2022-07-02 15:01:57 +00:00
# syntax=docker/dockerfile:1
2013-09-07 02:58:05 +00:00
2022-11-19 01:36:13 +00:00
ARG GO_VERSION = 1 .19.4
ARG BASE_DEBIAN_DISTRO = "bullseye"
ARG GOLANG_IMAGE = " golang: ${ GO_VERSION } - ${ BASE_DEBIAN_DISTRO } "
ARG XX_VERSION = 1 .1.2
ARG VPNKIT_VERSION = 0 .5.0
2022-11-19 13:47:26 +00:00
ARG DOCKERCLI_VERSION = v17.06.2-ce
2022-11-19 01:36:13 +00:00
2020-02-10 17:55:16 +00:00
ARG SYSTEMD = "false"
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND = noninteractive
2022-12-04 01:32:45 +00:00
ARG DOCKER_STATIC = 1
2020-09-18 22:40:45 +00:00
2022-11-19 01:36:13 +00:00
# cross compilation helper
FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
2019-04-06 00:20:06 +00:00
2022-11-19 01:36:28 +00:00
# dummy stage to make sure the image is built for deps that don't support some
# architectures
FROM --platform=$BUILDPLATFORM busybox AS build-dummy
RUN mkdir -p /build
FROM scratch AS binary-dummy
COPY --from= build-dummy /build /build
2022-11-19 01:36:13 +00:00
# base
FROM --platform=$BUILDPLATFORM ${GOLANG_IMAGE} AS base
COPY --from= xx / /
2019-05-22 23:49:55 +00:00
RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
2019-07-16 10:16:56 +00:00
ARG APT_MIRROR
RUN sed -ri " s/(httpredir|deb).debian.org/ ${ APT_MIRROR :- deb .debian.org } /g " /etc/apt/sources.list \
&& sed -ri " s/(security).debian.org/ ${ APT_MIRROR :- security .debian.org } /g " /etc/apt/sources.list
2022-11-19 01:36:13 +00:00
ARG DEBIAN_FRONTEND
RUN apt-get update && apt-get install --no-install-recommends -y file
2019-09-11 07:36:53 +00:00
ENV GO111MODULE = off
2016-11-20 22:14:51 +00:00
2017-09-29 21:09:14 +00:00
FROM base AS criu
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2021-09-27 11:34:41 +00:00
ADD --chmod= 0644 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/Release.key /etc/apt/trusted.gpg.d/criu.gpg.asc
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,sharing= locked,id= moby-criu-aptlib,target= /var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount= type = cache,sharing= locked,id= moby-criu-aptcache,target= /var/cache/apt \
2021-09-27 11:34:41 +00:00
echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/ /' > /etc/apt/sources.list.d/criu.list \
2020-12-02 01:02:42 +00:00
&& apt-get update \
&& apt-get install -y --no-install-recommends criu \
&& install -D /usr/sbin/criu /build/criu
2017-09-29 21:09:14 +00:00
2022-11-19 14:46:35 +00:00
# registry
FROM base AS registry-src
WORKDIR /usr/src/registry
RUN git init . && git remote add origin "https://github.com/distribution/distribution.git"
2018-02-27 08:20:55 +00:00
FROM base AS registry
2020-01-10 13:07:01 +00:00
WORKDIR /go/src/github.com/docker/distribution
2021-09-24 14:47:18 +00:00
# REGISTRY_VERSION specifies the version of the registry to build and install
2021-08-23 11:57:40 +00:00
# from the https://github.com/docker/distribution repository. This version of
# the registry is used to test both schema 1 and schema 2 manifests. Generally,
# the version specified here should match a current release.
2021-09-24 14:47:18 +00:00
ARG REGISTRY_VERSION = v2.3.0
2022-03-01 06:26:35 +00:00
# REGISTRY_VERSION_SCHEMA1 specifies the version of the registry to build and
2021-08-23 11:57:40 +00:00
# install from the https://github.com/docker/distribution repository. This is
# an older (pre v2.3.0) version of the registry that only supports schema1
# manifests. This version of the registry is not working on arm64, so installation
# is skipped on that architecture.
2021-09-24 14:47:18 +00:00
ARG REGISTRY_VERSION_SCHEMA1 = v2.1.0
2022-11-19 14:46:35 +00:00
ARG TARGETPLATFORM
RUN --mount= from = registry-src,src= /usr/src/registry,rw \
--mount= type = cache,target= /root/.cache/go-build,id= registry-build-$TARGETPLATFORM \
2019-10-05 20:41:27 +00:00
--mount= type = cache,target= /go/pkg/mod \
2022-11-19 14:46:35 +00:00
--mount= type = tmpfs,target= /go/src <<EOT
set -ex
git fetch -q --depth 1 origin " ${ REGISTRY_VERSION } " +refs/tags/*:refs/tags/*
git checkout -q FETCH_HEAD
export GOPATH = " /go/src/github.com/docker/distribution/Godeps/_workspace: $GOPATH "
CGO_ENABLED = 0 xx-go build -o /build/registry-v2 -v ./cmd/registry
xx-verify /build/registry-v2
case $TARGETPLATFORM in
linux/amd64| linux/arm/v7| linux/ppc64le| linux/s390x)
git fetch -q --depth 1 origin " ${ REGISTRY_VERSION_SCHEMA1 } " +refs/tags/*:refs/tags/*
git checkout -q FETCH_HEAD
CGO_ENABLED = 0 xx-go build -o /build/registry-v2-schema1 -v ./cmd/registry
xx-verify /build/registry-v2-schema1
; ;
esac
EOT
2015-01-21 03:40:19 +00:00
2022-11-26 15:37:23 +00:00
# go-swagger
FROM base AS swagger-src
WORKDIR /usr/src/swagger
# Currently uses a fork from https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix
# TODO: move to under moby/ or fix upstream go-swagger to work for us.
RUN git init . && git remote add origin "https://github.com/kolyshkin/go-swagger.git"
2021-08-23 11:57:40 +00:00
# GO_SWAGGER_COMMIT specifies the version of the go-swagger binary to build and
# install. Go-swagger is used in CI for validating swagger.yaml in hack/validate/swagger-gen
2022-11-26 15:37:23 +00:00
ARG GO_SWAGGER_COMMIT = c56166c036004ba7a3a321e5951ba472b9ae298c
RUN git fetch -q --depth 1 origin " ${ GO_SWAGGER_COMMIT } " && git checkout -q FETCH_HEAD
FROM base AS swagger
WORKDIR /go/src/github.com/go-swagger/go-swagger
ARG TARGETPLATFORM
RUN --mount= from = swagger-src,src= /usr/src/swagger,rw \
--mount= type = cache,target= /root/.cache/go-build,id= swagger-build-$TARGETPLATFORM \
2019-10-05 20:41:27 +00:00
--mount= type = cache,target= /go/pkg/mod \
2022-11-26 15:37:23 +00:00
--mount= type = tmpfs,target= /go/src/ <<EOT
set -e
xx-go build -o /build/swagger ./cmd/swagger
xx-verify /build/swagger
EOT
2016-11-03 17:15:27 +00:00
2022-09-08 14:13:41 +00:00
# frozen-images
# See also frozenImages in "testutil/environment/protect.go" (which needs to
# be updated when adding images to this list)
2020-09-18 22:40:45 +00:00
FROM debian:${BASE_DEBIAN_DISTRO} AS frozen-images
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,sharing= locked,id= moby-frozen-images-aptlib,target= /var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount= type = cache,sharing= locked,id= moby-frozen-images-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
2020-09-18 22:40:45 +00:00
curl \
2019-10-05 20:41:27 +00:00
jq
2015-03-07 01:12:41 +00:00
# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
2017-09-29 21:09:14 +00:00
COPY contrib/download-frozen-image-v2.sh /
2020-09-29 22:39:49 +00:00
ARG TARGETARCH
2022-09-08 14:13:41 +00:00
ARG TARGETVARIANT
2018-04-13 18:45:57 +00:00
RUN /download-frozen-image-v2.sh /build \
2020-06-30 03:06:03 +00:00
busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \
2021-08-19 21:40:38 +00:00
debian:bullseye-slim@sha256:dacf278785a4daa9de07596ec739dbc07131e189942772210709c5c0777e8437 \
2020-10-15 23:01:17 +00:00
hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \
arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1
2015-02-28 05:53:36 +00:00
2022-11-26 15:41:16 +00:00
# delve
FROM base AS delve-src
WORKDIR /usr/src/delve
RUN git init . && git remote add origin "https://github.com/go-delve/delve.git"
2022-02-20 18:21:10 +00:00
# DELVE_VERSION specifies the version of the Delve debugger binary
# from the https://github.com/go-delve/delve repository.
# It can be used to run Docker with a possibility of
# attaching debugger to it.
2022-12-07 01:53:08 +00:00
ARG DELVE_VERSION = v1.9.1
2022-11-26 15:41:16 +00:00
RUN git fetch -q --depth 1 origin " ${ DELVE_VERSION } " +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
FROM base AS delve-build
WORKDIR /usr/src/delve
ARG TARGETPLATFORM
RUN --mount= from = delve-src,src= /usr/src/delve,rw \
--mount= type = cache,target= /root/.cache/go-build,id= delve-build-$TARGETPLATFORM \
--mount= type = cache,target= /go/pkg/mod <<EOT
set -e
GO111MODULE = on xx-go build -o /build/dlv ./cmd/dlv
xx-verify /build/dlv
EOT
# delve is currently only supported on linux/amd64 and linux/arm64;
2022-07-02 13:39:02 +00:00
# https://github.com/go-delve/delve/blob/v1.8.1/pkg/proc/native/support_sentinel.go#L1-L6
2022-11-26 15:41:16 +00:00
FROM binary-dummy AS delve-windows
FROM binary-dummy AS delve-linux-arm
FROM binary-dummy AS delve-linux-ppc64le
FROM binary-dummy AS delve-linux-s390x
FROM delve-build AS delve-linux-amd64
FROM delve-build AS delve-linux-arm64
FROM delve-linux-${TARGETARCH} AS delve-linux
FROM delve-${TARGETOS} AS delve
2022-02-20 18:21:10 +00:00
validate/toml: switch to github.com/pelletier/go-toml
The github.com/BurntSushi/toml project is no longer maintained,
and containerd is switching to this project instead, so start
moving our code as well.
This patch only changes the binary used during validation (tbh,
we could probably remove this validation step, but leaving that
for now).
I manually verified that the hack/verify/toml still works by adding a commit
that makes the MAINTAINERS file invalid;
diff --git a/MAINTAINERS b/MAINTAINERS
index b739e7e20c..81ababd8de 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -23,7 +23,7 @@
# a subsystem, they are responsible for doing so and holding the
# subsystem maintainers accountable. If ownership is unclear, they are the de facto owners.
- people = [
+ people =
"akihirosuda",
"anusha",
"coolljt0725",
Running `hack/verify/toml` was able to detect the broken format;
hack/validate/toml
(27, 4): keys cannot contain , characterThese files are not valid TOML:
- MAINTAINERS
Please reformat the above files as valid TOML
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-02 14:02:34 +00:00
FROM base AS tomll
2021-08-23 11:57:40 +00:00
# GOTOML_VERSION specifies the version of the tomll binary to build and install
# from the https://github.com/pelletier/go-toml repository. This binary is used
# in CI in the hack/validate/toml script.
#
# When updating this version, consider updating the github.com/pelletier/go-toml
2021-12-15 19:35:04 +00:00
# dependency in vendor.mod accordingly.
2021-08-23 11:57:40 +00:00
ARG GOTOML_VERSION = v1.8.1
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 11:57:40 +00:00
GOBIN = /build/ GO111MODULE = on go install " github.com/pelletier/go-toml/cmd/tomll@ ${ GOTOML_VERSION } " \
&& /build/tomll --help
2017-09-29 21:09:14 +00:00
2022-04-14 17:52:23 +00:00
FROM base AS gowinres
# GOWINRES_VERSION defines go-winres tool version
2022-11-17 16:32:06 +00:00
ARG GOWINRES_VERSION = v0.3.0
2022-04-14 17:52:23 +00:00
RUN --mount= type = cache,target= /root/.cache/go-build \
--mount= type = cache,target= /go/pkg/mod \
GOBIN = /build/ GO111MODULE = on go install " github.com/tc-hib/go-winres@ ${ GOWINRES_VERSION } " \
&& /build/go-winres --help
2022-11-26 02:22:30 +00:00
# containerd
FROM base AS containerd-src
WORKDIR /usr/src/containerd
RUN git init . && git remote add origin "https://github.com/containerd/containerd.git"
# CONTAINERD_VERSION is used to build containerd binaries, and used for the
# integration tests. The distributed docker .deb and .rpm packages depend on a
# separate (containerd.io) package, which may be a different version as is
# specified here. The containerd golang package is also pinned in vendor.mod.
# When updating the binary version you may also need to update the vendor
# version to pick up bug fixes or new APIs, however, usually the Go packages
# are built from a commit from the master branch.
2022-12-15 15:56:17 +00:00
ARG CONTAINERD_VERSION = v1.7.0-beta.1
2022-11-26 02:22:30 +00:00
RUN git fetch -q --depth 1 origin " ${ CONTAINERD_VERSION } " +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
FROM base AS containerd-build
WORKDIR /go/src/github.com/containerd/containerd
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2022-11-26 02:22:30 +00:00
ARG TARGETPLATFORM
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,sharing= locked,id= moby-containerd-aptlib,target= /var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount= type = cache,sharing= locked,id= moby-containerd-aptcache,target= /var/cache/apt \
2022-11-26 02:22:30 +00:00
apt-get update && xx-apt-get install -y --no-install-recommends \
gcc libbtrfs-dev libsecret-1-dev
ARG DOCKER_STATIC
RUN --mount= from = containerd-src,src= /usr/src/containerd,rw \
--mount= type = cache,target= /root/.cache/go-build,id= containerd-build-$TARGETPLATFORM <<EOT
set -e
export CC = $( xx-info) -gcc
export CGO_ENABLED = $( [ " $DOCKER_STATIC " = "1" ] && echo "0" || echo "1" )
xx-go --wrap
make $( [ " $DOCKER_STATIC " = "1" ] && echo "STATIC=1" ) binaries
xx-verify $( [ " $DOCKER_STATIC " = "1" ] && echo "--static" ) bin/containerd
xx-verify $( [ " $DOCKER_STATIC " = "1" ] && echo "--static" ) bin/containerd-shim-runc-v2
xx-verify $( [ " $DOCKER_STATIC " = "1" ] && echo "--static" ) bin/ctr
mkdir /build
mv bin/containerd bin/containerd-shim-runc-v2 bin/ctr /build
EOT
FROM containerd-build AS containerd-linux
FROM binary-dummy AS containerd-windows
FROM containerd-${TARGETOS} AS containerd
2017-09-29 21:09:14 +00:00
2019-08-05 10:32:43 +00:00
FROM base AS golangci_lint
2022-09-03 21:20:23 +00:00
# FIXME: when updating golangci-lint, remove the temporary "nolint" in https://github.com/moby/moby/blob/7860686a8df15eea9def9e6189c6f9eca031bb6f/libnetwork/networkdb/cluster.go#L246
ARG GOLANGCI_LINT_VERSION = v1.49.0
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 11:57:40 +00:00
GOBIN = /build/ GO111MODULE = on go install " github.com/golangci/golangci-lint/cmd/golangci-lint@ ${ GOLANGCI_LINT_VERSION } " \
&& /build/golangci-lint --version
2017-09-29 21:09:14 +00:00
2019-07-31 00:07:30 +00:00
FROM base AS gotestsum
2022-11-17 16:05:20 +00:00
ARG GOTESTSUM_VERSION = v1.8.2
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 11:57:40 +00:00
GOBIN = /build/ GO111MODULE = on go install " gotest.tools/gotestsum@ ${ GOTESTSUM_VERSION } " \
&& /build/gotestsum --version
2019-07-31 00:07:30 +00:00
2020-02-29 15:31:43 +00:00
FROM base AS shfmt
2021-08-23 11:57:40 +00:00
ARG SHFMT_VERSION = v3.0.2
2020-02-29 15:31:43 +00:00
RUN --mount= type = cache,target= /root/.cache/go-build \
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 11:57:40 +00:00
GOBIN = /build/ GO111MODULE = on go install " mvdan.cc/sh/v3/cmd/shfmt@ ${ SHFMT_VERSION } " \
&& /build/shfmt --version
2020-02-29 15:31:43 +00:00
2022-11-19 13:47:26 +00:00
# dockercli
FROM base AS dockercli-src
WORKDIR /tmp/dockercli
RUN git init . && git remote add origin "https://github.com/docker/cli.git"
2019-09-12 20:22:56 +00:00
ARG DOCKERCLI_VERSION
2022-11-19 13:47:26 +00:00
RUN git fetch -q --depth 1 origin " ${ DOCKERCLI_VERSION } " +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
RUN [ -d ./components/cli ] && mv ./components/cli /usr/src/dockercli || mv /tmp/dockercli /usr/src/dockercli
WORKDIR /usr/src/dockercli
FROM base AS dockercli
WORKDIR /go/src/github.com/docker/cli
ARG DOCKERCLI_VERSION
ARG DOCKERCLI_CHANNEL = stable
ARG TARGETPLATFORM
RUN xx-apt-get install -y --no-install-recommends gcc libc6-dev
RUN --mount= from = dockercli-src,src= /usr/src/dockercli,rw \
--mount= type = cache,target= /root/.cache/go-build,id= dockercli-build-$TARGETPLATFORM <<EOT
set -e
DOWNLOAD_URL = " https://download.docker.com/linux/static/ ${ DOCKERCLI_CHANNEL } / $( xx-info march) /docker- ${ DOCKERCLI_VERSION #v } .tgz "
if curl --head --silent --fail " ${ DOWNLOAD_URL } " 1>/dev/null 2>& 1; then
mkdir /build
curl -Ls " ${ DOWNLOAD_URL } " | tar -xz docker/docker
mv docker/docker /build/docker
else
CGO_ENABLED = 0 xx-go build -o /build/docker ./cmd/docker
fi
xx-verify /build/docker
EOT
2017-09-29 21:09:14 +00:00
2022-11-19 01:22:09 +00:00
# runc
FROM base AS runc-src
WORKDIR /usr/src/runc
RUN git init . && git remote add origin "https://github.com/opencontainers/runc.git"
# RUNC_VERSION should match the version that is used by the containerd version
# that is used. If you need to update runc, open a pull request in the containerd
# project first, and update both after that is merged. When updating RUNC_VERSION,
# consider updating runc in vendor.mod accordingly.
ARG RUNC_VERSION = v1.1.4
RUN git fetch -q --depth 1 origin " ${ RUNC_VERSION } " +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
FROM base AS runc-build
WORKDIR /go/src/github.com/opencontainers/runc
ARG DEBIAN_FRONTEND
ARG TARGETPLATFORM
RUN --mount= type = cache,sharing= locked,id= moby-runc-aptlib,target= /var/lib/apt \
--mount= type = cache,sharing= locked,id= moby-runc-aptcache,target= /var/cache/apt \
apt-get update && xx-apt-get install -y --no-install-recommends \
dpkg-dev gcc libc6-dev libseccomp-dev
ARG DOCKER_STATIC
RUN --mount= from = runc-src,src= /usr/src/runc,rw \
--mount= type = cache,target= /root/.cache/go-build,id= runc-build-$TARGETPLATFORM <<EOT
set -e
xx-go --wrap
CGO_ENABLED = 1 make " $( [ " $DOCKER_STATIC " = "1" ] && echo "static" || echo "runc" ) "
xx-verify $( [ " $DOCKER_STATIC " = "1" ] && echo "--static" ) runc
mkdir /build
mv runc /build/
EOT
FROM runc-build AS runc-linux
FROM binary-dummy AS runc-windows
FROM runc-${TARGETOS} AS runc
2017-09-29 21:09:14 +00:00
2022-11-19 01:33:28 +00:00
# tini
FROM base AS tini-src
WORKDIR /usr/src/tini
RUN git init . && git remote add origin "https://github.com/krallin/tini.git"
# TINI_VERSION specifies the version of tini (docker-init) to build. This
# binary is used when starting containers with the `--init` option.
ARG TINI_VERSION = v0.19.0
RUN git fetch -q --depth 1 origin " ${ TINI_VERSION } " +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
FROM base AS tini-build
WORKDIR /go/src/github.com/krallin/tini
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,sharing= locked,id= moby-tini-aptlib,target= /var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount= type = cache,sharing= locked,id= moby-tini-aptcache,target= /var/cache/apt \
2022-11-19 01:33:28 +00:00
apt-get update && apt-get install -y --no-install-recommends cmake
ARG TARGETPLATFORM
RUN --mount= type = cache,sharing= locked,id= moby-tini-aptlib,target= /var/lib/apt \
--mount= type = cache,sharing= locked,id= moby-tini-aptcache,target= /var/cache/apt \
xx-apt-get install -y --no-install-recommends \
gcc libc6-dev
RUN --mount= from = tini-src,src= /usr/src/tini,rw \
--mount= type = cache,target= /root/.cache/go-build,id= tini-build-$TARGETPLATFORM <<EOT
set -e
CC = $( xx-info) -gcc cmake .
make tini-static
xx-verify --static tini-static
mkdir /build
mv tini-static /build/docker-init
EOT
FROM tini-build AS tini-linux
FROM binary-dummy AS tini-windows
FROM tini-${TARGETOS} AS tini
2017-09-29 21:09:14 +00:00
2022-11-19 02:27:58 +00:00
# rootlesskit
FROM base AS rootlesskit-src
WORKDIR /usr/src/rootlesskit
RUN git init . && git remote add origin "https://github.com/rootless-containers/rootlesskit.git"
# When updating, also update rootlesskit commit in vendor.mod accordingly.
ARG ROOTLESSKIT_VERSION = v1.1.0
RUN git fetch -q --depth 1 origin " ${ ROOTLESSKIT_VERSION } " +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
FROM base AS rootlesskit-build
WORKDIR /go/src/github.com/rootless-containers/rootlesskit
ARG DEBIAN_FRONTEND
ARG TARGETPLATFORM
RUN --mount= type = cache,sharing= locked,id= moby-rootlesskit-aptlib,target= /var/lib/apt \
--mount= type = cache,sharing= locked,id= moby-rootlesskit-aptcache,target= /var/cache/apt \
apt-get update && xx-apt-get install -y --no-install-recommends \
gcc libc6-dev
ENV GO111MODULE = on
ARG DOCKER_STATIC
RUN --mount= from = rootlesskit-src,src= /usr/src/rootlesskit,rw \
2019-10-05 20:41:27 +00:00
--mount= type = cache,target= /go/pkg/mod \
2022-11-19 02:27:58 +00:00
--mount= type = cache,target= /root/.cache/go-build,id= rootlesskit-build-$TARGETPLATFORM <<EOT
set -e
export CGO_ENABLED = $( [ " $DOCKER_STATIC " = "1" ] && echo "0" || echo "1" )
xx-go build -o /build/rootlesskit -ldflags= " $( [ " $DOCKER_STATIC " != "1" ] && echo "-linkmode=external" ) " ./cmd/rootlesskit
xx-verify $( [ " $DOCKER_STATIC " = "1" ] && echo "--static" ) /build/rootlesskit
xx-go build -o /build/rootlesskit-docker-proxy -ldflags= " $( [ " $DOCKER_STATIC " != "1" ] && echo "-linkmode=external" ) " ./cmd/rootlesskit-docker-proxy
xx-verify $( [ " $DOCKER_STATIC " = "1" ] && echo "--static" ) /build/rootlesskit-docker-proxy
EOT
COPY ./contrib/dockerd-rootless.sh /build/
COPY ./contrib/dockerd-rootless-setuptool.sh /build/
FROM rootlesskit-build AS rootlesskit-linux
FROM binary-dummy AS rootlesskit-windows
FROM rootlesskit-${TARGETOS} AS rootlesskit
2017-09-29 21:09:14 +00:00
2022-06-10 21:19:40 +00:00
FROM base AS crun
ARG CRUN_VERSION = 1 .4.5
RUN --mount= type = cache,sharing= locked,id= moby-crun-aptlib,target= /var/lib/apt \
--mount= type = cache,sharing= locked,id= moby-crun-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
autoconf \
automake \
build-essential \
libcap-dev \
libprotobuf-c-dev \
libseccomp-dev \
libsystemd-dev \
libtool \
libudev-dev \
libyajl-dev \
python3 \
;
RUN --mount= type = tmpfs,target= /tmp/crun-build \
git clone https://github.com/containers/crun.git /tmp/crun-build && \
cd /tmp/crun-build && \
git checkout -q " ${ CRUN_VERSION } " && \
./autogen.sh && \
./configure --bindir= /build && \
make -j install
2022-11-17 23:23:20 +00:00
# vpnkit
# use dummy scratch stage to avoid build to fail for unsupported platforms
FROM scratch AS vpnkit-windows
FROM scratch AS vpnkit-linux-386
FROM scratch AS vpnkit-linux-arm
FROM scratch AS vpnkit-linux-ppc64le
FROM scratch AS vpnkit-linux-riscv64
FROM scratch AS vpnkit-linux-s390x
FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-amd64
FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-arm64
FROM vpnkit-linux-${TARGETARCH} AS vpnkit-linux
FROM vpnkit-${TARGETOS} AS vpnkit
2019-10-05 20:46:49 +00:00
2022-11-26 15:33:32 +00:00
# containerutility
FROM base AS containerutil-src
WORKDIR /usr/src/containerutil
RUN git init . && git remote add origin "https://github.com/docker-archive/windows-container-utility.git"
ARG CONTAINERUTILITY_VERSION = aa1ba87e99b68e0113bd27ec26c60b88f9d4ccd9
RUN git fetch -q --depth 1 origin " ${ CONTAINERUTILITY_VERSION } " +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
FROM base AS containerutil-build
WORKDIR /usr/src/containerutil
ARG TARGETPLATFORM
RUN xx-apt-get install -y --no-install-recommends gcc g++ libc6-dev
RUN --mount= from = containerutil-src,src= /usr/src/containerutil,rw \
--mount= type = cache,target= /root/.cache/go-build,id= containerutil-build-$TARGETPLATFORM <<EOT
set -e
CC = " $( xx-info) -gcc " CXX = " $( xx-info) -g++ " make
xx-verify --static containerutility.exe
mkdir /build
mv containerutility.exe /build/
EOT
FROM binary-dummy AS containerutil-linux
FROM containerutil-build AS containerutil-windows-amd64
FROM containerutil-windows-${TARGETARCH} AS containerutil-windows
FROM containerutil-${TARGETOS} AS containerutil
2023-01-01 16:47:17 +00:00
FROM base AS dev-systemd-false
COPY --from= dockercli /build/ /usr/local/cli
COPY --from= frozen-images /build/ /docker-frozen-images
COPY --from= swagger /build/ /usr/local/bin/
COPY --from= delve /build/ /usr/local/bin/
COPY --from= tomll /build/ /usr/local/bin/
COPY --from= gowinres /build/ /usr/local/bin/
COPY --from= tini /build/ /usr/local/bin/
COPY --from= registry /build/ /usr/local/bin/
COPY --from= criu /build/ /usr/local/bin/
COPY --from= gotestsum /build/ /usr/local/bin/
COPY --from= golangci_lint /build/ /usr/local/bin/
COPY --from= shfmt /build/ /usr/local/bin/
COPY --from= runc /build/ /usr/local/bin/
COPY --from= containerd /build/ /usr/local/bin/
COPY --from= rootlesskit /build/ /usr/local/bin/
COPY --from= vpnkit / /usr/local/bin/
COPY --from= containerutil /build/ /usr/local/bin/
COPY --from= crun /build/ /usr/local/bin/
COPY hack/dockerfile/etc/docker/ /etc/docker/
ENV PATH = /usr/local/cli:$PATH
WORKDIR /go/src/github.com/docker/docker
VOLUME /var/lib/docker
VOLUME /home/unprivilegeduser/.local/share/docker
# Wrap all commands in the "docker-in-docker" script to allow nested containers
ENTRYPOINT [ "hack/dind" ]
FROM dev-systemd-false AS dev-systemd-true
RUN --mount= type = cache,sharing= locked,id= moby-dev-aptlib,target= /var/lib/apt \
--mount= type = cache,sharing= locked,id= moby-dev-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
dbus \
dbus-user-session \
systemd \
systemd-sysv
ENTRYPOINT [ "hack/dind-systemd" ]
2022-12-26 16:55:57 +00:00
FROM dev-systemd-${SYSTEMD} AS dev-base
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2017-09-29 21:09:14 +00:00
RUN groupadd -r docker
2020-02-18 09:43:56 +00:00
RUN useradd --create-home --gid docker unprivilegeduser \
&& mkdir -p /home/unprivilegeduser/.local/share/docker \
&& chown -R unprivilegeduser /home/unprivilegeduser
2018-06-29 10:39:36 +00:00
# Let us use a .bashrc file
RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc
2017-06-24 21:51:06 +00:00
# Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH
RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc
2017-06-23 16:05:38 +00:00
RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker
2017-09-29 21:09:14 +00:00
RUN ldconfig
# This should only install packages that are specifically needed for the dev environment and nothing else
# Do you really need to add another package here? Can it be done in a different build stage?
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,sharing= locked,id= moby-dev-aptlib,target= /var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount= type = cache,sharing= locked,id= moby-dev-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
apparmor \
bash-completion \
2019-10-05 20:56:32 +00:00
bzip2 \
2021-08-19 19:16:01 +00:00
inetutils-ping \
iproute2 \
2019-10-05 20:41:27 +00:00
iptables \
jq \
libcap2-bin \
2019-10-05 20:56:32 +00:00
libnet1 \
libnl-3-200 \
libprotobuf-c1 \
2022-06-10 21:19:40 +00:00
libyajl2 \
2019-10-05 20:41:27 +00:00
net-tools \
2020-07-15 11:45:41 +00:00
patch \
2019-10-05 20:41:27 +00:00
pigz \
python3-pip \
python3-setuptools \
python3-wheel \
2020-02-18 09:43:56 +00:00
sudo \
2022-02-02 21:39:35 +00:00
systemd-journal-remote \
2019-10-05 20:41:27 +00:00
thin-provisioning-tools \
2020-02-18 09:43:56 +00:00
uidmap \
2019-10-05 20:41:27 +00:00
vim \
vim-common \
xfsprogs \
xz-utils \
2020-12-08 09:56:32 +00:00
zip \
zstd
2020-02-25 23:31:07 +00:00
# Switch to use iptables instead of nftables (to match the CI hosts)
# TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824)
2019-07-22 15:22:13 +00:00
RUN update-alternatives --set iptables /usr/sbin/iptables-legacy || true \
&& update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \
&& update-alternatives --set arptables /usr/sbin/arptables-legacy || true
2022-08-26 07:21:29 +00:00
ARG YAMLLINT_VERSION = 1 .27.1
RUN pip3 install yamllint = = ${ YAMLLINT_VERSION }
2020-02-10 17:55:16 +00:00
RUN --mount= type = cache,sharing= locked,id= moby-dev-aptlib,target= /var/lib/apt \
--mount= type = cache,sharing= locked,id= moby-dev-aptcache,target= /var/cache/apt \
2023-01-01 16:47:17 +00:00
apt-get update && apt-get install --no-install-recommends -y \
gcc \
pkg-config \
dpkg-dev \
libapparmor-dev \
libdevmapper-dev \
libseccomp-dev \
libsecret-1-dev \
libsystemd-dev \
libudev-dev
2020-03-06 06:36:54 +00:00
2023-01-01 16:47:17 +00:00
FROM base AS build
COPY --from= gowinres /build/ /usr/local/bin/
WORKDIR /go/src/github.com/docker/docker
ENV GO111MODULE = off
ENV CGO_ENABLED = 1
ARG DEBIAN_FRONTEND
ARG TARGETPLATFORM
RUN --mount= type = cache,sharing= locked,id= moby-build-aptlib,target= /var/lib/apt \
--mount= type = cache,sharing= locked,id= moby-build-aptcache,target= /var/cache/apt \
xx-apt-get install --no-install-recommends -y \
gcc \
libapparmor-dev \
libc6-dev \
libdevmapper-dev \
libseccomp-dev \
libsecret-1-dev \
libsystemd-dev \
libudev-dev
ARG DOCKER_BUILDTAGS
ARG DOCKER_DEBUG
2019-05-22 23:49:55 +00:00
ARG DOCKER_GITCOMMIT = HEAD
2023-01-01 16:47:17 +00:00
ARG DOCKER_LDFLAGS
ARG DOCKER_STATIC
2019-10-16 17:09:10 +00:00
ARG VERSION
ARG PLATFORM
ARG PRODUCT
ARG DEFAULT_PRODUCT_LICENSE
2022-04-14 17:52:23 +00:00
ARG PACKAGER_NAME
2023-01-01 16:47:17 +00:00
# PREFIX overrides DEST dir in make.sh script otherwise it fails because of
# read only mount in current work dir
ENV PREFIX = /tmp
RUN --mount= type = bind,target= . \
2022-04-14 17:52:23 +00:00
--mount= type = tmpfs,target= cli/winresources/dockerd \
--mount= type = tmpfs,target= cli/winresources/docker-proxy \
2023-01-01 16:47:17 +00:00
--mount= type = cache,target= /root/.cache/go-build,id= moby-build-$TARGETPLATFORM <<EOT
set -e
target = $( [ " $DOCKER_STATIC " = "1" ] && echo "binary" || echo "dynbinary" )
xx-go --wrap
./hack/make.sh $target
2022-12-27 01:45:43 +00:00
xx-verify $( [ " $DOCKER_STATIC " = "1" ] && echo "--static" ) /tmp/bundles/${ target } -daemon/dockerd$( [ " $( xx-info os) " = "windows" ] && echo ".exe" )
xx-verify $( [ " $DOCKER_STATIC " = "1" ] && echo "--static" ) /tmp/bundles/${ target } -daemon/docker-proxy$( [ " $( xx-info os) " = "windows" ] && echo ".exe" )
2023-01-01 16:47:17 +00:00
mkdir /build
mv /tmp/bundles/${ target } -daemon/* /build/
EOT
2019-05-22 23:49:55 +00:00
2023-01-01 16:47:17 +00:00
# usage:
# > docker buildx bake binary
# > DOCKER_STATIC=0 docker buildx bake binary
# or
# > make binary
# > make dynbinary
2019-05-22 23:49:55 +00:00
FROM scratch AS binary
2023-01-01 16:47:17 +00:00
COPY --from= build /build/ /
2018-12-14 01:26:10 +00:00
2022-12-29 14:35:55 +00:00
# usage:
# > docker buildx bake all
FROM scratch AS all
COPY --from= tini /build/ /
COPY --from= runc /build/ /
COPY --from= containerd /build/ /
COPY --from= rootlesskit /build/ /
COPY --from= containerutil /build/ /
COPY --from= vpnkit / /
COPY --from= build /build /
2023-01-01 16:47:17 +00:00
# usage:
# > make shell
# > SYSTEMD=true make shell
2022-12-26 16:55:57 +00:00
FROM dev-base AS dev
2023-01-01 16:47:17 +00:00
COPY . .