constellation/Dockerfile.build
2022-09-02 15:20:25 +02:00

48 lines
1.8 KiB
Docker

FROM fedora@sha256:36af84ba69e21c9ef86a0424a090674c433b2b80c2462e57503886f1d823abe8 as build
# This workaround is necessary since glibc in versions >= 2.34 are incompatible with docker versions <= 20.10.9.
# Since the host ubuntu is running docker 20.10.7, this incompatibility becomes a problem.
# The workaround binary is a small go program that adds a missing seccomp filter to all programs invoked through the
# container's shell. More explanations can be found in the clone3-workaround repo and the blogpost linked in the repo.
ADD https://github.com/AkihiroSuda/clone3-workaround/releases/download/v1.0.0/clone3-workaround.x86_64 /clone3-workaround
RUN chmod 100 /clone3-workaround
SHELL ["/clone3-workaround", "/bin/sh", "-c"]
RUN dnf -y update && \
dnf -y install @development-tools pkg-config iproute iputils wget git jq openssl-devel cryptsetup-libs cryptsetup-devel && \
dnf clean all
# Install Go
ARG GO_VER=1.18
RUN wget -q https://go.dev/dl/go${GO_VER}.linux-amd64.tar.gz && \
tar -C /usr/local -xzf go${GO_VER}.linux-amd64.tar.gz && \
rm go${GO_VER}.linux-amd64.tar.gz
ENV PATH ${PATH}:/usr/local/go/bin
# Download go dependencies
WORKDIR /constellation/
COPY go.mod ./
COPY go.sum ./
RUN go mod download all
# Copy Repo
COPY . /constellation
RUN rm -rf ./hack/
FROM build AS build-bootstrapper
WORKDIR /constellation/bootstrapper/
ARG PROJECT_VERSION
RUN go build -o bootstrapper -tags=gcp,disable_tpm_simulator -buildvcs=false -ldflags "-s -w -buildid='' -X main.version=${PROJECT_VERSION}" ./cmd/bootstrapper/
FROM build AS build-disk-mapper
WORKDIR /constellation/state/
RUN go build -o disk-mapper -ldflags "-s -w" ./cmd/
FROM scratch AS bootstrapper
COPY --from=build-bootstrapper /constellation/bootstrapper/bootstrapper /
FROM scratch AS disk-mapper
COPY --from=build-disk-mapper /constellation/state/disk-mapper /