github.com/Prakhar-Agarwal-byte/moby@v0.0.0-20231027092010-a14e3e8ab87e/Dockerfile (about) 1 # syntax=docker/dockerfile:1 2 3 ARG GO_VERSION=1.21.3 4 ARG BASE_DEBIAN_DISTRO="bullseye" 5 ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}" 6 ARG XX_VERSION=1.2.1 7 8 ARG VPNKIT_VERSION=0.5.0 9 10 ARG DOCKERCLI_REPOSITORY="https://github.com/docker/cli.git" 11 ARG DOCKERCLI_VERSION=v24.0.2 12 # cli version used for integration-cli tests 13 ARG DOCKERCLI_INTEGRATION_REPOSITORY="https://github.com/docker/cli.git" 14 ARG DOCKERCLI_INTEGRATION_VERSION=v17.06.2-ce 15 ARG BUILDX_VERSION=0.11.2 16 ARG COMPOSE_VERSION=v2.20.1 17 18 ARG SYSTEMD="false" 19 ARG DEBIAN_FRONTEND=noninteractive 20 ARG DOCKER_STATIC=1 21 22 # REGISTRY_VERSION specifies the version of the registry to download from 23 # https://hub.docker.com/r/distribution/distribution. This version of 24 # the registry is used to test schema 2 manifests. Generally, the version 25 # specified here should match a current release. 26 ARG REGISTRY_VERSION=2.8.3 27 28 # cross compilation helper 29 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx 30 31 # dummy stage to make sure the image is built for deps that don't support some 32 # architectures 33 FROM --platform=$BUILDPLATFORM busybox AS build-dummy 34 RUN mkdir -p /build 35 FROM scratch AS binary-dummy 36 COPY --from=build-dummy /build /build 37 38 # base 39 FROM --platform=$BUILDPLATFORM ${GOLANG_IMAGE} AS base 40 COPY --from=xx / / 41 RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache 42 ARG APT_MIRROR 43 RUN test -n "$APT_MIRROR" && sed -ri "s#(httpredir|deb|security).debian.org#${APT_MIRROR}#g" /etc/apt/sources.list || true 44 ARG DEBIAN_FRONTEND 45 RUN apt-get update && apt-get install --no-install-recommends -y file 46 ENV GO111MODULE=off 47 ENV GOTOOLCHAIN=local 48 49 FROM base AS criu 50 ARG DEBIAN_FRONTEND 51 ADD --chmod=0644 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/Release.key /etc/apt/trusted.gpg.d/criu.gpg.asc 52 RUN --mount=type=cache,sharing=locked,id=moby-criu-aptlib,target=/var/lib/apt \ 53 --mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \ 54 echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/ /' > /etc/apt/sources.list.d/criu.list \ 55 && apt-get update \ 56 && apt-get install -y --no-install-recommends criu \ 57 && install -D /usr/sbin/criu /build/criu 58 59 # registry 60 FROM base AS registry-src 61 WORKDIR /usr/src/registry 62 RUN git init . && git remote add origin "https://github.com/distribution/distribution.git" 63 64 FROM base AS registry 65 WORKDIR /go/src/github.com/docker/distribution 66 67 # REGISTRY_VERSION_SCHEMA1 specifies the version of the registry to build and 68 # install from the https://github.com/docker/distribution repository. This is 69 # an older (pre v2.3.0) version of the registry that only supports schema1 70 # manifests. This version of the registry is not working on arm64, so installation 71 # is skipped on that architecture. 72 ARG REGISTRY_VERSION_SCHEMA1=v2.1.0 73 ARG TARGETPLATFORM 74 RUN --mount=from=registry-src,src=/usr/src/registry,rw \ 75 --mount=type=cache,target=/root/.cache/go-build,id=registry-build-$TARGETPLATFORM \ 76 --mount=type=cache,target=/go/pkg/mod \ 77 --mount=type=tmpfs,target=/go/src <<EOT 78 set -ex 79 export GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" 80 # Make the /build directory no matter what so that it doesn't fail on arm64 or 81 # any other platform where we don't build this registry 82 mkdir /build 83 case $TARGETPLATFORM in 84 linux/amd64|linux/arm/v7|linux/ppc64le|linux/s390x) 85 git fetch -q --depth 1 origin "${REGISTRY_VERSION_SCHEMA1}" +refs/tags/*:refs/tags/* 86 git checkout -q FETCH_HEAD 87 CGO_ENABLED=0 xx-go build -o /build/registry-v2-schema1 -v ./cmd/registry 88 xx-verify /build/registry-v2-schema1 89 ;; 90 esac 91 EOT 92 93 FROM distribution/distribution:$REGISTRY_VERSION AS registry-v2 94 RUN mkdir /build && mv /bin/registry /build/registry-v2 95 96 # go-swagger 97 FROM base AS swagger-src 98 WORKDIR /usr/src/swagger 99 # Currently uses a fork from https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix 100 # TODO: move to under moby/ or fix upstream go-swagger to work for us. 101 RUN git init . && git remote add origin "https://github.com/kolyshkin/go-swagger.git" 102 # GO_SWAGGER_COMMIT specifies the version of the go-swagger binary to build and 103 # install. Go-swagger is used in CI for validating swagger.yaml in hack/validate/swagger-gen 104 ARG GO_SWAGGER_COMMIT=c56166c036004ba7a3a321e5951ba472b9ae298c 105 RUN git fetch -q --depth 1 origin "${GO_SWAGGER_COMMIT}" && git checkout -q FETCH_HEAD 106 107 FROM base AS swagger 108 WORKDIR /go/src/github.com/go-swagger/go-swagger 109 ARG TARGETPLATFORM 110 RUN --mount=from=swagger-src,src=/usr/src/swagger,rw \ 111 --mount=type=cache,target=/root/.cache/go-build,id=swagger-build-$TARGETPLATFORM \ 112 --mount=type=cache,target=/go/pkg/mod \ 113 --mount=type=tmpfs,target=/go/src/ <<EOT 114 set -e 115 xx-go build -o /build/swagger ./cmd/swagger 116 xx-verify /build/swagger 117 EOT 118 119 # frozen-images 120 # See also frozenImages in "testutil/environment/protect.go" (which needs to 121 # be updated when adding images to this list) 122 FROM debian:${BASE_DEBIAN_DISTRO} AS frozen-images 123 ARG DEBIAN_FRONTEND 124 RUN --mount=type=cache,sharing=locked,id=moby-frozen-images-aptlib,target=/var/lib/apt \ 125 --mount=type=cache,sharing=locked,id=moby-frozen-images-aptcache,target=/var/cache/apt \ 126 apt-get update && apt-get install -y --no-install-recommends \ 127 ca-certificates \ 128 curl \ 129 jq 130 # Get useful and necessary Hub images so we can "docker load" locally instead of pulling 131 COPY contrib/download-frozen-image-v2.sh / 132 ARG TARGETARCH 133 ARG TARGETVARIANT 134 RUN /download-frozen-image-v2.sh /build \ 135 busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \ 136 busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \ 137 debian:bullseye-slim@sha256:dacf278785a4daa9de07596ec739dbc07131e189942772210709c5c0777e8437 \ 138 hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \ 139 arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1 140 141 # delve 142 FROM base AS delve-src 143 WORKDIR /usr/src/delve 144 RUN git init . && git remote add origin "https://github.com/go-delve/delve.git" 145 # DELVE_VERSION specifies the version of the Delve debugger binary 146 # from the https://github.com/go-delve/delve repository. 147 # It can be used to run Docker with a possibility of 148 # attaching debugger to it. 149 ARG DELVE_VERSION=v1.21.1 150 RUN git fetch -q --depth 1 origin "${DELVE_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 151 152 FROM base AS delve-build 153 WORKDIR /usr/src/delve 154 ARG TARGETPLATFORM 155 RUN --mount=from=delve-src,src=/usr/src/delve,rw \ 156 --mount=type=cache,target=/root/.cache/go-build,id=delve-build-$TARGETPLATFORM \ 157 --mount=type=cache,target=/go/pkg/mod <<EOT 158 set -e 159 GO111MODULE=on xx-go build -o /build/dlv ./cmd/dlv 160 xx-verify /build/dlv 161 EOT 162 163 # delve is currently only supported on linux/amd64 and linux/arm64; 164 # https://github.com/go-delve/delve/blob/v1.8.1/pkg/proc/native/support_sentinel.go#L1-L6 165 FROM binary-dummy AS delve-windows 166 FROM binary-dummy AS delve-linux-arm 167 FROM binary-dummy AS delve-linux-ppc64le 168 FROM binary-dummy AS delve-linux-s390x 169 FROM delve-build AS delve-linux-amd64 170 FROM delve-build AS delve-linux-arm64 171 FROM delve-linux-${TARGETARCH} AS delve-linux 172 FROM delve-${TARGETOS} AS delve 173 174 FROM base AS tomll 175 # GOTOML_VERSION specifies the version of the tomll binary to build and install 176 # from the https://github.com/pelletier/go-toml repository. This binary is used 177 # in CI in the hack/validate/toml script. 178 # 179 # When updating this version, consider updating the github.com/pelletier/go-toml 180 # dependency in vendor.mod accordingly. 181 ARG GOTOML_VERSION=v1.8.1 182 RUN --mount=type=cache,target=/root/.cache/go-build \ 183 --mount=type=cache,target=/go/pkg/mod \ 184 GOBIN=/build/ GO111MODULE=on go install "github.com/pelletier/go-toml/cmd/tomll@${GOTOML_VERSION}" \ 185 && /build/tomll --help 186 187 FROM base AS gowinres 188 # GOWINRES_VERSION defines go-winres tool version 189 ARG GOWINRES_VERSION=v0.3.1 190 RUN --mount=type=cache,target=/root/.cache/go-build \ 191 --mount=type=cache,target=/go/pkg/mod \ 192 GOBIN=/build/ GO111MODULE=on go install "github.com/tc-hib/go-winres@${GOWINRES_VERSION}" \ 193 && /build/go-winres --help 194 195 # containerd 196 FROM base AS containerd-src 197 WORKDIR /usr/src/containerd 198 RUN git init . && git remote add origin "https://github.com/containerd/containerd.git" 199 # CONTAINERD_VERSION is used to build containerd binaries, and used for the 200 # integration tests. The distributed docker .deb and .rpm packages depend on a 201 # separate (containerd.io) package, which may be a different version as is 202 # specified here. The containerd golang package is also pinned in vendor.mod. 203 # When updating the binary version you may also need to update the vendor 204 # version to pick up bug fixes or new APIs, however, usually the Go packages 205 # are built from a commit from the master branch. 206 ARG CONTAINERD_VERSION=v1.7.6 207 RUN git fetch -q --depth 1 origin "${CONTAINERD_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 208 209 FROM base AS containerd-build 210 WORKDIR /go/src/github.com/containerd/containerd 211 ARG DEBIAN_FRONTEND 212 ARG TARGETPLATFORM 213 RUN --mount=type=cache,sharing=locked,id=moby-containerd-aptlib,target=/var/lib/apt \ 214 --mount=type=cache,sharing=locked,id=moby-containerd-aptcache,target=/var/cache/apt \ 215 apt-get update && xx-apt-get install -y --no-install-recommends \ 216 gcc libbtrfs-dev libsecret-1-dev 217 ARG DOCKER_STATIC 218 RUN --mount=from=containerd-src,src=/usr/src/containerd,rw \ 219 --mount=type=cache,target=/root/.cache/go-build,id=containerd-build-$TARGETPLATFORM <<EOT 220 set -e 221 export CC=$(xx-info)-gcc 222 export CGO_ENABLED=$([ "$DOCKER_STATIC" = "1" ] && echo "0" || echo "1") 223 xx-go --wrap 224 make $([ "$DOCKER_STATIC" = "1" ] && echo "STATIC=1") binaries 225 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/containerd 226 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/containerd-shim-runc-v2 227 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/ctr 228 mkdir /build 229 mv bin/containerd bin/containerd-shim-runc-v2 bin/ctr /build 230 EOT 231 232 FROM containerd-build AS containerd-linux 233 FROM binary-dummy AS containerd-windows 234 FROM containerd-${TARGETOS} AS containerd 235 236 FROM base AS golangci_lint 237 ARG GOLANGCI_LINT_VERSION=v1.54.2 238 RUN --mount=type=cache,target=/root/.cache/go-build \ 239 --mount=type=cache,target=/go/pkg/mod \ 240 GOBIN=/build/ GO111MODULE=on go install "github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCI_LINT_VERSION}" \ 241 && /build/golangci-lint --version 242 243 FROM base AS gotestsum 244 ARG GOTESTSUM_VERSION=v1.8.2 245 RUN --mount=type=cache,target=/root/.cache/go-build \ 246 --mount=type=cache,target=/go/pkg/mod \ 247 GOBIN=/build/ GO111MODULE=on go install "gotest.tools/gotestsum@${GOTESTSUM_VERSION}" \ 248 && /build/gotestsum --version 249 250 FROM base AS shfmt 251 ARG SHFMT_VERSION=v3.6.0 252 RUN --mount=type=cache,target=/root/.cache/go-build \ 253 --mount=type=cache,target=/go/pkg/mod \ 254 GOBIN=/build/ GO111MODULE=on go install "mvdan.cc/sh/v3/cmd/shfmt@${SHFMT_VERSION}" \ 255 && /build/shfmt --version 256 257 FROM base AS dockercli 258 WORKDIR /go/src/github.com/docker/cli 259 ARG DOCKERCLI_REPOSITORY 260 ARG DOCKERCLI_VERSION 261 ARG TARGETPLATFORM 262 RUN --mount=source=hack/dockerfile/cli.sh,target=/download-or-build-cli.sh \ 263 --mount=type=cache,id=dockercli-git-$TARGETPLATFORM,sharing=locked,target=./.git \ 264 --mount=type=cache,target=/root/.cache/go-build,id=dockercli-build-$TARGETPLATFORM \ 265 rm -f ./.git/*.lock \ 266 && /download-or-build-cli.sh ${DOCKERCLI_VERSION} ${DOCKERCLI_REPOSITORY} /build \ 267 && /build/docker --version 268 269 FROM base AS dockercli-integration 270 WORKDIR /go/src/github.com/docker/cli 271 ARG DOCKERCLI_INTEGRATION_REPOSITORY 272 ARG DOCKERCLI_INTEGRATION_VERSION 273 ARG TARGETPLATFORM 274 RUN --mount=source=hack/dockerfile/cli.sh,target=/download-or-build-cli.sh \ 275 --mount=type=cache,id=dockercli-git-$TARGETPLATFORM,sharing=locked,target=./.git \ 276 --mount=type=cache,target=/root/.cache/go-build,id=dockercli-build-$TARGETPLATFORM \ 277 rm -f ./.git/*.lock \ 278 && /download-or-build-cli.sh ${DOCKERCLI_INTEGRATION_VERSION} ${DOCKERCLI_INTEGRATION_REPOSITORY} /build \ 279 && /build/docker --version 280 281 # runc 282 FROM base AS runc-src 283 WORKDIR /usr/src/runc 284 RUN git init . && git remote add origin "https://github.com/opencontainers/runc.git" 285 # RUNC_VERSION should match the version that is used by the containerd version 286 # that is used. If you need to update runc, open a pull request in the containerd 287 # project first, and update both after that is merged. When updating RUNC_VERSION, 288 # consider updating runc in vendor.mod accordingly. 289 ARG RUNC_VERSION=v1.1.9 290 RUN git fetch -q --depth 1 origin "${RUNC_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 291 292 FROM base AS runc-build 293 WORKDIR /go/src/github.com/opencontainers/runc 294 ARG DEBIAN_FRONTEND 295 ARG TARGETPLATFORM 296 RUN --mount=type=cache,sharing=locked,id=moby-runc-aptlib,target=/var/lib/apt \ 297 --mount=type=cache,sharing=locked,id=moby-runc-aptcache,target=/var/cache/apt \ 298 apt-get update && xx-apt-get install -y --no-install-recommends \ 299 dpkg-dev gcc libc6-dev libseccomp-dev 300 ARG DOCKER_STATIC 301 RUN --mount=from=runc-src,src=/usr/src/runc,rw \ 302 --mount=type=cache,target=/root/.cache/go-build,id=runc-build-$TARGETPLATFORM <<EOT 303 set -e 304 xx-go --wrap 305 CGO_ENABLED=1 make "$([ "$DOCKER_STATIC" = "1" ] && echo "static" || echo "runc")" 306 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") runc 307 mkdir /build 308 mv runc /build/ 309 EOT 310 311 FROM runc-build AS runc-linux 312 FROM binary-dummy AS runc-windows 313 FROM runc-${TARGETOS} AS runc 314 315 # tini 316 FROM base AS tini-src 317 WORKDIR /usr/src/tini 318 RUN git init . && git remote add origin "https://github.com/krallin/tini.git" 319 # TINI_VERSION specifies the version of tini (docker-init) to build. This 320 # binary is used when starting containers with the `--init` option. 321 ARG TINI_VERSION=v0.19.0 322 RUN git fetch -q --depth 1 origin "${TINI_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 323 324 FROM base AS tini-build 325 WORKDIR /go/src/github.com/krallin/tini 326 ARG DEBIAN_FRONTEND 327 RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \ 328 --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \ 329 apt-get update && apt-get install -y --no-install-recommends cmake 330 ARG TARGETPLATFORM 331 RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \ 332 --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \ 333 xx-apt-get install -y --no-install-recommends \ 334 gcc libc6-dev 335 RUN --mount=from=tini-src,src=/usr/src/tini,rw \ 336 --mount=type=cache,target=/root/.cache/go-build,id=tini-build-$TARGETPLATFORM <<EOT 337 set -e 338 CC=$(xx-info)-gcc cmake . 339 make tini-static 340 xx-verify --static tini-static 341 mkdir /build 342 mv tini-static /build/docker-init 343 EOT 344 345 FROM tini-build AS tini-linux 346 FROM binary-dummy AS tini-windows 347 FROM tini-${TARGETOS} AS tini 348 349 # rootlesskit 350 FROM base AS rootlesskit-src 351 WORKDIR /usr/src/rootlesskit 352 RUN git init . && git remote add origin "https://github.com/rootless-containers/rootlesskit.git" 353 # When updating, also update rootlesskit commit in vendor.mod accordingly. 354 ARG ROOTLESSKIT_VERSION=v1.1.0 355 RUN git fetch -q --depth 1 origin "${ROOTLESSKIT_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 356 357 FROM base AS rootlesskit-build 358 WORKDIR /go/src/github.com/rootless-containers/rootlesskit 359 ARG DEBIAN_FRONTEND 360 ARG TARGETPLATFORM 361 RUN --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptlib,target=/var/lib/apt \ 362 --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptcache,target=/var/cache/apt \ 363 apt-get update && xx-apt-get install -y --no-install-recommends \ 364 gcc libc6-dev 365 ENV GO111MODULE=on 366 ARG DOCKER_STATIC 367 RUN --mount=from=rootlesskit-src,src=/usr/src/rootlesskit,rw \ 368 --mount=type=cache,target=/go/pkg/mod \ 369 --mount=type=cache,target=/root/.cache/go-build,id=rootlesskit-build-$TARGETPLATFORM <<EOT 370 set -e 371 export CGO_ENABLED=$([ "$DOCKER_STATIC" = "1" ] && echo "0" || echo "1") 372 xx-go build -o /build/rootlesskit -ldflags="$([ "$DOCKER_STATIC" != "1" ] && echo "-linkmode=external")" ./cmd/rootlesskit 373 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /build/rootlesskit 374 xx-go build -o /build/rootlesskit-docker-proxy -ldflags="$([ "$DOCKER_STATIC" != "1" ] && echo "-linkmode=external")" ./cmd/rootlesskit-docker-proxy 375 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /build/rootlesskit-docker-proxy 376 EOT 377 COPY --link ./contrib/dockerd-rootless.sh /build/ 378 COPY --link ./contrib/dockerd-rootless-setuptool.sh /build/ 379 380 FROM rootlesskit-build AS rootlesskit-linux 381 FROM binary-dummy AS rootlesskit-windows 382 FROM rootlesskit-${TARGETOS} AS rootlesskit 383 384 FROM base AS crun 385 ARG CRUN_VERSION=1.8.7 386 RUN --mount=type=cache,sharing=locked,id=moby-crun-aptlib,target=/var/lib/apt \ 387 --mount=type=cache,sharing=locked,id=moby-crun-aptcache,target=/var/cache/apt \ 388 apt-get update && apt-get install -y --no-install-recommends \ 389 autoconf \ 390 automake \ 391 build-essential \ 392 libcap-dev \ 393 libprotobuf-c-dev \ 394 libseccomp-dev \ 395 libsystemd-dev \ 396 libtool \ 397 libudev-dev \ 398 libyajl-dev \ 399 python3 \ 400 ; 401 RUN --mount=type=tmpfs,target=/tmp/crun-build \ 402 git clone https://github.com/containers/crun.git /tmp/crun-build && \ 403 cd /tmp/crun-build && \ 404 git checkout -q "${CRUN_VERSION}" && \ 405 ./autogen.sh && \ 406 ./configure --bindir=/build && \ 407 make -j install 408 409 # vpnkit 410 # use dummy scratch stage to avoid build to fail for unsupported platforms 411 FROM scratch AS vpnkit-windows 412 FROM scratch AS vpnkit-linux-386 413 FROM scratch AS vpnkit-linux-arm 414 FROM scratch AS vpnkit-linux-ppc64le 415 FROM scratch AS vpnkit-linux-riscv64 416 FROM scratch AS vpnkit-linux-s390x 417 FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-amd64 418 FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-arm64 419 FROM vpnkit-linux-${TARGETARCH} AS vpnkit-linux 420 FROM vpnkit-${TARGETOS} AS vpnkit 421 422 # containerutility 423 FROM base AS containerutil-src 424 WORKDIR /usr/src/containerutil 425 RUN git init . && git remote add origin "https://github.com/docker-archive/windows-container-utility.git" 426 ARG CONTAINERUTILITY_VERSION=aa1ba87e99b68e0113bd27ec26c60b88f9d4ccd9 427 RUN git fetch -q --depth 1 origin "${CONTAINERUTILITY_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 428 429 FROM base AS containerutil-build 430 WORKDIR /usr/src/containerutil 431 ARG TARGETPLATFORM 432 RUN xx-apt-get install -y --no-install-recommends gcc g++ libc6-dev 433 RUN --mount=from=containerutil-src,src=/usr/src/containerutil,rw \ 434 --mount=type=cache,target=/root/.cache/go-build,id=containerutil-build-$TARGETPLATFORM <<EOT 435 set -e 436 CC="$(xx-info)-gcc" CXX="$(xx-info)-g++" make 437 xx-verify --static containerutility.exe 438 mkdir /build 439 mv containerutility.exe /build/ 440 EOT 441 442 FROM binary-dummy AS containerutil-linux 443 FROM containerutil-build AS containerutil-windows-amd64 444 FROM containerutil-windows-${TARGETARCH} AS containerutil-windows 445 FROM containerutil-${TARGETOS} AS containerutil 446 FROM docker/buildx-bin:${BUILDX_VERSION} as buildx 447 FROM docker/compose-bin:${COMPOSE_VERSION} as compose 448 449 FROM base AS dev-systemd-false 450 COPY --link --from=frozen-images /build/ /docker-frozen-images 451 COPY --link --from=swagger /build/ /usr/local/bin/ 452 COPY --link --from=delve /build/ /usr/local/bin/ 453 COPY --link --from=tomll /build/ /usr/local/bin/ 454 COPY --link --from=gowinres /build/ /usr/local/bin/ 455 COPY --link --from=tini /build/ /usr/local/bin/ 456 COPY --link --from=registry /build/ /usr/local/bin/ 457 COPY --link --from=registry-v2 /build/ /usr/local/bin/ 458 459 # Skip the CRIU stage for now, as the opensuse package repository is sometimes 460 # unstable, and we're currently not using it in CI. 461 # 462 # FIXME(thaJeztah): re-enable this stage when https://github.com/moby/moby/issues/38963 is resolved (see https://github.com/moby/moby/pull/38984) 463 # COPY --link --from=criu /build/ /usr/local/bin/ 464 COPY --link --from=gotestsum /build/ /usr/local/bin/ 465 COPY --link --from=golangci_lint /build/ /usr/local/bin/ 466 COPY --link --from=shfmt /build/ /usr/local/bin/ 467 COPY --link --from=runc /build/ /usr/local/bin/ 468 COPY --link --from=containerd /build/ /usr/local/bin/ 469 COPY --link --from=rootlesskit /build/ /usr/local/bin/ 470 COPY --link --from=vpnkit / /usr/local/bin/ 471 COPY --link --from=containerutil /build/ /usr/local/bin/ 472 COPY --link --from=crun /build/ /usr/local/bin/ 473 COPY --link hack/dockerfile/etc/docker/ /etc/docker/ 474 COPY --link --from=buildx /buildx /usr/local/libexec/docker/cli-plugins/docker-buildx 475 COPY --link --from=compose /docker-compose /usr/libexec/docker/cli-plugins/docker-compose 476 477 ENV PATH=/usr/local/cli:$PATH 478 ENV TEST_CLIENT_BINARY=/usr/local/cli-integration/docker 479 ENV CONTAINERD_ADDRESS=/run/docker/containerd/containerd.sock 480 ENV CONTAINERD_NAMESPACE=moby 481 WORKDIR /go/src/github.com/Prakhar-Agarwal-byte/moby 482 VOLUME /var/lib/docker 483 VOLUME /home/unprivilegeduser/.local/share/docker 484 # Wrap all commands in the "docker-in-docker" script to allow nested containers 485 ENTRYPOINT ["hack/dind"] 486 487 FROM dev-systemd-false AS dev-systemd-true 488 RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ 489 --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \ 490 apt-get update && apt-get install -y --no-install-recommends \ 491 dbus \ 492 dbus-user-session \ 493 systemd \ 494 systemd-sysv 495 ENTRYPOINT ["hack/dind-systemd"] 496 497 FROM dev-systemd-${SYSTEMD} AS dev-base 498 ARG DEBIAN_FRONTEND 499 RUN groupadd -r docker 500 RUN useradd --create-home --gid docker unprivilegeduser \ 501 && mkdir -p /home/unprivilegeduser/.local/share/docker \ 502 && chown -R unprivilegeduser /home/unprivilegeduser 503 # Let us use a .bashrc file 504 RUN ln -sfv /go/src/github.com/Prakhar-Agarwal-byte/moby/.bashrc ~/.bashrc 505 # Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH 506 RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc 507 RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker 508 RUN ldconfig 509 # Set dev environment as safe git directory to prevent "dubious ownership" errors 510 # when bind-mounting the source into the dev-container. See https://github.com/moby/moby/pull/44930 511 RUN git config --global --add safe.directory $GOPATH/src/github.com/Prakhar-Agarwal-byte/moby 512 # This should only install packages that are specifically needed for the dev environment and nothing else 513 # Do you really need to add another package here? Can it be done in a different build stage? 514 RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ 515 --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \ 516 apt-get update && apt-get install -y --no-install-recommends \ 517 apparmor \ 518 bash-completion \ 519 bzip2 \ 520 inetutils-ping \ 521 iproute2 \ 522 iptables \ 523 jq \ 524 libcap2-bin \ 525 libnet1 \ 526 libnl-3-200 \ 527 libprotobuf-c1 \ 528 libyajl2 \ 529 net-tools \ 530 patch \ 531 pigz \ 532 python3-pip \ 533 python3-setuptools \ 534 python3-wheel \ 535 sudo \ 536 systemd-journal-remote \ 537 thin-provisioning-tools \ 538 uidmap \ 539 vim \ 540 vim-common \ 541 xfsprogs \ 542 xz-utils \ 543 zip \ 544 zstd 545 # Switch to use iptables instead of nftables (to match the CI hosts) 546 # TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824) 547 RUN update-alternatives --set iptables /usr/sbin/iptables-legacy || true \ 548 && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \ 549 && update-alternatives --set arptables /usr/sbin/arptables-legacy || true 550 ARG YAMLLINT_VERSION=1.27.1 551 RUN pip3 install yamllint==${YAMLLINT_VERSION} 552 RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ 553 --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \ 554 apt-get update && apt-get install --no-install-recommends -y \ 555 gcc \ 556 pkg-config \ 557 dpkg-dev \ 558 libapparmor-dev \ 559 libseccomp-dev \ 560 libsecret-1-dev \ 561 libsystemd-dev \ 562 libudev-dev 563 COPY --link --from=dockercli /build/ /usr/local/cli 564 COPY --link --from=dockercli-integration /build/ /usr/local/cli-integration 565 566 FROM base AS build 567 COPY --from=gowinres /build/ /usr/local/bin/ 568 WORKDIR /go/src/github.com/Prakhar-Agarwal-byte/moby 569 ENV GO111MODULE=off 570 ENV CGO_ENABLED=1 571 ARG DEBIAN_FRONTEND 572 RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \ 573 --mount=type=cache,sharing=locked,id=moby-build-aptcache,target=/var/cache/apt \ 574 apt-get update && apt-get install --no-install-recommends -y \ 575 clang \ 576 lld \ 577 llvm 578 ARG TARGETPLATFORM 579 RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \ 580 --mount=type=cache,sharing=locked,id=moby-build-aptcache,target=/var/cache/apt \ 581 xx-apt-get install --no-install-recommends -y \ 582 dpkg-dev \ 583 gcc \ 584 libapparmor-dev \ 585 libc6-dev \ 586 libseccomp-dev \ 587 libsecret-1-dev \ 588 libsystemd-dev \ 589 libudev-dev 590 ARG DOCKER_BUILDTAGS 591 ARG DOCKER_DEBUG 592 ARG DOCKER_GITCOMMIT=HEAD 593 ARG DOCKER_LDFLAGS 594 ARG DOCKER_STATIC 595 ARG VERSION 596 ARG PLATFORM 597 ARG PRODUCT 598 ARG DEFAULT_PRODUCT_LICENSE 599 ARG PACKAGER_NAME 600 # PREFIX overrides DEST dir in make.sh script otherwise it fails because of 601 # read only mount in current work dir 602 ENV PREFIX=/tmp 603 RUN <<EOT 604 # in bullseye arm64 target does not link with lld so configure it to use ld instead 605 if [ "$(xx-info arch)" = "arm64" ]; then 606 XX_CC_PREFER_LINKER=ld xx-clang --setup-target-triple 607 fi 608 EOT 609 RUN --mount=type=bind,target=.,rw \ 610 --mount=type=tmpfs,target=cli/winresources/dockerd \ 611 --mount=type=tmpfs,target=cli/winresources/docker-proxy \ 612 --mount=type=cache,target=/root/.cache/go-build,id=moby-build-$TARGETPLATFORM <<EOT 613 set -e 614 target=$([ "$DOCKER_STATIC" = "1" ] && echo "binary" || echo "dynbinary") 615 xx-go --wrap 616 PKG_CONFIG=$(xx-go env PKG_CONFIG) ./hack/make.sh $target 617 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /tmp/bundles/${target}-daemon/dockerd$([ "$(xx-info os)" = "windows" ] && echo ".exe") 618 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /tmp/bundles/${target}-daemon/docker-proxy$([ "$(xx-info os)" = "windows" ] && echo ".exe") 619 mkdir /build 620 mv /tmp/bundles/${target}-daemon/* /build/ 621 EOT 622 623 # usage: 624 # > docker buildx bake binary 625 # > DOCKER_STATIC=0 docker buildx bake binary 626 # or 627 # > make binary 628 # > make dynbinary 629 FROM scratch AS binary 630 COPY --from=build /build/ / 631 632 # usage: 633 # > docker buildx bake all 634 FROM scratch AS all 635 COPY --link --from=tini /build/ / 636 COPY --link --from=runc /build/ / 637 COPY --link --from=containerd /build/ / 638 COPY --link --from=rootlesskit /build/ / 639 COPY --link --from=containerutil /build/ / 640 COPY --link --from=vpnkit / / 641 COPY --link --from=build /build / 642 643 # smoke tests 644 # usage: 645 # > docker buildx bake binary-smoketest 646 FROM --platform=$TARGETPLATFORM base AS smoketest 647 WORKDIR /usr/local/bin 648 COPY --from=build /build . 649 RUN <<EOT 650 set -ex 651 file dockerd 652 dockerd --version 653 file docker-proxy 654 docker-proxy --version 655 EOT 656 657 # usage: 658 # > make shell 659 # > SYSTEMD=true make shell 660 FROM dev-base AS dev 661 COPY --link . .