Alexander Wellbrock · Alexander Wellbrock · Alexander Wellbrock · Alexander Wellbrock · Alexander Wellbrock · Alexander Wellbrock
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,30 +10,19 @@ stages:
  - tag

 variables:
-  CI_REGISTRY_IMAGE_VERSION: "1.3.0"
-  CI_REGISTRY_BUILD_ARG: "--build-arg SI_TOOLS_VERSION=0.3.1"
-
+  CI_REGISTRY_IMAGE_VERSION: "2.0.0"
+  CI_CONTAINER_BUILD_ARCHS: "amd64:arm64"

 container-test:
  stage: test
  inherit:
    default: false
-    variables:
-      - CI_REGISTRY
-      - CI_REGISTRY_USER
-      - CI_REGISTRY_PASSWORD
-      - CI_REGISTRY_IMAGE
-      - CI_REGISTRY_BUILD_ARGS
-  image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA
+    variables: true
+  image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA-amd64
  before_script:
    - podman login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
  script:
    - podman build --pull $CI_REGISTRY_BUILD_ARGS -t "build-image:test" .
-    - si-tagging -l "build-image:test" "example.com/tagging-image" "0.1.2.3"
-    - podman images --format "{{.Repository}}:{{.Tag}}" | grep -Pe "^example.com/tagging-image:0.1.2$"
-    - podman images --format "{{.Repository}}:{{.Tag}}" | grep "latest"
-    - podman images --format "{{.Repository}}:{{.Tag}}" | grep -Pe "^example.com/tagging-image:0$"
-

 container-tagging:
  stage: tag
--- a/Dockerfile
+++ b/Dockerfile
-FROM docker.io/library/fedora:35
+FROM docker.io/library/fedora:34

 COPY resources/storage.conf /etc/containers/


--- a/gitlab-ci-template.yml
+++ b/gitlab-ci-template.yml
@@ -4,49 +4,72 @@ stages:

 variables:
  CI_REGISTRY_BUILD_ARGS: ""
+  CI_CONTAINER_BUILD_ARCHS: "amd64"

-container-build:
+.container-build:
  stage: build
  variables:
    CI_REGISTRY_CONTAINER_FORMAT: "docker"
  inherit:
    default: false
-    variables:
-      - CI_REGISTRY
-      - CI_REGISTRY_USER
-      - CI_REGISTRY_PASSWORD
-      - CI_REGISTRY_IMAGE
-      - CI_REGISTRY_BUILD_DOCKERFILE
-      - CI_REGISTRY_BUILD_ARGS
-  image: quay.io/sheogorath/build-ah-engine:1.3.0
+    variables: true
+  image: quay.io/sheogorath/build-ah-engine:2.0.0
  before_script:
    - podman login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
-    - export BUILD_DATE=$(date --rfc-3339 ns)
-    - export VCS_REF=$CI_COMMIT_SHA
-    - export VCS_URL=$CI_PROJECT_URL
+    - export VCS_REF="$CI_COMMIT_SHA"
+    - export VCS_URL="$CI_PROJECT_URL"
+    - export BUILD_DATE="$(date --rfc-3339 ns)"
  script:
    - si-fix "${CI_REGISTRY_BUILD_DOCKERFILE:-./Dockerfile}"
-    - podman build --pull --format "$CI_REGISTRY_CONTAINER_FORMAT"
+    - podman build --pull
      --label "org.opencontainers.image.source=$CI_PROJECT_URL"
      --label "org.opencontainers.image.revision=$CI_COMMIT_SHA"
      --label "org.opencontainers.image.created=$(date --rfc-3339 ns)"
      --label "org.opencontainers.image.title=$CI_PROJECT_TITLE"
      $CI_REGISTRY_BUILD_ARGS
-      -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA"
+      -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA-$CI_REGISTRY_IMAGE_ARCH"
+      --format docker
      .
-    - podman push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA"
+    - podman push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA-$CI_REGISTRY_IMAGE_ARCH"
+
+container-build-amd64:
+  extends: .container-build
+  variables:
+    CI_REGISTRY_IMAGE_ARCH: amd64
+  tags:
+    - amd64
+  rules:
+    - if: '$CI_CONTAINER_BUILD_ARCHS =~ /:?amd64:?/ && $CI_PIPELINE_SOURCE != "merge_request_event"'
+
+container-build-arm64:
+  extends: .container-build
+  variables:
+    CI_REGISTRY_IMAGE_ARCH: arm64
+  tags:
+    - arm64
+  rules:
+    - if: '$CI_CONTAINER_BUILD_ARCHS =~ /:?arm64:?/ && $CI_PIPELINE_SOURCE != "merge_request_event"'
+
+container-build-aarch64:
+  extends: .container-build
+  variables:
+    CI_REGISTRY_IMAGE_ARCH: aarch64
+  tags:
+    - aaarch64
+  rules:
+    - if: '$CI_CONTAINER_BUILD_ARCHS =~ /:?aarch64:?/ && $CI_PIPELINE_SOURCE != "merge_request_event"'

 container-tagging:
  stage: tag
  inherit:
    default: false
    variables: true
-  image: quay.io/sheogorath/build-ah-engine:1.3.0
+  image: quay.io/sheogorath/build-ah-engine:2.0.0
  before_script:
    - podman login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
    - export BUILD_DATE="$(date --rfc-3339 ns)"
  script:
-    - podman pull "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA"
+    - si-pull "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA"
    - si-tagging -l "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA" "$CI_REGISTRY_IMAGE" "${CI_REGISTRY_IMAGE_VERSION}"
    - si-push "$CI_REGISTRY_IMAGE"
  resource_group: latest

--- a/resources/shell-tools/.gitlab-ci.yml
+++ b/resources/shell-tools/.gitlab-ci.yml
@@ -4,7 +4,7 @@ stages:


 shell-tools-shellcheck:
-  image: docker.io/library/fedora:35
+  image: docker.io/library/fedora:36
  stage: shell-tools-lint
  before_script:
    - dnf install -y ShellCheck
@@ -17,3 +17,4 @@ shell-tools-test:
  script:
    - ./resources/shell-tools/test/latest.sh
    - ./resources/shell-tools/test/fix-dockerfile-pinning.sh
+    - ./resources/shell-tools/test/multiarch.sh
--- a/resources/shell-tools/bin/pull.sh
+++ b/resources/shell-tools/bin/pull.sh
+#!/bin/bash
+
+set -o pipefail
+set -u
+set -e
+
+VERSION=0.1.0
+
+printVersion() {
+    echo "$VERSION"
+}
+
+printUsage() {
+    printVersion
+    echo "
+    Shivering-Isles pull tool
+
+    This tool will pull all available base container images from upstream
+
+    Usage of $0:
+        $0 <IMAGE REFERENCE>
+
+    Example:
+        $0 registry.example.com/example/app
+    "
+    exit 1
+}
+
+CONTAINER_CMD=podman
+
+if ! command -v "$CONTAINER_CMD" >/dev/null 2>&1; then
+    CONTAINER_CMD=docker
+fi
+
+if [ "$1" = "--help" ]; then
+    printUsage
+fi
+
+for i in "$@"
+do
+case $i in
+    --container-cmd=*)
+    CONTAINER_CMD="${i#*=}"
+    shift # past argument with no value
+    ;;
+    -v|--version)
+    printVersion
+    exit 0
+    shift # past argument with no value
+    ;;
+    -h|--help)
+    printUsage
+    shift
+    ;;
+    *)
+          # further/unknown options
+    ;;
+esac
+done
+
+CONTAINER_IMAGE_NAME=${1:-invalid}
+
+if [ "$CONTAINER_IMAGE_NAME" = "invalid" ]; then
+    echo "Error: Invalid image name" >&2
+    printUsage
+fi
+
+IMAGE_PULL_SUCCESS=0
+
+# shellcheck disable=SC2015
+podman pull "$CONTAINER_IMAGE_NAME" && \
+  IMAGE_PULL_SUCCESS=1 || \
+  true
+
+# shellcheck disable=SC2015
+podman pull "$CONTAINER_IMAGE_NAME-amd64" && \
+  IMAGE_PULL_SUCCESS=1 || \
+  true
+
+# shellcheck disable=SC2015
+podman pull "$CONTAINER_IMAGE_NAME-arm64" || \
+  podman pull "$CONTAINER_IMAGE_NAME-aarch64" && \
+  IMAGE_PULL_SUCCESS=1 || \
+  true
+
+if [ "$IMAGE_PULL_SUCCESS" == "0" ]; then
+  echo "Error: No images pulled" >&2
+  exit 1
+fi
--- a/resources/shell-tools/bin/push.sh
+++ b/resources/shell-tools/bin/push.sh
@@ -26,8 +26,15 @@ printUsage() {
    exit 1
 }

-CONTAINER_CMD=podman
+pushImageOrManifest() {
+    if podman manifest inspect "$1"; then
+        $CONTAINER_CMD manifest push --all --format v2s2 "$1" "docker://$1"
+    else
+        $CONTAINER_CMD push "$1"
+    fi
+}

+CONTAINER_CMD=podman

 if ! command -v "$CONTAINER_CMD" >/dev/null 2>&1; then
    CONTAINER_CMD=docker
@@ -67,4 +74,4 @@ if [ "$CONTAINER_IMAGE_NAME" = "invalid" ]; then
 fi

 # shellcheck disable=SC2086
-$CONTAINER_CMD images --format "{{.Repository}}:{{.Tag}}" "$CONTAINER_IMAGE_NAME" | grep "$CONTAINER_IMAGE_NAME" | xargs -L 1 $CONTAINER_CMD push
+$CONTAINER_CMD images --format "{{.Repository}}:{{.Tag}}" "$CONTAINER_IMAGE_NAME" | grep "$CONTAINER_IMAGE_NAME" | xargs -L 1 pushImageOrManifest
--- a/resources/shell-tools/bin/tagging.sh
+++ b/resources/shell-tools/bin/tagging.sh
@@ -24,11 +24,33 @@ printUsage() {
    exit 1
 }

-CONTAINER_CMD=podman
+createTagOrManifest() {
+    TARGET_IMAGE_REFERENCE=$1
+    if [ "$MULTIARCH_IMAGES_COUNT" -gt "0" ]; then
+        $CONTAINER_CMD manifest create "$TARGET_IMAGE_REFERENCE"
+        for IMAGE_REFERENCE in "${MULTIARCH_IMAGES[@]}"
+        do
+            MANIFEST_OPTIONS=()
+            if [[ "$IMAGE_REFERENCE" =~ "aarch64"|"arm64" ]]; then
+                MANIFEST_OPTIONS+=(--variant v8)
+            fi
+            if [ "$LOCAL" = "1" ]; then
+                $CONTAINER_CMD manifest add "${MANIFEST_OPTIONS[@]}" "$TARGET_IMAGE_REFERENCE" containers-storage:"$IMAGE_REFERENCE"
+            else
+                $CONTAINER_CMD manifest add "${MANIFEST_OPTIONS[@]}" "$TARGET_IMAGE_REFERENCE" "$IMAGE_REFERENCE"
+            fi
+        done
+    else
+        $CONTAINER_CMD tag "$CURRENT_IMAGE_REFERENCE" "$TARGET_IMAGE_REFERENCE"
+    fi
+}
+
+CONTAINER_CMD="podman"
 PREFIX=""
 SUFFIX=""
 LATEST=0
-
+LOCAL=0
+MULTIARCH_SUPPORTED="amd64|arm64|aarch64"

 if ! command -v "$CONTAINER_CMD" >/dev/null 2>&1; then
    CONTAINER_CMD=docker
@@ -53,6 +75,10 @@ case $i in
    LATEST=1
    shift # past argument=value
    ;;
+    --local)
+    LOCAL=1
+    shift # past argument=value
+    ;;
    --container-cmd=*)
    CONTAINER_CMD="${i#*=}"
    shift # past argument with no value
@@ -81,16 +107,19 @@ if [ "$CURRENT_IMAGE_REFERENCE" = "invalid" ] || [ "$TARGET_IMAGE_NAME" = "inval
    printUsage
 fi

+mapfile -t MULTIARCH_IMAGES < <($CONTAINER_CMD images | awk '{print $1 ":" $2}' | grep -Pe "$CURRENT_IMAGE_REFERENCE-($MULTIARCH_SUPPORTED)$")
+MULTIARCH_IMAGES_COUNT=${#MULTIARCH_IMAGES[@]}
+
 counter=1
 new_version="$(echo "$TARGET_IMAGE_VERSION" | cut -d. -f$counter)"
 last_version=""
 while [ "$last_version" != "$new_version" ]; do
-    $CONTAINER_CMD tag "$CURRENT_IMAGE_REFERENCE" "${TARGET_IMAGE_NAME}:${PREFIX}${new_version}${SUFFIX}"
+    createTagOrManifest "${TARGET_IMAGE_NAME}:${PREFIX}${new_version}${SUFFIX}"
    last_version="$new_version"
    ((counter++))
-    new_version="$(echo "$TARGET_IMAGE_VERSION" | cut -d. "-f-$counter")"
+    new_version="$(echo "$TARGET_IMAGE_VERSION" | cut -d. -f-"$counter")"
 done

 if [ "$LATEST" = "1" ]; then
-    $CONTAINER_CMD tag "$CURRENT_IMAGE_REFERENCE" "${TARGET_IMAGE_NAME}:latest"
+    createTagOrManifest "${TARGET_IMAGE_NAME}:latest"
 fi
--- a/resources/shell-tools/install.sh
+++ b/resources/shell-tools/install.sh
@@ -4,10 +4,13 @@ BASENAME="$(dirname "$0")"

 cp "$BASENAME"/./bin/tagging.sh /usr/local/bin/si-tagging
 cp "$BASENAME"/./bin/push.sh /usr/local/bin/si-push
+cp "$BASENAME"/./bin/pull.sh /usr/local/bin/si-pull
 cp "$BASENAME"/./bin/fix-dockerfile.sh /usr/local/bin/si-fix
 chown root:root /usr/local/bin/si-tagging
 chown root:root /usr/local/bin/si-push
+chown root:root /usr/local/bin/si-pull
 chown root:root /usr/local/bin/si-fix
 chmod 0755 /usr/local/bin/si-tagging
 chmod 0755 /usr/local/bin/si-push
+chmod 0755 /usr/local/bin/si-pull
 chmod 0755 /usr/local/bin/si-fix
--- a/resources/shell-tools/test/multiarch.sh
+++ b/resources/shell-tools/test/multiarch.sh
+#!/bin/bash
+
+set -o pipefail
+set -u
+
+BASEDIR=$(dirname "$0")
+
+podman build --format docker -t mytest-latest:test-amd64 -f- <<EOF
+FROM scratch
+EOF
+podman build --format docker -t mytest-latest:test-arm64 -f- <<EOF
+FROM scratch
+EOF
+
+TEST_OUTPUT="$(mktemp)"
+TEST_VERIFY_OUTPUT="$(mktemp)"
+
+"$BASEDIR"/../bin/tagging.sh --local -l mytest-latest:test registry.example.com/latest-test 1.2.3
+
+ERRORS=0
+podman manifest inspect registry.example.com/latest-test:1
+ERRORS=$((ERRORS + "$?"))
+podman manifest inspect registry.example.com/latest-test:1.2
+ERRORS=$((ERRORS + "$?"))
+podman manifest inspect registry.example.com/latest-test:1.2.3
+ERRORS=$((ERRORS + "$?"))
+podman manifest inspect registry.example.com/latest-test:latest
+ERRORS=$((ERRORS + "$?"))
+
+if [ "$ERRORS" = "0" ]; then
+  EXIT_CODE=0
+else
+  EXIT_CODE=1
+fi
+
+rm -f "$TEST_OUTPUT" "$TEST_VERIFY_OUTPUT"
+podman rmi -f registry.example.com/latest-test:1 \
+  registry.example.com/latest-test:1.2 \
+  registry.example.com/latest-test:1.2.3 \
+  registry.example.com/latest-test:latest
+podman rmi -f "$(podman images -q mytest-latest:test-amd64)"
+podman rmi -f "$(podman images -q mytest-latest:test-arm64)"
+
+exit $EXIT_CODE