Build Arm images from this repo using Github-hosted Arm runners (antrea-io#6486)

Github-hosted Arm runners are now in Beta for Enterprise accounts, and
available to all CNCF projects. We can use them to build Antrea Arm
images for the Agent and Controller, instead of relying on a private
Github repo with self-hosted Arm runners.

At the moment, we only migrate the building part (along with creation of
the multi-image manifest), and we use the existing workflow in
vmware-tanzu/antrea-build-infra for "asynchronous" testing of the Arm
images. We will handle the migration of the testing part in the future.

As part of this change, we also push "base images" (antrea/openvswitch,
antrea/base-ubuntu) for arm64 and arm/v7 to the registry. This is
necessary for building the Antrea images with the Docker container build
driver. The base images now have the architecture as a suffix in their
names. They are not available as multi-platform image manifests.

For antrea-io#6453

Signed-off-by: Antonin Bas <antonin.bas@broadcom.com>

Author: antoninbas

.github/workflows/build.yml

@@ -13,72 +13,115 @@ on:
       - feature/*
 
 jobs:
-  check-changes:
-    name: Check whether tests need to be run based on diff
-    runs-on: [ubuntu-latest]
+  check-env:
+    name: Compute outputs for use by other jobs
+    runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
       with:
         fetch-depth: 0
         show-progress: false
-    - uses: antrea-io/has-changes@v2
+    - name: Check whether tests need to be run based on diff
+      uses: antrea-io/has-changes@v2
       id: check_diff
       with:
         paths-ignore: docs/* ci/jenkins/* *.md hack/.notableofcontents
+    - name: Checking if image needs to be pushed
+      id: check_push
+      run: |
+        if [ "${{ github.repository }}" == "antrea-io/antrea" ] && [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then
+          echo "push_needed=true" >> $GITHUB_OUTPUT
+          echo "docker_driver=docker-container" >> $GITHUB_OUTPUT
+        else
+          echo "push_needed=false" >> $GITHUB_OUTPUT
+          echo "docker_driver=docker" >> $GITHUB_OUTPUT
+        fi
     outputs:
       has_changes: ${{ steps.check_diff.outputs.has_changes }}
+      push_needed: ${{ steps.check_push.outputs.push_needed }}
+      docker_driver: ${{ steps.check_push.outputs.docker_driver }}
 
   build:
-    needs: check-changes
-    if: ${{ needs.check-changes.outputs.has_changes == 'yes' || github.event_name == 'push' }}
-    runs-on: [ubuntu-latest]
+    needs: check-env
+    if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }}
+    strategy:
+      matrix:
+        include:
+        - platform: linux/amd64
+          runner: ubuntu-latest
+          suffix: amd64
+        - platform: linux/arm64
+          runner: github-arm64-2c-8gb
+          suffix: arm64
+        - platform: linux/arm/v7
+          runner: github-arm64-2c-8gb
+          suffix: arm
+    runs-on: ${{ matrix.runner }}
+    env:
+      DOCKER_TAG: latest
     steps:
     - uses: actions/checkout@v4
       with:
         show-progress: false
-    - name: Checking if image needs to be pushed
-      run: |
-        if [ "${{ github.repository }}" == "antrea-io/antrea" ] && [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then
-          echo "push_needed=true" >> $GITHUB_ENV
-          echo "docker_driver=docker-container" >> $GITHUB_ENV
-        else
-          echo "push_needed=false" >> $GITHUB_ENV
-          echo "docker_driver=docker" >> $GITHUB_ENV
-        fi
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
       with:
-        driver: ${{ env.docker_driver }}
-    - name: Build Antrea amd64 Docker image without pushing to registry
-      if: ${{ env.push_needed == 'false' }}
+        driver: ${{ needs.check-env.outputs.docker_driver }}
+    - name: Build Antrea Docker image without pushing to registry
+      if: ${{ needs.check-env.outputs.push_needed == 'false' }}
       run: |
-        ./hack/build-antrea-linux-all.sh --pull
-    - name: Build and push Antrea amd64 Docker image to registry
-      if: ${{ env.push_needed == 'true' }}
+        ./hack/build-antrea-linux-all.sh --platform ${{ matrix.platform }} --pull
+    - name: Build and push Antrea Docker image to registry
+      if: ${{ needs.check-env.outputs.push_needed == 'true' }}
       env:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
         DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
       run: |
         echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
-        ./hack/build-antrea-linux-all.sh --pull --push-base-images
-        docker tag antrea/antrea-controller-ubuntu:latest antrea/antrea-controller-ubuntu-amd64:latest
-        docker tag antrea/antrea-agent-ubuntu:latest antrea/antrea-agent-ubuntu-amd64:latest
-        docker push antrea/antrea-controller-ubuntu-amd64:latest
-        docker push antrea/antrea-agent-ubuntu-amd64:latest
-    - name: Trigger Antrea arm builds and multi-arch manifest update
-      if: ${{ github.repository == 'antrea-io/antrea' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
-      uses: benc-uk/workflow-dispatch@v1
+        ./hack/build-antrea-linux-all.sh --platform ${{ matrix.platform }} --pull --push-base-images
+        docker tag antrea/antrea-controller-ubuntu:"${DOCKER_TAG}" antrea/antrea-controller-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
+        docker tag antrea/antrea-agent-ubuntu:"${DOCKER_TAG}" antrea/antrea-agent-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
+        docker push antrea/antrea-controller-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
+        docker push antrea/antrea-agent-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
+
+  push-manifest:
+    needs: [check-env, build]
+    if: ${{ needs.check-env.outputs.push_needed == 'true' }}
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_TAG: latest
+    steps:
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
       with:
-        repo: vmware-tanzu/antrea-build-infra
-        ref: refs/heads/main
-        workflow: Build Antrea ARM images and push manifest
-        token: ${{ secrets.ANTREA_BUILD_INFRA_WORKFLOW_DISPATCH_PAT }}
-        inputs: ${{ format('{{ "antrea-repository":"antrea-io/antrea", "antrea-ref":"{0}", "docker-tag":"{1}" }}', github.ref, 'latest') }}
+        driver: ${{ needs.check-env.outputs.docker_driver }}
+    - name: Docker login
+      env:
+        DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+        DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+      run: |
+        echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+    - name: Create and push manifest for controller image
+      run: |
+        docker manifest create antrea/antrea-controller-ubuntu:"${DOCKER_TAG}" \
+          antrea/antrea-controller-ubuntu-arm64:"${DOCKER_TAG}" \
+          antrea/antrea-controller-ubuntu-arm:"${DOCKER_TAG}" \
+          antrea/antrea-controller-ubuntu-amd64:"${DOCKER_TAG}"
+        docker manifest push --purge antrea/antrea-controller-ubuntu:"${DOCKER_TAG}"
+    - name: Create and push manifest for agent image
+      run: |
+        docker manifest create antrea/antrea-agent-ubuntu:"${DOCKER_TAG}" \
+          antrea/antrea-agent-ubuntu-arm64:"${DOCKER_TAG}" \
+          antrea/antrea-agent-ubuntu-arm:"${DOCKER_TAG}" \
+          antrea/antrea-agent-ubuntu-amd64:"${DOCKER_TAG}"
+        docker manifest push --purge antrea/antrea-agent-ubuntu:"${DOCKER_TAG}"
 
   build-ubi:
-    needs: check-changes
-    if: ${{ needs.check-changes.outputs.has_changes == 'yes' || github.event_name == 'push' }}
-    runs-on: [ubuntu-latest]
+    needs: check-env
+    if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }}
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_TAG: latest
     steps:
     - name: Free disk space
       # https://github.com/actions/virtual-environments/issues/709
@@ -88,40 +131,31 @@ jobs:
     - uses: actions/checkout@v4
       with:
         show-progress: false
-    - name: Checking if image needs to be pushed
-      run: |
-        if [ "${{ github.repository }}" == "antrea-io/antrea" ] && [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then
-          echo "push_needed=true" >> $GITHUB_ENV
-          echo "docker_driver=docker-container" >> $GITHUB_ENV
-        else
-          echo "push_needed=false" >> $GITHUB_ENV
-          echo "docker_driver=docker" >> $GITHUB_ENV
-        fi
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
       with:
-        driver: ${{ env.docker_driver }}
+        driver: ${{ needs.check-env.outputs.docker_driver }}
     - uses: actions/setup-go@v5
       with:
         go-version-file: 'go.mod'
     - name: Build Antrea UBI9 Docker image without pushing to registry
-      if: ${{ env.push_needed == 'false' }}
+      if: ${{ needs.check-env.outputs.push_needed == 'false' }}
       run: |
         ./hack/build-antrea-linux-all.sh --pull --distro ubi
     - name: Build and push Antrea UBI9 Docker image to registry
-      if: ${{ env.push_needed == 'true' }}
+      if: ${{ needs.check-env.outputs.push_needed == 'true' }}
       env:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
         DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
       run: |
         echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
         ./hack/build-antrea-linux-all.sh --pull --push-base-images --distro ubi
-        docker push antrea/antrea-agent-ubi:latest
-        docker push antrea/antrea-controller-ubi:latest
+        docker push antrea/antrea-agent-ubi:"${DOCKER_TAG}"
+        docker push antrea/antrea-controller-ubi:"${DOCKER_TAG}"
 
   build-scale:
-    needs: check-changes
-    if: ${{ needs.check-changes.outputs.has_changes == 'yes' || github.event_name == 'push' }}
+    needs: check-env
+    if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }}
     runs-on: [ubuntu-latest]
     steps:
     - uses: actions/checkout@v4
@@ -130,7 +164,7 @@ jobs:
     - name: Build Antrea Agent Simulator Docker image
       run: make build-scale-simulator
     - name: Push Antrea Agent Simulator Docker image to registry
-      if: ${{ github.repository == 'antrea-io/antrea' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+      if: ${{ needs.check-env.outputs.push_needed == 'true' }}
       env:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
         DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
@@ -139,18 +173,18 @@ jobs:
         docker push antrea/antrea-ubuntu-simulator:latest
 
   build-windows:
-    needs: check-changes
-    if: ${{ needs.check-changes.outputs.has_changes == 'yes' || github.event_name == 'push' }}
+    needs: check-env
+    if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }}
     runs-on: [ubuntu-latest]
     steps:
     - uses: actions/checkout@v4
       with:
         show-progress: false
     - name: Build Antrea Windows Docker image
-      if: ${{ github.repository != 'antrea-io/antrea' || github.event_name != 'push' || github.ref != 'refs/heads/main' }}
+      if: ${{ needs.check-env.outputs.push_needed == 'false' }}
       run: ./hack/build-antrea-windows-all.sh --pull
     - name: Push Antrea Windows Docker image to registry
-      if: ${{ github.repository == 'antrea-io/antrea' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+      if: ${{ needs.check-env.outputs.push_needed == 'true' }}
       env:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
         DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
@@ -160,8 +194,8 @@ jobs:
       shell: bash
 
   build-antrea-mc-controller:
-    needs: check-changes
-    if: ${{ needs.check-changes.outputs.has_changes == 'yes' || github.event_name == 'push' }}
+    needs: check-env
+    if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }}
     runs-on: [ubuntu-latest]
     steps:
     - uses: actions/checkout@v4
@@ -170,7 +204,7 @@ jobs:
     - name: Build antrea-mc-controller Docker image
       run: make build-antrea-mc-controller
     - name: Push antrea-mc-controller Docker image to registry
-      if: ${{ github.repository == 'antrea-io/antrea' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+      if: ${{ needs.check-env.outputs.push_needed == 'true' }}
       env:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
         DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
@@ -179,8 +213,8 @@ jobs:
         docker push antrea/antrea-mc-controller:latest
 
   build-flow-aggregator:
-    needs: check-changes
-    if: ${{ needs.check-changes.outputs.has_changes == 'yes' || github.event_name == 'push' }}
+    needs: check-env
+    if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }}
     runs-on: [ubuntu-latest]
     steps:
     - uses: actions/checkout@v4
@@ -191,7 +225,7 @@ jobs:
     - name: Check flow-aggregator Docker image
       run: docker run antrea/flow-aggregator --version
     - name: Push flow-aggregator Docker image to registry
-      if: ${{ github.repository == 'antrea-io/antrea' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+      if: ${{ needs.check-env.outputs.push_needed == 'true' }}
       env:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
         DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
@@ -200,8 +234,8 @@ jobs:
         docker push antrea/flow-aggregator:latest
 
   build-antrea-migrator:
-    needs: check-changes
-    if: ${{ needs.check-changes.outputs.has_changes == 'yes' || github.event_name == 'push' }}
+    needs: check-env
+    if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }}
     runs-on: [ubuntu-latest]
     steps:
     - uses: actions/checkout@v4
@@ -210,7 +244,7 @@ jobs:
     - name: Build antrea-migrator Docker image
       run: make build-migrator
     - name: Push antrea-migrator Docker image to registry
-      if: ${{ github.repository == 'antrea-io/antrea' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+      if: ${{ needs.check-env.outputs.push_needed == 'true' }}
       env:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
         DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}

.github/workflows/build_tag.yml

@@ -20,8 +20,22 @@ jobs:
         echo "version=$version" >> $GITHUB_OUTPUT
 
   build:
-    runs-on: [ubuntu-latest]
     needs: get-version
+    strategy:
+      matrix:
+        include:
+        - platform: linux/amd64
+          runner: ubuntu-latest
+          suffix: amd64
+        - platform: linux/arm64
+          runner: github-arm64-2c-8gb
+          suffix: arm64
+        - platform: linux/arm/v7
+          runner: github-arm64-2c-8gb
+          suffix: arm
+    runs-on: ${{ matrix.runner }}
+    env:
+      DOCKER_TAG: ${{ needs.get-version.outputs.version }}
     steps:
     - uses: actions/checkout@v4
       with:
@@ -30,26 +44,54 @@ jobs:
       uses: docker/setup-buildx-action@v3
       with:
         driver: docker
-    - name: Build and push Antrea Ubuntu amd64 Docker image to registry
+    - name: Build and push Antrea Ubuntu Docker image to registry
       env:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
         DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
-        VERSION: ${{ needs.get-version.outputs.version }}
       run: |
-        ./hack/build-antrea-linux-all.sh --pull
+        ./hack/build-antrea-linux-all.sh --platform ${{ matrix.platform }} --pull
         echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
-        docker tag antrea/antrea-agent-ubuntu:"${VERSION}" antrea/antrea-agent-ubuntu-amd64:"${VERSION}"
-        docker tag antrea/antrea-controller-ubuntu:"${VERSION}" antrea/antrea-controller-ubuntu-amd64:"${VERSION}"
-        docker push antrea/antrea-agent-ubuntu-amd64:"${VERSION}"
-        docker push antrea/antrea-controller-ubuntu-amd64:"${VERSION}"
-    - name: Trigger Antrea arm builds and multi-arch manifest update
+        docker tag antrea/antrea-agent-ubuntu:"${DOCKER_TAG}" antrea/antrea-agent-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
+        docker tag antrea/antrea-controller-ubuntu:"${DOCKER_TAG}" antrea/antrea-controller-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
+        docker push antrea/antrea-agent-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
+        docker push antrea/antrea-controller-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}"
+
+  push-manifest:
+    needs: build
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_TAG: ${{ needs.get-version.outputs.version }}
+    steps:
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Docker login
+      env:
+        DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+        DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+      run: |
+        echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+    - name: Create and push manifest for controller image
+      run: |
+        docker manifest create antrea/antrea-controller-ubuntu:"${DOCKER_TAG}" \
+          antrea/antrea-controller-ubuntu-arm64:"${DOCKER_TAG}" \
+          antrea/antrea-controller-ubuntu-arm:"${DOCKER_TAG}" \
+          antrea/antrea-controller-ubuntu-amd64:"${DOCKER_TAG}"
+        docker manifest push --purge antrea/antrea-controller-ubuntu:"${DOCKER_TAG}"
+    - name: Create and push manifest for agent image
+      run: |
+        docker manifest create antrea/antrea-agent-ubuntu:"${DOCKER_TAG}" \
+          antrea/antrea-agent-ubuntu-arm64:"${DOCKER_TAG}" \
+          antrea/antrea-agent-ubuntu-arm:"${DOCKER_TAG}" \
+          antrea/antrea-agent-ubuntu-amd64:"${DOCKER_TAG}"
+        docker manifest push --purge antrea/antrea-agent-ubuntu:"${DOCKER_TAG}"
+    - name: Trigger Antrea arm tests
       uses: benc-uk/workflow-dispatch@v1
       with:
         repo: vmware-tanzu/antrea-build-infra
         ref: refs/heads/main
-        workflow: Build Antrea ARM images and push manifest
+        workflow: Test Antrea ARM images
         token: ${{ secrets.ANTREA_BUILD_INFRA_WORKFLOW_DISPATCH_PAT }}
-        inputs: ${{ format('{{ "antrea-repository":"antrea-io/antrea", "antrea-ref":"{0}", "docker-tag":"{1}" }}', github.ref, needs.get-version.outputs.version) }}
+        inputs: ${{ format('{{ "antrea-repository":"antrea-io/antrea", "antrea-ref":"{0}", "docker-tag":"{1}" }}', github.ref, env.DOCKER_TAG) }}
 
   build-ubi:
     runs-on: [ubuntu-latest]
@@ -58,6 +100,8 @@ jobs:
       - uses: actions/checkout@v4
         with:
           show-progress: false
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       - name: Build and push Antrea UBI9 amd64 Docker image to registry
         env:
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}