[BUILD] Enable multi-arch builds

Dockerfile

@@ -1,12 +1,15 @@
 FROM python:3.12.3-alpine3.18 AS compile-image
-ARG TERRAFORM_VERSION="0.12.6"
+ARG TARGETARCH
+ARG TARGETPLATFORM
+ARG TERRAFORM_VERSION="0.12.31"
 ARG AZURE_CLI_VERSION="2.0.67"
 
 ENV BOTO_CONFIG=/dev/null
 COPY . /sources/
 WORKDIR /sources
 
-RUN wget -q -O terraform.zip https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip \
+# Install terraform (needed for tests in compile stage)
+RUN wget -q -O terraform.zip https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${TARGETARCH}.zip \
     && unzip terraform.zip -d /usr/local/bin \
     && rm -rf terraform.zip
 RUN apk add --virtual=build bash gcc libffi-dev musl-dev openssl-dev make git
@@ -17,19 +20,21 @@ RUN pip --no-cache-dir install virtualenv \
     && python -m pip install --upgrade pip \
     && env CRYPTOGRAPHY_DONT_BUILD_RUST=1 pip install azure-cli==${AZURE_CLI_VERSION} \
     && deactivate
-RUN bash build_scripts/freeze_requirements.sh
+RUN bash build_scripts/freeze_requirements.sh  
 RUN bash build_scripts/run_tests.sh
 RUN bash build_scripts/build_package.sh
 RUN apk del --purge build
 
 
 FROM python:3.12.3-alpine3.18
-ARG TERRAFORM_VERSION="0.12.6"
+ARG TARGETARCH
+ARG TARGETPLATFORM
+ARG TERRAFORM_VERSION="0.12.31"
 ARG VAULT_VERSION="1.1.3"
 ARG KUBECTL_VERSION="v1.17.0"
 ARG AWS_IAM_AUTHENTICATOR_VERSION="1.13.7/2019-06-11"
-ARG HELM_VERSION="v3.6.3"
-ARG HELM_FILE_VERSION="v0.81.3"
+ARG HELM_VERSION="v3.16.3"
+ARG HELM_FILE_VERSION="1.1.8"
 ARG HELM_DIFF_VERSION="2.11.0%2B5"
 
 
@@ -45,22 +50,26 @@ RUN adduser ops -Du 2342 -h /home/ops \
     && rm -rf /dist \
     # Dry-run
     && ops --verbose -h \
-    && apk del --purge build \
-    && wget -q https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl -O /usr/local/bin/kubectl \
-    && chmod +x /usr/local/bin/kubectl \
-    && wget -q https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz -O - | tar -xzO linux-amd64/helm > /usr/local/bin/helm \
-    && chmod +x /usr/local/bin/helm \
-    && wget -q -O terraform.zip https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip \
+    && apk del --purge build
+
+RUN wget -q https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl -O /usr/local/bin/kubectl \
+    && chmod +x /usr/local/bin/kubectl
+
+RUN wget -q https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz -O - | tar -xzO linux-${TARGETARCH}/helm > /usr/local/bin/helm \
+    && chmod +x /usr/local/bin/helm
+
+RUN wget -q -O terraform.zip https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${TARGETARCH}.zip \
     && unzip terraform.zip -d /usr/local/bin \
-    && rm -rf terraform.zip \
-    && mkdir -p  ~/.terraform.d/plugins && wget -q -O ~/.terraform.d/plugins/terraform-provider-vault https://github.com/amuraru/terraform-provider-vault/releases/download/vault-namespaces/terraform-provider-vault \
-    && chmod 0755 ~/.terraform.d/plugins/terraform-provider-vault \
-    && wget -q -O vault.zip https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip \
+    && rm -rf terraform.zip
+
+RUN wget -q -O vault.zip https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_${TARGETARCH}.zip \
     && unzip vault.zip -d /usr/local/bin \
-    && rm -rf vault.zip \
-    && wget -q https://amazon-eks.s3-us-west-2.amazonaws.com/${AWS_IAM_AUTHENTICATOR_VERSION}/bin/linux/amd64/aws-iam-authenticator -O /usr/local/bin/aws-iam-authenticator \
-    && chmod +x /usr/local/bin/aws-iam-authenticator \
-    && wget -q https://github.com/roboll/helmfile/releases/download/${HELM_FILE_VERSION}/helmfile_linux_amd64 -O /usr/local/bin/helmfile \
+    && rm -rf vault.zip
+
+RUN wget -q https://amazon-eks.s3-us-west-2.amazonaws.com/${AWS_IAM_AUTHENTICATOR_VERSION}/bin/linux/${TARGETARCH}/aws-iam-authenticator -O /usr/local/bin/aws-iam-authenticator \
+    && chmod +x /usr/local/bin/aws-iam-authenticator
+
+RUN wget -q https://github.com/helmfile/helmfile/releases/download/v${HELM_FILE_VERSION}/helmfile_${HELM_FILE_VERSION}_linux_${TARGETARCH}.tar.gz -O - | tar -xzO helmfile > /usr/local/bin/helmfile \
     && chmod +x /usr/local/bin/helmfile
 
 # install utils under `ops` user
@@ -69,9 +78,9 @@ ENV HOME=/home/ops
 WORKDIR /home/ops
 
 USER root
-RUN helm plugin install https://github.com/databus23/helm-diff
+RUN helm plugin install https://github.com/databus23/helm-diff --version v3.9.11
 RUN helm plugin install https://github.com/jkroepke/helm-secrets --version v3.8.2
-RUN helm plugin install https://github.com/rimusz/helm-tiller
+RUN helm plugin install https://github.com/rimusz/helm-tiller  # Obsolete in Helm 3
 
 
 COPY --from=compile-image /azure-cli /home/ops/.local/azure-cli

build_multiarch.sh

@@ -0,0 +1,71 @@
+#!/bin/bash
+set -e
+
+# Multiarch Docker Build Script
+# This script builds the ops-cli Docker image for multiple architectures
+
+IMAGE_NAME="${IMAGE_NAME:-ghcr.io/adobe/ops-cli}"
+IMAGE_TAG="${IMAGE_TAG:-latest}"
+PLATFORMS="${PLATFORMS:-linux/amd64,linux/arm64}"
+PUSH="${PUSH:-false}"
+
+echo "Building multiarch Docker image..."
+echo "Image: ${IMAGE_NAME}:${IMAGE_TAG}"
+echo "Platforms: ${PLATFORMS}"
+echo "Push to registry: ${PUSH}"
+
+# Login to GitHub Container Registry if pushing
+if [ "$PUSH" = "true" ]; then
+    if [ -z "$GITHUB_USERNAME" ] || [ -z "$GITHUB_TOKEN" ]; then
+        echo "Error: GITHUB_USERNAME and GITHUB_TOKEN environment variables must be set when PUSH=true"
+        exit 1
+    fi
+
+    echo "Logging in to ghcr.io..."
+    echo "$GITHUB_TOKEN" | docker login ghcr.io -u "$GITHUB_USERNAME" --password-stdin
+
+    if [ $? -ne 0 ]; then
+        echo "Error: Failed to login to GitHub Container Registry"
+        exit 1
+    fi
+    echo "Successfully logged in to ghcr.io"
+fi
+
+# Build the image
+BUILD_ARGS=""
+if [ "$PUSH" = "true" ]; then
+    BUILD_ARGS="--push"
+else
+    BUILD_ARGS="--load"
+fi
+
+# Note: --load only works for single platform builds
+# For multiplatform builds without pushing, use --output type=docker
+if [ "$PUSH" = "false" ] && [[ "$PLATFORMS" == *","* ]]; then
+    echo "Warning: Cannot use --load with multiple platforms."
+    echo "Building without --load (image will not be loaded to local docker)."
+    echo "To load to local docker, specify a single platform or use --push to push to registry."
+    BUILD_ARGS=""
+fi
+
+docker buildx build \
+    --platform ${PLATFORMS} \
+    --tag ${IMAGE_NAME}:${IMAGE_TAG} \
+    ${BUILD_ARGS} \
+    --file Dockerfile \
+    .
+
+echo "Build complete!"
+
+if [ "$PUSH" = "true" ]; then
+    echo "Image pushed to registry as ${IMAGE_NAME}:${IMAGE_TAG}"
+else
+    if [[ "$PLATFORMS" == *","* ]]; then
+        echo "Note: Multi-platform images were built but not loaded to local docker."
+        echo "To use them, either:"
+        echo "  1. Push to a registry: PUSH=true ./build_multiarch.sh"
+        echo "  2. Build for single platform: PLATFORMS=linux/amd64 ./build_multiarch.sh"
+    else
+        echo "Image loaded to local docker as ${IMAGE_NAME}:${IMAGE_TAG}"
+    fi
+fi

requirements.txt

@@ -14,6 +14,6 @@ hvac==1.2.1
 passgen
 inflection==0.5.1
 kubernetes==33.1.0
-himl==0.16.4
+himl==0.18.0
 six
 GitPython==3.1.*