Bump libgit2 dependencies to debian bookworm
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
This commit is contained in:
parent
b91f49cdcf
commit
ab934579bb
|
@ -3,7 +3,7 @@ ARG GO_VERSION=1.17.5
|
|||
ARG XX_VERSION=1.1.0
|
||||
|
||||
ARG LIBGIT2_IMG=ghcr.io/fluxcd/golang-with-libgit2
|
||||
ARG LIBGIT2_TAG=libgit2-1.1.1-2
|
||||
ARG LIBGIT2_TAG=libgit2-1.1.1-3
|
||||
|
||||
FROM tonistiigi/xx:${XX_VERSION} AS xx
|
||||
FROM ${LIBGIT2_IMG}:${LIBGIT2_TAG} as libgit2
|
||||
|
|
35
Dockerfile
35
Dockerfile
|
@ -3,7 +3,7 @@ ARG GO_VERSION=1.17
|
|||
ARG XX_VERSION=1.1.0
|
||||
|
||||
ARG LIBGIT2_IMG=ghcr.io/fluxcd/golang-with-libgit2
|
||||
ARG LIBGIT2_TAG=libgit2-1.1.1-2
|
||||
ARG LIBGIT2_TAG=libgit2-1.1.1-3
|
||||
|
||||
FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
|
||||
FROM ${LIBGIT2_IMG}:${LIBGIT2_TAG} as libgit2
|
||||
|
@ -16,6 +16,15 @@ FROM go-${TARGETOS} AS build-base-bullseye
|
|||
|
||||
# Copy the build utilities
|
||||
COPY --from=xx / /
|
||||
|
||||
# Align golang base image with bookworm.
|
||||
# TODO: Replace this with a golang bookworm variant, once that is released.
|
||||
RUN echo "deb http://deb.debian.org/debian bookworm main" > /etc/apt/sources.list.d/bookworm.list \
|
||||
&& echo "deb-src http://deb.debian.org/debian bookworm main" /etc/apt/sources.list.d/bookworm.list \
|
||||
&& xx-apt update \
|
||||
&& xx-apt -t bookworm upgrade -y \
|
||||
&& xx-apt -t bookworm install -y curl
|
||||
|
||||
COPY --from=libgit2 /Makefile /libgit2/
|
||||
|
||||
# Install the libgit2 build dependencies
|
||||
|
@ -28,9 +37,6 @@ FROM build-base-${BASE_VARIANT} as libgit2-bullseye
|
|||
|
||||
ARG TARGETPLATFORM
|
||||
|
||||
# build libgit2 in release mode
|
||||
ARG BUILD_TYPE=Release
|
||||
|
||||
# First build libgit2 statically, this ensures that all its dependencies
|
||||
# will be statically available as well.
|
||||
ARG BUILD_SHARED_LIBS=OFF
|
||||
|
@ -39,6 +45,8 @@ RUN FLAGS=$(xx-clang --print-cmake-defines) make -C /libgit2 libgit2
|
|||
# Rebuild libgit2 this time to generate the shared libraries.
|
||||
ARG BUILD_SHARED_LIBS=ON
|
||||
RUN FLAGS=$(xx-clang --print-cmake-defines) make -C /libgit2 libgit2
|
||||
# Logs glibc version used at built time. The final image must be compatible with it.
|
||||
RUN ldd --version ldd > /libgit2/built-on-glibc-version
|
||||
|
||||
|
||||
FROM libgit2-${BASE_VARIANT} as build
|
||||
|
@ -70,20 +78,25 @@ ARG TARGETPLATFORM
|
|||
# Others (such as libc, librt, libdl and libpthread) are resolved at run-time.
|
||||
# To decrease the likelihood of such dependencies being out of sync, the base build image
|
||||
# should be aligned with the target (i.e. same debian variant).
|
||||
RUN xx-go build \
|
||||
-ldflags "-s -w -extldflags \"/usr/lib/$(xx-info triple)/libssh2.a /usr/lib/$(xx-info triple)/libssl.a /usr/lib/$(xx-info triple)/libcrypto.a /usr/lib/$(xx-info triple)/libz.a -Wl,--unresolved-symbols=ignore-in-object-files -Wl,-allow-shlib-undefined -static\"" \
|
||||
-tags 'netgo,osusergo,static_build' -o source-controller -trimpath main.go;
|
||||
RUN FLAGS=$(pkg-config --static --libs --cflags libssh2 libgit2 libssl libcrypto zlib openssl) \
|
||||
xx-go build \
|
||||
-ldflags "-s -w -extldflags \"/usr/lib/$(xx-info triple)/libssh2.a /usr/lib/$(xx-info triple)/libssl.a /usr/lib/$(xx-info triple)/libcrypto.a /usr/lib/$(xx-info triple)/libz.a -Wl,--unresolved-symbols=ignore-in-object-files -Wl,-allow-shlib-undefined ${FLAGS} -static\"" \
|
||||
-tags 'netgo,osusergo,static_build' \
|
||||
-o source-controller -trimpath main.go;
|
||||
|
||||
# Cannot use distroless/static due to lingering dependencies on libnss.
|
||||
FROM gcr.io/distroless/base-debian11 as controller
|
||||
# The target image must aligned with apt sources used for libgit2.
|
||||
FROM debian:bookworm-slim as controller
|
||||
|
||||
# Link repo to the GitHub Container Registry image
|
||||
LABEL org.opencontainers.image.source="https://github.com/fluxcd/source-controller"
|
||||
|
||||
ARG TARGETPLATFORM
|
||||
RUN apt update && apt install -y ca-certificates
|
||||
|
||||
# Copy over binary from build
|
||||
COPY --from=build /workspace/source-controller /usr/local/bin/
|
||||
COPY --from=libgit2-bullseye /libgit2/built-on-glibc-version /
|
||||
COPY ATTRIBUTIONS.md /
|
||||
|
||||
# leverages nonroot available in gcr.io/distroless/base-debian11
|
||||
USER nonroot
|
||||
USER 65534:65534
|
||||
ENTRYPOINT [ "source-controller" ]
|
||||
|
|
2
Makefile
2
Makefile
|
@ -4,7 +4,7 @@ TAG ?= latest
|
|||
|
||||
# Base image used to build the Go binary
|
||||
LIBGIT2_IMG ?= ghcr.io/fluxcd/golang-with-libgit2
|
||||
LIBGIT2_TAG ?= libgit2-1.1.1-2
|
||||
LIBGIT2_TAG ?= libgit2-1.1.1-3
|
||||
|
||||
# Allows for defining additional Docker buildx arguments,
|
||||
# e.g. '--push'.
|
||||
|
|
|
@ -54,7 +54,10 @@ function cleanup(){
|
|||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
# Wait for nodes to be ready and pods to be running
|
||||
kubectl wait node "${KIND_CLUSTER_NAME}-control-plane" --for=condition=ready --timeout=2m
|
||||
kubectl wait --for=condition=ready -n kube-system -l k8s-app=kube-dns pod
|
||||
kubectl wait --for=condition=ready -n local-path-storage -l app=local-path-provisioner pod
|
||||
|
||||
echo "Build, load image into kind and deploy controller"
|
||||
make docker-build IMG="${IMG}" TAG="${TAG}" BUILD_PLATFORMS="${BUILD_PLATFORM}" BUILD_ARGS=--load
|
||||
|
|
|
@ -19,7 +19,7 @@ https://github.com/libssh2/libssh2/
|
|||
|
||||
No changes were made to its original source code.
|
||||
|
||||
Copyright notice (https://raw.githubusercontent.com/libssh2/libssh2/main/COPYING):
|
||||
Copyright notice (https://raw.githubusercontent.com/libssh2/libssh2/master/COPYING):
|
||||
|
||||
$(curl --max-time 5 -L https://raw.githubusercontent.com/libssh2/libssh2/master/COPYING)
|
||||
|
||||
|
|
Loading…
Reference in New Issue