From 69f9d4564249d0cace81d7a1ff8e050eb341275a Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Mon, 20 Dec 2021 15:13:49 -0500 Subject: [PATCH 1/3] cleanup: Correctly use buildx TARGETARCH --- deploy/Dockerfile | 22 ++++++++-------------- deploy/Dockerfile_debug | 23 +++++++---------------- deploy/Dockerfile_slim | 14 ++++---------- deploy/Dockerfile_warmer | 22 +++++++--------------- 4 files changed, 26 insertions(+), 55 deletions(-) diff --git a/deploy/Dockerfile b/deploy/Dockerfile index 8021977f9b..e85cbef58b 100644 --- a/deploy/Dockerfile +++ b/deploy/Dockerfile @@ -14,20 +14,14 @@ # Builds the static Go image to execute in a Kubernetes job -FROM golang:1.15 -ARG GOARCH=amd64 +FROM golang:1.17 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko -RUN echo $GOARCH > /goarch - -#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc. -ARG TARGETPLATFORM - -#Capture ARCH has write to /goarch -RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM | awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH" +# This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.) +ARG TARGETARCH # Get GCR credential helper -RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ +RUN GOARCH=$TARGETARCH && CGO_ENABLED=0 && \ (mkdir -p /go/src/github.com/GoogleCloudPlatform || true) && \ cd /go/src/github.com/GoogleCloudPlatform && \ git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \ @@ -38,11 +32,11 @@ RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ # Get Amazon ECR credential helper -RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ +RUN GOARCH=$TARGETARCH && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper # ACR docker env credential helper -RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) && \ +RUN GOARCH=$TARGETARCH && (mkdir -p /go/src/github.com/chrismellard || true) && \ cd /go/src/github.com/chrismellard && \ git clone https://github.com/chrismellard/docker-credential-acr-env && \ cd docker-credential-acr-env && \ @@ -52,7 +46,7 @@ RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) RUN mkdir -p /kaniko/.docker COPY . . -RUN make GOARCH=$(cat /goarch) +RUN make GOARCH=$TARGETARCH # Generate latest ca-certificates @@ -79,4 +73,4 @@ ENV DOCKER_CONFIG /kaniko/.docker/ ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json WORKDIR /workspace -ENTRYPOINT ["/kaniko/executor"] \ No newline at end of file +ENTRYPOINT ["/kaniko/executor"] diff --git a/deploy/Dockerfile_debug b/deploy/Dockerfile_debug index 64833c79a5..7d630d3d90 100644 --- a/deploy/Dockerfile_debug +++ b/deploy/Dockerfile_debug @@ -15,22 +15,14 @@ # Builds the static Go image to execute in a Kubernetes job # Stage 0: Build the executor binary and get credential helpers -FROM golang:1.14 -ARG GOARCH=amd64 +FROM golang:1.17 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko -RUN echo $GOARCH > /goarch - -#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc. -ARG TARGETPLATFORM - -#Capture ARCH has write to /goarch -RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM | awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH" -RUN echo "I am runninng $TARGETPLATFORM with with $(cat /goarch)" -RUN cat /goarch +# This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.) +ARG TARGETARCH # Get GCR credential helper -RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ +RUN GOARCH=$TARGETARCH && CGO_ENABLED=0 && \ (mkdir -p /go/src/github.com/GoogleCloudPlatform || true) && \ cd /go/src/github.com/GoogleCloudPlatform && \ git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \ @@ -39,13 +31,12 @@ RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ go get -u -t ./... && \ go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go - # Get Amazon ECR credential helper -RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ +RUN GOARCH=$TARGETARCH && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper # Azure docker env credential helper -RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) && \ +RUN GOARCH=$TARGETARCH && (mkdir -p /go/src/github.com/chrismellard || true) && \ cd /go/src/github.com/chrismellard && \ git clone https://github.com/chrismellard/docker-credential-acr-env && \ cd docker-credential-acr-env && \ @@ -55,7 +46,7 @@ RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) RUN mkdir -p /kaniko/.docker COPY . . -RUN make GOARCH=$(cat /goarch) && make GOARCH=$(cat /goarch) out/warmer +RUN make GOARCH=$TARGETARCH && make GOARCH=$TARGETARCH out/warmer # Generate latest ca-certificates diff --git a/deploy/Dockerfile_slim b/deploy/Dockerfile_slim index 2c6af095cf..9c2d06e9c2 100644 --- a/deploy/Dockerfile_slim +++ b/deploy/Dockerfile_slim @@ -13,21 +13,15 @@ # limitations under the License. # Builds the static Go image to execute in a Kubernetes job -FROM golang:1.15 as build_env -ARG GOARCH=amd64 -RUN echo $GOARCH > /goarch +FROM golang:1.17 as build_env -#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc. -ARG TARGETPLATFORM - -#Capture ARCH has write to /goarch -RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM | awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH" -RUN echo "I am runninng $TARGETPLATFORM with $(cat /goarch)" +# This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.) +ARG TARGETARCH WORKDIR /go/src/github.com/GoogleContainerTools/kaniko COPY . . -RUN make GOARCH=$(cat /goarch) +RUN make GOARCH=$TARGETARCH # Generate latest ca-certificates diff --git a/deploy/Dockerfile_warmer b/deploy/Dockerfile_warmer index acb22fb2ed..28de396749 100644 --- a/deploy/Dockerfile_warmer +++ b/deploy/Dockerfile_warmer @@ -12,22 +12,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Builds the static Go image to execute in a Kubernetes job - -FROM golang:1.15 -ARG GOARCH=amd64 +FROM golang:1.17 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko -RUN echo $GOARCH > /goarch - -#This arg is passed by docker buildx & contains the platform info in the form linux/amd64, linux/ppc64le etc. -ARG TARGETPLATFORM -#Capture ARCH has write to /goarch -RUN [ ! "x" = "x$TARGETPLATFORM" ] && `echo $TARGETPLATFORM | awk '{split($0,a,"/"); print a[2]}' > /goarch` || echo "$GOARCH" -RUN echo "I am runninng $TARGETPLATFORM with $(cat /goarch)" +# This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.) +ARG TARGETARCH # Get GCR credential helper -RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ +RUN GOARCH=$TARGETARCH && CGO_ENABLED=0 && \ (mkdir -p /go/src/github.com/GoogleCloudPlatform || true) && \ cd /go/src/github.com/GoogleCloudPlatform && \ git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \ @@ -38,11 +30,11 @@ RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ # Get Amazon ECR credential helper -RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ +RUN GOARCH=$TARGETARCH && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper # ACR docker env credential helper -RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) && \ +RUN GOARCH=$TARGETARCH && (mkdir -p /go/src/github.com/chrismellard || true) && \ cd /go/src/github.com/chrismellard && \ git clone https://github.com/chrismellard/docker-credential-acr-env && \ cd docker-credential-acr-env && \ @@ -52,7 +44,7 @@ RUN GOARCH=$(cat /goarch) && (mkdir -p /go/src/github.com/chrismellard || true) RUN mkdir -p /kaniko/.docker COPY . . -RUN make GOARCH=$(cat /goarch) out/warmer +RUN make GOARCH=$TARGETARCH out/warmer # Generate latest ca-certificates From 7f22772defd291b3f190a16abba3d4e3047a0498 Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Mon, 20 Dec 2021 15:20:48 -0500 Subject: [PATCH 2/3] undo changes to Go version --- deploy/Dockerfile | 2 +- deploy/Dockerfile_debug | 2 +- deploy/Dockerfile_slim | 2 +- deploy/Dockerfile_warmer | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/Dockerfile b/deploy/Dockerfile index e85cbef58b..863095832e 100644 --- a/deploy/Dockerfile +++ b/deploy/Dockerfile @@ -14,7 +14,7 @@ # Builds the static Go image to execute in a Kubernetes job -FROM golang:1.17 +FROM golang:1.15 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko # This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.) diff --git a/deploy/Dockerfile_debug b/deploy/Dockerfile_debug index 7d630d3d90..7a4d2d9a78 100644 --- a/deploy/Dockerfile_debug +++ b/deploy/Dockerfile_debug @@ -15,7 +15,7 @@ # Builds the static Go image to execute in a Kubernetes job # Stage 0: Build the executor binary and get credential helpers -FROM golang:1.17 +FROM golang:1.14 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko # This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.) diff --git a/deploy/Dockerfile_slim b/deploy/Dockerfile_slim index 9c2d06e9c2..741fc5118a 100644 --- a/deploy/Dockerfile_slim +++ b/deploy/Dockerfile_slim @@ -13,7 +13,7 @@ # limitations under the License. # Builds the static Go image to execute in a Kubernetes job -FROM golang:1.17 as build_env +FROM golang:1.15 as build_env # This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.) ARG TARGETARCH diff --git a/deploy/Dockerfile_warmer b/deploy/Dockerfile_warmer index 28de396749..b4c7f66358 100644 --- a/deploy/Dockerfile_warmer +++ b/deploy/Dockerfile_warmer @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.17 +FROM golang:1.15 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko # This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.) From 02be680e5ffba3735c929778449a4b27716ac471 Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Mon, 20 Dec 2021 15:59:28 -0500 Subject: [PATCH 3/3] Use golang:1.17 and build from reproducible source This change updates the Go version used to build kaniko and credential helpers to Go 1.17, which uses Go modules by default. This means that we can build outside of $GOPATH, from source fetched from the Go module proxy. This change also simplfies our builds of credential helpers to simply `go install` them at a pinned version, for reproducibility and simplicity. This also changes `make images` and `make push` to build and push the slim executor image as well. --- Makefile | 2 ++ deploy/Dockerfile | 37 +++++++++++++---------------------- deploy/Dockerfile_debug | 42 +++++++++++++++------------------------- deploy/Dockerfile_slim | 6 +++--- deploy/Dockerfile_warmer | 37 ++++++++++++++--------------------- 5 files changed, 48 insertions(+), 76 deletions(-) diff --git a/Makefile b/Makefile index 8c889f8369..6164c1e6e3 100644 --- a/Makefile +++ b/Makefile @@ -95,10 +95,12 @@ k8s-executor-build-push: images: docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/executor:latest -f deploy/Dockerfile . docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/executor:debug -f deploy/Dockerfile_debug . + docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/executor:slim -f deploy/Dockerfile_slim . docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/warmer:latest -f deploy/Dockerfile_warmer . .PHONY: push push: docker push $(REGISTRY)/executor:latest docker push $(REGISTRY)/executor:debug + docker push $(REGISTRY)/executor:slim docker push $(REGISTRY)/warmer:latest diff --git a/deploy/Dockerfile b/deploy/Dockerfile index 863095832e..9a92ad6dae 100644 --- a/deploy/Dockerfile +++ b/deploy/Dockerfile @@ -12,35 +12,24 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Builds the static Go image to execute in a Kubernetes job - -FROM golang:1.15 -WORKDIR /go/src/github.com/GoogleContainerTools/kaniko +FROM golang:1.17 +WORKDIR /src # This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.) ARG TARGETARCH -# Get GCR credential helper -RUN GOARCH=$TARGETARCH && CGO_ENABLED=0 && \ - (mkdir -p /go/src/github.com/GoogleCloudPlatform || true) && \ - cd /go/src/github.com/GoogleCloudPlatform && \ - git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \ - cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr && \ - git checkout 4cdd60d0f2d8a69bc70933f4d7718f9c4e956ff8 && \ - go get -u -t ./... && \ - go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go +ENV GOARCH=$TARGETARCH +ENV CGO_ENABLED=0 +ENV GOBIN=/usr/local/bin +# Get GCR credential helper +RUN go install github.com/GoogleCloudPlatform/docker-credential-gcr@4cdd60d0f2d8a69bc70933f4d7718f9c4e956ff8 # Get Amazon ECR credential helper -RUN GOARCH=$TARGETARCH && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ - make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper +RUN go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@v0.4.0 -# ACR docker env credential helper -RUN GOARCH=$TARGETARCH && (mkdir -p /go/src/github.com/chrismellard || true) && \ - cd /go/src/github.com/chrismellard && \ - git clone https://github.com/chrismellard/docker-credential-acr-env && \ - cd docker-credential-acr-env && \ - make build +# Get ACR docker env credential helper +RUN go install github.com/chrismellard/docker-credential-acr-env@09e2b5a8ac86c3ec347b2473e42b34367d8fa419 # Add .docker config dir RUN mkdir -p /kaniko/.docker @@ -58,10 +47,10 @@ RUN \ cat /etc/ssl/certs/* > /ca-certificates.crt FROM scratch -COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor +COPY --from=0 /src/out/executor /kaniko/executor COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr -COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login -COPY --from=0 /go/src/github.com/chrismellard/docker-credential-acr-env/build/docker-credential-acr-env /kaniko/docker-credential-acr +COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login +COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr COPY --from=certs /ca-certificates.crt /kaniko/ssl/certs/ COPY --from=0 /kaniko/.docker /kaniko/.docker COPY files/nsswitch.conf /etc/nsswitch.conf diff --git a/deploy/Dockerfile_debug b/deploy/Dockerfile_debug index 7a4d2d9a78..6c9ffe3be0 100644 --- a/deploy/Dockerfile_debug +++ b/deploy/Dockerfile_debug @@ -12,41 +12,31 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Builds the static Go image to execute in a Kubernetes job - -# Stage 0: Build the executor binary and get credential helpers -FROM golang:1.14 -WORKDIR /go/src/github.com/GoogleContainerTools/kaniko +FROM golang:1.17 +WORKDIR /src # This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.) ARG TARGETARCH +ENV GOARCH=$TARGETARCH +ENV CGO_ENABLED=0 +ENV GOBIN=/usr/local/bin + # Get GCR credential helper -RUN GOARCH=$TARGETARCH && CGO_ENABLED=0 && \ - (mkdir -p /go/src/github.com/GoogleCloudPlatform || true) && \ - cd /go/src/github.com/GoogleCloudPlatform && \ - git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \ - cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr && \ - git checkout 4cdd60d0f2d8a69bc70933f4d7718f9c4e956ff8 && \ - go get -u -t ./... && \ - go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go +RUN go install github.com/GoogleCloudPlatform/docker-credential-gcr@4cdd60d0f2d8a69bc70933f4d7718f9c4e956ff8 # Get Amazon ECR credential helper -RUN GOARCH=$TARGETARCH && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ - make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper +RUN go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@v0.4.0 -# Azure docker env credential helper -RUN GOARCH=$TARGETARCH && (mkdir -p /go/src/github.com/chrismellard || true) && \ - cd /go/src/github.com/chrismellard && \ - git clone https://github.com/chrismellard/docker-credential-acr-env && \ - cd docker-credential-acr-env && \ - make build +# Get ACR docker env credential helper +RUN go install github.com/chrismellard/docker-credential-acr-env@09e2b5a8ac86c3ec347b2473e42b34367d8fa419 # Add .docker config dir RUN mkdir -p /kaniko/.docker COPY . . -RUN make GOARCH=$TARGETARCH && make GOARCH=$TARGETARCH out/warmer +RUN make GOARCH=$TARGETARCH +RUN make GOARCH=$TARGETARCH out/warmer # Generate latest ca-certificates @@ -58,11 +48,11 @@ RUN \ cat /etc/ssl/certs/* > /ca-certificates.crt FROM scratch -COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/* /kaniko/ -COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer +COPY --from=0 /src/out/executor /kaniko/executor +COPY --from=0 /src/out/warmer /kaniko/warmer COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr -COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login -COPY --from=0 /go/src/github.com/chrismellard/docker-credential-acr-env/build/docker-credential-acr-env /kaniko/docker-credential-acr +COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login +COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr COPY --from=busybox:1.32.0 /bin /busybox # Declare /busybox as a volume to get it automatically in the path to ignore VOLUME /busybox diff --git a/deploy/Dockerfile_slim b/deploy/Dockerfile_slim index 741fc5118a..07ece82ee7 100644 --- a/deploy/Dockerfile_slim +++ b/deploy/Dockerfile_slim @@ -13,12 +13,12 @@ # limitations under the License. # Builds the static Go image to execute in a Kubernetes job -FROM golang:1.15 as build_env +FROM golang:1.17 # This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.) ARG TARGETARCH -WORKDIR /go/src/github.com/GoogleContainerTools/kaniko +WORKDIR /src COPY . . RUN make GOARCH=$TARGETARCH @@ -33,7 +33,7 @@ RUN \ cat /etc/ssl/certs/* > /ca-certificates.crt FROM scratch -COPY --from=build_env /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor +COPY --from=0 /src/out/executor /kaniko/executor COPY files/nsswitch.conf /etc/nsswitch.conf COPY --from=certs /ca-certificates.crt /kaniko/ssl/certs/ ENV HOME /root diff --git a/deploy/Dockerfile_warmer b/deploy/Dockerfile_warmer index b4c7f66358..6e8c0ee1bc 100644 --- a/deploy/Dockerfile_warmer +++ b/deploy/Dockerfile_warmer @@ -12,39 +12,30 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.15 -WORKDIR /go/src/github.com/GoogleContainerTools/kaniko +FROM golang:1.17 +WORKDIR /src # This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.) ARG TARGETARCH -# Get GCR credential helper -RUN GOARCH=$TARGETARCH && CGO_ENABLED=0 && \ - (mkdir -p /go/src/github.com/GoogleCloudPlatform || true) && \ - cd /go/src/github.com/GoogleCloudPlatform && \ - git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \ - cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr && \ - git checkout 4cdd60d0f2d8a69bc70933f4d7718f9c4e956ff8 && \ - go get -u -t ./... && \ - go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go +ENV GOARCH=$TARGETARCH +ENV CGO_ENABLED=0 +ENV GOBIN=/usr/local/bin +# Get GCR credential helper +RUN go install github.com/GoogleCloudPlatform/docker-credential-gcr@4cdd60d0f2d8a69bc70933f4d7718f9c4e956ff8 # Get Amazon ECR credential helper -RUN GOARCH=$TARGETARCH && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ - make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper +RUN go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@v0.4.0 -# ACR docker env credential helper -RUN GOARCH=$TARGETARCH && (mkdir -p /go/src/github.com/chrismellard || true) && \ - cd /go/src/github.com/chrismellard && \ - git clone https://github.com/chrismellard/docker-credential-acr-env && \ - cd docker-credential-acr-env && \ - make build +# Get ACR docker env credential helper +RUN go install github.com/chrismellard/docker-credential-acr-env@09e2b5a8ac86c3ec347b2473e42b34367d8fa419 # Add .docker config dir RUN mkdir -p /kaniko/.docker COPY . . -RUN make GOARCH=$TARGETARCH out/warmer +RUN make GOARCH=$TARGETARCH out/warmer # Generate latest ca-certificates @@ -56,10 +47,10 @@ RUN \ cat /etc/ssl/certs/* > /ca-certificates.crt FROM scratch -COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer +COPY --from=0 /src/out/warmer /kaniko/warmer COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr -COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login -COPY --from=0 /go/src/github.com/chrismellard/docker-credential-acr-env/build/docker-credential-acr-env /kaniko/docker-credential-acr +COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login +COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr COPY --from=certs /ca-certificates.crt /kaniko/ssl/certs/ COPY --from=0 /kaniko/.docker /kaniko/.docker COPY files/nsswitch.conf /etc/nsswitch.conf