Roblox22r commited on
Commit
aec3b75
1 Parent(s): 21db9ec

Create Dockerfile

Browse files
Files changed (1) hide show
  1. Dockerfile +644 -0
Dockerfile ADDED
@@ -0,0 +1,644 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # syntax=docker/dockerfile:1
2
+
3
+ ARG GO_VERSION=1.20.1
4
+ ARG BASE_DEBIAN_DISTRO="bullseye"
5
+ ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
6
+ ARG XX_VERSION=1.1.2
7
+
8
+ ARG VPNKIT_VERSION=0.5.0
9
+ ARG DOCKERCLI_VERSION=v17.06.2-ce
10
+
11
+ ARG SYSTEMD="false"
12
+ ARG DEBIAN_FRONTEND=noninteractive
13
+ ARG DOCKER_STATIC=1
14
+
15
+ # cross compilation helper
16
+ FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
17
+
18
+ # dummy stage to make sure the image is built for deps that don't support some
19
+ # architectures
20
+ FROM --platform=$BUILDPLATFORM busybox AS build-dummy
21
+ RUN mkdir -p /build
22
+ FROM scratch AS binary-dummy
23
+ COPY --from=build-dummy /build /build
24
+
25
+ # base
26
+ FROM --platform=$BUILDPLATFORM ${GOLANG_IMAGE} AS base
27
+ COPY --from=xx / /
28
+ RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
29
+ ARG APT_MIRROR
30
+ RUN sed -ri "s/(httpredir|deb).debian.org/${APT_MIRROR:-deb.debian.org}/g" /etc/apt/sources.list \
31
+ && sed -ri "s/(security).debian.org/${APT_MIRROR:-security.debian.org}/g" /etc/apt/sources.list
32
+ ARG DEBIAN_FRONTEND
33
+ RUN apt-get update && apt-get install --no-install-recommends -y file
34
+ ENV GO111MODULE=off
35
+
36
+ FROM base AS criu
37
+ ARG DEBIAN_FRONTEND
38
+ ADD --chmod=0644 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/Release.key /etc/apt/trusted.gpg.d/criu.gpg.asc
39
+ RUN --mount=type=cache,sharing=locked,id=moby-criu-aptlib,target=/var/lib/apt \
40
+ --mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \
41
+ echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/ /' > /etc/apt/sources.list.d/criu.list \
42
+ && apt-get update \
43
+ && apt-get install -y --no-install-recommends criu \
44
+ && install -D /usr/sbin/criu /build/criu
45
+
46
+ # registry
47
+ FROM base AS registry-src
48
+ WORKDIR /usr/src/registry
49
+ RUN git init . && git remote add origin "https://github.com/distribution/distribution.git"
50
+
51
+ FROM base AS registry
52
+ WORKDIR /go/src/github.com/docker/distribution
53
+ # REGISTRY_VERSION specifies the version of the registry to build and install
54
+ # from the https://github.com/docker/distribution repository. This version of
55
+ # the registry is used to test both schema 1 and schema 2 manifests. Generally,
56
+ # the version specified here should match a current release.
57
+ ARG REGISTRY_VERSION=v2.3.0
58
+ # REGISTRY_VERSION_SCHEMA1 specifies the version of the registry to build and
59
+ # install from the https://github.com/docker/distribution repository. This is
60
+ # an older (pre v2.3.0) version of the registry that only supports schema1
61
+ # manifests. This version of the registry is not working on arm64, so installation
62
+ # is skipped on that architecture.
63
+ ARG REGISTRY_VERSION_SCHEMA1=v2.1.0
64
+ ARG TARGETPLATFORM
65
+ RUN --mount=from=registry-src,src=/usr/src/registry,rw \
66
+ --mount=type=cache,target=/root/.cache/go-build,id=registry-build-$TARGETPLATFORM \
67
+ --mount=type=cache,target=/go/pkg/mod \
68
+ --mount=type=tmpfs,target=/go/src <<EOT
69
+ set -ex
70
+ git fetch -q --depth 1 origin "${REGISTRY_VERSION}" +refs/tags/*:refs/tags/*
71
+ git checkout -q FETCH_HEAD
72
+ export GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"
73
+ CGO_ENABLED=0 xx-go build -o /build/registry-v2 -v ./cmd/registry
74
+ xx-verify /build/registry-v2
75
+ case $TARGETPLATFORM in
76
+ linux/amd64|linux/arm/v7|linux/ppc64le|linux/s390x)
77
+ git fetch -q --depth 1 origin "${REGISTRY_VERSION_SCHEMA1}" +refs/tags/*:refs/tags/*
78
+ git checkout -q FETCH_HEAD
79
+ CGO_ENABLED=0 xx-go build -o /build/registry-v2-schema1 -v ./cmd/registry
80
+ xx-verify /build/registry-v2-schema1
81
+ ;;
82
+ esac
83
+ EOT
84
+
85
+ # go-swagger
86
+ FROM base AS swagger-src
87
+ WORKDIR /usr/src/swagger
88
+ # Currently uses a fork from https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix
89
+ # TODO: move to under moby/ or fix upstream go-swagger to work for us.
90
+ RUN git init . && git remote add origin "https://github.com/kolyshkin/go-swagger.git"
91
+ # GO_SWAGGER_COMMIT specifies the version of the go-swagger binary to build and
92
+ # install. Go-swagger is used in CI for validating swagger.yaml in hack/validate/swagger-gen
93
+ ARG GO_SWAGGER_COMMIT=c56166c036004ba7a3a321e5951ba472b9ae298c
94
+ RUN git fetch -q --depth 1 origin "${GO_SWAGGER_COMMIT}" && git checkout -q FETCH_HEAD
95
+
96
+ FROM base AS swagger
97
+ WORKDIR /go/src/github.com/go-swagger/go-swagger
98
+ ARG TARGETPLATFORM
99
+ RUN --mount=from=swagger-src,src=/usr/src/swagger,rw \
100
+ --mount=type=cache,target=/root/.cache/go-build,id=swagger-build-$TARGETPLATFORM \
101
+ --mount=type=cache,target=/go/pkg/mod \
102
+ --mount=type=tmpfs,target=/go/src/ <<EOT
103
+ set -e
104
+ xx-go build -o /build/swagger ./cmd/swagger
105
+ xx-verify /build/swagger
106
+ EOT
107
+
108
+ # frozen-images
109
+ # See also frozenImages in "testutil/environment/protect.go" (which needs to
110
+ # be updated when adding images to this list)
111
+ FROM debian:${BASE_DEBIAN_DISTRO} AS frozen-images
112
+ ARG DEBIAN_FRONTEND
113
+ RUN --mount=type=cache,sharing=locked,id=moby-frozen-images-aptlib,target=/var/lib/apt \
114
+ --mount=type=cache,sharing=locked,id=moby-frozen-images-aptcache,target=/var/cache/apt \
115
+ apt-get update && apt-get install -y --no-install-recommends \
116
+ ca-certificates \
117
+ curl \
118
+ jq
119
+ # Get useful and necessary Hub images so we can "docker load" locally instead of pulling
120
+ COPY contrib/download-frozen-image-v2.sh /
121
+ ARG TARGETARCH
122
+ ARG TARGETVARIANT
123
+ RUN /download-frozen-image-v2.sh /build \
124
+ busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
125
+ busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \
126
+ debian:bullseye-slim@sha256:dacf278785a4daa9de07596ec739dbc07131e189942772210709c5c0777e8437 \
127
+ hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \
128
+ arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1
129
+
130
+ # delve
131
+ FROM base AS delve-src
132
+ WORKDIR /usr/src/delve
133
+ RUN git init . && git remote add origin "https://github.com/go-delve/delve.git"
134
+ # DELVE_VERSION specifies the version of the Delve debugger binary
135
+ # from the https://github.com/go-delve/delve repository.
136
+ # It can be used to run Docker with a possibility of
137
+ # attaching debugger to it.
138
+ ARG DELVE_VERSION=v1.9.1
139
+ RUN git fetch -q --depth 1 origin "${DELVE_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
140
+
141
+ FROM base AS delve-build
142
+ WORKDIR /usr/src/delve
143
+ ARG TARGETPLATFORM
144
+ RUN --mount=from=delve-src,src=/usr/src/delve,rw \
145
+ --mount=type=cache,target=/root/.cache/go-build,id=delve-build-$TARGETPLATFORM \
146
+ --mount=type=cache,target=/go/pkg/mod <<EOT
147
+ set -e
148
+ GO111MODULE=on xx-go build -o /build/dlv ./cmd/dlv
149
+ xx-verify /build/dlv
150
+ EOT
151
+
152
+ # delve is currently only supported on linux/amd64 and linux/arm64;
153
+ # https://github.com/go-delve/delve/blob/v1.8.1/pkg/proc/native/support_sentinel.go#L1-L6
154
+ FROM binary-dummy AS delve-windows
155
+ FROM binary-dummy AS delve-linux-arm
156
+ FROM binary-dummy AS delve-linux-ppc64le
157
+ FROM binary-dummy AS delve-linux-s390x
158
+ FROM delve-build AS delve-linux-amd64
159
+ FROM delve-build AS delve-linux-arm64
160
+ FROM delve-linux-${TARGETARCH} AS delve-linux
161
+ FROM delve-${TARGETOS} AS delve
162
+
163
+ FROM base AS tomll
164
+ # GOTOML_VERSION specifies the version of the tomll binary to build and install
165
+ # from the https://github.com/pelletier/go-toml repository. This binary is used
166
+ # in CI in the hack/validate/toml script.
167
+ #
168
+ # When updating this version, consider updating the github.com/pelletier/go-toml
169
+ # dependency in vendor.mod accordingly.
170
+ ARG GOTOML_VERSION=v1.8.1
171
+ RUN --mount=type=cache,target=/root/.cache/go-build \
172
+ --mount=type=cache,target=/go/pkg/mod \
173
+ GOBIN=/build/ GO111MODULE=on go install "github.com/pelletier/go-toml/cmd/tomll@${GOTOML_VERSION}" \
174
+ && /build/tomll --help
175
+
176
+ FROM base AS gowinres
177
+ # GOWINRES_VERSION defines go-winres tool version
178
+ ARG GOWINRES_VERSION=v0.3.0
179
+ RUN --mount=type=cache,target=/root/.cache/go-build \
180
+ --mount=type=cache,target=/go/pkg/mod \
181
+ GOBIN=/build/ GO111MODULE=on go install "github.com/tc-hib/go-winres@${GOWINRES_VERSION}" \
182
+ && /build/go-winres --help
183
+
184
+ # containerd
185
+ FROM base AS containerd-src
186
+ WORKDIR /usr/src/containerd
187
+ RUN git init . && git remote add origin "https://github.com/containerd/containerd.git"
188
+ # CONTAINERD_VERSION is used to build containerd binaries, and used for the
189
+ # integration tests. The distributed docker .deb and .rpm packages depend on a
190
+ # separate (containerd.io) package, which may be a different version as is
191
+ # specified here. The containerd golang package is also pinned in vendor.mod.
192
+ # When updating the binary version you may also need to update the vendor
193
+ # version to pick up bug fixes or new APIs, however, usually the Go packages
194
+ # are built from a commit from the master branch.
195
+ ARG CONTAINERD_VERSION=v1.7.0-beta.4
196
+ RUN git fetch -q --depth 1 origin "${CONTAINERD_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
197
+
198
+ FROM base AS containerd-build
199
+ WORKDIR /go/src/github.com/containerd/containerd
200
+ ARG DEBIAN_FRONTEND
201
+ ARG TARGETPLATFORM
202
+ RUN --mount=type=cache,sharing=locked,id=moby-containerd-aptlib,target=/var/lib/apt \
203
+ --mount=type=cache,sharing=locked,id=moby-containerd-aptcache,target=/var/cache/apt \
204
+ apt-get update && xx-apt-get install -y --no-install-recommends \
205
+ gcc libbtrfs-dev libsecret-1-dev
206
+ ARG DOCKER_STATIC
207
+ RUN --mount=from=containerd-src,src=/usr/src/containerd,rw \
208
+ --mount=type=cache,target=/root/.cache/go-build,id=containerd-build-$TARGETPLATFORM <<EOT
209
+ set -e
210
+ export CC=$(xx-info)-gcc
211
+ export CGO_ENABLED=$([ "$DOCKER_STATIC" = "1" ] && echo "0" || echo "1")
212
+ xx-go --wrap
213
+ make $([ "$DOCKER_STATIC" = "1" ] && echo "STATIC=1") binaries
214
+ xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/containerd
215
+ xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/containerd-shim-runc-v2
216
+ xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/ctr
217
+ mkdir /build
218
+ mv bin/containerd bin/containerd-shim-runc-v2 bin/ctr /build
219
+ EOT
220
+
221
+ FROM containerd-build AS containerd-linux
222
+ FROM binary-dummy AS containerd-windows
223
+ FROM containerd-${TARGETOS} AS containerd
224
+
225
+ FROM base AS golangci_lint
226
+ ARG GOLANGCI_LINT_VERSION=v1.51.2
227
+ RUN --mount=type=cache,target=/root/.cache/go-build \
228
+ --mount=type=cache,target=/go/pkg/mod \
229
+ GOBIN=/build/ GO111MODULE=on go install "github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCI_LINT_VERSION}" \
230
+ && /build/golangci-lint --version
231
+
232
+ FROM base AS gotestsum
233
+ ARG GOTESTSUM_VERSION=v1.8.2
234
+ RUN --mount=type=cache,target=/root/.cache/go-build \
235
+ --mount=type=cache,target=/go/pkg/mod \
236
+ GOBIN=/build/ GO111MODULE=on go install "gotest.tools/gotestsum@${GOTESTSUM_VERSION}" \
237
+ && /build/gotestsum --version
238
+
239
+ FROM base AS shfmt
240
+ ARG SHFMT_VERSION=v3.0.2
241
+ RUN --mount=type=cache,target=/root/.cache/go-build \
242
+ --mount=type=cache,target=/go/pkg/mod \
243
+ GOBIN=/build/ GO111MODULE=on go install "mvdan.cc/sh/v3/cmd/shfmt@${SHFMT_VERSION}" \
244
+ && /build/shfmt --version
245
+
246
+ # dockercli
247
+ FROM base AS dockercli-src
248
+ WORKDIR /tmp/dockercli
249
+ RUN git init . && git remote add origin "https://github.com/docker/cli.git"
250
+ ARG DOCKERCLI_VERSION
251
+ RUN git fetch -q --depth 1 origin "${DOCKERCLI_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
252
+ RUN [ -d ./components/cli ] && mv ./components/cli /usr/src/dockercli || mv /tmp/dockercli /usr/src/dockercli
253
+ WORKDIR /usr/src/dockercli
254
+
255
+ FROM base AS dockercli
256
+ WORKDIR /go/src/github.com/docker/cli
257
+ ARG DOCKERCLI_VERSION
258
+ ARG DOCKERCLI_CHANNEL=stable
259
+ ARG TARGETPLATFORM
260
+ RUN xx-apt-get install -y --no-install-recommends gcc libc6-dev
261
+ RUN --mount=from=dockercli-src,src=/usr/src/dockercli,rw \
262
+ --mount=type=cache,target=/root/.cache/go-build,id=dockercli-build-$TARGETPLATFORM <<EOT
263
+ set -e
264
+ DOWNLOAD_URL="https://download.docker.com/linux/static/${DOCKERCLI_CHANNEL}/$(xx-info march)/docker-${DOCKERCLI_VERSION#v}.tgz"
265
+ if curl --head --silent --fail "${DOWNLOAD_URL}" 1>/dev/null 2>&1; then
266
+ mkdir /build
267
+ curl -Ls "${DOWNLOAD_URL}" | tar -xz docker/docker
268
+ mv docker/docker /build/docker
269
+ else
270
+ CGO_ENABLED=0 xx-go build -o /build/docker ./cmd/docker
271
+ fi
272
+ xx-verify /build/docker
273
+ EOT
274
+
275
+ # runc
276
+ FROM base AS runc-src
277
+ WORKDIR /usr/src/runc
278
+ RUN git init . && git remote add origin "https://github.com/opencontainers/runc.git"
279
+ # RUNC_VERSION should match the version that is used by the containerd version
280
+ # that is used. If you need to update runc, open a pull request in the containerd
281
+ # project first, and update both after that is merged. When updating RUNC_VERSION,
282
+ # consider updating runc in vendor.mod accordingly.
283
+ ARG RUNC_VERSION=v1.1.4
284
+ RUN git fetch -q --depth 1 origin "${RUNC_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
285
+
286
+ FROM base AS runc-build
287
+ WORKDIR /go/src/github.com/opencontainers/runc
288
+ ARG DEBIAN_FRONTEND
289
+ ARG TARGETPLATFORM
290
+ RUN --mount=type=cache,sharing=locked,id=moby-runc-aptlib,target=/var/lib/apt \
291
+ --mount=type=cache,sharing=locked,id=moby-runc-aptcache,target=/var/cache/apt \
292
+ apt-get update && xx-apt-get install -y --no-install-recommends \
293
+ dpkg-dev gcc libc6-dev libseccomp-dev
294
+ ARG DOCKER_STATIC
295
+ RUN --mount=from=runc-src,src=/usr/src/runc,rw \
296
+ --mount=type=cache,target=/root/.cache/go-build,id=runc-build-$TARGETPLATFORM <<EOT
297
+ set -e
298
+ xx-go --wrap
299
+ CGO_ENABLED=1 make "$([ "$DOCKER_STATIC" = "1" ] && echo "static" || echo "runc")"
300
+ xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") runc
301
+ mkdir /build
302
+ mv runc /build/
303
+ EOT
304
+
305
+ FROM runc-build AS runc-linux
306
+ FROM binary-dummy AS runc-windows
307
+ FROM runc-${TARGETOS} AS runc
308
+
309
+ # tini
310
+ FROM base AS tini-src
311
+ WORKDIR /usr/src/tini
312
+ RUN git init . && git remote add origin "https://github.com/krallin/tini.git"
313
+ # TINI_VERSION specifies the version of tini (docker-init) to build. This
314
+ # binary is used when starting containers with the `--init` option.
315
+ ARG TINI_VERSION=v0.19.0
316
+ RUN git fetch -q --depth 1 origin "${TINI_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
317
+
318
+ FROM base AS tini-build
319
+ WORKDIR /go/src/github.com/krallin/tini
320
+ ARG DEBIAN_FRONTEND
321
+ RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \
322
+ --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \
323
+ apt-get update && apt-get install -y --no-install-recommends cmake
324
+ ARG TARGETPLATFORM
325
+ RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \
326
+ --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \
327
+ xx-apt-get install -y --no-install-recommends \
328
+ gcc libc6-dev
329
+ RUN --mount=from=tini-src,src=/usr/src/tini,rw \
330
+ --mount=type=cache,target=/root/.cache/go-build,id=tini-build-$TARGETPLATFORM <<EOT
331
+ set -e
332
+ CC=$(xx-info)-gcc cmake .
333
+ make tini-static
334
+ xx-verify --static tini-static
335
+ mkdir /build
336
+ mv tini-static /build/docker-init
337
+ EOT
338
+
339
+ FROM tini-build AS tini-linux
340
+ FROM binary-dummy AS tini-windows
341
+ FROM tini-${TARGETOS} AS tini
342
+
343
+ # rootlesskit
344
+ FROM base AS rootlesskit-src
345
+ WORKDIR /usr/src/rootlesskit
346
+ RUN git init . && git remote add origin "https://github.com/rootless-containers/rootlesskit.git"
347
+ # When updating, also update rootlesskit commit in vendor.mod accordingly.
348
+ ARG ROOTLESSKIT_VERSION=v1.1.0
349
+ RUN git fetch -q --depth 1 origin "${ROOTLESSKIT_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
350
+
351
+ FROM base AS rootlesskit-build
352
+ WORKDIR /go/src/github.com/rootless-containers/rootlesskit
353
+ ARG DEBIAN_FRONTEND
354
+ ARG TARGETPLATFORM
355
+ RUN --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptlib,target=/var/lib/apt \
356
+ --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptcache,target=/var/cache/apt \
357
+ apt-get update && xx-apt-get install -y --no-install-recommends \
358
+ gcc libc6-dev
359
+ ENV GO111MODULE=on
360
+ ARG DOCKER_STATIC
361
+ RUN --mount=from=rootlesskit-src,src=/usr/src/rootlesskit,rw \
362
+ --mount=type=cache,target=/go/pkg/mod \
363
+ --mount=type=cache,target=/root/.cache/go-build,id=rootlesskit-build-$TARGETPLATFORM <<EOT
364
+ set -e
365
+ export CGO_ENABLED=$([ "$DOCKER_STATIC" = "1" ] && echo "0" || echo "1")
366
+ xx-go build -o /build/rootlesskit -ldflags="$([ "$DOCKER_STATIC" != "1" ] && echo "-linkmode=external")" ./cmd/rootlesskit
367
+ xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /build/rootlesskit
368
+ xx-go build -o /build/rootlesskit-docker-proxy -ldflags="$([ "$DOCKER_STATIC" != "1" ] && echo "-linkmode=external")" ./cmd/rootlesskit-docker-proxy
369
+ xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /build/rootlesskit-docker-proxy
370
+ EOT
371
+ COPY ./contrib/dockerd-rootless.sh /build/
372
+ COPY ./contrib/dockerd-rootless-setuptool.sh /build/
373
+
374
+ FROM rootlesskit-build AS rootlesskit-linux
375
+ FROM binary-dummy AS rootlesskit-windows
376
+ FROM rootlesskit-${TARGETOS} AS rootlesskit
377
+
378
+ FROM base AS crun
379
+ ARG CRUN_VERSION=1.4.5
380
+ RUN --mount=type=cache,sharing=locked,id=moby-crun-aptlib,target=/var/lib/apt \
381
+ --mount=type=cache,sharing=locked,id=moby-crun-aptcache,target=/var/cache/apt \
382
+ apt-get update && apt-get install -y --no-install-recommends \
383
+ autoconf \
384
+ automake \
385
+ build-essential \
386
+ libcap-dev \
387
+ libprotobuf-c-dev \
388
+ libseccomp-dev \
389
+ libsystemd-dev \
390
+ libtool \
391
+ libudev-dev \
392
+ libyajl-dev \
393
+ python3 \
394
+ ;
395
+ RUN --mount=type=tmpfs,target=/tmp/crun-build \
396
+ git clone https://github.com/containers/crun.git /tmp/crun-build && \
397
+ cd /tmp/crun-build && \
398
+ git checkout -q "${CRUN_VERSION}" && \
399
+ ./autogen.sh && \
400
+ ./configure --bindir=/build && \
401
+ make -j install
402
+
403
+ # vpnkit
404
+ # use dummy scratch stage to avoid build to fail for unsupported platforms
405
+ FROM scratch AS vpnkit-windows
406
+ FROM scratch AS vpnkit-linux-386
407
+ FROM scratch AS vpnkit-linux-arm
408
+ FROM scratch AS vpnkit-linux-ppc64le
409
+ FROM scratch AS vpnkit-linux-riscv64
410
+ FROM scratch AS vpnkit-linux-s390x
411
+ FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-amd64
412
+ FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-arm64
413
+ FROM vpnkit-linux-${TARGETARCH} AS vpnkit-linux
414
+ FROM vpnkit-${TARGETOS} AS vpnkit
415
+
416
+ # containerutility
417
+ FROM base AS containerutil-src
418
+ WORKDIR /usr/src/containerutil
419
+ RUN git init . && git remote add origin "https://github.com/docker-archive/windows-container-utility.git"
420
+ ARG CONTAINERUTILITY_VERSION=aa1ba87e99b68e0113bd27ec26c60b88f9d4ccd9
421
+ RUN git fetch -q --depth 1 origin "${CONTAINERUTILITY_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
422
+
423
+ FROM base AS containerutil-build
424
+ WORKDIR /usr/src/containerutil
425
+ ARG TARGETPLATFORM
426
+ RUN xx-apt-get install -y --no-install-recommends gcc g++ libc6-dev
427
+ RUN --mount=from=containerutil-src,src=/usr/src/containerutil,rw \
428
+ --mount=type=cache,target=/root/.cache/go-build,id=containerutil-build-$TARGETPLATFORM <<EOT
429
+ set -e
430
+ CC="$(xx-info)-gcc" CXX="$(xx-info)-g++" make
431
+ xx-verify --static containerutility.exe
432
+ mkdir /build
433
+ mv containerutility.exe /build/
434
+ EOT
435
+
436
+ FROM binary-dummy AS containerutil-linux
437
+ FROM containerutil-build AS containerutil-windows-amd64
438
+ FROM containerutil-windows-${TARGETARCH} AS containerutil-windows
439
+ FROM containerutil-${TARGETOS} AS containerutil
440
+
441
+ FROM base AS dev-systemd-false
442
+ COPY --from=dockercli /build/ /usr/local/cli
443
+ COPY --from=frozen-images /build/ /docker-frozen-images
444
+ COPY --from=swagger /build/ /usr/local/bin/
445
+ COPY --from=delve /build/ /usr/local/bin/
446
+ COPY --from=tomll /build/ /usr/local/bin/
447
+ COPY --from=gowinres /build/ /usr/local/bin/
448
+ COPY --from=tini /build/ /usr/local/bin/
449
+ COPY --from=registry /build/ /usr/local/bin/
450
+ COPY --from=criu /build/ /usr/local/bin/
451
+ COPY --from=gotestsum /build/ /usr/local/bin/
452
+ COPY --from=golangci_lint /build/ /usr/local/bin/
453
+ COPY --from=shfmt /build/ /usr/local/bin/
454
+ COPY --from=runc /build/ /usr/local/bin/
455
+ COPY --from=containerd /build/ /usr/local/bin/
456
+ COPY --from=rootlesskit /build/ /usr/local/bin/
457
+ COPY --from=vpnkit / /usr/local/bin/
458
+ COPY --from=containerutil /build/ /usr/local/bin/
459
+ COPY --from=crun /build/ /usr/local/bin/
460
+ COPY hack/dockerfile/etc/docker/ /etc/docker/
461
+ ENV PATH=/usr/local/cli:$PATH
462
+ ENV CONTAINERD_ADDRESS=/run/docker/containerd/containerd.sock
463
+ ENV CONTAINERD_NAMESPACE=moby
464
+ WORKDIR /go/src/github.com/docker/docker
465
+ VOLUME /var/lib/docker
466
+ VOLUME /home/unprivilegeduser/.local/share/docker
467
+ # Wrap all commands in the "docker-in-docker" script to allow nested containers
468
+ ENTRYPOINT ["hack/dind"]
469
+
470
+ FROM dev-systemd-false AS dev-systemd-true
471
+ RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
472
+ --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
473
+ apt-get update && apt-get install -y --no-install-recommends \
474
+ dbus \
475
+ dbus-user-session \
476
+ systemd \
477
+ systemd-sysv
478
+ ENTRYPOINT ["hack/dind-systemd"]
479
+
480
+ FROM dev-systemd-${SYSTEMD} AS dev-base
481
+ ARG DEBIAN_FRONTEND
482
+ RUN groupadd -r docker
483
+ RUN useradd --create-home --gid docker unprivilegeduser \
484
+ && mkdir -p /home/unprivilegeduser/.local/share/docker \
485
+ && chown -R unprivilegeduser /home/unprivilegeduser
486
+ # Let us use a .bashrc file
487
+ RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc
488
+ # Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH
489
+ RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc
490
+ RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker
491
+ RUN ldconfig
492
+ # Set dev environment as safe git directory to prevent "dubious ownership" errors
493
+ # when bind-mounting the source into the dev-container. See https://github.com/moby/moby/pull/44930
494
+ RUN git config --global --add safe.directory $GOPATH/src/github.com/docker/docker
495
+ # This should only install packages that are specifically needed for the dev environment and nothing else
496
+ # Do you really need to add another package here? Can it be done in a different build stage?
497
+ RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
498
+ --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
499
+ apt-get update && apt-get install -y --no-install-recommends \
500
+ apparmor \
501
+ bash-completion \
502
+ bzip2 \
503
+ inetutils-ping \
504
+ iproute2 \
505
+ iptables \
506
+ jq \
507
+ libcap2-bin \
508
+ libnet1 \
509
+ libnl-3-200 \
510
+ libprotobuf-c1 \
511
+ libyajl2 \
512
+ net-tools \
513
+ patch \
514
+ pigz \
515
+ python3-pip \
516
+ python3-setuptools \
517
+ python3-wheel \
518
+ sudo \
519
+ systemd-journal-remote \
520
+ thin-provisioning-tools \
521
+ uidmap \
522
+ vim \
523
+ vim-common \
524
+ xfsprogs \
525
+ xz-utils \
526
+ zip \
527
+ zstd
528
+ # Switch to use iptables instead of nftables (to match the CI hosts)
529
+ # TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824)
530
+ RUN update-alternatives --set iptables /usr/sbin/iptables-legacy || true \
531
+ && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \
532
+ && update-alternatives --set arptables /usr/sbin/arptables-legacy || true
533
+ ARG YAMLLINT_VERSION=1.27.1
534
+ RUN pip3 install yamllint==${YAMLLINT_VERSION}
535
+ RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
536
+ --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
537
+ apt-get update && apt-get install --no-install-recommends -y \
538
+ gcc \
539
+ pkg-config \
540
+ dpkg-dev \
541
+ libapparmor-dev \
542
+ libdevmapper-dev \
543
+ libseccomp-dev \
544
+ libsecret-1-dev \
545
+ libsystemd-dev \
546
+ libudev-dev
547
+
548
+ FROM base AS build
549
+ COPY --from=gowinres /build/ /usr/local/bin/
550
+ WORKDIR /go/src/github.com/docker/docker
551
+ ENV GO111MODULE=off
552
+ ENV CGO_ENABLED=1
553
+ ARG DEBIAN_FRONTEND
554
+ RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \
555
+ --mount=type=cache,sharing=locked,id=moby-build-aptcache,target=/var/cache/apt \
556
+ apt-get update && apt-get install --no-install-recommends -y \
557
+ clang \
558
+ lld \
559
+ llvm
560
+ ARG TARGETPLATFORM
561
+ RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \
562
+ --mount=type=cache,sharing=locked,id=moby-build-aptcache,target=/var/cache/apt \
563
+ xx-apt-get install --no-install-recommends -y \
564
+ dpkg-dev \
565
+ gcc \
566
+ libapparmor-dev \
567
+ libc6-dev \
568
+ libdevmapper-dev \
569
+ libseccomp-dev \
570
+ libsecret-1-dev \
571
+ libsystemd-dev \
572
+ libudev-dev
573
+ ARG DOCKER_BUILDTAGS
574
+ ARG DOCKER_DEBUG
575
+ ARG DOCKER_GITCOMMIT=HEAD
576
+ ARG DOCKER_LDFLAGS
577
+ ARG DOCKER_STATIC
578
+ ARG VERSION
579
+ ARG PLATFORM
580
+ ARG PRODUCT
581
+ ARG DEFAULT_PRODUCT_LICENSE
582
+ ARG PACKAGER_NAME
583
+ # PREFIX overrides DEST dir in make.sh script otherwise it fails because of
584
+ # read only mount in current work dir
585
+ ENV PREFIX=/tmp
586
+ RUN <<EOT
587
+ # in bullseye arm64 target does not link with lld so configure it to use ld instead
588
+ if [ "$(xx-info arch)" = "arm64" ]; then
589
+ XX_CC_PREFER_LINKER=ld xx-clang --setup-target-triple
590
+ fi
591
+ EOT
592
+ RUN --mount=type=bind,target=. \
593
+ --mount=type=tmpfs,target=cli/winresources/dockerd \
594
+ --mount=type=tmpfs,target=cli/winresources/docker-proxy \
595
+ --mount=type=cache,target=/root/.cache/go-build,id=moby-build-$TARGETPLATFORM <<EOT
596
+ set -e
597
+ target=$([ "$DOCKER_STATIC" = "1" ] && echo "binary" || echo "dynbinary")
598
+ xx-go --wrap
599
+ PKG_CONFIG=$(xx-go env PKG_CONFIG) ./hack/make.sh $target
600
+ xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /tmp/bundles/${target}-daemon/dockerd$([ "$(xx-info os)" = "windows" ] && echo ".exe")
601
+ xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /tmp/bundles/${target}-daemon/docker-proxy$([ "$(xx-info os)" = "windows" ] && echo ".exe")
602
+ mkdir /build
603
+ mv /tmp/bundles/${target}-daemon/* /build/
604
+ EOT
605
+
606
+ # usage:
607
+ # > docker buildx bake binary
608
+ # > DOCKER_STATIC=0 docker buildx bake binary
609
+ # or
610
+ # > make binary
611
+ # > make dynbinary
612
+ FROM scratch AS binary
613
+ COPY --from=build /build/ /
614
+
615
+ # usage:
616
+ # > docker buildx bake all
617
+ FROM scratch AS all
618
+ COPY --from=tini /build/ /
619
+ COPY --from=runc /build/ /
620
+ COPY --from=containerd /build/ /
621
+ COPY --from=rootlesskit /build/ /
622
+ COPY --from=containerutil /build/ /
623
+ COPY --from=vpnkit / /
624
+ COPY --from=build /build /
625
+
626
+ # smoke tests
627
+ # usage:
628
+ # > docker buildx bake binary-smoketest
629
+ FROM --platform=$TARGETPLATFORM base AS smoketest
630
+ WORKDIR /usr/local/bin
631
+ COPY --from=build /build .
632
+ RUN <<EOT
633
+ set -ex
634
+ file dockerd
635
+ dockerd --version
636
+ file docker-proxy
637
+ docker-proxy --version
638
+ EOT
639
+
640
+ # usage:
641
+ # > make shell
642
+ # > SYSTEMD=true make shell
643
+ FROM dev-base AS dev
644
+ COPY . .