feat: update workflows after moving to buildx

Signed-off-by: Carlos Salas <carlos.salas@suse.com>

.github/workflows/nightly-chart-and-image-publish.yaml

@@ -32,9 +32,7 @@ jobs:
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
     - name: Build docker image
-      run: make docker-build-all TAG=${{ env.TAG }} ORG=${{ env.PROD_ORG }}
-    - name: Push docker image
-      run: make docker-push-all TAG=${{ env.TAG }} ORG=${{ env.PROD_ORG }}
+      run: make docker-build TAG=${{ env.TAG }} ORG=${{ env.PROD_ORG }}
 
   publish-helm-chart-ghcr:
     name: Publish Helm chart to GHCR

.github/workflows/nightly-test-release.yaml

@@ -39,7 +39,6 @@ jobs:
     strategy:
       matrix:
         destination: [ghcr]
-        arch: [amd64, arm64]
         include:
         - destination: ghcr
           registry: ghcr.io
@@ -53,43 +52,10 @@ jobs:
       username: ${{ matrix.username }}
       registry: ${{ matrix.registry }}
       tag: t9.9.9-fake
-      arch: ${{ matrix.arch }}
       image: ${{ matrix.image }}
       secret_registry: ${{ matrix.secret_registry }}
     secrets: inherit
 
-  multiarch:
-    name: Publish multiarch image
-    needs: [build-push-services]
-    runs-on: ubuntu-latest
-    permissions:
-      packages: write
-      contents: read
-    strategy:
-      matrix:
-        destination: [ghcr]
-        include:
-        - destination: ghcr
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: GITHUB_TOKEN
-          image: GHCR_IMAGE
-          secret_registry: false
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4.1.7
-        with:
-          ref: ${{ env.RELEASE_TAG }}
-          fetch-depth: 0
-      - name: Docker login
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ matrix.secret_registry && secrets[matrix.registry] || matrix.registry }}
-          username: ${{ matrix.secret_registry && secrets[matrix.username] || matrix.username }}
-          password: ${{ secrets[matrix.password] }}
-      - name: Publish multiarch
-        run: CONTROLLER_IMG=${{ vars[matrix.image] }} TAG=${{ env.RELEASE_TAG }} make docker-push-manifest-rancher-turtles
-
   release:
     name: Create helm release
     needs: [build-push-services]

.github/workflows/release-workflow.yml

@@ -25,17 +25,11 @@ on:
         description: Destination registry for image push
         required: true
 
-
       tag:
         type: string
         description: Tag for the built image
         required: true
 
-      arch:
-        type: string
-        description: Architecture for the image
-        required: true
-
       org:
         type: string
         description: Organization part of the image name
@@ -62,7 +56,6 @@ jobs:
         id: image
         uses: ./.github/workflows/release_build
         with:
-          arch: ${{ inputs.arch }}
           tag: ${{ inputs.tag }}
           org: ${{ inputs.org }}
           registry: ${{ inputs.secret_registry && secrets[inputs.registry] || inputs.registry }}
@@ -85,24 +78,10 @@ jobs:
       - name: Sign image with cosign
         uses: ./.github/workflows/release_sign
         with:
-          image: ${{ format('{0}-{1}', vars[inputs.image], inputs.arch) }}
+          image: ${{ vars[inputs.image] }}
           digest: ${{ needs.build.outputs.digest }}
           identity: https://github.com/${{ inputs.org }}/turtles/.github/workflows/release-workflow.yml@${{ github.ref }}
           oids-issuer: https://token.actions.githubusercontent.com
           registry: ${{ inputs.secret_registry && secrets[inputs.registry] || inputs.registry }}
           username: ${{ inputs.secret_registry && secrets[inputs.username] || inputs.username }}
           password: ${{ secrets[inputs.password] }}
-
-  provenance:
-    needs: [sign, build]
-    permissions:
-      actions: read
-      id-token: write
-      packages: write
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0
-    with:
-      digest: ${{ needs.build.outputs.digest }}
-      image: ${{ format('{0}-{1}', vars[inputs.image], inputs.arch) }}
-    secrets:
-      registry-username: ${{ inputs.secret_registry && secrets[inputs.username] || inputs.username }}
-      registry-password: ${{ secrets[inputs.password] }}

.github/workflows/release.yaml

@@ -17,7 +17,6 @@ jobs:
     strategy:
       matrix:
         destination: [ghcr, prod]
-        arch: [amd64, arm64]
         include:
         - destination: ghcr
           registry: ghcr.io
@@ -38,51 +37,13 @@ jobs:
       username: ${{ matrix.username }}
       registry: ${{ matrix.registry }}
       tag: ${{ github.ref_name }}
-      arch: ${{ matrix.arch }}
       image: ${{ matrix.image }}
       secret_registry: ${{ matrix.secret_registry }}
     secrets: inherit
 
-  multiarch:
-    name: Publish multiarch image
-    needs: [build-push-services]
-    runs-on: ubuntu-latest
-    permissions:
-      packages: write
-      contents: read
-    strategy:
-      matrix:
-        destination: [ghcr, prod]
-        include:
-        - destination: ghcr
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: GITHUB_TOKEN
-          image: GHCR_IMAGE
-          secret_registry: false
-        - destination: prod
-          registry: REGISTRY_ENDPOINT
-          username: REGISTRY_USERNAME
-          password: REGISTRY_PASSWORD
-          image: REGISTRY_IMAGE
-          secret_registry: true
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4.1.7
-        with:
-          fetch-depth: 0
-      - name: Docker login
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ matrix.secret_registry && secrets[matrix.registry] || matrix.registry }}
-          username: ${{ matrix.secret_registry && secrets[matrix.username] || matrix.username }}
-          password: ${{ secrets[matrix.password] }}
-      - name: Publish multiarch
-        run: CONTROLLER_IMG=${{ vars[matrix.image] }} TAG=${{ github.ref_name }} make docker-push-manifest-rancher-turtles
-
   release:
     name: Create helm release
-    needs: [multiarch]
+    needs: [build-push-services]
     runs-on: ubuntu-latest
     env:
       TAG: ${{ github.ref_name }}

.github/workflows/release_build/action.yaml

@@ -1,10 +1,6 @@
 name: "Build release"
 description: "Builds release image and pushes to the registry"
 inputs:
-  arch:
-    description: "Architecture of the built image"
-    required: true
-    type: string
   tag:
     description: "Image tag"
     type: string
@@ -47,12 +43,9 @@ runs:
         registry: ${{ inputs.registry }}
         username: ${{ inputs.username }}
         password: ${{ inputs.password }}
-    - name: Build docker image
-      shell: bash
-      run: make docker-build-${{ inputs.arch }} TAG=${{ inputs.tag }} REGISTRY=${{ inputs.registry }} ORG=${{ inputs.org }}
-    - name: Push docker image to registry
+    - name: Build & Push docker image
       shell: bash
-      run: make docker-push-${{ inputs.arch }} TAG=${{ inputs.tag }} REGISTRY=${{ inputs.registry }} ORG=${{ inputs.org }}
+      run: make docker-build TAG=${{ inputs.tag }} REGISTRY=${{ inputs.registry }} ORG=${{ inputs.org }}
     - name: Store image and digest
       shell: bash
       id: image_info

.github/workflows/test_chart.yaml

@@ -44,7 +44,7 @@ jobs:
           go-version: '=1.22.0'
 
       - name: Build docker image
-        run: make docker-build
+        run: make docker-build-local
 
       - name: Add CAPI operator chart repo
         run: helm repo add capi-operator https://kubernetes-sigs.github.io/cluster-api-operator

.github/workflows/trivy.yml

@@ -24,7 +24,7 @@ jobs:
         uses: actions/checkout@v4.1.7
       - name: Build an image
         run: |
-          TAG=${{ github.sha }} ARCH=amd64 make docker-build
+          TAG=${{ github.sha }} ARCH=amd64 make docker-build-local
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d
         with: