From a87bf83692f8d74c46b1f475730a1aa8da30766b Mon Sep 17 00:00:00 2001
From: Mohamed Mahmoud <mmahmoud@redhat.com>
Date: Mon, 5 Aug 2024 09:00:12 -0400
Subject: [PATCH] Add downstream container files and update the konflux
 pipeline

Signed-off-by: Mohamed Mahmoud <mmahmoud@redhat.com>
---
 .tekton/bpfman-agent-pull-request.yaml    |  2 +-
 .tekton/bpfman-agent-push.yaml            |  2 +-
 .tekton/bpfman-operator-pull-request.yaml |  2 +-
 .tekton/bpfman-operator-push.yaml         |  2 +-
 Containerfile.bpfman-agent.openshift      | 52 +++++++++++++++++++++++
 Containerfile.bpfman-operator.openshift   | 50 ++++++++++++++++++++++
 6 files changed, 106 insertions(+), 4 deletions(-)
 create mode 100644 Containerfile.bpfman-agent.openshift
 create mode 100644 Containerfile.bpfman-operator.openshift

diff --git a/.tekton/bpfman-agent-pull-request.yaml b/.tekton/bpfman-agent-pull-request.yaml
index e6b1684ef..6674102c5 100644
--- a/.tekton/bpfman-agent-pull-request.yaml
+++ b/.tekton/bpfman-agent-pull-request.yaml
@@ -27,7 +27,7 @@ spec:
   - name: image-expires-after
     value: 5d
   - name: dockerfile
-    value: Containerfile.bpfman-agent
+    value: Containerfile.bpfman-agent.openshift
   pipelineSpec:
     finally:
     - name: show-sbom
diff --git a/.tekton/bpfman-agent-push.yaml b/.tekton/bpfman-agent-push.yaml
index 7df07362f..26a7d1912 100644
--- a/.tekton/bpfman-agent-push.yaml
+++ b/.tekton/bpfman-agent-push.yaml
@@ -24,7 +24,7 @@ spec:
   - name: output-image
     value: quay.io/redhat-user-workloads/ocp-bpfman-tenant/bpfman-operator/bpfman-agent:{{revision}}
   - name: dockerfile
-    value: Containerfile.bpfman-agent
+    value: Containerfile.bpfman-agent.openshift
   pipelineSpec:
     finally:
     - name: show-sbom
diff --git a/.tekton/bpfman-operator-pull-request.yaml b/.tekton/bpfman-operator-pull-request.yaml
index 51ff16930..77850b5d8 100644
--- a/.tekton/bpfman-operator-pull-request.yaml
+++ b/.tekton/bpfman-operator-pull-request.yaml
@@ -27,7 +27,7 @@ spec:
   - name: image-expires-after
     value: 5d
   - name: dockerfile
-    value: Containerfile.bpfman-operator
+    value: Containerfile.bpfman-operator.openshift
   pipelineSpec:
     finally:
     - name: show-sbom
diff --git a/.tekton/bpfman-operator-push.yaml b/.tekton/bpfman-operator-push.yaml
index 3173a55fe..f85b32b9e 100644
--- a/.tekton/bpfman-operator-push.yaml
+++ b/.tekton/bpfman-operator-push.yaml
@@ -24,7 +24,7 @@ spec:
   - name: output-image
     value: quay.io/redhat-user-workloads/ocp-bpfman-tenant/bpfman-operator/bpfman-operator:{{revision}}
   - name: dockerfile
-    value: Containerfile.bpfman-operator
+    value: Containerfile.bpfman-operator.openshift
   pipelineSpec:
     finally:
     - name: show-sbom
diff --git a/Containerfile.bpfman-agent.openshift b/Containerfile.bpfman-agent.openshift
new file mode 100644
index 000000000..3246c0049
--- /dev/null
+++ b/Containerfile.bpfman-agent.openshift
@@ -0,0 +1,52 @@
+# Build the manager binary
+ARG BUILDPLATFORM=linux/amd64
+
+FROM --platform=$BUILDPLATFORM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.22-openshift-4.17 AS bpfman-agent-build
+
+# The following ARGs are set internally by docker/build-push-action in github actions
+ARG TARGETOS
+ARG TARGETARCH
+ARG TARGETPLATFORM
+
+RUN echo "TARGETOS=${TARGETOS}  TARGETARCH=${TARGETARCH}  BUILDPLATFORM=${BUILDPLATFORM}  TARGETPLATFORM=${TARGETPLATFORM}"
+
+WORKDIR /usr/src/bpfman-operator
+
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+
+COPY vendor/ vendor/
+
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY . .
+
+# Build
+# the GOARCH has not a default value to allow the binary be built according to the host where the command
+# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
+# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
+# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
+WORKDIR /usr/src/bpfman-operator
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -mod vendor -a -o bpfman-agent ./cmd/bpfman-agent/main.go
+
+FROM --platform=$TARGETPLATFORM registry.access.redhat.com/ubi9/ubi-minimal:9.4
+
+ARG TARGETARCH
+ARG TARGETPLATFORM
+
+WORKDIR /
+COPY --from=bpfman-agent-build /usr/src/bpfman-operator/bpfman-agent .
+
+# Install crictl
+RUN dnf -y install wget tar gzip
+ARG VERSION="v1.28.0"
+RUN wget --no-check-certificate https://github.com/kubernetes-sigs/cri-tools/releases/download/${VERSION}/crictl-${VERSION}-linux-${TARGETARCH}.tar.gz
+RUN tar zxvf crictl-${VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin
+RUN rm -f crictl-${VERSION}-linux-${TARGETARCH}.tar.gz
+RUN dnf -y clean all
+
+ENTRYPOINT ["/bpfman-agent"]
diff --git a/Containerfile.bpfman-operator.openshift b/Containerfile.bpfman-operator.openshift
new file mode 100644
index 000000000..29030cd3a
--- /dev/null
+++ b/Containerfile.bpfman-operator.openshift
@@ -0,0 +1,50 @@
+# Build the manager binary
+ARG BUILDPLATFORM=linux/amd64
+
+FROM --platform=$BUILDPLATFORM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.22-openshift-4.17 AS bpfman-operator-build
+
+ARG BUILDPLATFORM
+
+# The following ARGs are set internally by docker/build-push-action in github actions
+ARG TARGETOS
+ARG TARGETARCH
+ARG TARGETPLATFORM
+
+RUN echo "TARGETOS=${TARGETOS}  TARGETARCH=${TARGETARCH}  BUILDPLATFORM=${BUILDPLATFORM}  TARGETPLATFORM=${TARGETPLATFORM}"
+
+WORKDIR /usr/src/bpfman-operator
+
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+
+COPY vendor/ vendor/
+
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY . .
+
+# Build
+# the GOARCH has not a default value to allow the binary be built according to the host where the command
+# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
+# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
+# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
+WORKDIR /usr/src/bpfman-operator
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -mod vendor -a -o bpfman-operator ./cmd/bpfman-operator/main.go
+
+FROM --platform=$TARGETPLATFORM registry.access.redhat.com/ubi9/ubi-minimal:9.4
+
+# The following ARGs are set internally by docker or podman on multiarch builds
+ARG TARGETPLATFORM
+
+WORKDIR /
+COPY --from=bpfman-operator-build /usr/src/bpfman-operator/config/bpfman-deployment/daemonset.yaml ./config/bpfman-deployment/daemonset.yaml
+COPY --from=bpfman-operator-build /usr/src/bpfman-operator/config/bpfman-deployment/csidriverinfo.yaml ./config/bpfman-deployment/csidriverinfo.yaml
+COPY --from=bpfman-operator-build /usr/src/bpfman-operator/config/openshift/restricted-scc.yaml ./config/openshift/restricted-scc.yaml
+COPY --from=bpfman-operator-build /usr/src/bpfman-operator/bpfman-operator .
+USER 65532:65532
+
+ENTRYPOINT ["/bpfman-operator"]