wip

README.md

@@ -0,0 +1,33 @@
+# Multi-architecture Tekton Pipeline
+
+## Setup on AWS
+
+- [Install the AWS EFS CSI Driver Operator](https://docs.openshift.com/container-platform/4.15/storage/container_storage_interface/persistent-storage-csi-aws-efs.html#persistent-storage-csi-olm-operator-install_persistent-storage-csi-aws-efs)
+
+- Install the AWS EFS CSI Driver
+
+```yaml
+apiVersion: operator.openshift.io/v1
+kind: ClusterCSIDriver
+metadata:
+    name: efs.csi.aws.com
+spec:
+  managementState: Managed
+```
+
+- [Create an EFS volume](https://docs.aws.amazon.com/efs/latest/ug/gs-step-two-create-efs-resources.html)
+
+- Create the StorageClass
+
+```yaml
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: efs-csi
+provisioner: efs.csi.aws.com
+parameters:
+  provisioningMode: efs-ap
+  fileSystemId: fs-123456
+  directoryPerms: "700"
+  basePath: "/pv"
+```

tekton/pipeline-build-multiarch.yaml

@@ -0,0 +1,76 @@
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: build-multiarch
+spec:
+
+  workspaces:
+  - name: source-workspace
+  - name: container-storage
+
+  params:
+  - name: git-url
+    type: string
+  - name: docker-image-name
+    type: string
+  - name: manifest-name
+    type: string
+    default: "tekton"
+
+  tasks:
+
+  - name: clone-repo
+    taskRef:
+      kind: ClusterTask
+      name: git-clone
+    params:
+    - name: url
+      value: $(params.git-url)
+    - name: revision
+      value: "main"
+    workspaces:
+    - name: output
+      workspace: source-workspace
+  
+  - name: podman-build-amd64
+    runAfter: ["clone-repo"]
+    taskRef:
+      name: podman-build
+    params:
+    - name: manifest-name
+      value: $(params.manifest-name)
+    - name: arch
+      value: "amd64"
+    workspaces:
+    - name: source-workspace
+      workspace: source-workspace
+    - name: container-storage
+      workspace: container-storage
+  
+  - name: podman-build-arm64
+    runAfter: ["clone-repo"]
+    taskRef:
+      name: podman-build
+    params:
+    - name: manifest-name
+      value: $(params.manifest-name)
+    - name: arch
+      value: "arm64"
+    workspaces:
+    - name: source-workspace
+      workspace: source-workspace
+    - name: container-storage
+      workspace: container-storage
+
+  - name: push-image
+    runAfter: ["podman-build-amd64", "podman-build-arm64"]
+    taskRef:
+      name: buildah-push
+    params:
+    - name: image-name
+      value: $(params.docker-image-name)
+    - name: manifest-name
+      value: $(params.manifest-name)
+    workspaces:
+    - name: container-storage
+      workspace: container-storage

tekton/pipelinerun.yaml

@@ -0,0 +1,42 @@
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  generateName: build-multiarch-
+spec:
+  pipelineRef:
+    name: build-multiarch
+  params:
+  - name: git-url
+    value: https://github.com/nmasse-itix/tekton-pipeline-multiarch.git
+  - name: docker-image-name
+    value: quay.io/nmasse_itix/htop-multiarch
+  workspaces:
+  - name: container-storage
+    volumeClaimTemplate:
+      spec:
+        storageClassName: efs-csi
+        accessModes:
+        - ReadWriteMany
+        resources:
+          requests:
+            storage: 10Gi
+  - name: source-workspace
+    volumeClaimTemplate:
+      spec:
+        storageClassName: efs-csi
+        accessModes:
+        - ReadWriteMany
+        resources:
+          requests:
+            storage: 1Gi
+  taskRunTemplate:
+    serviceAccountName: buildbot
+  taskRunSpecs:
+  - pipelineTaskName: podman-build-amd64
+    podTemplate:
+      nodeSelector:
+        beta.kubernetes.io/arch: amd64
+  - pipelineTaskName: podman-build-arm64
+    podTemplate:
+      nodeSelector:
+        beta.kubernetes.io/arch: arm64

tekton/quay-authentication.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: quay-authentication
+data:
+    .dockerconfigjson: REDACTED
+type: kubernetes.io/dockerconfigjson

tekton/serviceaccount-buildbot.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: buildbot
+imagePullSecrets:
+- name: quay-authentication

tekton/task-podman-build.yaml

@@ -0,0 +1,27 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: podman-build
+spec:
+  params:
+  - name: manifest-name
+    type: string
+  - name: context-dir
+    type: string
+    default: .
+  - name: arch
+    type: string
+  workspaces:
+  - name: source-workspace
+    description: Workspace containing source code
+  - name: container-storage
+    description: Persistent volume to store container images
+    mountPath: /var/lib/containers
+  steps:
+  - name: build
+    image: quay.io/podman/stable
+    script: |
+      #!/bin/bash
+      set -Eeuo pipefail
+      export STORAGE_DRIVER=vfs
+      podman build --no-cache --manifest $(params.manifest-name) $(workspaces.source-workspace.path)/$(params.context-dir)

tekton/task-podman-push.yaml

@@ -0,0 +1,22 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: buildah-push
+spec:
+  params:
+  - name: image-name
+    type: string
+  - name: manifest-name
+    type: string
+  workspaces:
+  - name: container-storage
+    description: Persistent volume to store container images
+    mountPath: /var/lib/containers
+  steps:
+  - name: push
+    image: quay.io/podman/stable
+    script: |
+      #!/bin/bash
+      set -Eeuo pipefail
+      export STORAGE_DRIVER=vfs
+      buildah manifest push --all $(params.manifest-name) docker://$(params.image-name)