From 56155f5aacdbb739bde2425522bd74b1291213cb Mon Sep 17 00:00:00 2001 From: Bjorn Neergaard Date: Thu, 22 Feb 2024 04:06:17 -0700 Subject: [PATCH 1/3] rpm,deb: make build ARCH-aware MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bjorn Neergaard Signed-off-by: Paweł Gronowski --- Jenkinsfile | 4 ++-- deb/Makefile | 2 ++ rpm/Makefile | 2 ++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index f316b4a93e..6d70ca9321 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -42,10 +42,10 @@ def genBuildStep(LinkedHashMap pkg, String arch) { stage("build") { checkout scm sh "make clean" - sh "make REF=$branch ${pkg.target}" + sh "make REF=$branch ARCH=${arch} ${pkg.target}" } stage("verify") { - sh "make IMAGE=${pkg.image} verify" + sh "make IMAGE=${pkg.image} ARCH=${arch} verify" } } } diff --git a/deb/Makefile b/deb/Makefile index d2a08ae64d..d65bd11e08 100644 --- a/deb/Makefile +++ b/deb/Makefile @@ -22,6 +22,7 @@ BUILD?=DOCKER_BUILDKIT=1 \ --build-arg GO_IMAGE=$(GO_IMAGE) \ --build-arg COMMON_FILES=$(COMMON_FILES) \ -t debbuild-$@/$(ARCH) \ + --platform linux/$(ARCH) \ -f $@/Dockerfile \ . @@ -33,6 +34,7 @@ RUN_FLAGS= # see https://github.com/docker/docker-ce-packaging/pull/1006#issuecomment-2006878743 RUN?=docker run --rm \ --security-opt seccomp=unconfined \ + --platform linux/$(ARCH) \ -e PLATFORM \ -e EPOCH='$(EPOCH)' \ -e DEB_VERSION=$(word 1, $(GEN_DEB_VER)) \ diff --git a/rpm/Makefile b/rpm/Makefile index 81b8fe2db6..9420b0a2e0 100644 --- a/rpm/Makefile +++ b/rpm/Makefile @@ -18,6 +18,7 @@ BUILD?=DOCKER_BUILDKIT=1 \ $(BUILD_IMAGE_FLAG) \ --build-arg GO_IMAGE=$(GO_IMAGE) \ -t rpmbuild-$@/$(ARCH) \ + --platform linux/$(ARCH) \ -f $@/Dockerfile \ . @@ -48,6 +49,7 @@ RUN_FLAGS= # https://github.com/docker/docker-ce-packaging/pull/1006#issuecomment-2006878743 RUN?=docker run --rm \ --security-opt seccomp=unconfined \ + --platform linux/$(ARCH) \ -e PLATFORM \ -v $(CURDIR)/rpmbuild/SOURCES:/root/rpmbuild/SOURCES:ro \ -v $(CURDIR)/rpmbuild/$@/RPMS:/root/rpmbuild/RPMS \ From 6013e44b7eac0300a07649043b4843f846475a5a Mon Sep 17 00:00:00 2001 From: Bjorn Neergaard Date: Thu, 22 Feb 2024 04:10:06 -0700 Subject: [PATCH 2/3] rpm: minimal RHEL support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bjorn Neergaard Signed-off-by: Paweł Gronowski --- rpm/Makefile | 6 +++++- rpm/rhel-8/Dockerfile | 36 ++++++++++++++++++++++++++++++++++++ rpm/rhel-9/Dockerfile | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 77 insertions(+), 1 deletion(-) create mode 100644 rpm/rhel-8/Dockerfile create mode 100644 rpm/rhel-9/Dockerfile diff --git a/rpm/Makefile b/rpm/Makefile index 9420b0a2e0..bf6ca1c372 100644 --- a/rpm/Makefile +++ b/rpm/Makefile @@ -10,11 +10,15 @@ CLI_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/cli) && ENGINE_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/docker) && git rev-parse --short HEAD) BUILDX_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/buildx) && git rev-parse --short HEAD) +ifdef RH_USER + RH_FLAGS=--build-arg RH_USER=$(RH_USER) --build-arg RH_PASS=$(RH_PASS) +endif ifdef BUILD_IMAGE BUILD_IMAGE_FLAG=--build-arg $(BUILD_IMAGE) endif BUILD?=DOCKER_BUILDKIT=1 \ docker build \ + $(RH_FLAGS) \ $(BUILD_IMAGE_FLAG) \ --build-arg GO_IMAGE=$(GO_IMAGE) \ -t rpmbuild-$@/$(ARCH) \ @@ -59,7 +63,7 @@ RUN?=docker run --rm \ FEDORA_RELEASES ?= fedora-40 fedora-39 CENTOS_RELEASES ?= centos-9 -RHEL_RELEASES ?= +RHEL_RELEASES ?= rhel-8 rhel-9 DISTROS := $(FEDORA_RELEASES) $(CENTOS_RELEASES) $(RHEL_RELEASES) BUNDLES := $(patsubst %,rpmbuild/bundles-ce-%-$(DPKG_ARCH).tar.gz,$(DISTROS)) diff --git a/rpm/rhel-8/Dockerfile b/rpm/rhel-8/Dockerfile new file mode 100644 index 0000000000..1d26bb141c --- /dev/null +++ b/rpm/rhel-8/Dockerfile @@ -0,0 +1,36 @@ +# syntax=docker/dockerfile:1 + +ARG GO_IMAGE +ARG DISTRO=rhel +ARG SUITE=8 +ARG BUILD_IMAGE=registry.access.redhat.com/ubi8/ubi + +FROM ${GO_IMAGE} AS golang + +FROM ${BUILD_IMAGE} AS subscribed-image +ARG RH_USER +ARG RH_PASS +RUN rm /etc/rhsm-host +RUN subscription-manager register --username=$RH_USER --password=$RH_PASS +RUN subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms +# RUN dnf config-manager --set-enabled codeready-builder-for-rhel-8-$(arch)-rpms + +FROM subscribed-image + +ENV GOPROXY=https://proxy.golang.org|direct +ENV GO111MODULE=off +ENV GOPATH=/go +ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin +ENV AUTO_GOPATH 1 +ENV DOCKER_BUILDTAGS exclude_graphdriver_btrfs +ARG DISTRO +ARG SUITE +ENV DISTRO=${DISTRO} +ENV SUITE=${SUITE} + +RUN dnf install -y rpm-build rpmlint +COPY --link SPECS /root/rpmbuild/SPECS +RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec +COPY --link --from=golang /usr/local/go /usr/local/go +WORKDIR /root/rpmbuild +ENTRYPOINT ["/bin/rpmbuild"] diff --git a/rpm/rhel-9/Dockerfile b/rpm/rhel-9/Dockerfile new file mode 100644 index 0000000000..3aa082045a --- /dev/null +++ b/rpm/rhel-9/Dockerfile @@ -0,0 +1,36 @@ +# syntax=docker/dockerfile:1 + +ARG GO_IMAGE +ARG DISTRO=rhel +ARG SUITE=9 +ARG BUILD_IMAGE=registry.access.redhat.com/ubi9/ubi + +FROM ${GO_IMAGE} AS golang + +FROM ${BUILD_IMAGE} AS subscribed-image +ARG RH_USER +ARG RH_PASS +RUN rm /etc/rhsm-host +RUN subscription-manager register --username=$RH_USER --password=$RH_PASS +RUN subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms +# RUN dnf config-manager --set-enabled codeready-builder-for-rhel-9-$(arch)-rpms + +FROM subscribed-image + +ENV GOPROXY=https://proxy.golang.org|direct +ENV GO111MODULE=off +ENV GOPATH=/go +ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin +ENV AUTO_GOPATH 1 +ENV DOCKER_BUILDTAGS exclude_graphdriver_btrfs +ARG DISTRO +ARG SUITE +ENV DISTRO=${DISTRO} +ENV SUITE=${SUITE} + +RUN dnf install -y rpm-build rpmlint +COPY --link SPECS /root/rpmbuild/SPECS +RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec +COPY --link --from=golang /usr/local/go /usr/local/go +WORKDIR /root/rpmbuild +ENTRYPOINT ["/bin/rpmbuild"] From 4c055aec27988085791ce99bc752d48187099ec2 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 19 Aug 2024 15:51:34 +0200 Subject: [PATCH 3/3] rpm: use build-secret to pass subscription user/pass Taking a similar approach as is used for containerd-packaging. Note that the resulting subscription file will still be persisted in the image, but this image is only used as an ephemeral image, and on our builder-nodes. Signed-off-by: Sebastiaan van Stijn --- rpm/Makefile | 2 +- rpm/rhel-8/Dockerfile | 20 ++++++++++++++------ rpm/rhel-9/Dockerfile | 20 ++++++++++++++------ 3 files changed, 29 insertions(+), 13 deletions(-) diff --git a/rpm/Makefile b/rpm/Makefile index bf6ca1c372..da37c205c8 100644 --- a/rpm/Makefile +++ b/rpm/Makefile @@ -11,7 +11,7 @@ ENGINE_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/docke BUILDX_GITCOMMIT?=$(shell cd $(realpath $(CURDIR)/../src/github.com/docker/buildx) && git rev-parse --short HEAD) ifdef RH_USER - RH_FLAGS=--build-arg RH_USER=$(RH_USER) --build-arg RH_PASS=$(RH_PASS) + RH_FLAGS=--secret id=rh-user,env=RH_USER --secret id=rh-pass,env=RH_PASS endif ifdef BUILD_IMAGE BUILD_IMAGE_FLAG=--build-arg $(BUILD_IMAGE) diff --git a/rpm/rhel-8/Dockerfile b/rpm/rhel-8/Dockerfile index 1d26bb141c..d1fb559de7 100644 --- a/rpm/rhel-8/Dockerfile +++ b/rpm/rhel-8/Dockerfile @@ -8,12 +8,20 @@ ARG BUILD_IMAGE=registry.access.redhat.com/ubi8/ubi FROM ${GO_IMAGE} AS golang FROM ${BUILD_IMAGE} AS subscribed-image -ARG RH_USER -ARG RH_PASS -RUN rm /etc/rhsm-host -RUN subscription-manager register --username=$RH_USER --password=$RH_PASS -RUN subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms -# RUN dnf config-manager --set-enabled codeready-builder-for-rhel-8-$(arch)-rpms +RUN --mount=type=secret,id=rh-user --mount=type=secret,id=rh-pass <<-EOT + rm -f /etc/rhsm-host + + if [ ! -f /run/secrets/rh-user ] || [ ! -f /run/secrets/rh-pass ]; then + echo "Either RH_USER or RH_PASS is not set. Running build without subscription." + else + subscription-manager register \ + --username="$(cat /run/secrets/rh-user)" \ + --password="$(cat /run/secrets/rh-pass)" + + subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms + # dnf config-manager --set-enabled codeready-builder-for-rhel-8-$(arch)-rpms + fi +EOT FROM subscribed-image diff --git a/rpm/rhel-9/Dockerfile b/rpm/rhel-9/Dockerfile index 3aa082045a..af1b2d663e 100644 --- a/rpm/rhel-9/Dockerfile +++ b/rpm/rhel-9/Dockerfile @@ -8,12 +8,20 @@ ARG BUILD_IMAGE=registry.access.redhat.com/ubi9/ubi FROM ${GO_IMAGE} AS golang FROM ${BUILD_IMAGE} AS subscribed-image -ARG RH_USER -ARG RH_PASS -RUN rm /etc/rhsm-host -RUN subscription-manager register --username=$RH_USER --password=$RH_PASS -RUN subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms -# RUN dnf config-manager --set-enabled codeready-builder-for-rhel-9-$(arch)-rpms +RUN --mount=type=secret,id=rh-user --mount=type=secret,id=rh-pass <<-EOT + rm -f /etc/rhsm-host + + if [ ! -f /run/secrets/rh-user ] || [ ! -f /run/secrets/rh-pass ]; then + echo "Either RH_USER or RH_PASS is not set. Running build without subscription." + else + subscription-manager register \ + --username="$(cat /run/secrets/rh-user)" \ + --password="$(cat /run/secrets/rh-pass)" + + subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms + # dnf config-manager --set-enabled codeready-builder-for-rhel-9-$(arch)-rpms + fi +EOT FROM subscribed-image