forked from projectcalico/go-build
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
208 lines (174 loc) · 8.13 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
ARG TARGETARCH=${TARGETARCH}
FROM calico/bpftool:v5.3-${TARGETARCH} as bpftool
FROM --platform=amd64 calico/qemu-user-static:latest as qemu
FROM registry.access.redhat.com/ubi8/ubi:latest as ubi
ARG TARGETARCH
ARG GOLANG_VERSION=1.22.2
ARG GOLANG_SHA256_AMD64=5901c52b7a78002aeff14a21f93e0f064f74ce1360fce51c6ee68cd471216a17
ARG GOLANG_SHA256_ARM64=36e720b2d564980c162a48c7e97da2e407dfcc4239e1e58d98082dfa2486a0c1
ARG GOLANG_SHA256_PPC64LE=251a8886c5113be6490bdbb955ddee98763b49c9b1bf4c8364c02d3b482dab00
ARG GOLANG_SHA256_S390X=2b39019481c28c560d65e9811a478ae10e3ef765e0f59af362031d386a71bfef
ARG CONTAINERREGISTRY_VERSION=v0.19.1
ARG GO_LINT_VERSION=v1.57.2
ARG K8S_VERSION=v1.28.7
ARG K8S_LIBS_VERSION=v0.28.7
ARG MOCKERY_VERSION=2.42.2
ARG CALICO_CONTROLLER_TOOLS_VERSION=calico-0.1
ENV PATH=/usr/local/go/bin:$PATH
# Enable non-native runs on amd64 architecture hosts
# Supported qemu-user-static arch files are copied in Makefile `download-qemu` target
COPY --from=qemu /usr/bin/qemu-*-static /usr/bin
# Install system dependencies
RUN dnf upgrade -y && dnf install -y \
autoconf \
automake \
clang \
gcc \
gcc-c++ \
git \
iputils \
jq \
libcurl-devel \
libpcap-devel \
libtool \
llvm \
make \
openssh-clients \
pcre-devel \
pkg-config \
wget \
xz \
zip
# Install system dependencies that are not in UBI repos
COPY rockylinux/Rocky*.repo /etc/yum.repos.d/
RUN set -eux; \
if [ "${TARGETARCH}" = "amd64" ] || [ "${TARGETARCH}" = "arm64" ]; then \
dnf --enablerepo=baseos,powertools install -y \
elfutils-libelf-devel \
iproute-devel \
iproute-tc \
libbpf-devel; \
fi
RUN set -eux; \
if [ "${TARGETARCH}" = "amd64" ]; then \
dnf --enablerepo=powertools install -y \
mingw64-gcc; \
fi
RUN dnf clean all
# Install Go official release
RUN set -eux; \
url=; \
case "${TARGETARCH}" in \
'amd64') \
url="https://dl.google.com/go/go${GOLANG_VERSION}.linux-amd64.tar.gz"; \
sha256="${GOLANG_SHA256_AMD64}"; \
;; \
'arm64') \
url="https://dl.google.com/go/go${GOLANG_VERSION}.linux-arm64.tar.gz"; \
sha256="${GOLANG_SHA256_ARM64}"; \
;; \
'ppc64le') \
url="https://dl.google.com/go/go${GOLANG_VERSION}.linux-ppc64le.tar.gz"; \
sha256="${GOLANG_SHA256_PPC64LE}"; \
;; \
's390x') \
url="https://dl.google.com/go/go${GOLANG_VERSION}.linux-s390x.tar.gz"; \
sha256="${GOLANG_SHA256_S390X}"; \
;; \
*) echo >&2 "error: unsupported architecture '${TARGETARCH}'"; exit 1 ;; \
esac; \
\
wget -O go.tgz.asc "$url.asc"; \
wget -O go.tgz "$url" --progress=dot:giga; \
echo "$sha256 *go.tgz" | sha256sum -c -; \
\
# https://github.com/golang/go/issues/14739#issuecomment-324767697
GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \
# https://www.google.com/linuxrepositories/
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 'EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796'; \
# let's also fetch the specific subkey of that key explicitly that we expect "go.tgz.asc" to be signed by, just to make sure we definitely have it
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys '2F52 8D36 D67B 69ED F998 D857 78BD 6547 3CB3 BD13'; \
gpg --batch --verify go.tgz.asc go.tgz; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME" go.tgz.asc; \
\
tar -C /usr/local -xzf go.tgz; \
rm -f go.tgz*; \
\
go version
# don't auto-upgrade the gotoolchain
# https://github.com/docker-library/golang/issues/472
ENV GOTOOLCHAIN=local
ENV GOPATH=/go
ENV PATH=$GOPATH/bin:$PATH
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
# su-exec is used by the entrypoint script to execute the user's command with the right UID/GID.
RUN set -eux; \
curl -sfL https://raw.githubusercontent.com/ncopa/su-exec/master/su-exec.c -o /tmp/su-exec.c; \
gcc -Wall -O2 /tmp/su-exec.c -o /usr/bin/su-exec; \
rm -f /tmp/su-exec.c
# Install Go utilities
# controller-gen is used for generating CRD files.
# Download a version of controller-gen that has been updated to support additional types (e.g., float).
# We can remove this once we update the Calico v3 APIs to use only types which are supported by the upstream controller-gen
# tooling. Example: float, all the types in the numorstring package, etc.
RUN set -eux; \
if [ "${TARGETARCH}" = "amd64" ]; then \
curl -sfL https://github.com/projectcalico/controller-tools/releases/download/${CALICO_CONTROLLER_TOOLS_VERSION}/controller-gen -o /usr/local/bin/controller-gen && chmod +x /usr/local/bin/controller-gen; \
fi
# crane is needed for our release targets to copy images from the dev registries to the release registries.
RUN set -eux; \
if [ "${TARGETARCH}" = "amd64" ]; then \
curl -sfL https://github.com/google/go-containerregistry/releases/download/${CONTAINERREGISTRY_VERSION}/go-containerregistry_Linux_x86_64.tar.gz | tar xz -C /usr/local/bin crane; \
fi
RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b /usr/local/bin $GO_LINT_VERSION
# Install necessary Kubernetes binaries used in tests.
RUN curl -sfL https://dl.k8s.io/${K8S_VERSION}/bin/linux/${TARGETARCH}/kube-apiserver -o /usr/local/bin/kube-apiserver && chmod +x /usr/local/bin/kube-apiserver && \
curl -sfL https://dl.k8s.io/release/${K8S_VERSION}/bin/linux/${TARGETARCH}/kubectl -o /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl && \
curl -sfL https://dl.k8s.io/${K8S_VERSION}/bin/linux/${TARGETARCH}/kube-controller-manager -o /usr/local/bin/kube-controller-manager && chmod +x /usr/local/bin/kube-controller-manager
RUN set -eux; \
case "${TARGETARCH}" in \
'amd64') \
curl -sfL https://github.com/vektra/mockery/releases/download/v${MOCKERY_VERSION}/mockery_${MOCKERY_VERSION}_Linux_x86_64.tar.gz | tar xz -C /usr/local/bin --extract mockery; \
;; \
'arm64') \
curl -sfL https://github.com/vektra/mockery/releases/download/v${MOCKERY_VERSION}/mockery_${MOCKERY_VERSION}_Linux_arm64.tar.gz | tar xz -C /usr/local/bin --extract mockery; \
;; \
*) echo >&2 "warning: unsupported architecture '${TARGETARCH}'" ;; \
esac
# Install go programs that we rely on
# Install ginkgo v2 as ginkgo2 and keep ginkgo v1 as ginkgo
RUN go install github.com/onsi/ginkgo/v2/[email protected] && mv /go/bin/ginkgo /go/bin/ginkgo2 && \
go install github.com/onsi/ginkgo/[email protected] && \
go install github.com/jstemmer/[email protected] && \
go install github.com/mikefarah/yq/[email protected] && \
go install github.com/pmezard/[email protected] && \
go install github.com/swaggo/swag/cmd/[email protected] && \
go install github.com/wadey/[email protected] && \
go install golang.org/x/tools/cmd/[email protected] && \
go install golang.org/x/tools/cmd/[email protected] && \
go install gotest.tools/[email protected] && \
go install k8s.io/code-generator/cmd/client-gen@${K8S_LIBS_VERSION} && \
go install k8s.io/code-generator/cmd/conversion-gen@${K8S_LIBS_VERSION} && \
go install k8s.io/code-generator/cmd/deepcopy-gen@${K8S_LIBS_VERSION} && \
go install k8s.io/code-generator/cmd/defaulter-gen@${K8S_LIBS_VERSION} && \
go install k8s.io/code-generator/cmd/informer-gen@${K8S_LIBS_VERSION} && \
go install k8s.io/code-generator/cmd/lister-gen@${K8S_LIBS_VERSION} && \
go install k8s.io/code-generator/cmd/openapi-gen@${K8S_LIBS_VERSION} && \
go clean -modcache && go clean -cache
# Ensure that everything under the GOPATH is writable by everyone
RUN chmod -R 777 $GOPATH
# Do not create mail box.
RUN sed -i 's/^CREATE_MAIL_SPOOL=yes/CREATE_MAIL_SPOOL=no/' /etc/default/useradd
# Allow validated remote servers
COPY ssh_known_hosts /etc/ssh/ssh_known_hosts
# Add bpftool for Felix UT/FV.
COPY --from=bpftool /bpftool /usr/bin
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
# Squash into a single layer
FROM scratch
ENV GOPATH=/go
ENV GOTOOLCHAIN=local
ENV PATH=$GOPATH/bin:/usr/local/go/bin:$PATH
COPY --from=ubi / /
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]