From eb11b191e0c315d28f198b052d5fbd0980f40c3d Mon Sep 17 00:00:00 2001
From: Antonin Bas <antonin.bas@broadcom.com>
Date: Tue, 25 Jun 2024 15:59:21 -0700
Subject: [PATCH] Build Arm images from this repo using Github-hosted Arm
 runners

Github-hosted Arm runners are now in Beta for Enterprise accounts, and
available to all CNCF projects. We can use them to build Antrea Arm
images for the Agent and Controller, instead of relying on a private
Github repo with self-hosted Arm runners.

At the moment, we only migrate the building part (along with creation of
the multi-image manifest), and we use the existing workflow in
vmware-tanzu/antrea-build-infra for "asynchronous" testing of the Arm
images. We will handle the migration of the testing part in the future.

For #6453

Signed-off-by: Antonin Bas <antonin.bas@broadcom.com>
---
 .github/workflows/build.yml     | 65 +++++++++++++++++++++++++++------
 .github/workflows/build_tag.yml | 62 ++++++++++++++++++++++++++-----
 2 files changed, 105 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 69e98a72310..52477a63138 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -31,36 +31,77 @@ jobs:
   build:
     needs: check-changes
     if: ${{ needs.check-changes.outputs.has_changes == 'yes' || github.event_name == 'push' }}
-    runs-on: [ubuntu-latest]
+    strategy:
+      include:
+      - platform: linux/amd64
+        runner: ubuntu-latest
+        suffix: amd64
+      - platform: linux/arm64
+        runner: github-arm64-2c-8gb
+        suffix: arm64
+      - platform: linux/arm/v7
+        runner: github-arm64-2c-8gb
+        suffix: arm
+    runs-on: ${{ matrix.runner }}
+    env:
+      DOCKER_TAG: latest
     steps:
     - uses: actions/checkout@v4
       with:
         show-progress: false
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
-    - name: Build Antrea amd64 Docker image without pushing to registry
+    - name: Build Antrea Docker image without pushing to registry
       if: ${{ github.repository != 'antrea-io/antrea' || github.event_name != 'push' || github.ref != 'refs/heads/main' }}
       run: |
-        ./hack/build-antrea-linux-all.sh --pull
-    - name: Build and push Antrea amd64 Docker image to registry
+        ./hack/build-antrea-linux-all.sh --platform ${{ matrix.platform }} --pull
+    - name: Build and push Antrea Docker image to registry
       if: ${{ github.repository == 'antrea-io/antrea' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
       env:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
         DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
       run: |
         echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
-        ./hack/build-antrea-linux-all.sh --pull --push-base-images
-        docker tag antrea/antrea-controller-ubuntu:latest antrea/antrea-controller-ubuntu-amd64:latest
-        docker tag antrea/antrea-agent-ubuntu:latest antrea/antrea-agent-ubuntu-amd64:latest
-        docker push antrea/antrea-controller-ubuntu-amd64:latest
-        docker push antrea/antrea-agent-ubuntu-amd64:latest
-    - name: Trigger Antrea arm builds and multi-arch manifest update
-      if: ${{ github.repository == 'antrea-io/antrea' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+        ./hack/build-antrea-linux-all.sh --platform ${{ matrix.platform }} --pull --push-base-images
+        docker tag antrea/antrea-controller-ubuntu:"${DOCKER_TAG}" antrea/antrea-controller-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
+        docker tag antrea/antrea-agent-ubuntu:"${DOCKER_TAG}" antrea/antrea-agent-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
+        docker push antrea/antrea-controller-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
+        docker push antrea/antrea-agent-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
+
+  push-manifest:
+    needs: build
+    if: ${{ github.repository == 'antrea-io/antrea' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_TAG: latest
+    steps:
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Docker login
+      env:
+        DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+        DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+      run: |
+        echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+    - name: Create and push manifest for controller image
+      run: |
+        docker manifest create antrea/antrea-controller-ubuntu:"${DOCKER_TAG}" \
+          antrea/antrea-controller-ubuntu-arm64:"${DOCKER_TAG}" \
+          antrea/antrea-controller-ubuntu-arm:"${DOCKER_TAG}" \
+          antrea/antrea-controller-ubuntu-amd64:"${DOCKER_TAG}"
+        docker manifest push --purge antrea/antrea-controller-ubuntu:"${DOCKER_TAG}"
+    - name: Create and push manifest for agent image
+        docker manifest create antrea/antrea-agent-ubuntu:"${DOCKER_TAG}" \
+          antrea/antrea-agent-ubuntu-arm64:"${DOCKER_TAG}" \
+          antrea/antrea-agent-ubuntu-arm:"${DOCKER_TAG}" \
+          antrea/antrea-agent-ubuntu-amd64:"${DOCKER_TAG}"
+        docker manifest push --purge antrea/antrea-agent-ubuntu:"${DOCKER_TAG}"
+    - name: Trigger Antrea arm tests
       uses: benc-uk/workflow-dispatch@v1
       with:
         repo: vmware-tanzu/antrea-build-infra
         ref: refs/heads/main
-        workflow: Build Antrea ARM images and push manifest
+        workflow: Test Antrea ARM images
         token: ${{ secrets.ANTREA_BUILD_INFRA_WORKFLOW_DISPATCH_PAT }}
         inputs: ${{ format('{{ "antrea-repository":"antrea-io/antrea", "antrea-ref":"{0}", "docker-tag":"{1}" }}', github.ref, 'latest') }}
 
diff --git a/.github/workflows/build_tag.yml b/.github/workflows/build_tag.yml
index 97cc1d2e618..ccaf680d4a7 100644
--- a/.github/workflows/build_tag.yml
+++ b/.github/workflows/build_tag.yml
@@ -20,30 +20,70 @@ jobs:
         echo "version=$version" >> $GITHUB_OUTPUT
 
   build:
-    runs-on: [ubuntu-latest]
     needs: get-version
+    strategy:
+      include:
+      - platform: linux/amd64
+        runner: ubuntu-latest
+        suffix: amd64
+      - platform: linux/arm64
+        runner: github-arm64-2c-8gb
+        suffix: arm64
+      - platform: linux/arm/v7
+        runner: github-arm64-2c-8gb
+        suffix: arm
+    runs-on: ${{ matrix.runner }}
+    env:
+      DOCKER_TAG: ${{ needs.get-version.outputs.version }}
     steps:
     - uses: actions/checkout@v4
       with:
         show-progress: false
-    - name: Build and push Antrea Ubuntu amd64 Docker image to registry
+    - name: Build and push Antrea Ubuntu Docker image to registry
+      env:
+        DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+        DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+      run: |
+        ./hack/build-antrea-linux-all.sh --platform ${{ matrix.platform }} --pull
+        echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+        docker tag antrea/antrea-agent-ubuntu:"${DOCKER_TAG}" antrea/antrea-agent-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
+        docker tag antrea/antrea-controller-ubuntu:"${DOCKER_TAG}" antrea/antrea-controller-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
+        docker push antrea/antrea-agent-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
+        docker push antrea/antrea-controller-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
+
+  push-manifest:
+    needs: build
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_TAG: ${{ needs.get-version.outputs.version }}
+    steps:
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Docker login
       env:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
         DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
-        VERSION: ${{ needs.get-version.outputs.version }}
       run: |
-        ./hack/build-antrea-linux-all.sh --pull
         echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
-        docker tag antrea/antrea-agent-ubuntu:"${VERSION}" antrea/antrea-agent-ubuntu-amd64:"${VERSION}"
-        docker tag antrea/antrea-controller-ubuntu:"${VERSION}" antrea/antrea-controller-ubuntu-amd64:"${VERSION}"
-        docker push antrea/antrea-agent-ubuntu-amd64:"${VERSION}"
-        docker push antrea/antrea-controller-ubuntu-amd64:"${VERSION}"
-    - name: Trigger Antrea arm builds and multi-arch manifest update
+    - name: Create and push manifest for controller image
+      run: |
+        docker manifest create antrea/antrea-controller-ubuntu:"${DOCKER_TAG}" \
+          antrea/antrea-controller-ubuntu-arm64:"${DOCKER_TAG}" \
+          antrea/antrea-controller-ubuntu-arm:"${DOCKER_TAG}" \
+          antrea/antrea-controller-ubuntu-amd64:"${DOCKER_TAG}"
+        docker manifest push --purge antrea/antrea-controller-ubuntu:"${DOCKER_TAG}"
+    - name: Create and push manifest for agent image
+        docker manifest create antrea/antrea-agent-ubuntu:"${DOCKER_TAG}" \
+          antrea/antrea-agent-ubuntu-arm64:"${DOCKER_TAG}" \
+          antrea/antrea-agent-ubuntu-arm:"${DOCKER_TAG}" \
+          antrea/antrea-agent-ubuntu-amd64:"${DOCKER_TAG}"
+        docker manifest push --purge antrea/antrea-agent-ubuntu:"${DOCKER_TAG}"
+    - name: Trigger Antrea arm tests
       uses: benc-uk/workflow-dispatch@v1
       with:
         repo: vmware-tanzu/antrea-build-infra
         ref: refs/heads/main
-        workflow: Build Antrea ARM images and push manifest
+        workflow: Test Antrea ARM images
         token: ${{ secrets.ANTREA_BUILD_INFRA_WORKFLOW_DISPATCH_PAT }}
         inputs: ${{ format('{{ "antrea-repository":"antrea-io/antrea", "antrea-ref":"{0}", "docker-tag":"{1}" }}', github.ref, needs.get-version.outputs.version) }}
 
@@ -54,6 +94,8 @@ jobs:
       - uses: actions/checkout@v4
         with:
           show-progress: false
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       - name: Build and push Antrea UBI9 amd64 Docker image to registry
         env:
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}