Refactor image builds to use buildx for multi arch image building (#2754)

* Refactor image builds to use buildx for multi arch image building Signed-off-by: Rob Reus <rob@devrobs.nl> * Adding image build sanity checks to Makefile Signed-off-by: Rob Reus <rob@devrobs.nl> * Making locally building of docker images possible Signed-off-by: Rob Reus <rob@devrobs.nl> * Adding docs on building container images using buildx Signed-off-by: Rob Reus <rob@devrobs.nl> * Adding changelog and implementing feedback from PR Signed-off-by: Rob Reus <rob@devrobs.nl> * Making GOPROXY used in the build containers configurable Signed-off-by: Rob Reus <rob@devrobs.nl>
2020-08-04 20:40:05 +02:00 · 2020-08-04 20:40:05 +02:00 · db139cf07c
parent 4e05e81ca2
commit db139cf07c
19 changed files with 265 additions and 390 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,3 @@
+.go/
+.go.std/
+site/
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@ -22,6 +22,13 @@ jobs:
    - name: Check out code into the Go module directory
      uses: actions/checkout@v2

+    - name: Set up Docker Buildx
+      id: buildx
+      uses: crazy-max/ghaction-docker-buildx@v3
+      with:
+        buildx-version: latest
+        qemu-version: latest
+
    - name: Build
      run: make local

--- a/68
+++ b/68
@ -0,0 +1,68 @@
+# Copyright 2020 the Velero contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+FROM --platform=$BUILDPLATFORM golang:1.14 as builder-env
+
+ARG GOPROXY
+ARG PKG
+ARG VERSION
+ARG GIT_SHA
+ARG GIT_TREE_STATE
+
+ENV CGO_ENABLED=0 \
+    GO111MODULE=on \
+    GOPROXY=${GOPROXY} \
+    LDFLAGS="-X ${PKG}/pkg/buildinfo.Version=${VERSION}" \
+    LDFLAGS="${LDFLAGS} -X ${PKG}/pkg/buildinfo.GitSHA=${GIT_SHA}" \
+    LDFLAGS="${LDFLAGS} -X ${PKG}/pkg/buildinfo.GitTreeState=${GIT_TREE_STATE}"
+
+WORKDIR /go/src/github.com/vmware-tanzu/velero
+
+COPY . /go/src/github.com/vmware-tanzu/velero
+
+RUN go mod download
+
+RUN apt-get update && apt-get install -y bzip2
+
+FROM --platform=$BUILDPLATFORM builder-env as builder
+
+ARG TARGETOS
+ARG TARGETARCH
+ARG TARGETVARIANT
+ARG PKG
+ARG BIN
+ARG RESTIC_VERSION
+
+ENV GOOS=${TARGETOS} \
+    GOARCH=${TARGETARCH} \
+    GOARM=${TARGETVARIANT}
+
+RUN mkdir -p /output/usr/bin && \
+    bash ./hack/download-restic.sh && \
+    export GOARM=$( echo "${GOARM}" | cut -c2-) && \
+    go build -o /output/${BIN} \
+    -ldflags "${LDFLAGS}" ${PKG}/cmd/${BIN}
+
+FROM ubuntu:focal
+
+LABEL maintainer="Nolan Brubaker <brubakern@vmware.com>"
+
+ARG BIN
+
+RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
+
+COPY --from=builder /output /
+
+USER nobody:nogroup
+
+ENTRYPOINT ["/${BIN}"]
--- a/33
+++ b/33
@ -1,33 +0,0 @@
-# Copyright 2017, 2019 the Velero contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM ubuntu:focal
-
-LABEL maintainer="Nolan Brubaker <brubakern@vmware.com>"
-
-RUN apt-get update && \
-    apt-get install -y --no-install-recommends ca-certificates wget bzip2 && \
-    wget --quiet https://github.com/restic/restic/releases/download/v0.9.6/restic_0.9.6_linux_amd64.bz2 && \
-    bunzip2 restic_0.9.6_linux_amd64.bz2 && \
-    mv restic_0.9.6_linux_amd64 /usr/bin/restic && \
-    chmod +x /usr/bin/restic && \
-    apt-get remove -y wget bzip2 && \
-    rm -rf /var/lib/apt/lists/*
-
-
-ADD /bin/linux/amd64/velero /velero
-
-USER nobody:nogroup
-
-ENTRYPOINT ["/velero"]
--- a/23
+++ b/23
@ -1,23 +0,0 @@
-# Copyright 2020 the Velero contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM arm32v7/ubuntu:focal
-
-ADD /bin/linux/arm/restic /usr/bin/restic
-
-ADD /bin/linux/arm/velero /velero
-
-USER nobody:nogroup
-
-ENTRYPOINT ["/velero"]
--- a/23
+++ b/23
@ -1,23 +0,0 @@
-# Copyright 2020 the Velero contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM arm64v8/ubuntu:focal
-
-ADD /bin/linux/arm64/restic /usr/bin/restic
-
-ADD /bin/linux/arm64/velero /velero
-
-USER nobody:nogroup
-
-ENTRYPOINT ["/velero"]
--- a/25
+++ b/25
@ -1,25 +0,0 @@
-# Copyright 2019 the Velero contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM ppc64le/ubuntu:focal
-
-LABEL maintainer="Prajyot Parab <prajyot.parab@ibm.com>"
-
-ADD /bin/linux/ppc64le/restic /usr/bin/restic
-
-ADD /bin/linux/ppc64le/velero /velero
-
-USER nobody:nogroup
-
-ENTRYPOINT ["/velero"]
--- a/23
+++ b/23
@ -1,23 +0,0 @@
-# Copyright 2018, 2019 the Velero contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM ubuntu:focal
-
-LABEL maintainer="Nolan Brubaker <brubakern@vmware.com>"
-
-ADD /bin/linux/amd64/velero-restic-restore-helper .
-
-USER nobody:nogroup
-
-ENTRYPOINT [ "/velero-restic-restore-helper" ]
--- a/21
+++ b/21
@ -1,21 +0,0 @@
-# Copyright 2020 the Velero contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM arm32v7/ubuntu:focal
-
-ADD /bin/linux/arm/velero-restic-restore-helper .
-
-USER nobody:nogroup
-
-ENTRYPOINT [ "/velero-restic-restore-helper" ]
--- a/21
+++ b/21
@ -1,21 +0,0 @@
-# Copyright 2020 the Velero contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM arm64v8/ubuntu:focal
-
-ADD /bin/linux/arm64/velero-restic-restore-helper .
-
-USER nobody:nogroup
-
-ENTRYPOINT [ "/velero-restic-restore-helper" ]
--- a/23
+++ b/23
@ -1,23 +0,0 @@
-# Copyright 2019 the Velero contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM ppc64le/ubuntu:focal
-
-LABEL maintainer="Prajyot Parab <prajyot.parab@ibm.com>"
-
-ADD /bin/linux/ppc64le/velero-restic-restore-helper .
-
-USER nobody:nogroup
-
-ENTRYPOINT [ "/velero-restic-restore-helper" ]
--- a/166
+++ b/166
@ -23,6 +23,9 @@ PKG := github.com/vmware-tanzu/velero
 # Where to push the docker image.
 REGISTRY ?= velero

+# Image name
+IMAGE ?= $(REGISTRY)/$(BIN)
+
 # Build image handling. We push a build image for every changed version of 
 # /hack/build-image/Dockerfile. We tag the dockerfile with the short commit hash
 # of the commit that changed it. When determining if there is a build image in
@ -43,16 +46,37 @@ VERSION ?= main

 TAG_LATEST ?= false

+ifeq ($(TAG_LATEST), true)
+	IMAGE_TAGS ?= $(IMAGE):$(VERSION) $(IMAGE):latest
+else
+	IMAGE_TAGS ?= $(IMAGE):$(VERSION)
+endif
+
+ifeq ($(shell docker buildx inspect 2>/dev/null | awk '/Status/ { print $$2 }'), running)
+	BUILDX_ENABLED ?= true
+else
+	BUILDX_ENABLED ?= false
+endif
+
+define BUILDX_ERROR
+buildx not enabled, refusing to run this recipe
+see: https://velero.io/docs/main/build-from-source/#making-images-and-updating-velero for more info
+endef
+
 # The version of restic binary to be downloaded for power architecture
 RESTIC_VERSION ?= 0.9.6

 CLI_PLATFORMS ?= linux-amd64 linux-arm linux-arm64 darwin-amd64 windows-amd64 linux-ppc64le
-CONTAINER_PLATFORMS ?= linux-amd64 linux-ppc64le linux-arm linux-arm64
-MANIFEST_PLATFORMS ?= amd64 ppc64le arm arm64
+BUILDX_PLATFORMS ?= $(subst -,/,$(ARCH))
+BUILDX_OUTPUT_TYPE ?= docker

 # set git sha and tree state
 GIT_SHA = $(shell git rev-parse HEAD)
-GIT_DIRTY = $(shell git status --porcelain 2> /dev/null)
+ifneq ($(shell git status --porcelain 2> /dev/null),)
+	GIT_TREE_STATE ?= dirty
+else
+	GIT_TREE_STATE ?= clean
+endif

 # The default linters used by lint and local-lint
 LINTERS ?= "gosec,goconst,gofmt,goimports,unparam"
@ -64,36 +88,7 @@ LINTERS ?= "gosec,goconst,gofmt,goimports,unparam"
 platform_temp = $(subst -, ,$(ARCH))
 GOOS = $(word 1, $(platform_temp))
 GOARCH = $(word 2, $(platform_temp))
-
-# Set default base image dynamically for each arch
-ifeq ($(GOARCH),amd64)
-		DOCKERFILE ?= Dockerfile-$(BIN)
-local-arch:
-	@echo "local environment for amd64 is up-to-date"
-endif
-ifeq ($(GOARCH),arm)
-		DOCKERFILE ?= Dockerfile-$(BIN)-arm
-local-arch:
-	@mkdir -p _output/bin/linux/arm/
-	@wget -q -O - https://github.com/restic/restic/releases/download/v$(RESTIC_VERSION)/restic_$(RESTIC_VERSION)_linux_arm.bz2 | bunzip2 > _output/bin/linux/arm/restic
-	@chmod a+x _output/bin/linux/arm/restic
-endif
-ifeq ($(GOARCH),arm64)
-		DOCKERFILE ?= Dockerfile-$(BIN)-arm64
-local-arch:
-	@mkdir -p _output/bin/linux/arm64/
-	@wget -q -O - https://github.com/restic/restic/releases/download/v$(RESTIC_VERSION)/restic_$(RESTIC_VERSION)_linux_arm64.bz2 | bunzip2 > _output/bin/linux/arm64/restic
-	@chmod a+x _output/bin/linux/arm64/restic
-endif
-ifeq ($(GOARCH),ppc64le)
-                DOCKERFILE ?= Dockerfile-$(BIN)-ppc64le
-local-arch:
-	RESTIC_VERSION=$(RESTIC_VERSION) \
-        ./hack/get-restic-ppc64le.sh
-endif
-
-MULTIARCH_IMAGE = $(REGISTRY)/$(BIN)
-IMAGE ?= $(REGISTRY)/$(BIN)-$(GOARCH)
+GOPROXY ?= https://proxy.golang.org

 # If you want to build all binaries, see the 'all-build' rule.
 # If you want to build all containers, see the 'all-containers' rule.
@ -106,23 +101,11 @@ build-%:
 	@$(MAKE) --no-print-directory ARCH=$* build
 	@$(MAKE) --no-print-directory ARCH=$* build BIN=velero-restic-restore-helper

-container-%:
-	@$(MAKE) --no-print-directory ARCH=$* container
-	@$(MAKE) --no-print-directory ARCH=$* container BIN=velero-restic-restore-helper
-
-push-%:
-	@$(MAKE) --no-print-directory ARCH=$* push
-	@$(MAKE) --no-print-directory ARCH=$* push BIN=velero-restic-restore-helper
-
 all-build: $(addprefix build-, $(CLI_PLATFORMS))

-all-containers: $(addprefix container-, $(CONTAINER_PLATFORMS))
-
-all-push: $(addprefix push-, $(CONTAINER_PLATFORMS))
-
-all-manifests:
-	@$(MAKE) manifest
-	@$(MAKE) manifest BIN=velero-restic-restore-helper
+all-containers: container-builder-env
+	@$(MAKE) --no-print-directory container
+	@$(MAKE) --no-print-directory container BIN=velero-restic-restore-helper

 local: build-dirs
 	GOOS=$(GOOS) \
@ -131,7 +114,7 @@ local: build-dirs
 	PKG=$(PKG) \
 	BIN=$(BIN) \
 	GIT_SHA=$(GIT_SHA) \
-	GIT_DIRTY="$(GIT_DIRTY)" \
+	GIT_TREE_STATE=$(GIT_TREE_STATE) \
 	OUTPUT_DIR=$$(pwd)/_output/bin/$(GOOS)/$(GOARCH) \
 	./hack/build.sh

@ -146,13 +129,12 @@ _output/bin/$(GOOS)/$(GOARCH)/$(BIN): build-dirs
 		PKG=$(PKG) \
 		BIN=$(BIN) \
 		GIT_SHA=$(GIT_SHA) \
-		GIT_DIRTY=\"$(GIT_DIRTY)\" \
+		GIT_TREE_STATE=$(GIT_TREE_STATE) \
 		OUTPUT_DIR=/output/$(GOOS)/$(GOARCH) \
 		./hack/build.sh'"

 TTY := $(shell tty -s && echo "-t")

-
 # Example: make shell CMD="date > datefile"
 shell: build-dirs build-env
 	@# bind-mount the Velero root dir in at /github.com/vmware-tanzu/velero
@ -175,47 +157,36 @@ shell: build-dirs build-env
 		$(BUILDER_IMAGE) \
 		/bin/sh $(CMD)

-DOTFILE_IMAGE = $(subst :,_,$(subst /,_,$(IMAGE))-$(VERSION))
+container-builder-env:
+ifneq ($(BUILDX_ENABLED), true)
+	$(error $(BUILDX_ERROR))
+endif
+	@docker buildx build \
+	--target=builder-env \
+	--build-arg=GOPROXY=$(GOPROXY) \
+	--build-arg=PKG=$(PKG) \
+	--build-arg=VERSION=$(VERSION) \
+	--build-arg=GIT_SHA=$(GIT_SHA) \
+	--build-arg=GIT_TREE_STATE=$(GIT_TREE_STATE) \
+	-f Dockerfile .

-all-containers:
-	$(MAKE) container
-	$(MAKE) container BIN=velero-restic-restore-helper
-
-container: local-arch .container-$(DOTFILE_IMAGE) container-name
-.container-$(DOTFILE_IMAGE): _output/bin/$(GOOS)/$(GOARCH)/$(BIN) $(DOCKERFILE)
-	@cp $(DOCKERFILE) _output/.dockerfile-$(BIN)-$(GOOS)-$(GOARCH)
-	@docker build --pull -t $(IMAGE):$(VERSION) -f _output/.dockerfile-$(BIN)-$(GOOS)-$(GOARCH) _output
-	@docker images -q $(IMAGE):$(VERSION) > $@
-
-container-name:
+container:
+ifneq ($(BUILDX_ENABLED), true)
+	$(error $(BUILDX_ERROR))
+endif
+	@docker buildx build --pull \
+	--output=type=$(BUILDX_OUTPUT_TYPE) \
+	--platform $(BUILDX_PLATFORMS) \
+	$(addprefix -t , $(IMAGE_TAGS)) \
+	--build-arg=PKG=$(PKG) \
+	--build-arg=BIN=$(BIN) \
+	--build-arg=VERSION=$(VERSION) \
+	--build-arg=GIT_SHA=$(GIT_SHA) \
+	--build-arg=GIT_TREE_STATE=$(GIT_TREE_STATE) \
+	--build-arg=RESTIC_VERSION=$(RESTIC_VERSION) \
+	-f Dockerfile .
 	@echo "container: $(IMAGE):$(VERSION)"

-push: .push-$(DOTFILE_IMAGE) push-name
-.push-$(DOTFILE_IMAGE): .container-$(DOTFILE_IMAGE)
-	@docker push $(IMAGE):$(VERSION)
-ifeq ($(TAG_LATEST), true)
-	docker tag $(IMAGE):$(VERSION) $(IMAGE):latest
-	docker push $(IMAGE):latest
-endif
-	@docker images -q $(IMAGE):$(VERSION) > $@
-
-push-name:
-	@echo "pushed: $(IMAGE):$(VERSION)"
-
-manifest: .manifest-$(MULTIARCH_IMAGE) manifest-name
-.manifest-$(MULTIARCH_IMAGE):
-	@DOCKER_CLI_EXPERIMENTAL=enabled docker manifest create $(MULTIARCH_IMAGE):$(VERSION) \
-		$(foreach arch, $(MANIFEST_PLATFORMS), $(MULTIARCH_IMAGE)-$(arch):$(VERSION))
-	@DOCKER_CLI_EXPERIMENTAL=enabled docker manifest push --purge $(MULTIARCH_IMAGE):$(VERSION)
-ifeq ($(TAG_LATEST), true)
-	@DOCKER_CLI_EXPERIMENTAL=enabled docker manifest create $(MULTIARCH_IMAGE):latest \
-		$(foreach arch, $(MANIFEST_PLATFORMS), $(MULTIARCH_IMAGE)-$(arch):latest)
-	@DOCKER_CLI_EXPERIMENTAL=enabled docker manifest push --purge $(MULTIARCH_IMAGE):latest
-endif
-
-manifest-name:
-	@echo "pushed: $(MULTIARCH_IMAGE):$(VERSION)"
-
 SKIP_TESTS ?=
 test: build-dirs
 ifneq ($(SKIP_TESTS), 1)
@ -266,21 +237,25 @@ build-env:
 ifneq ($(shell git diff --quiet HEAD -- hack/build-image/Dockerfile; echo $$?), 0)
 	@echo "Local changes detected in hack/build-image/Dockerfile"
 	@echo "Preparing a new builder-image"
-	@make build-image
+	$(MAKE) build-image
 else ifneq ($(BUILDER_IMAGE_CACHED),)
 	@echo "Using Cached Image: $(BUILDER_IMAGE)"
 else
 	@echo "Trying to pull build-image: $(BUILDER_IMAGE)"
-	docker pull -q $(BUILDER_IMAGE) || make build-image
+	docker pull -q $(BUILDER_IMAGE) || $(MAKE) build-image
 endif

 build-image:
 	@# When we build a new image we just untag the old one.
 	@# This makes sure we don't leave the orphaned image behind.
-	@id=$$(docker image inspect  --format '{{ .ID }}' ${BUILDER_IMAGE} 2>/dev/null); \
-	cd hack/build-image && docker build --pull -t $(BUILDER_IMAGE) . ; \
-	new_id=$$(docker image inspect  --format '{{ .ID }}' ${BUILDER_IMAGE} 2>/dev/null); \
-	if [ "$$id" != "" ] && [ "$$id" != "$$new_id" ]; then \
+	$(eval old_id=$(shell docker image inspect  --format '{{ .ID }}' ${BUILDER_IMAGE} 2>/dev/null))
+ifeq ($(BUILDX_ENABLED), true)
+	@cd hack/build-image && docker buildx build --build-arg=GOPROXY=$(GOPROXY) --output=type=docker --pull -t $(BUILDER_IMAGE) .
+else
+	@cd hack/build-image && docker build --build-arg=GOPROXY=$(GOPROXY) --pull -t $(BUILDER_IMAGE) .
+endif
+	$(eval new_id=$(shell docker image inspect  --format '{{ .ID }}' ${BUILDER_IMAGE} 2>/dev/null))
+	@if [ "$(old_id)" != "" ] && [ "$(old_id)" != "$(new_id)" ]; then \
 		docker rmi -f $$id || true; \
 	fi

@ -296,7 +271,6 @@ ifneq ($(strip $(BUILDER_IMAGE_CACHED)),)
 	$(MAKE) shell CMD="-c 'go clean --modcache'"
 	docker rmi -f $(BUILDER_IMAGE) || true
 endif
-	rm -rf .container-* _output/.dockerfile-* .push-*
 	rm -rf .go _output


--- a/changelogs/unreleased/2754-robreus
+++ b/changelogs/unreleased/2754-robreus
@ -0,0 +1 @@
+Refactor image builds to use buildx for multi arch image building
--- a/hack/build-image/Dockerfile
+++ b/hack/build-image/Dockerfile
@ -14,9 +14,11 @@

 FROM golang:1.14

+ARG GOPROXY
+
 ENV GO111MODULE=on
 # Use a proxy for go modules to reduce the likelihood of various hosts being down and breaking the build
-ENV GOPROXY=https://proxy.golang.org
+ENV GOPROXY=${GOPROXY}

 # get code-generation tools (for now keep in GOPATH since they're not fully modules-compatible yet)
 RUN mkdir -p /go/src/k8s.io
@ -54,4 +56,4 @@ RUN wget --quiet https://github.com/goreleaser/goreleaser/releases/download/v0.1
    chmod +x /usr/bin/goreleaser

 # get golangci-lint
-RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.27.0
+RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.27.0
--- a/hack/build.sh
+++ b/hack/build.sh
@ -2,6 +2,8 @@

 # Copyright 2016 The Kubernetes Authors.
 #
+# Modifications Copyright 2020 the Velero contributors.
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@ -18,40 +20,39 @@ set -o errexit
 set -o nounset
 set -o pipefail

-if [ -z "${PKG}" ]; then
+if [[ -z "${PKG}" ]]; then
    echo "PKG must be set"
    exit 1
 fi
-if [ -z "${BIN}" ]; then
+if [[ -z "${BIN}" ]]; then
    echo "BIN must be set"
    exit 1
 fi
-if [ -z "${GOOS}" ]; then
+if [[ -z "${GOOS}" ]]; then
    echo "GOOS must be set"
    exit 1
 fi
-if [ -z "${GOARCH}" ]; then
+if [[ -z "${GOARCH}" ]]; then
    echo "GOARCH must be set"
    exit 1
 fi
-if [ -z "${VERSION}" ]; then
+if [[ -z "${VERSION}" ]]; then
    echo "VERSION must be set"
    exit 1
 fi

-if [ -z "${GIT_SHA}" ]; then
+if [[ -z "${GIT_SHA}" ]]; then
    echo "GIT_SHA must be set"
    exit 1
 fi

-export CGO_ENABLED=0
-
-if [[ -z "${GIT_DIRTY}" ]]; then
-  GIT_TREE_STATE=clean
-else
-  GIT_TREE_STATE=dirty
+if [[ -z "${GIT_TREE_STATE}" ]]; then
+    echo "GIT_TREE_STATE must be set"
+    exit 1
 fi

+export CGO_ENABLED=0
+
 LDFLAGS="-X ${PKG}/pkg/buildinfo.Version=${VERSION}"
 LDFLAGS="${LDFLAGS} -X ${PKG}/pkg/buildinfo.GitSHA=${GIT_SHA}"
 LDFLAGS="${LDFLAGS} -X ${PKG}/pkg/buildinfo.GitTreeState=${GIT_TREE_STATE}"
--- a/hack/docker-push.sh
+++ b/hack/docker-push.sh
@ -1,6 +1,6 @@
 #!/bin/bash

-# Copyright 2019 the Velero contributors.
+# Copyright 2020 the Velero contributors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -78,12 +78,21 @@ elif [[ "$TAG" == "$HIGHEST" ]]; then
    TAG_LATEST=true
 fi

+if [[ -z "$BUILDX_PLATFORMS" ]]; then
+    BUILDX_PLATFORMS="linux/amd64,linux/arm64,linux/arm/v7,linux/ppc64le"
+fi
+
 # Debugging info
 echo "Highest tag found: $HIGHEST"
 echo "BRANCH: $BRANCH"
 echo "TAG: $TAG"
 echo "TAG_LATEST: $TAG_LATEST"
+echo "BUILDX_PLATFORMS: $BUILDX_PLATFORMS"

 echo "Building and pushing container images."

-VERSION="$VERSION" TAG_LATEST="$TAG_LATEST" make all-containers all-push all-manifests
+VERSION="$VERSION" \
+TAG_LATEST="$TAG_LATEST" \
+BUILDX_PLATFORMS="$BUILDX_PLATFORMS" \
+BUILDX_OUTPUT_TYPE="registry" \
+make all-containers
--- a/hack/download-restic.sh
+++ b/hack/download-restic.sh
@ -0,0 +1,54 @@
+#!/bin/bash
+
+# Copyright 2020 the Velero contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+if [[ -z "${BIN}" ]]; then
+    echo "BIN must be set"
+    exit 1
+fi
+
+if [[ "${BIN}" != "velero" ]]; then
+    echo "${BIN} does not need the restic binary"
+    exit 0
+fi
+
+if [[ -z "${GOOS}" ]]; then
+    echo "GOOS must be set"
+    exit 1
+fi
+if [[ -z "${GOARCH}" ]]; then
+    echo "GOARCH must be set"
+    exit 1
+fi
+if [[ -z "${RESTIC_VERSION}" ]]; then
+    echo "RESTIC_VERSION must be set"
+    exit 1
+fi
+
+# TODO: when the new restic version is released, make ppc64le to be also downloaded from their github releases.
+#  This has been merged and will be applied to next release: https://github.com/restic/restic/pull/2342
+if [[ "${GOARCH}" = "ppc64le" ]]; then
+    wget --timeout=1 --tries=5 --quiet https://oplab9.parqtec.unicamp.br/pub/ppc64el/restic/restic-${RESTIC_VERSION} -O /output/usr/bin/restic
+else
+    wget --quiet https://github.com/restic/restic/releases/download/v${RESTIC_VERSION}/restic_${RESTIC_VERSION}_${GOOS}_${GOARCH}.bz2
+    bunzip2 restic_${RESTIC_VERSION}_${GOOS}_${GOARCH}.bz2
+    mv restic_${RESTIC_VERSION}_${GOOS}_${GOARCH} /output/usr/bin/restic
+fi
+
+chmod +x /output/usr/bin/restic
--- a/hack/get-restic-ppc64le.sh
+++ b/hack/get-restic-ppc64le.sh
@ -1,34 +0,0 @@
-#!/bin/bash
-#
-# Copyright 2019 the Velero contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-set -o errexit
-set -o nounset
-set -o pipefail
-
-if [ -z "${RESTIC_VERSION}" ]; then
-    echo "RESTIC_VERSION must be set"
-    exit 1
-fi
-
-if [ ! -d "_output/bin/linux/ppc64le/" ]; then
-    mkdir -p _output/bin/linux/ppc64le/
-fi
-
-wget --quiet https://oplab9.parqtec.unicamp.br/pub/ppc64el/restic/restic-${RESTIC_VERSION}
-mv restic-${RESTIC_VERSION} _output/bin/linux/ppc64le/restic
-chmod +x _output/bin/linux/ppc64le/restic
-
--- a/site/docs/v1.4/build-from-source.md
+++ b/site/docs/v1.4/build-from-source.md
@ -76,76 +76,55 @@ If after installing Velero you would like to change the image used by its deploy
 kubectl -n velero set image deploy/velero velero=myimagerepo/velero:$VERSION
 ```

-To build a Velero container image, first set the `$REGISTRY` environment variable. For example, if you want to build the `gcr.io/my-registry/velero-amd64:main` image, set `$REGISTRY` to `gcr.io/my-registry`. If this variable is not set, the default is `velero`.
+To build a Velero container image, you need to configure `buildx` first.

-Optionally, set the `$VERSION` environment variable to change the image tag. Then, run:
+### Buildx
+
+Docker Buildx is a CLI plugin that extends the docker command with the full support of the features provided by Moby BuildKit builder toolkit. It provides the same user experience as docker build with many new features like creating scoped builder instances and building against multiple nodes concurrently.
+
+More information in the [docker docs][23] and in the [buildx github][24] repo.
+
+### Image building
+
+Set the `$REGISTRY` environment variable. For example, if you want to build the `gcr.io/my-registry/velero:main` image, set `$REGISTRY` to `gcr.io/my-registry`. If this variable is not set, the default is `velero`.
+
+Optionally, set the `$VERSION` environment variable to change the image tag or `$BIN` to change which binary to build a container image for. Then, run:

 ```bash
 make container
 ```
+_Note: To build build container images for both `velero` and `velero-restic-restore-helper`, run: `make all-containers`_

-For any specific platform, run `ARCH=<GOOS>-<GOARCH> make container`

-For example, to build an image for the Power (ppc64le), run:
+### Cross platform building
+
+Docker `buildx` platforms currently supported:
+* `linux/amd64`
+* `linux/arm64`
+* `linux/arm/v7`
+* `linux/ppc64le`
+
+For any specific platform, run `BUILDX_PLATFORMS=<GOOS>/<GOARCH> make container`
+
+For example, to build an image for arm64, run:

 ```bash
-ARCH=linux-ppc64le make container
+BUILDX_PLATFORMS=linux/arm64 make container
 ```
-_Note: By default, ARCH is set to linux-amd64_
+_Note: By default, `$BUILDX_PLATFORMS` is set to `linux/amd64`_

-To push your image to the registry. For example, if you want to push the `gcr.io/my-registry/velero-amd64:main` image, run:
+To push your image to the registry, run the `make container` command with `$BUILDX_OUTPUT_TYPE` set to `registry`. For example:

 ```bash
-make push
+REGISTRY=myrepo BUILDX_PLATFORMS=linux/arm64 BUILDX_OUTPUT_TYPE=registry make container
 ```

-For any specific platform, run `ARCH=<GOOS>-<GOARCH> make push`
-
-For example, to push image for the Power (ppc64le), run:
+With `buildx`, you can also build all supported platforms at the same time and push a multi-arch image to the registry. For example:

 ```bash
-ARCH=linux-ppc64le make push
-```
-_Note: By default, ARCH is set to linux-amd64_
-
-To create and push your manifest to the registry. For example, if you want to create and push the `gcr.io/my-registry/velero:main` manifest, run:
-
-```bash
-make manifest
-```
-
-For any specific platform, run `MANIFEST_PLATFORMS=<GOARCH> make manifest`
-
-For example, to create and push manifest only for amd64, run:
-
-```bash
-MANIFEST_PLATFORMS=amd64 make manifest
-```
-_Note: By default, MANIFEST_PLATFORMS is set to amd64, ppc64le_
-
-To run the entire workflow, run:
-
-`REGISTRY=<$REGISTRY> VERSION=<$VERSION> ARCH=<GOOS>-<GOARCH> MANIFEST_PLATFORMS=<GOARCH> make container push manifest`
-
-For example, to run the workflow only for amd64
-
-```bash
-REGISTRY=myrepo VERSION=foo MANIFEST_PLATFORMS=amd64 make container push manifest
-```
-
-_Note: By default, ARCH is set to linux-amd64_
-
-For example, to run the workflow only for ppc64le
-
-```bash
-REGISTRY=myrepo VERSION=foo ARCH=linux-ppc64le MANIFEST_PLATFORMS=ppc64le make container push manifest
-```
-
-For example, to run the workflow for all supported platforms
-
-```bash
-REGISTRY=myrepo VERSION=foo make all-containers all-push all-manifests
+REGISTRY=myrepo VERSION=foo BUILDX_PLATFORMS=linux/amd64,linux/arm64,linux/arm/v7,linux/ppc64le BUILDX_OUTPUT_TYPE=registry make all-containers
 ```
+_Note: when building for more than 1 platform at the same time, you need to set `BUILDX_OUTPUT_TYPE` to `registry` as local multi-arch images are not supported [yet][25]._

 Note: if you want to update the image but not change its name, you will have to trigger Kubernetes to pick up the new image. One way of doing so is by deleting the Velero deployment pod:

@ -156,3 +135,6 @@ kubectl -n velero delete pods -l deploy=velero
 [4]: https://blog.golang.org/organizing-go-code
 [5]: https://golang.org/doc/install
 [22]: https://github.com/vmware-tanzu/velero/releases
+[23]: https://docs.docker.com/buildx/working-with-buildx/
+[24]: https://github.com/docker/buildx
+[25]: https://github.com/moby/moby/pull/38738
				`@ -0,0 +1 @@`
				`Refactor image builds to use buildx for multi arch image building`