usr/local/bin/flexvol
 
-RUN chmod +x /usr/local/bin/flexvol.sh
-
 ENTRYPOINT ["/usr/local/bin/flexvol.sh"]
diff --git a/Dockerfile.s390x b/Dockerfile.s390x
index 1e13fd2..a5eafad 100644
--- a/Dockerfile.s390x
+++ b/Dockerfile.s390x
@@ -1,9 +1,6 @@
 FROM s390x/alpine:3.8
 
-RUN mkdir -p /usr/local/bin
 ADD flexvol/docker/flexvol.sh /usr/local/bin/
 ADD bin/flexvol-s390x /usr/local/bin/flexvol
 
-RUN chmod +x /usr/local/bin/flexvol.sh
-
 ENTRYPOINT ["/usr/local/bin/flexvol.sh"]
diff --git a/flexvol/docker/flexvol.sh b/flexvol/docker/flexvol.sh
old mode 100644
new mode 100755