Use semaphore self-hosted arm64 machine

.semaphore/push-images/alp.yml

@@ -8,39 +8,48 @@ agent:
 execution_time_limit:
   minutes: 60
 
+global_job_config:
+  env_vars:
+    - name: DEV_REGISTRIES
+      value: quay.io/calico docker.io/calico
+  secrets:
+    - name: docker
+    - name: quay-robot-calico+semaphoreci
+  prologue:
+    commands:
+      - checkout
+      # Semaphore mounts a copy-on-write FS as /var/lib/docker in order to provide a pre-loaded cache of
+      # some images. However, the cache is not useful to us and the copy-on-write FS is a big problem given
+      # how much we churn docker containers during the build.  Disable it.
+      - sudo systemctl stop docker
+      - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
+      - sudo systemctl start docker
+      # Free up space on the build machine.
+      - sudo rm -rf ~/{.kerl,.kiex,.npm,.nvm,.phpbrew,.rbenv,.sbt} /opt/{apache-maven*,firefox*,scala} /usr/lib/jvm /usr/local/{aws2,golang,phantomjs*}
+      # Semaphore is doing shallow clone on a commit without tags.
+      # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always)
+      - retry git fetch --unshallow
+      - echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin
+      - echo $QUAY_TOKEN | docker login --username "$QUAY_USER" --password-stdin quay.io
+      - export BRANCH_NAME=$SEMAPHORE_GIT_BRANCH
+
 blocks:
-  # Build and push images.
-  # We'll only do this on non-PR builds, where we have credentials to do so.
-  - name: "Publish ALP images"
+  - name: Publish ALP images
+    dependencies: []
+    skip:
+      when: "branch !~ '.+'"
+    task:
+      jobs:
+        - name: Linux multi-arch
+          commands:
+            - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C app-policy cd CONFIRM=true; fi
+  - name: Publish ALP multi-arch manifests
+    dependencies:
+      - Publish ALP images
     skip:
-      # Only run on branches, not PRs.
       when: "branch !~ '.+'"
     task:
-      prologue:
-        commands:
-        - checkout
-        # Semaphore mounts a copy-on-write FS as /var/lib/docker in order to provide a pre-loaded cache of
-        # some images. However, the cache is not useful to us and the copy-on-write FS is a big problem given
-        # how much we churn docker containers during the build.  Disable it.
-        - sudo systemctl stop docker
-        - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
-        - sudo systemctl start docker
-        # Free up space on the build machine.
-        - sudo rm -rf ~/.kiex ~/.phpbrew ~/.rbenv ~/.nvm ~/.kerl ~/.sbt ~/.npm /usr/lib/jvm /opt/firefox* /opt/apache-maven* /opt/scala /usr/local/golang
-        # Semaphore is doing shallow clone on a commit without tags.
-        # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always)
-        - retry git fetch --unshallow
-        - echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin
-        - echo $QUAY_TOKEN | docker login --username "$QUAY_USER" --password-stdin quay.io
-        - export BRANCH_NAME=$SEMAPHORE_GIT_BRANCH
-      secrets:
-      - name: quay-robot-calico+semaphoreci
-      - name: docker
       jobs:
-      - name: "ALP"
-        env_vars:
-        - name: DEV_REGISTRIES
-          value: quay.io/calico docker.io/calico
-        commands:
-        - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C pod2daemon image-all cd CONFIRM=true; fi
-        - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C app-policy image-all cd CONFIRM=true; fi
+        - name: Linux multi-arch manifests
+          commands:
+            - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C app-policy push-manifests-with-tag CONFIRM=true; fi

.semaphore/push-images/apiserver.yml

@@ -8,40 +8,48 @@ agent:
 execution_time_limit:
   minutes: 60
 
+global_job_config:
+  env_vars:
+    - name: DEV_REGISTRIES
+      value: quay.io/calico docker.io/calico
+  secrets:
+    - name: docker
+    - name: quay-robot-calico+semaphoreci
+  prologue:
+    commands:
+      - checkout
+      # Semaphore mounts a copy-on-write FS as /var/lib/docker in order to provide a pre-loaded cache of
+      # some images. However, the cache is not useful to us and the copy-on-write FS is a big problem given
+      # how much we churn docker containers during the build.  Disable it.
+      - sudo systemctl stop docker
+      - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
+      - sudo systemctl start docker
+      # Free up space on the build machine.
+      - sudo rm -rf ~/{.kerl,.kiex,.npm,.nvm,.phpbrew,.rbenv,.sbt} /opt/{apache-maven*,firefox*,scala} /usr/lib/jvm /usr/local/{aws2,golang,phantomjs*}
+      # Semaphore is doing shallow clone on a commit without tags.
+      # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always)
+      - retry git fetch --unshallow
+      - echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin
+      - echo $QUAY_TOKEN | docker login --username "$QUAY_USER" --password-stdin quay.io
+      - export BRANCH_NAME=$SEMAPHORE_GIT_BRANCH
+
 blocks:
-  # Build and push images.
-  # We'll only do this on non-PR builds, where we have credentials to do so.
-  - name: "Publish apiserver images"
+  - name: Publish apiserver images
+    dependencies: []
+    skip:
+      when: "branch !~ '.+'"
+    task:
+      jobs:
+        - name: Linux multi-arch
+          commands:
+            - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C apiserver cd CONFIRM=true; fi
+  - name: Publish apiserver multi-arch manifests
+    dependencies:
+      - Publish apiserver images
     skip:
-      # Only run on branches, not PRs.
       when: "branch !~ '.+'"
     task:
-      prologue:
-        commands:
-        - checkout
-        # Semaphore mounts a copy-on-write FS as /var/lib/docker in order to provide a pre-loaded cache of
-        # some images. However, the cache is not useful to us and the copy-on-write FS is a big problem given
-        # how much we churn docker containers during the build.  Disable it.
-        - sudo systemctl stop docker
-        - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
-        - sudo systemctl start docker
-        # Free up space on the build machine.
-        - sudo rm -rf ~/.kiex ~/.phpbrew ~/.rbenv ~/.nvm ~/.kerl ~/.sbt ~/.npm /usr/lib/jvm /opt/firefox* /opt/apache-maven* /opt/scala /usr/local/golang
-        # Semaphore is doing shallow clone on a commit without tags.
-        # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always)
-        - retry git fetch --unshallow
-        - echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin
-        - echo $QUAY_TOKEN | docker login --username "$QUAY_USER" --password-stdin quay.io
-        - export BRANCH_NAME=$SEMAPHORE_GIT_BRANCH
-      secrets:
-      - name: quay-robot-calico+semaphoreci
-      - name: docker
       jobs:
-      # The apiserver build takes a long time due to some architectures, so we split it up.
-      # TODO: Add support for other architectures
-      - name: "Linux amd64"
-        env_vars:
-        - name: DEV_REGISTRIES
-          value: quay.io/calico docker.io/calico
-        commands:
-        - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make VALIDARCHES=amd64 -C apiserver image-all cd-common CONFIRM=true; fi
+        - name: Linux multi-arch manifests
+          commands:
+            - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C apiserver push-manifests-with-tag CONFIRM=true; fi

.semaphore/push-images/calicoctl.yml

@@ -2,44 +2,54 @@ version: v1.0
 name: Publish calicoctl images
 agent:
   machine:
-    type: e1-standard-4
+    type: e1-standard-2
     os_image: ubuntu2004
 
 execution_time_limit:
   minutes: 60
 
+global_job_config:
+  env_vars:
+    - name: DEV_REGISTRIES
+      value: quay.io/calico docker.io/calico
+  secrets:
+    - name: docker
+    - name: quay-robot-calico+semaphoreci
+  prologue:
+    commands:
+      - checkout
+      # Semaphore mounts a copy-on-write FS as /var/lib/docker in order to provide a pre-loaded cache of
+      # some images. However, the cache is not useful to us and the copy-on-write FS is a big problem given
+      # how much we churn docker containers during the build.  Disable it.
+      - sudo systemctl stop docker
+      - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
+      - sudo systemctl start docker
+      # Free up space on the build machine.
+      - sudo rm -rf ~/{.kerl,.kiex,.npm,.nvm,.phpbrew,.rbenv,.sbt} /opt/{apache-maven*,firefox*,scala} /usr/lib/jvm /usr/local/{aws2,golang,phantomjs*}
+      # Semaphore is doing shallow clone on a commit without tags.
+      # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always)
+      - retry git fetch --unshallow
+      - echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin
+      - echo $QUAY_TOKEN | docker login --username "$QUAY_USER" --password-stdin quay.io
+      - export BRANCH_NAME=$SEMAPHORE_GIT_BRANCH
+
 blocks:
-  # Build and push images.
-  # We'll only do this on non-PR builds, where we have credentials to do so.
-  - name: "Publish calicoctl images"
+  - name: Publish calicoctl images
+    dependencies: []
+    skip:
+      when: "branch !~ '.+'"
+    task:
+      jobs:
+        - name: Linux multi-arch
+          commands:
+            - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C calicoctl cd CONFIRM=true; fi
+  - name: Publish calicoctl multi-arch manifests
+    dependencies:
+      - Publish calicoctl images
     skip:
-      # Only run on branches, not PRs.
       when: "branch !~ '.+'"
     task:
-      prologue:
-        commands:
-        - checkout
-        # Semaphore mounts a copy-on-write FS as /var/lib/docker in order to provide a pre-loaded cache of
-        # some images. However, the cache is not useful to us and the copy-on-write FS is a big problem given
-        # how much we churn docker containers during the build.  Disable it.
-        - sudo systemctl stop docker
-        - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
-        - sudo systemctl start docker
-        # Free up space on the build machine.
-        - sudo rm -rf ~/.kiex ~/.phpbrew ~/.rbenv ~/.nvm ~/.kerl ~/.sbt ~/.npm /usr/lib/jvm /opt/firefox* /opt/apache-maven* /opt/scala /usr/local/golang
-        # Semaphore is doing shallow clone on a commit without tags.
-        # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always)
-        - retry git fetch --unshallow
-        - echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin
-        - echo $QUAY_TOKEN | docker login --username "$QUAY_USER" --password-stdin quay.io
-        - export BRANCH_NAME=$SEMAPHORE_GIT_BRANCH
-      secrets:
-      - name: quay-robot-calico+semaphoreci
-      - name: docker
       jobs:
-      - name: "calicoctl"
-        env_vars:
-        - name: DEV_REGISTRIES
-          value: quay.io/calico docker.io/calico
-        commands:
-        - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C calicoctl image-all cd CONFIRM=true; fi
+        - name: Linux multi-arch manifests
+          commands:
+            - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C calicoctl push-manifests-with-tag CONFIRM=true; fi

.semaphore/push-images/cni-plugin.yml

@@ -8,44 +8,51 @@ agent:
 execution_time_limit:
   minutes: 60
 
+global_job_config:
+  env_vars:
+    - name: DEV_REGISTRIES
+      value: quay.io/calico docker.io/calico
+  secrets:
+    - name: docker
+    - name: quay-robot-calico+semaphoreci
+  prologue:
+    commands:
+      - checkout
+      # Semaphore mounts a copy-on-write FS as /var/lib/docker in order to provide a pre-loaded cache of
+      # some images. However, the cache is not useful to us and the copy-on-write FS is a big problem given
+      # how much we churn docker containers during the build.  Disable it.
+      - sudo systemctl stop docker
+      - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
+      - sudo systemctl start docker
+      # Free up space on the build machine.
+      - sudo rm -rf ~/{.kerl,.kiex,.npm,.nvm,.phpbrew,.rbenv,.sbt} /opt/{apache-maven*,firefox*,scala} /usr/lib/jvm /usr/local/{aws2,golang,phantomjs*}
+      # Semaphore is doing shallow clone on a commit without tags.
+      # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always)
+      - retry git fetch --unshallow
+      - echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin
+      - echo $QUAY_TOKEN | docker login --username "$QUAY_USER" --password-stdin quay.io
+      - export BRANCH_NAME=$SEMAPHORE_GIT_BRANCH
+
 blocks:
-  # Build and push images.
-  # We'll only do this on non-PR builds, where we have credentials to do so.
-  - name: "Publish cni-plugin images"
+  - name: Publish cni-plugin images
+    dependencies: []
+    skip:
+      when: "branch !~ '.+'"
+    task:
+      jobs:
+        - name: Linux multi-arch
+          commands:
+            - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C cni-plugin cd CONFIRM=true; fi
+        - name: Windows
+          commands:
+            - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C cni-plugin release-windows CONFIRM=true; fi
+  - name: Publish cni-plugin multi-arch manifests
+    dependencies:
+      - Publish cni-plugin images
     skip:
-      # Only run on branches, not PRs.
       when: "branch !~ '.+'"
     task:
-      prologue:
-        commands:
-        - checkout
-        # Semaphore mounts a copy-on-write FS as /var/lib/docker in order to provide a pre-loaded cache of
-        # some images. However, the cache is not useful to us and the copy-on-write FS is a big problem given
-        # how much we churn docker containers during the build.  Disable it.
-        - sudo systemctl stop docker
-        - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
-        - sudo systemctl start docker
-        # Free up space on the build machine.
-        - sudo rm -rf ~/.kiex ~/.phpbrew ~/.rbenv ~/.nvm ~/.kerl ~/.sbt ~/.npm /usr/lib/jvm /opt/firefox* /opt/apache-maven* /opt/scala /usr/local/golang
-        # Semaphore is doing shallow clone on a commit without tags.
-        # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always)
-        - retry git fetch --unshallow
-        - echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin
-        - echo $QUAY_TOKEN | docker login --username "$QUAY_USER" --password-stdin quay.io
-        - export BRANCH_NAME=$SEMAPHORE_GIT_BRANCH
-      secrets:
-      - name: quay-robot-calico+semaphoreci
-      - name: docker
       jobs:
-      - name: "linux"
-        env_vars:
-        - name: DEV_REGISTRIES
-          value: quay.io/calico docker.io/calico
-        commands:
-        - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C cni-plugin image-all cd CONFIRM=true; fi
-      - name: "windows"
-        env_vars:
-        - name: DEV_REGISTRIES
-          value: quay.io/calico docker.io/calico
-        commands:
-        - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C cni-plugin release-windows CONFIRM=true; fi
+        - name: Linux multi-arch manifests
+          commands:
+            - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make -C cni-plugin push-manifests-with-tag CONFIRM=true; fi