CLOUDP-339241 - re-enable multi arch smoke tests

[MaciejKaras]

Summary

Key changes include:

• Added support for IBM Power and IBM Z architectures with podman builder configuration
• Updated repository URLs from quay.io/mongodb/mongodb-kubernetes-tests to 268558157000.dkr.ecr.us-east-1.amazonaws.com/staging/mongodb-kubernetes-tests for release scenarios. This will prevent meko-test image to be available also for our customers
• Enhanced build pipeline to support both Docker and Podman builders for different architectures

Proof of Work

Staging job is successful -> https://spruce.mongodb.com/version/69033a1e9701b900075d742f (ignore ibm z which is disabled in updated code)

Release job is successful -> https://spruce.mongodb.com/version/69036de79701b900075df4de (ignore GKE code snippets tasks, they need different fix. create_chart_release_pr will fail due to missing tag)

We are not ready yet to enable smoke tests for IBM Z, because our evergreen machines are unstable -> https://jira.mongodb.org/browse/DEVPROD-23283

Checklist

• Have you linked a jira ticket and/or is the ticket in the title?
• Have you checked whether your jira ticket required DOCSP changes?
• Have you added changelog file?
  • use skip-changelog label if not needed
  • refer to Changelog files and Release Notes section in CONTRIBUTING.md for more details

[github-actions]

⚠️ (this preview might not be accurate if the PR is not rebased on current master branch)

MCK 1.6.0 Release Notes

New Features

• MongoDBCommunity: Added support to configure custom cluster domain via newly introduced spec.clusterDomain resource field. If spec.clusterDomain is not set, environment variable CLUSTER_DOMAIN is used as cluster domain. If the environment variable CLUSTER_DOMAIN is also not set, operator falls back to cluster.local as default cluster domain.
• Helm Chart: Introduced two new helm fields operator.podSecurityContext and operator.securityContext that can be used to configure securityContext for Operator deployment through Helm Chart.

Bug Fixes

• Fixed parsing of the customEnvVars Helm value when values contain = characters.
• ReplicaSet: Blocked disabling TLS and changing member count simultaneously. These operations must now be applied separately to prevent configuration inconsistencies.

Other Changes

• kubectl-mongodb plugin: cosign, the signing tool that is used to sign kubectl-mongodb plugin binaries, has been updated to version 3.0.2. With this change, released binaries will be bundled with .bundle files containing both signature and certificate information. For more information on how to verify signatures using new cosign version please refer to -> https://github.com/sigstore/cosign/blob/v3.0.2/doc/cosign_verify-blob.md

[Copilot]

Pull Request Overview

This PR re-enables multi-architecture (IBM Z and IBM Power) smoke tests for release builds by migrating the meko-test image from the public Quay.io registry to a staging ECR repository. This prevents test images from being publicly available to customers during release processes.

Key changes include:

• Added support for IBM Power and IBM Z architectures with podman builder configuration
• Updated repository URLs from quay.io/mongodb/mongodb-kubernetes-tests to 268558157000.dkr.ecr.us-east-1.amazonaws.com/staging/mongodb-kubernetes-tests for release scenarios
• Enhanced build pipeline to support both Docker and Podman builders for different architectures

Reviewed Changes

Copilot reviewed 22 out of 22 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
scripts/release/tests/build_info_test.py	Updates test configurations to include IBM Power and Z architectures with staging ECR repositories
scripts/release/pipeline.py	Adds new image constants and builder support, updates argument parsing for skip-if-exists flag
scripts/release/build/build_info.py	Adds builder constants and integrates builder field into ImageInfo configuration
scripts/release/atomic_pipeline.py	Implements podman build support alongside existing Docker functionality
build_info.json	Defines multi-arch image configurations with staging repositories for release scenarios
.evergreen.yml	Updates build variants and tasks to support separate IBM Power and Z builds
.evergreen-release.yml	Creates dedicated release variants for multi-arch smoke testing

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[lucian-tosa]

This logic seems better suited for execute_docker_build

[MaciejKaras]

Probably not execute_docker_build because it's using docker ;) but I agree this can be encapsulated in separate method with similar signature as execute_docker_build. Or you meant something else?

[lucian-tosa]

Looks like the platform flag is not used (except for the tag). I know it is implied by the machine it runs on, but for clarity we should set it here

[MaciejKaras]

I don't see the platform flag being used before:

sudo podman buildx build --progress plain . -f Dockerfile -t "${REGISTRY}/mongodb-kubernetes-tests:${OPERATOR_VERSION}-$(arch)" --build-arg PYTHON_VERSION="${PYTHON_VERSION}"

[lucian-tosa]

it's a private test image, why?

[MaciejKaras]

well it's not a big deal, but we are using this test image to verify that our released images are passing smoke tests. In theory somebody from outside could interfere with test image build process and acquire stored credentials for quay.io for instance

[lucian-tosa]

Shouldn't this logic be in evg-private-context? We will never use quay for test image, so I think this can be simplified

[MaciejKaras]

yeah, this can be also in evg-private-context. In the future evg-private-context should read repository settings from build_info.json instead of having them hardcoded. If you have nothing against this I would rather target this in separate PR and use build_info.json properly.

[anandsyncs]

nit: It would be better to use constants for the repetitive dev and staging repos.

[anandsyncs]

LGTM, there is one nit and another issue the Lucian already mentioned:
https://github.com/mongodb/mongodb-kubernetes/pull/539/files#r2490868628