Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update "notary" to use "Builder: buildkit" #13402

Merged
merged 1 commit into from
Oct 25, 2022
Merged

Update "notary" to use "Builder: buildkit" #13402

merged 1 commit into from
Oct 25, 2022

Conversation

tianon
Copy link
Member

@tianon tianon commented Oct 24, 2022

This is intended as a test of the functionality in bashbrew (docker-library/bashbrew#43) to determine what else (if anything) is necessary to start enabling this in more images.

The image here includes a change to use a straightforward multi-stage build (docker/notary-official-images#30) which should work appropriately (including cache keeping/removing).

FYI @jedevc

@tianon tianon mentioned this pull request Oct 24, 2022
Merged
@tianon
Update "notary" to use "Builder: buildkit"
2521a2a 
This is intended as a test of the functionality in `bashbrew` to determine what else (if anything) is necessary to start enabling this in more images.

The image here includes a change to use a straightforward multi-stage build which should work appropriately (including cache keeping/removing).
@docker-library docker-library deleted a comment from github-actions bot Oct 24, 2022
@github-actions
Copy link

Diff for 2521a2a: 
diff --git a/_bashbrew-cat b/_bashbrew-cat
index 998f75e..c7e8026 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -1,7 +1,8 @@
 Maintainers: Justin Cormack (@justincormack)
 Architectures: amd64, arm32v6, arm64v8, i386, ppc64le, s390x
 GitRepo: https://github.com/docker/notary-official-images.git
-GitCommit: 16219dbe3c1433a6fc93e016cf421b230f681a2f
+GitCommit: 77b9b7833f8dd6be07104b214193788795a320ff
+Builder: buildkit
 
 Tags: server-0.7.0, server
 Directory: notary-server
diff --git a/notary_server/Dockerfile b/notary_server/Dockerfile
index f0dab44..832912f 100644
--- a/notary_server/Dockerfile
+++ b/notary_server/Dockerfile
@@ -1,29 +1,43 @@
-FROM alpine:3.12
+FROM golang:1.19-alpine3.16 AS build
+
+RUN apk add --no-cache git make
 
-ENV TAG v0.7.0
 ENV NOTARYPKG github.com/theupdateframework/notary
-ENV INSTALLDIR /notary/server
+ENV TAG v0.7.0
+
+ENV GOFLAGS -mod=vendor
+
+WORKDIR /go/src/$NOTARYPKG
+RUN set -eux; \
+	git clone -b "$TAG" --depth 1 "https://$NOTARYPKG.git" .; \
+# https://github.com/notaryproject/notary/pull/1635
+	git fetch --depth 2 origin efc35b02698644af16f6049c7b585697352451b8; \
+	git -c user.name=foo -c user.email=foo@example.com cherry-pick -x efc35b02698644af16f6049c7b585697352451b8; \
+# https://github.com/notaryproject/notary/issues/1602 (rough cherry-pick of ca095023296d2d710ad9c6dec019397d46bf8576)
+	go get github.com/dvsekhvalnov/jose2go@v0.0.0-20200901110807-248326c1351b; \
+	go mod vendor; \
+# TODO remove for the next release of Notary (which should include efc35b02698644af16f6049c7b585697352451b8 & ca095023296d2d710ad9c6dec019397d46bf8576)
+	make SKIPENVCHECK=1 PREFIX=. ./bin/static/notary-server ./bin/static/notary-signer; \
+	cp -vL ./bin/static/notary-server ./bin/static/notary-signer /; \
+	/notary-server --version; \
+	/notary-signer --version
+
+FROM alpine:3.16
+
+RUN adduser -D -H -g "" notary
 EXPOSE 4443
 
+ENV INSTALLDIR /notary/server
+ENV PATH=$PATH:${INSTALLDIR}
 WORKDIR ${INSTALLDIR}
 
-RUN set -eux; \
-    apk add --no-cache --virtual build-deps git go make musl-dev; \
-    export GOPATH=/go GOCACHE=/go/cache; \
-    mkdir -p ${GOPATH}/src/${NOTARYPKG}; \
-    git clone -b ${TAG} --depth 1 https://${NOTARYPKG} ${GOPATH}/src/${NOTARYPKG}; \
-    make -C ${GOPATH}/src/${NOTARYPKG} SKIPENVCHECK=1 PREFIX=. ./bin/static/notary-server; \
-    cp -vL ${GOPATH}/src/${NOTARYPKG}/bin/static/notary-server ./; \
-    apk del --no-network build-deps; \
-    rm -rf ${GOPATH}; \
-    ./notary-server --version
+COPY --from=build /notary-server ./
+RUN ./notary-server --version
 
 COPY ./server-config.json .
 COPY ./entrypoint.sh .
 
-RUN adduser -D -H -g "" notary
 USER notary
-ENV PATH=$PATH:${INSTALLDIR}
 
 ENTRYPOINT [ "entrypoint.sh" ]
 CMD [ "notary-server", "--version" ]
diff --git a/notary_signer/Dockerfile b/notary_signer/Dockerfile
index e2be5cb..15bab3f 100644
--- a/notary_signer/Dockerfile
+++ b/notary_signer/Dockerfile
@@ -1,30 +1,44 @@
-FROM alpine:3.12
+FROM golang:1.19-alpine3.16 AS build
+
+RUN apk add --no-cache git make
 
-ENV TAG v0.7.0
 ENV NOTARYPKG github.com/theupdateframework/notary
-ENV INSTALLDIR /notary/signer
+ENV TAG v0.7.0
+
+ENV GOFLAGS -mod=vendor
+
+WORKDIR /go/src/$NOTARYPKG
+RUN set -eux; \
+	git clone -b "$TAG" --depth 1 "https://$NOTARYPKG.git" .; \
+# https://github.com/notaryproject/notary/pull/1635
+	git fetch --depth 2 origin efc35b02698644af16f6049c7b585697352451b8; \
+	git -c user.name=foo -c user.email=foo@example.com cherry-pick -x efc35b02698644af16f6049c7b585697352451b8; \
+# https://github.com/notaryproject/notary/issues/1602 (rough cherry-pick of ca095023296d2d710ad9c6dec019397d46bf8576)
+	go get github.com/dvsekhvalnov/jose2go@v0.0.0-20200901110807-248326c1351b; \
+	go mod vendor; \
+# TODO remove for the next release of Notary (which should include efc35b02698644af16f6049c7b585697352451b8 & ca095023296d2d710ad9c6dec019397d46bf8576)
+	make SKIPENVCHECK=1 PREFIX=. ./bin/static/notary-server ./bin/static/notary-signer; \
+	cp -vL ./bin/static/notary-server ./bin/static/notary-signer /; \
+	/notary-server --version; \
+	/notary-signer --version
+
+FROM alpine:3.16
+
+RUN adduser -D -H -g "" notary
 EXPOSE 4444
 EXPOSE 7899
 
+ENV INSTALLDIR /notary/signer
+ENV PATH=$PATH:${INSTALLDIR}
 WORKDIR ${INSTALLDIR}
 
-RUN set -eux; \
-    apk add --no-cache --virtual build-deps git go make musl-dev; \
-    export GOPATH=/go GOCACHE=/go/cache; \
-    mkdir -p ${GOPATH}/src/${NOTARYPKG}; \
-    git clone -b ${TAG} --depth 1 https://${NOTARYPKG} ${GOPATH}/src/${NOTARYPKG}; \
-    make -C ${GOPATH}/src/${NOTARYPKG} SKIPENVCHECK=1 PREFIX=. ./bin/static/notary-signer; \
-    cp -vL ${GOPATH}/src/${NOTARYPKG}/bin/static/notary-signer ./; \
-    apk del --no-network build-deps; \
-    rm -rf ${GOPATH}; \
-    ./notary-signer --version
+COPY --from=build /notary-signer ./
+RUN ./notary-signer --version
 
 COPY ./signer-config.json .
 COPY ./entrypoint.sh .
 
-RUN adduser -D -H -g "" notary
 USER notary
-ENV PATH=$PATH:${INSTALLDIR}
 
 ENTRYPOINT [ "entrypoint.sh" ]
 CMD [ "notary-signer", "--version" ]

Relevant Maintainers:

@yosifkit yosifkit merged commit 93b96b0 into docker-library:master Oct 25, 2022
@yosifkit yosifkit deleted the notary branch October 25, 2022 00:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
library/notary
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tianon @yosifkit