github.com/onflow/flow-go@v0.35.7-crescendo-preview.23-atree-inlining/cmd/Dockerfile (about) 1 # syntax = docker/dockerfile:experimental 2 # NOTE: Must be run in the context of the repo's root directory 3 4 #################################### 5 ## (1) Setup the build environment 6 FROM golang:1.20-bullseye AS build-setup 7 8 RUN apt-get update 9 RUN apt-get -y install zip apt-utils gcc-aarch64-linux-gnu 10 11 ## (2) Setup crypto dependencies 12 FROM build-setup AS build-env 13 14 # Build the app binary in /app 15 RUN mkdir /app 16 WORKDIR /app 17 18 ARG TARGET 19 ARG COMMIT 20 ARG VERSION 21 22 ENV GOPRIVATE= 23 24 COPY . . 25 26 # Update the git config to use SSH rather than HTTPS for clones 27 RUN git config --global url.git@github.com:.insteadOf https://github.com/ 28 RUN mkdir ~/.ssh 29 30 # Add GitHub known host to avoid prompts or failures on key check 31 RUN ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts 32 33 #################################### 34 ## (3) Build the production app binary 35 FROM build-env as build-production 36 WORKDIR /app 37 38 ARG GOARCH=amd64 39 # TAGS can be overriden to modify the go build tags (e.g. build without netgo) 40 ARG TAGS="netgo,osusergo" 41 # CC flag can be overwritten to specify a C compiler 42 ARG CC="" 43 # CGO_FLAG uses ADX instructions by default, flag can be overwritten to build without ADX 44 ARG CGO_FLAG="" 45 46 # Keep Go's build cache between builds. 47 # https://github.com/golang/go/issues/27719#issuecomment-514747274 48 RUN --mount=type=cache,sharing=locked,target=/go/pkg/mod \ 49 --mount=type=cache,target=/root/.cache/go-build \ 50 --mount=type=secret,id=cadence_deploy_key \ 51 # We evaluate the SSH agent to safely pass in a key for cloning dependencies 52 # We explicitly use ";" rather than && as we want to safely pass if it is unavailable 53 eval `ssh-agent -s` && printf "%s\n" "$(cat /run/secrets/cadence_deploy_key)" | ssh-add - ; \ 54 CGO_ENABLED=1 GOOS=linux GOARCH=${GOARCH} CC="${CC}" CGO_CFLAGS="${CGO_FLAG}" go build --tags "${TAGS}" -ldflags "-extldflags -static \ 55 -X 'github.com/onflow/flow-go/cmd/build.commit=${COMMIT}' -X 'github.com/onflow/flow-go/cmd/build.semver=${VERSION}'" \ 56 -o ./app ${TARGET} 57 58 RUN chmod a+x /app/app 59 60 ## (4) Add the statically linked production binary to a distroless image 61 FROM gcr.io/distroless/base-debian11 as production 62 63 COPY --from=build-production /app/app /bin/app 64 65 ENTRYPOINT ["/bin/app"] 66 67 #################################### 68 ## (3) Build the debug app binary 69 FROM build-env as build-debug 70 WORKDIR /app 71 ARG GOARCH=amd64 72 ARG CC="" 73 ARG CGO_FLAG="" 74 RUN --mount=type=ssh \ 75 --mount=type=cache,sharing=locked,target=/go/pkg/mod \ 76 --mount=type=cache,target=/root/.cache/go-build \ 77 --mount=type=secret,id=cadence_deploy_key \ 78 # We evaluate the SSH agent to safely pass in a key for cloning dependencies 79 # We explicitly use ";" rather than && as we want to safely pass if it is unavailable 80 eval `ssh-agent -s` && printf "%s\n" "$(cat /run/secrets/cadence_deploy_key)" | ssh-add - ; \ 81 CGO_ENABLED=1 GOOS=linux GOARCH=${GOARCH} CC="${CC}" CGO_CFLAGS="${CGO_FLAG}" go build --tags "netgo" -ldflags "-extldflags -static \ 82 -X 'github.com/onflow/flow-go/cmd/build.commit=${COMMIT}' -X 'github.com/onflow/flow-go/cmd/build.semver=${VERSION}'" \ 83 -gcflags="all=-N -l" -o ./app ${TARGET} 84 85 RUN chmod a+x /app/app 86 87 ## (4) Add the statically linked debug binary to a distroless image configured for debugging 88 FROM golang:1.20-bullseye as debug 89 90 RUN go install github.com/go-delve/delve/cmd/dlv@latest 91 92 COPY --from=build-debug /app/app /bin/app 93 94 ENTRYPOINT ["dlv", "--listen=:2345", "--headless=true", "--api-version=2", "--accept-multiclient", "exec", "/bin/app", "--"] 95 96 97 FROM build-setup as environment-clean