2021-08-19 19:42:33 +00:00
# syntax=docker/dockerfile:1.3
2013-09-07 02:58:05 +00:00
2019-04-06 00:20:06 +00:00
ARG CROSS="false"
2020-02-10 17:55:16 +00:00
ARG SYSTEMD="false"
2020-01-17 19:55:42 +00:00
# IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored
2021-10-08 13:12:36 +00:00
ARG GO_VERSION=1.17.2
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND=noninteractive
2021-02-24 05:05:38 +00:00
ARG VPNKIT_VERSION=0.5.0
2020-12-14 10:46:58 +00:00
ARG DOCKER_BUILDTAGS="apparmor seccomp"
2020-09-18 22:40:45 +00:00
2021-08-19 19:16:01 +00:00
ARG BASE_DEBIAN_DISTRO="bullseye"
2020-09-18 22:40:45 +00:00
ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
2019-04-06 00:20:06 +00:00
2020-03-30 14:27:59 +00:00
FROM ${GOLANG_IMAGE} AS base
2019-05-22 23:49:55 +00:00
RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
2019-07-16 10:16:56 +00:00
ARG APT_MIRROR
RUN sed -ri "s/(httpredir|deb).debian.org/${APT_MIRROR:-deb.debian.org}/g" /etc/apt/sources.list \
&& sed -ri "s/(security).debian.org/${APT_MIRROR:-security.debian.org}/g" /etc/apt/sources.list
2019-09-11 07:36:53 +00:00
ENV GO111MODULE=off
2016-11-20 22:14:51 +00:00
2017-09-29 21:09:14 +00:00
FROM base AS criu
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2020-12-02 01:02:42 +00:00
ADD --chmod=0644 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_10/Release.key /etc/apt/trusted.gpg.d/criu.gpg.asc
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,sharing=locked,id=moby-criu-aptlib,target=/var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \
Dockerfile: CRIU: disable GPG validation, due to expired signing key
This is a horrible thing to do, but CRIU installed here is only used as
part of our CI / integration tests. We should of course remove this
hack ASAP once the opensuse packagers have set up a new key, but at
least this allows us to unblock CI, which is currently completely
broken:
ADD --chmod=0644 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_10/Release.key /etc/apt/trusted.gpg.d/criu.gpg.asc
RUN --mount=type=cache,sharing=locked,id=moby-criu-aptlib,target=/var/lib/apt \
--mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \
echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_10/ /' > /etc/apt/sources.list.d/criu.list \
&& apt-get update \
&& apt-get install -y --no-install-recommends criu \
&& install -D /usr/sbin/criu /build/criu
Hit:1 http://cdn-fastly.deb.debian.org/debian bullseye InRelease
Hit:2 http://cdn-fastly.deb.debian.org/debian-security bullseye-security InRelease
Hit:3 http://cdn-fastly.deb.debian.org/debian bullseye-updates InRelease
Get:4 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_10 InRelease [1540 B]
Err:4 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_10 InRelease
The following signatures were invalid: EXPKEYSIG 30A8343A498D5A23 devel:tools OBS Project <devel:tools@build.opensuse.org>
Reading package lists...
W: GPG error: https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_10 InRelease: The following signatures were invalid: EXPKEYSIG 30A8343A498D5A23 devel:tools OBS Project <devel:tools@build.opensuse.org>
E: The repository 'https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_10 InRelease' is not signed.
And, checking the signing key (with `apt-key list`):
/etc/apt/trusted.gpg.d/criu.gpg.asc
-----------------------------------
pub rsa2048 2015-05-03 [SC] [expired: 2021-10-13]
428E 4E34 8405 CE79 00DB 99C2 30A8 343A 498D 5A23
uid [ expired] devel:tools OBS Project <devel:tools@build.opensuse.org>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-14 13:43:30 +00:00
# FIXME(sebastiaan) temporariliy disable GPG validation for these packages, as the release key has expired (https://github.com/moby/moby/pull/42931#issuecomment-943080120)
echo 'deb [ allow-insecure=yes trusted=yes ] https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_10/ /' > /etc/apt/sources.list.d/criu.list \
2020-12-02 01:02:42 +00:00
&& apt-get update \
&& apt-get install -y --no-install-recommends criu \
&& install -D /usr/sbin/criu /build/criu
2017-09-29 21:09:14 +00:00
2018-02-27 08:20:55 +00:00
FROM base AS registry
2020-01-10 13:07:01 +00:00
WORKDIR /go/src/github.com/docker/distribution
2021-08-23 11:57:40 +00:00
2021-09-24 14:47:18 +00:00
# REGISTRY_VERSION specifies the version of the registry to build and install
2021-08-23 11:57:40 +00:00
# from the https://github.com/docker/distribution repository. This version of
# the registry is used to test both schema 1 and schema 2 manifests. Generally,
# the version specified here should match a current release.
2021-09-24 14:47:18 +00:00
ARG REGISTRY_VERSION=v2.3.0
2021-08-23 11:57:40 +00:00
2021-09-24 14:47:18 +00:00
# REGISTRY_VERSION_SCHEMA1 specifies the version of the regsitry to build and
2021-08-23 11:57:40 +00:00
# install from the https://github.com/docker/distribution repository. This is
# an older (pre v2.3.0) version of the registry that only supports schema1
# manifests. This version of the registry is not working on arm64, so installation
# is skipped on that architecture.
2021-09-24 14:47:18 +00:00
ARG REGISTRY_VERSION_SCHEMA1=v2.1.0
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,target=/root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount=type=cache,target=/go/pkg/mod \
2020-01-10 13:07:01 +00:00
--mount=type=tmpfs,target=/go/src/ \
2019-10-05 20:41:27 +00:00
set -x \
2020-01-10 13:07:01 +00:00
&& git clone https://github.com/docker/distribution.git . \
2021-09-24 14:47:18 +00:00
&& git checkout -q "$REGISTRY_VERSION" \
2020-01-10 13:07:01 +00:00
&& GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
2019-10-05 20:41:27 +00:00
go build -buildmode=pie -o /build/registry-v2 github.com/docker/distribution/cmd/registry \
&& case $(dpkg --print-architecture) in \
2020-01-10 13:32:46 +00:00
amd64|armhf|ppc64*|s390x) \
2021-09-24 14:47:18 +00:00
git checkout -q "$REGISTRY_VERSION_SCHEMA1"; \
2020-01-10 13:07:01 +00:00
GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"; \
2019-10-05 20:41:27 +00:00
go build -buildmode=pie -o /build/registry-v2-schema1 github.com/docker/distribution/cmd/registry; \
;; \
2020-01-10 13:07:01 +00:00
esac
2015-01-21 03:40:19 +00:00
2018-02-27 08:20:55 +00:00
FROM base AS swagger
2020-01-10 13:07:01 +00:00
WORKDIR $GOPATH/src/github.com/go-swagger/go-swagger
2021-08-23 11:57:40 +00:00
# GO_SWAGGER_COMMIT specifies the version of the go-swagger binary to build and
# install. Go-swagger is used in CI for validating swagger.yaml in hack/validate/swagger-gen
#
# Currently uses a fork from https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix,
2019-10-04 01:57:29 +00:00
# TODO: move to under moby/ or fix upstream go-swagger to work for us.
2021-07-02 13:00:47 +00:00
ENV GO_SWAGGER_COMMIT c56166c036004ba7a3a321e5951ba472b9ae298c
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,target=/root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount=type=cache,target=/go/pkg/mod \
2020-01-10 13:07:01 +00:00
--mount=type=tmpfs,target=/go/src/ \
2019-10-05 20:41:27 +00:00
set -x \
2020-01-10 13:07:01 +00:00
&& git clone https://github.com/kolyshkin/go-swagger.git . \
&& git checkout -q "$GO_SWAGGER_COMMIT" \
&& go build -o /build/swagger github.com/go-swagger/go-swagger/cmd/swagger
2016-11-03 17:15:27 +00:00
2020-09-18 22:40:45 +00:00
FROM debian:${BASE_DEBIAN_DISTRO} AS frozen-images
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,sharing=locked,id=moby-frozen-images-aptlib,target=/var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount=type=cache,sharing=locked,id=moby-frozen-images-aptcache,target=/var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
2020-09-18 22:40:45 +00:00
curl \
2019-10-05 20:41:27 +00:00
jq
2015-03-07 01:12:41 +00:00
# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
2017-09-29 21:09:14 +00:00
COPY contrib/download-frozen-image-v2.sh /
2020-09-29 22:39:49 +00:00
ARG TARGETARCH
2018-04-13 18:45:57 +00:00
RUN /download-frozen-image-v2.sh /build \
2020-06-30 03:06:03 +00:00
busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \
2021-08-19 21:40:38 +00:00
debian:bullseye-slim@sha256:dacf278785a4daa9de07596ec739dbc07131e189942772210709c5c0777e8437 \
2020-10-15 23:01:17 +00:00
hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \
arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1
2020-12-02 09:11:57 +00:00
# See also frozenImages in "testutil/environment/protect.go" (which needs to be updated when adding images to this list)
2015-02-28 05:53:36 +00:00
2019-04-16 23:31:49 +00:00
FROM base AS cross-false
2017-09-29 21:09:14 +00:00
2019-10-08 17:54:39 +00:00
FROM --platform=linux/amd64 base AS cross-true
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2019-04-06 00:20:06 +00:00
RUN dpkg --add-architecture arm64
RUN dpkg --add-architecture armel
2019-10-05 20:56:32 +00:00
RUN dpkg --add-architecture armhf
2021-06-15 08:49:04 +00:00
RUN dpkg --add-architecture ppc64el
2021-06-14 09:06:42 +00:00
RUN dpkg --add-architecture s390x
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,sharing=locked,id=moby-cross-true-aptlib,target=/var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount=type=cache,sharing=locked,id=moby-cross-true-aptcache,target=/var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
2019-10-05 20:56:32 +00:00
crossbuild-essential-arm64 \
crossbuild-essential-armel \
2021-06-15 08:49:04 +00:00
crossbuild-essential-armhf \
2021-06-14 09:06:42 +00:00
crossbuild-essential-ppc64el \
crossbuild-essential-s390x
2019-04-16 23:31:49 +00:00
2021-08-23 11:57:40 +00:00
FROM cross-${CROSS} AS dev-base
2019-04-16 23:31:49 +00:00
FROM dev-base AS runtime-dev-cross-false
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,sharing=locked,id=moby-cross-false-aptlib,target=/var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount=type=cache,sharing=locked,id=moby-cross-false-aptcache,target=/var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
2019-11-05 20:11:49 +00:00
binutils-mingw-w64 \
g++-mingw-w64-x86-64 \
2019-10-05 20:41:27 +00:00
libapparmor-dev \
2019-07-17 12:37:56 +00:00
libbtrfs-dev \
2019-11-05 20:11:49 +00:00
libdevmapper-dev \
2021-08-19 19:16:01 +00:00
libseccomp-dev \
2019-11-05 20:11:49 +00:00
libsystemd-dev \
libudev-dev
2019-05-22 23:49:55 +00:00
2019-11-05 20:11:49 +00:00
FROM --platform=linux/amd64 runtime-dev-cross-false AS runtime-dev-cross-true
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2019-04-06 00:20:06 +00:00
# These crossbuild packages rely on gcc-<arch>, but this doesn't want to install
2021-08-19 19:16:01 +00:00
# on non-amd64 systems, so other architectures cannnot crossbuild amd64.
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,sharing=locked,id=moby-cross-true-aptlib,target=/var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount=type=cache,sharing=locked,id=moby-cross-true-aptcache,target=/var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
libapparmor-dev:arm64 \
libapparmor-dev:armel \
2021-06-15 08:49:04 +00:00
libapparmor-dev:armhf \
2021-06-14 09:06:42 +00:00
libapparmor-dev:ppc64el \
2021-08-19 19:32:18 +00:00
libapparmor-dev:s390x \
libseccomp-dev:arm64 \
libseccomp-dev:armel \
libseccomp-dev:armhf \
libseccomp-dev:ppc64el \
libseccomp-dev:s390x
2019-05-22 23:49:55 +00:00
2019-04-06 00:20:06 +00:00
FROM runtime-dev-cross-${CROSS} AS runtime-dev
2017-09-29 21:09:14 +00:00
validate/toml: switch to github.com/pelletier/go-toml
The github.com/BurntSushi/toml project is no longer maintained,
and containerd is switching to this project instead, so start
moving our code as well.
This patch only changes the binary used during validation (tbh,
we could probably remove this validation step, but leaving that
for now).
I manually verified that the hack/verify/toml still works by adding a commit
that makes the MAINTAINERS file invalid;
diff --git a/MAINTAINERS b/MAINTAINERS
index b739e7e20c..81ababd8de 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -23,7 +23,7 @@
# a subsystem, they are responsible for doing so and holding the
# subsystem maintainers accountable. If ownership is unclear, they are the de facto owners.
- people = [
+ people =
"akihirosuda",
"anusha",
"coolljt0725",
Running `hack/verify/toml` was able to detect the broken format;
hack/validate/toml
(27, 4): keys cannot contain , characterThese files are not valid TOML:
- MAINTAINERS
Please reformat the above files as valid TOML
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-02 14:02:34 +00:00
FROM base AS tomll
2021-08-23 11:57:40 +00:00
# GOTOML_VERSION specifies the version of the tomll binary to build and install
# from the https://github.com/pelletier/go-toml repository. This binary is used
# in CI in the hack/validate/toml script.
#
# When updating this version, consider updating the github.com/pelletier/go-toml
# dependency in vendor.conf accordingly.
ARG GOTOML_VERSION=v1.8.1
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,target=/root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount=type=cache,target=/go/pkg/mod \
2021-08-23 11:57:40 +00:00
GOBIN=/build/ GO111MODULE=on go install "github.com/pelletier/go-toml/cmd/tomll@${GOTOML_VERSION}" \
&& /build/tomll --help
2017-09-29 21:09:14 +00:00
2018-02-27 08:20:55 +00:00
FROM base AS vndr
2021-08-23 11:57:40 +00:00
# VNDR_VERSION specifies the version of the vndr tool to build and install
# from the https://github.com/LK4D4/vndr repository.
#
# The vndr tool is used to manage vendored go packages in the vendor directory,
# and is pinned to a fixed version because different versions of this tool
# can result in differences in the (go) files that are considered for vendoring.
ARG VNDR_VERSION=v0.1.2
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,target=/root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount=type=cache,target=/go/pkg/mod \
2021-08-23 11:57:40 +00:00
GOBIN=/build/ GO111MODULE=on go install "github.com/LK4D4/vndr@${VNDR_VERSION}" \
&& /build/vndr --help
2017-09-29 21:09:14 +00:00
2019-04-16 23:31:49 +00:00
FROM dev-base AS containerd
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,sharing=locked,id=moby-containerd-aptlib,target=/var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount=type=cache,sharing=locked,id=moby-containerd-aptcache,target=/var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
2019-07-17 12:37:56 +00:00
libbtrfs-dev
2021-07-26 12:48:52 +00:00
ARG CONTAINERD_VERSION
2021-08-23 11:57:40 +00:00
COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/containerd.installer /
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,target=/root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount=type=cache,target=/go/pkg/mod \
2021-08-23 11:57:40 +00:00
PREFIX=/build /install.sh containerd
2017-09-29 21:09:14 +00:00
2019-08-05 10:32:43 +00:00
FROM base AS golangci_lint
2021-08-23 11:57:40 +00:00
ARG GOLANGCI_LINT_VERSION=v1.23.8
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,target=/root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount=type=cache,target=/go/pkg/mod \
2021-08-23 11:57:40 +00:00
GOBIN=/build/ GO111MODULE=on go install "github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCI_LINT_VERSION}" \
&& /build/golangci-lint --version
2017-09-29 21:09:14 +00:00
2019-07-31 00:07:30 +00:00
FROM base AS gotestsum
2021-08-23 11:57:40 +00:00
ARG GOTESTSUM_VERSION=v1.7.0
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,target=/root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount=type=cache,target=/go/pkg/mod \
2021-08-23 11:57:40 +00:00
GOBIN=/build/ GO111MODULE=on go install "gotest.tools/gotestsum@${GOTESTSUM_VERSION}" \
&& /build/gotestsum --version
2019-07-31 00:07:30 +00:00
2020-02-29 15:31:43 +00:00
FROM base AS shfmt
2021-08-23 11:57:40 +00:00
ARG SHFMT_VERSION=v3.0.2
2020-02-29 15:31:43 +00:00
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
2021-08-23 11:57:40 +00:00
GOBIN=/build/ GO111MODULE=on go install "mvdan.cc/sh/v3/cmd/shfmt@${SHFMT_VERSION}" \
&& /build/shfmt --version
2020-02-29 15:31:43 +00:00
2019-04-16 23:31:49 +00:00
FROM dev-base AS dockercli
2019-09-12 20:22:56 +00:00
ARG DOCKERCLI_CHANNEL
ARG DOCKERCLI_VERSION
2021-08-23 11:57:40 +00:00
COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/dockercli.installer /
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,target=/root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount=type=cache,target=/go/pkg/mod \
2021-08-23 11:57:40 +00:00
PREFIX=/build /install.sh dockercli
2017-09-29 21:09:14 +00:00
FROM runtime-dev AS runc
2021-07-26 12:48:52 +00:00
ARG RUNC_VERSION
2019-09-12 20:22:56 +00:00
ARG RUNC_BUILDTAGS
2021-08-23 11:57:40 +00:00
COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/runc.installer /
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,target=/root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount=type=cache,target=/go/pkg/mod \
2021-08-23 11:57:40 +00:00
PREFIX=/build /install.sh runc
2017-09-29 21:09:14 +00:00
2019-04-16 23:31:49 +00:00
FROM dev-base AS tini
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2021-07-26 12:48:52 +00:00
ARG TINI_VERSION
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
cmake \
vim-common
2021-08-23 11:57:40 +00:00
COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/tini.installer /
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,target=/root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount=type=cache,target=/go/pkg/mod \
2021-08-23 11:57:40 +00:00
PREFIX=/build /install.sh tini
2017-09-29 21:09:14 +00:00
2019-04-16 23:31:49 +00:00
FROM dev-base AS rootlesskit
2021-07-26 12:48:52 +00:00
ARG ROOTLESSKIT_VERSION
2021-08-23 11:57:40 +00:00
ARG PREFIX=/build
COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/rootlesskit.installer /
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,target=/root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount=type=cache,target=/go/pkg/mod \
2021-08-23 11:57:40 +00:00
/install.sh rootlesskit \
&& "${PREFIX}"/rootlesskit --version \
&& "${PREFIX}"/rootlesskit-docker-proxy --help
2018-10-15 07:52:53 +00:00
COPY ./contrib/dockerd-rootless.sh /build
2020-05-11 13:12:50 +00:00
COPY ./contrib/dockerd-rootless-setuptool.sh /build
2017-09-29 21:09:14 +00:00
2021-02-24 05:05:38 +00:00
FROM --platform=amd64 djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-amd64
FROM --platform=arm64 djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-arm64
FROM scratch AS vpnkit
COPY --from=vpnkit-amd64 /vpnkit /build/vpnkit.x86_64
COPY --from=vpnkit-arm64 /vpnkit /build/vpnkit.aarch64
2019-10-05 20:46:49 +00:00
2017-09-29 21:09:14 +00:00
# TODO: Some of this is only really needed for testing, it would be nice to split this up
2020-02-10 17:55:16 +00:00
FROM runtime-dev AS dev-systemd-false
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2017-09-29 21:09:14 +00:00
RUN groupadd -r docker
2020-02-18 09:43:56 +00:00
RUN useradd --create-home --gid docker unprivilegeduser \
&& mkdir -p /home/unprivilegeduser/.local/share/docker \
&& chown -R unprivilegeduser /home/unprivilegeduser
2018-06-29 10:39:36 +00:00
# Let us use a .bashrc file
RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc
2017-06-24 21:51:06 +00:00
# Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH
RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc
2017-06-23 16:05:38 +00:00
RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker
2017-09-29 21:09:14 +00:00
RUN ldconfig
# This should only install packages that are specifically needed for the dev environment and nothing else
# Do you really need to add another package here? Can it be done in a different build stage?
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
apparmor \
bash-completion \
2019-10-05 20:56:32 +00:00
bzip2 \
2021-08-19 19:16:01 +00:00
inetutils-ping \
iproute2 \
2019-10-05 20:41:27 +00:00
iptables \
jq \
libcap2-bin \
2019-10-05 20:56:32 +00:00
libnet1 \
libnl-3-200 \
libprotobuf-c1 \
2019-10-05 20:41:27 +00:00
net-tools \
2020-07-15 11:45:41 +00:00
patch \
2019-10-05 20:41:27 +00:00
pigz \
python3-pip \
python3-setuptools \
python3-wheel \
2020-02-18 09:43:56 +00:00
sudo \
2019-10-05 20:41:27 +00:00
thin-provisioning-tools \
2020-02-18 09:43:56 +00:00
uidmap \
2019-10-05 20:41:27 +00:00
vim \
vim-common \
xfsprogs \
xz-utils \
2020-12-08 09:56:32 +00:00
zip \
zstd
2019-05-22 23:49:55 +00:00
2019-07-30 23:59:02 +00:00
2020-02-25 23:31:07 +00:00
# Switch to use iptables instead of nftables (to match the CI hosts)
# TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824)
2019-07-22 15:22:13 +00:00
RUN update-alternatives --set iptables /usr/sbin/iptables-legacy || true \
&& update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \
&& update-alternatives --set arptables /usr/sbin/arptables-legacy || true
2021-04-15 19:29:20 +00:00
RUN pip3 install yamllint==1.26.1
2019-07-30 23:59:02 +00:00
2019-10-05 21:10:32 +00:00
COPY --from=dockercli /build/ /usr/local/cli
2018-04-13 18:45:57 +00:00
COPY --from=frozen-images /build/ /docker-frozen-images
2019-10-05 21:10:32 +00:00
COPY --from=swagger /build/ /usr/local/bin/
validate/toml: switch to github.com/pelletier/go-toml
The github.com/BurntSushi/toml project is no longer maintained,
and containerd is switching to this project instead, so start
moving our code as well.
This patch only changes the binary used during validation (tbh,
we could probably remove this validation step, but leaving that
for now).
I manually verified that the hack/verify/toml still works by adding a commit
that makes the MAINTAINERS file invalid;
diff --git a/MAINTAINERS b/MAINTAINERS
index b739e7e20c..81ababd8de 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -23,7 +23,7 @@
# a subsystem, they are responsible for doing so and holding the
# subsystem maintainers accountable. If ownership is unclear, they are the de facto owners.
- people = [
+ people =
"akihirosuda",
"anusha",
"coolljt0725",
Running `hack/verify/toml` was able to detect the broken format;
hack/validate/toml
(27, 4): keys cannot contain , characterThese files are not valid TOML:
- MAINTAINERS
Please reformat the above files as valid TOML
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-02 14:02:34 +00:00
COPY --from=tomll /build/ /usr/local/bin/
2019-10-05 21:10:32 +00:00
COPY --from=tini /build/ /usr/local/bin/
COPY --from=registry /build/ /usr/local/bin/
2020-12-02 01:02:42 +00:00
COPY --from=criu /build/ /usr/local/bin/
2019-10-05 21:10:32 +00:00
COPY --from=vndr /build/ /usr/local/bin/
COPY --from=gotestsum /build/ /usr/local/bin/
2019-10-05 20:59:51 +00:00
COPY --from=golangci_lint /build/ /usr/local/bin/
2020-02-29 15:31:43 +00:00
COPY --from=shfmt /build/ /usr/local/bin/
2019-10-05 21:10:32 +00:00
COPY --from=runc /build/ /usr/local/bin/
COPY --from=containerd /build/ /usr/local/bin/
COPY --from=rootlesskit /build/ /usr/local/bin/
2021-02-24 05:05:38 +00:00
COPY --from=vpnkit /build/ /usr/local/bin/
2017-09-29 21:09:14 +00:00
ENV PATH=/usr/local/cli:$PATH
2019-11-05 20:11:49 +00:00
ARG DOCKER_BUILDTAGS
ENV DOCKER_BUILDTAGS="${DOCKER_BUILDTAGS}"
2017-09-29 21:09:14 +00:00
WORKDIR /go/src/github.com/docker/docker
VOLUME /var/lib/docker
2020-02-18 09:43:56 +00:00
VOLUME /home/unprivilegeduser/.local/share/docker
2017-09-29 21:09:14 +00:00
# Wrap all commands in the "docker-in-docker" script to allow nested containers
ENTRYPOINT ["hack/dind"]
2019-10-08 18:17:15 +00:00
2020-02-10 17:55:16 +00:00
FROM dev-systemd-false AS dev-systemd-true
RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
--mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
dbus \
dbus-user-session \
systemd \
systemd-sysv
RUN mkdir -p hack \
&& curl -o hack/dind-systemd https://raw.githubusercontent.com/AkihiroSuda/containerized-systemd/b70bac0daeea120456764248164c21684ade7d0d/docker-entrypoint.sh \
&& chmod +x hack/dind-systemd
ENTRYPOINT ["hack/dind-systemd"]
2020-03-06 06:36:54 +00:00
FROM dev-systemd-${SYSTEMD} AS dev
2019-11-05 21:41:04 +00:00
FROM runtime-dev AS binary-base
2019-05-22 23:49:55 +00:00
ARG DOCKER_GITCOMMIT=HEAD
2019-10-16 17:09:10 +00:00
ENV DOCKER_GITCOMMIT=${DOCKER_GITCOMMIT}
ARG VERSION
ENV VERSION=${VERSION}
ARG PLATFORM
ENV PLATFORM=${PLATFORM}
ARG PRODUCT
ENV PRODUCT=${PRODUCT}
ARG DEFAULT_PRODUCT_LICENSE
ENV DEFAULT_PRODUCT_LICENSE=${DEFAULT_PRODUCT_LICENSE}
2019-11-05 20:11:49 +00:00
ARG DOCKER_BUILDTAGS
ENV DOCKER_BUILDTAGS="${DOCKER_BUILDTAGS}"
2019-11-05 21:41:04 +00:00
ENV PREFIX=/build
2019-11-05 20:11:49 +00:00
# TODO: This is here because hack/make.sh binary copies these extras binaries
# from $PATH into the bundles dir.
# It would be nice to handle this in a different way.
COPY --from=tini /build/ /usr/local/bin/
COPY --from=runc /build/ /usr/local/bin/
COPY --from=containerd /build/ /usr/local/bin/
COPY --from=rootlesskit /build/ /usr/local/bin/
2021-02-24 05:05:38 +00:00
COPY --from=vpnkit /build/ /usr/local/bin/
2019-11-05 21:41:04 +00:00
WORKDIR /go/src/github.com/docker/docker
2019-10-16 17:09:10 +00:00
FROM binary-base AS build-binary
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,target=/root/.cache/go-build \
2019-11-05 21:41:04 +00:00
--mount=type=bind,target=/go/src/github.com/docker/docker \
2019-10-05 20:41:27 +00:00
hack/make.sh binary
2019-05-22 23:49:55 +00:00
2019-10-16 17:09:10 +00:00
FROM binary-base AS build-dynbinary
2019-05-22 23:49:55 +00:00
RUN --mount=type=cache,target=/root/.cache/go-build \
2019-11-05 21:41:04 +00:00
--mount=type=bind,target=/go/src/github.com/docker/docker \
2019-10-05 20:41:27 +00:00
hack/make.sh dynbinary
2019-05-22 23:49:55 +00:00
2019-10-16 17:09:10 +00:00
FROM binary-base AS build-cross
ARG DOCKER_CROSSPLATFORMS
2019-11-05 21:41:04 +00:00
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=bind,target=/go/src/github.com/docker/docker \
2020-01-30 23:31:44 +00:00
--mount=type=tmpfs,target=/go/src/github.com/docker/docker/autogen \
2019-10-05 20:41:27 +00:00
hack/make.sh cross
2019-05-22 23:49:55 +00:00
FROM scratch AS binary
2019-11-05 21:41:04 +00:00
COPY --from=build-binary /build/bundles/ /
2019-05-22 23:49:55 +00:00
FROM scratch AS dynbinary
2019-12-30 21:20:11 +00:00
COPY --from=build-dynbinary /build/bundles/ /
2019-05-22 23:49:55 +00:00
FROM scratch AS cross
2019-12-30 21:20:11 +00:00
COPY --from=build-cross /build/bundles/ /
2018-12-14 01:26:10 +00:00
2020-03-06 06:36:54 +00:00
FROM dev AS final
2019-11-05 21:41:04 +00:00
COPY . /go/src/github.com/docker/docker
