Bump libgit2 dependencies to debian bookworm

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
This commit is contained in:
Paulo Gomes 2022-01-12 11:55:01 +00:00
parent b91f49cdcf
commit ab934579bb
No known key found for this signature in database
GPG Key ID: 9995233870E99BEE
5 changed files with 30 additions and 14 deletions

View File

@ -3,7 +3,7 @@ ARG GO_VERSION=1.17.5
ARG XX_VERSION=1.1.0
ARG LIBGIT2_IMG=ghcr.io/fluxcd/golang-with-libgit2
ARG LIBGIT2_TAG=libgit2-1.1.1-2
ARG LIBGIT2_TAG=libgit2-1.1.1-3
FROM tonistiigi/xx:${XX_VERSION} AS xx
FROM ${LIBGIT2_IMG}:${LIBGIT2_TAG} as libgit2

View File

@ -3,7 +3,7 @@ ARG GO_VERSION=1.17
ARG XX_VERSION=1.1.0
ARG LIBGIT2_IMG=ghcr.io/fluxcd/golang-with-libgit2
ARG LIBGIT2_TAG=libgit2-1.1.1-2
ARG LIBGIT2_TAG=libgit2-1.1.1-3
FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
FROM ${LIBGIT2_IMG}:${LIBGIT2_TAG} as libgit2
@ -16,6 +16,15 @@ FROM go-${TARGETOS} AS build-base-bullseye
# Copy the build utilities
COPY --from=xx / /
# Align golang base image with bookworm.
# TODO: Replace this with a golang bookworm variant, once that is released.
RUN echo "deb http://deb.debian.org/debian bookworm main" > /etc/apt/sources.list.d/bookworm.list \
&& echo "deb-src http://deb.debian.org/debian bookworm main" /etc/apt/sources.list.d/bookworm.list \
&& xx-apt update \
&& xx-apt -t bookworm upgrade -y \
&& xx-apt -t bookworm install -y curl
COPY --from=libgit2 /Makefile /libgit2/
# Install the libgit2 build dependencies
@ -28,9 +37,6 @@ FROM build-base-${BASE_VARIANT} as libgit2-bullseye
ARG TARGETPLATFORM
# build libgit2 in release mode
ARG BUILD_TYPE=Release
# First build libgit2 statically, this ensures that all its dependencies
# will be statically available as well.
ARG BUILD_SHARED_LIBS=OFF
@ -39,6 +45,8 @@ RUN FLAGS=$(xx-clang --print-cmake-defines) make -C /libgit2 libgit2
# Rebuild libgit2 this time to generate the shared libraries.
ARG BUILD_SHARED_LIBS=ON
RUN FLAGS=$(xx-clang --print-cmake-defines) make -C /libgit2 libgit2
# Logs glibc version used at built time. The final image must be compatible with it.
RUN ldd --version ldd > /libgit2/built-on-glibc-version
FROM libgit2-${BASE_VARIANT} as build
@ -70,20 +78,25 @@ ARG TARGETPLATFORM
# Others (such as libc, librt, libdl and libpthread) are resolved at run-time.
# To decrease the likelihood of such dependencies being out of sync, the base build image
# should be aligned with the target (i.e. same debian variant).
RUN xx-go build \
-ldflags "-s -w -extldflags \"/usr/lib/$(xx-info triple)/libssh2.a /usr/lib/$(xx-info triple)/libssl.a /usr/lib/$(xx-info triple)/libcrypto.a /usr/lib/$(xx-info triple)/libz.a -Wl,--unresolved-symbols=ignore-in-object-files -Wl,-allow-shlib-undefined -static\"" \
-tags 'netgo,osusergo,static_build' -o source-controller -trimpath main.go;
RUN FLAGS=$(pkg-config --static --libs --cflags libssh2 libgit2 libssl libcrypto zlib openssl) \
xx-go build \
-ldflags "-s -w -extldflags \"/usr/lib/$(xx-info triple)/libssh2.a /usr/lib/$(xx-info triple)/libssl.a /usr/lib/$(xx-info triple)/libcrypto.a /usr/lib/$(xx-info triple)/libz.a -Wl,--unresolved-symbols=ignore-in-object-files -Wl,-allow-shlib-undefined ${FLAGS} -static\"" \
-tags 'netgo,osusergo,static_build' \
-o source-controller -trimpath main.go;
# Cannot use distroless/static due to lingering dependencies on libnss.
FROM gcr.io/distroless/base-debian11 as controller
# The target image must aligned with apt sources used for libgit2.
FROM debian:bookworm-slim as controller
# Link repo to the GitHub Container Registry image
LABEL org.opencontainers.image.source="https://github.com/fluxcd/source-controller"
ARG TARGETPLATFORM
RUN apt update && apt install -y ca-certificates
# Copy over binary from build
COPY --from=build /workspace/source-controller /usr/local/bin/
COPY --from=libgit2-bullseye /libgit2/built-on-glibc-version /
COPY ATTRIBUTIONS.md /
# leverages nonroot available in gcr.io/distroless/base-debian11
USER nonroot
USER 65534:65534
ENTRYPOINT [ "source-controller" ]

View File

@ -4,7 +4,7 @@ TAG ?= latest
# Base image used to build the Go binary
LIBGIT2_IMG ?= ghcr.io/fluxcd/golang-with-libgit2
LIBGIT2_TAG ?= libgit2-1.1.1-2
LIBGIT2_TAG ?= libgit2-1.1.1-3
# Allows for defining additional Docker buildx arguments,
# e.g. '--push'.

View File

@ -54,7 +54,10 @@ function cleanup(){
}
trap cleanup EXIT
# Wait for nodes to be ready and pods to be running
kubectl wait node "${KIND_CLUSTER_NAME}-control-plane" --for=condition=ready --timeout=2m
kubectl wait --for=condition=ready -n kube-system -l k8s-app=kube-dns pod
kubectl wait --for=condition=ready -n local-path-storage -l app=local-path-provisioner pod
echo "Build, load image into kind and deploy controller"
make docker-build IMG="${IMG}" TAG="${TAG}" BUILD_PLATFORMS="${BUILD_PLATFORM}" BUILD_ARGS=--load

View File

@ -19,7 +19,7 @@ https://github.com/libssh2/libssh2/
No changes were made to its original source code.
Copyright notice (https://raw.githubusercontent.com/libssh2/libssh2/main/COPYING):
Copyright notice (https://raw.githubusercontent.com/libssh2/libssh2/master/COPYING):
$(curl --max-time 5 -L https://raw.githubusercontent.com/libssh2/libssh2/master/COPYING)