From 307734b38c68df94b055d18a8eb77d3e28a5bc17 Mon Sep 17 00:00:00 2001
From: Koenraad Verheyden <koenraad.verheyden@grafana.com>
Date: Fri, 8 Oct 2021 14:58:08 +0200
Subject: [PATCH 1/2] Build multiarch protobuf Docker images

---
 .github/workflows/protobuf-dockerimage.yml | 42 +++++++++++++++-------
 protobuf/Dockerfile                        | 12 ++++---
 2 files changed, 36 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/protobuf-dockerimage.yml b/.github/workflows/protobuf-dockerimage.yml
index eeb729b6..98885887 100644
--- a/.github/workflows/protobuf-dockerimage.yml
+++ b/.github/workflows/protobuf-dockerimage.yml
@@ -14,21 +14,37 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v1
-    - name: Build the Docker image
-      run: docker build protobuf/. -t build-protobuf
-    - name: Push the Docker image
-      if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')
+    - uses: actions/checkout@v2
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v1
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v1
+
+    - name: Login to DockerHub
+      uses: docker/login-action@v1
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_TOKEN }}
+
+    - name: Determine tag
       run: |
-        echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
-        function tag_and_push {
-          docker tag build-protobuf "otel/build-protobuf:${1}" && docker push "otel/build-protobuf:${1}"
+        function set_tag {
+          echo "DOCKER_TAG=${1}" >> $GITHUB_ENV
         }
         if [[ "${GITHUB_REF}" == "refs/heads/main" ]]; then
-          tag_and_push "latest"
+          set_tag "latest"
         elif [[ "${GITHUB_REF}" =~ refs/tags/v[0-9]+\.[0-9]+\.[0-9]+ ]]; then
-            TAG="${GITHUB_REF#"refs/tags/v"}"
-            tag_and_push "${TAG}"
+          set_tag "${GITHUB_REF#"refs/tags/v"}"
         else
-          tag_and_push "${GITHUB_REF#"refs/tags/"}"
-        fi
\ No newline at end of file
+          set_tag "${GITHUB_REF#"refs/tags/"}"
+        fi
+
+    - name: Build and push the Docker image
+      uses: docker/build-push-action@v2
+      with:
+        builder: ${{ steps.buildx.outputs.name }}
+        context: ./protobuf/
+        platforms: linux/amd64,linux/arm64
+        push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }}
+        tags: otel/build-protobuf:${{ env.DOCKER_TAG }}
diff --git a/protobuf/Dockerfile b/protobuf/Dockerfile
index 014d5ea3..c3dcea26 100644
--- a/protobuf/Dockerfile
+++ b/protobuf/Dockerfile
@@ -10,7 +10,7 @@ ARG PROTOC_GEN_GO_GRPC_VERSION=1.36.0
 ARG GRPC_JAVA_VERSION=1.36.0
 # v1.3.2, using the version directly does not work: "tar: invalid magic"
 ARG PROTOC_GEN_GOGO_VERSION=b03c65ea87cdc3521ede29f62fe3ce239267c1bc
-ARG PROTOC_GEN_LINT_VERSION=0.2.1
+ARG PROTOC_GEN_LINT_VERSION=0.2.4
 ARG GRPC_GATEWAY_VERSION=1.16.0
 ARG UPX_VERSION=3.96
 
@@ -102,12 +102,13 @@ RUN mkdir -p ${GOPATH}/src/github.com/gogo/protobuf && \
     install -D ./gogoproto/gogo.proto /out/usr/include/github.com/gogo/protobuf/gogoproto/gogo.proto
 
 ARG PROTOC_GEN_LINT_VERSION
+ARG TARGETARCH
 RUN cd / && \
-    curl -sSLO https://github.com/ckaznocha/protoc-gen-lint/releases/download/v${PROTOC_GEN_LINT_VERSION}/protoc-gen-lint_linux_amd64.zip && \
+    curl -sSLO https://github.com/ckaznocha/protoc-gen-lint/releases/download/v${PROTOC_GEN_LINT_VERSION}/protoc-gen-lint_linux_${TARGETARCH}.zip && \
     mkdir -p /protoc-gen-lint-out && \
     cd /protoc-gen-lint-out && \
-    unzip -q /protoc-gen-lint_linux_amd64.zip && \
-    install -Ds /protoc-gen-lint-out/protoc-gen-lint /out/usr/bin/protoc-gen-lint
+    unzip -q /protoc-gen-lint_linux_${TARGETARCH}.zip && \
+    install -D /protoc-gen-lint-out/protoc-gen-lint /out/usr/bin/protoc-gen-lint
 
 ARG GRPC_GATEWAY_VERSION
 RUN mkdir -p ${GOPATH}/src/github.com/grpc-ecosystem/grpc-gateway && \
@@ -129,7 +130,8 @@ FROM alpine:${ALPINE_VERSION} as packer
 RUN apk add --no-cache curl
 
 ARG UPX_VERSION
-RUN mkdir -p /upx && curl -sSL https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${UPX_VERSION}-amd64_linux.tar.xz | tar xJ --strip 1 -C /upx && \
+ARG TARGETARCH
+RUN mkdir -p /upx && curl -sSL https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${UPX_VERSION}-${TARGETARCH}_linux.tar.xz | tar xJ --strip 1 -C /upx && \
     install -D /upx/upx /usr/local/bin/upx
 
 # Use all output including headers and protoc from protoc_builder

From 89c92f829227a76a48fc6dde23728fe74991b7f4 Mon Sep 17 00:00:00 2001
From: Koenraad Verheyden <koenraad.verheyden@grafana.com>
Date: Mon, 11 Oct 2021 20:17:03 +0200
Subject: [PATCH 2/2] Use secrets.DOCKER_PASSWORD

---
 .github/workflows/protobuf-dockerimage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/protobuf-dockerimage.yml b/.github/workflows/protobuf-dockerimage.yml
index 98885887..ff1cea70 100644
--- a/.github/workflows/protobuf-dockerimage.yml
+++ b/.github/workflows/protobuf-dockerimage.yml
@@ -25,7 +25,7 @@ jobs:
       uses: docker/login-action@v1
       with:
         username: ${{ secrets.DOCKER_USERNAME }}
-        password: ${{ secrets.DOCKER_TOKEN }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
 
     - name: Determine tag
       run: |