Add downstream container files and update the konflux pipeline

Signed-off-by: Mohamed Mahmoud <[email protected]>

Author: msherif1234

.tekton/bpfman-agent-pull-request.yaml

@@ -27,7 +27,7 @@ spec:
   - name: image-expires-after
     value: 5d
   - name: dockerfile
-    value: Containerfile.bpfman-agent
+    value: Containerfile.bpfman-agent.openshift
   pipelineSpec:
     finally:
     - name: show-sbom

.tekton/bpfman-agent-push.yaml

@@ -24,7 +24,7 @@ spec:
   - name: output-image
     value: quay.io/redhat-user-workloads/ocp-bpfman-tenant/bpfman-operator/bpfman-agent:{{revision}}
   - name: dockerfile
-    value: Containerfile.bpfman-agent
+    value: Containerfile.bpfman-agent.openshift
   pipelineSpec:
     finally:
     - name: show-sbom

.tekton/bpfman-operator-pull-request.yaml

@@ -27,7 +27,7 @@ spec:
   - name: image-expires-after
     value: 5d
   - name: dockerfile
-    value: Containerfile.bpfman-operator
+    value: Containerfile.bpfman-operator.openshift
   pipelineSpec:
     finally:
     - name: show-sbom

.tekton/bpfman-operator-push.yaml

@@ -24,7 +24,7 @@ spec:
   - name: output-image
     value: quay.io/redhat-user-workloads/ocp-bpfman-tenant/bpfman-operator/bpfman-operator:{{revision}}
   - name: dockerfile
-    value: Containerfile.bpfman-operator
+    value: Containerfile.bpfman-operator.openshift
   pipelineSpec:
     finally:
     - name: show-sbom

Containerfile.bpfman-agent.openshift

@@ -0,0 +1,52 @@
+# Build the manager binary
+ARG BUILDPLATFORM=linux/amd64
+
+FROM --platform=$BUILDPLATFORM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.22-openshift-4.17 AS bpfman-agent-build
+
+# The following ARGs are set internally by docker/build-push-action in github actions
+ARG TARGETOS
+ARG TARGETARCH
+ARG TARGETPLATFORM
+
+RUN echo "TARGETOS=${TARGETOS}  TARGETARCH=${TARGETARCH}  BUILDPLATFORM=${BUILDPLATFORM}  TARGETPLATFORM=${TARGETPLATFORM}"
+
+WORKDIR /usr/src/bpfman-operator
+
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+
+COPY vendor/ vendor/
+
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY . .
+
+# Build
+# the GOARCH has not a default value to allow the binary be built according to the host where the command
+# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
+# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
+# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
+WORKDIR /usr/src/bpfman-operator
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -mod vendor -a -o bpfman-agent ./cmd/bpfman-agent/main.go
+
+FROM --platform=$TARGETPLATFORM registry.access.redhat.com/ubi9/ubi-minimal:9.4
+
+ARG TARGETARCH
+ARG TARGETPLATFORM
+
+WORKDIR /
+COPY --from=bpfman-agent-build /usr/src/bpfman-operator/bpfman-agent .
+
+# Install crictl
+RUN dnf -y install wget tar gzip
+ARG VERSION="v1.28.0"
+RUN wget --no-check-certificate https://github.com/kubernetes-sigs/cri-tools/releases/download/${VERSION}/crictl-${VERSION}-linux-${TARGETARCH}.tar.gz
+RUN tar zxvf crictl-${VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin
+RUN rm -f crictl-${VERSION}-linux-${TARGETARCH}.tar.gz
+RUN dnf -y clean all
+
+ENTRYPOINT ["/bpfman-agent"]

Containerfile.bpfman-operator.openshift

@@ -0,0 +1,50 @@
+# Build the manager binary
+ARG BUILDPLATFORM=linux/amd64
+
+FROM --platform=$BUILDPLATFORM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.22-openshift-4.17 AS bpfman-operator-build
+
+ARG BUILDPLATFORM
+
+# The following ARGs are set internally by docker/build-push-action in github actions
+ARG TARGETOS
+ARG TARGETARCH
+ARG TARGETPLATFORM
+
+RUN echo "TARGETOS=${TARGETOS}  TARGETARCH=${TARGETARCH}  BUILDPLATFORM=${BUILDPLATFORM}  TARGETPLATFORM=${TARGETPLATFORM}"
+
+WORKDIR /usr/src/bpfman-operator
+
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+
+COPY vendor/ vendor/
+
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY . .
+
+# Build
+# the GOARCH has not a default value to allow the binary be built according to the host where the command
+# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
+# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
+# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
+WORKDIR /usr/src/bpfman-operator
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -mod vendor -a -o bpfman-operator ./cmd/bpfman-operator/main.go
+
+FROM --platform=$TARGETPLATFORM registry.access.redhat.com/ubi9/ubi-minimal:9.4
+
+# The following ARGs are set internally by docker or podman on multiarch builds
+ARG TARGETPLATFORM
+
+WORKDIR /
+COPY --from=bpfman-operator-build /usr/src/bpfman-operator/config/bpfman-deployment/daemonset.yaml ./config/bpfman-deployment/daemonset.yaml
+COPY --from=bpfman-operator-build /usr/src/bpfman-operator/config/bpfman-deployment/csidriverinfo.yaml ./config/bpfman-deployment/csidriverinfo.yaml
+COPY --from=bpfman-operator-build /usr/src/bpfman-operator/config/openshift/restricted-scc.yaml ./config/openshift/restricted-scc.yaml
+COPY --from=bpfman-operator-build /usr/src/bpfman-operator/bpfman-operator .
+USER 65532:65532
+
+ENTRYPOINT ["/bpfman-operator"]