constellation/Dockerfile.build

FROM fedora@sha256:36af84ba69e21c9ef86a0424a090674c433b2b80c2462e57503886f1d823abe8 as build

# This workaround is necessary since glibc in versions >= 2.34 are incompatible with docker versions <= 20.10.9.
# Since the host ubuntu is running docker 20.10.7, this incompatibility becomes a problem.
# The workaround binary is a small go program that adds a missing seccomp filter to all programs invoked through the
# container's shell. More explanations can be found in the clone3-workaround repo and the blogpost linked in the repo.
ADD https://github.com/AkihiroSuda/clone3-workaround/releases/download/v1.0.0/clone3-workaround.x86_64 /clone3-workaround
RUN chmod 100 /clone3-workaround
SHELL ["/clone3-workaround", "/bin/sh", "-c"]

RUN dnf -y update && \
    dnf -y install @development-tools pkg-config iproute iputils wget git jq openssl-devel cryptsetup-libs cryptsetup-devel && \
    dnf clean all

# Install Go
ARG GO_VER=1.18
RUN wget -q https://go.dev/dl/go${GO_VER}.linux-amd64.tar.gz && \
    tar -C /usr/local -xzf go${GO_VER}.linux-amd64.tar.gz && \
    rm go${GO_VER}.linux-amd64.tar.gz
ENV PATH ${PATH}:/usr/local/go/bin

# Download go dependencies
WORKDIR /constellation/
COPY go.mod ./
COPY go.sum ./
RUN go mod download all

# Copy Repo
COPY . /constellation
RUN rm -rf ./hack/

FROM build AS build-bootstrapper
WORKDIR /constellation/bootstrapper/

ARG PROJECT_VERSION
RUN go build -o bootstrapper -tags=gcp,disable_tpm_simulator -buildvcs=false -ldflags "-s -w -buildid='' -X main.version=${PROJECT_VERSION}" ./cmd/bootstrapper/

FROM build AS build-disk-mapper
WORKDIR /constellation/state/

RUN go build -o disk-mapper -ldflags "-s -w" ./cmd/

FROM scratch AS bootstrapper
COPY --from=build-bootstrapper /constellation/bootstrapper/bootstrapper /

FROM scratch AS disk-mapper
COPY --from=build-disk-mapper /constellation/state/disk-mapper /