github.com/rawahars/moby@v24.0.4+incompatible/Dockerfile (about) 1 # syntax=docker/dockerfile:1 2 3 ARG GO_VERSION=1.20.5 4 ARG BASE_DEBIAN_DISTRO="bullseye" 5 ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}" 6 ARG XX_VERSION=1.2.1 7 8 ARG VPNKIT_VERSION=0.5.0 9 10 ARG DOCKERCLI_REPOSITORY="https://github.com/docker/cli.git" 11 ARG DOCKERCLI_VERSION=v24.0.2 12 # cli version used for integration-cli tests 13 ARG DOCKERCLI_INTEGRATION_REPOSITORY="https://github.com/docker/cli.git" 14 ARG DOCKERCLI_INTEGRATION_VERSION=v17.06.2-ce 15 ARG BUILDX_VERSION=0.11.0 16 17 ARG SYSTEMD="false" 18 ARG DEBIAN_FRONTEND=noninteractive 19 ARG DOCKER_STATIC=1 20 21 # cross compilation helper 22 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx 23 24 # dummy stage to make sure the image is built for deps that don't support some 25 # architectures 26 FROM --platform=$BUILDPLATFORM busybox AS build-dummy 27 RUN mkdir -p /build 28 FROM scratch AS binary-dummy 29 COPY --from=build-dummy /build /build 30 31 # base 32 FROM --platform=$BUILDPLATFORM ${GOLANG_IMAGE} AS base 33 COPY --from=xx / / 34 RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache 35 ARG APT_MIRROR 36 RUN sed -ri "s/(httpredir|deb).debian.org/${APT_MIRROR:-deb.debian.org}/g" /etc/apt/sources.list \ 37 && sed -ri "s/(security).debian.org/${APT_MIRROR:-security.debian.org}/g" /etc/apt/sources.list 38 ARG DEBIAN_FRONTEND 39 RUN apt-get update && apt-get install --no-install-recommends -y file 40 ENV GO111MODULE=off 41 42 FROM base AS criu 43 ARG DEBIAN_FRONTEND 44 ADD --chmod=0644 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/Release.key /etc/apt/trusted.gpg.d/criu.gpg.asc 45 RUN --mount=type=cache,sharing=locked,id=moby-criu-aptlib,target=/var/lib/apt \ 46 --mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \ 47 echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/ /' > /etc/apt/sources.list.d/criu.list \ 48 && apt-get update \ 49 && apt-get install -y --no-install-recommends criu \ 50 && install -D /usr/sbin/criu /build/criu 51 52 # registry 53 FROM base AS registry-src 54 WORKDIR /usr/src/registry 55 RUN git init . && git remote add origin "https://github.com/distribution/distribution.git" 56 57 FROM base AS registry 58 WORKDIR /go/src/github.com/docker/distribution 59 # REGISTRY_VERSION specifies the version of the registry to build and install 60 # from the https://github.com/docker/distribution repository. This version of 61 # the registry is used to test both schema 1 and schema 2 manifests. Generally, 62 # the version specified here should match a current release. 63 ARG REGISTRY_VERSION=v2.3.0 64 # REGISTRY_VERSION_SCHEMA1 specifies the version of the registry to build and 65 # install from the https://github.com/docker/distribution repository. This is 66 # an older (pre v2.3.0) version of the registry that only supports schema1 67 # manifests. This version of the registry is not working on arm64, so installation 68 # is skipped on that architecture. 69 ARG REGISTRY_VERSION_SCHEMA1=v2.1.0 70 ARG TARGETPLATFORM 71 RUN --mount=from=registry-src,src=/usr/src/registry,rw \ 72 --mount=type=cache,target=/root/.cache/go-build,id=registry-build-$TARGETPLATFORM \ 73 --mount=type=cache,target=/go/pkg/mod \ 74 --mount=type=tmpfs,target=/go/src <<EOT 75 set -ex 76 git fetch -q --depth 1 origin "${REGISTRY_VERSION}" +refs/tags/*:refs/tags/* 77 git checkout -q FETCH_HEAD 78 export GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" 79 CGO_ENABLED=0 xx-go build -o /build/registry-v2 -v ./cmd/registry 80 xx-verify /build/registry-v2 81 case $TARGETPLATFORM in 82 linux/amd64|linux/arm/v7|linux/ppc64le|linux/s390x) 83 git fetch -q --depth 1 origin "${REGISTRY_VERSION_SCHEMA1}" +refs/tags/*:refs/tags/* 84 git checkout -q FETCH_HEAD 85 CGO_ENABLED=0 xx-go build -o /build/registry-v2-schema1 -v ./cmd/registry 86 xx-verify /build/registry-v2-schema1 87 ;; 88 esac 89 EOT 90 91 # go-swagger 92 FROM base AS swagger-src 93 WORKDIR /usr/src/swagger 94 # Currently uses a fork from https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix 95 # TODO: move to under moby/ or fix upstream go-swagger to work for us. 96 RUN git init . && git remote add origin "https://github.com/kolyshkin/go-swagger.git" 97 # GO_SWAGGER_COMMIT specifies the version of the go-swagger binary to build and 98 # install. Go-swagger is used in CI for validating swagger.yaml in hack/validate/swagger-gen 99 ARG GO_SWAGGER_COMMIT=c56166c036004ba7a3a321e5951ba472b9ae298c 100 RUN git fetch -q --depth 1 origin "${GO_SWAGGER_COMMIT}" && git checkout -q FETCH_HEAD 101 102 FROM base AS swagger 103 WORKDIR /go/src/github.com/go-swagger/go-swagger 104 ARG TARGETPLATFORM 105 RUN --mount=from=swagger-src,src=/usr/src/swagger,rw \ 106 --mount=type=cache,target=/root/.cache/go-build,id=swagger-build-$TARGETPLATFORM \ 107 --mount=type=cache,target=/go/pkg/mod \ 108 --mount=type=tmpfs,target=/go/src/ <<EOT 109 set -e 110 xx-go build -o /build/swagger ./cmd/swagger 111 xx-verify /build/swagger 112 EOT 113 114 # frozen-images 115 # See also frozenImages in "testutil/environment/protect.go" (which needs to 116 # be updated when adding images to this list) 117 FROM debian:${BASE_DEBIAN_DISTRO} AS frozen-images 118 ARG DEBIAN_FRONTEND 119 RUN --mount=type=cache,sharing=locked,id=moby-frozen-images-aptlib,target=/var/lib/apt \ 120 --mount=type=cache,sharing=locked,id=moby-frozen-images-aptcache,target=/var/cache/apt \ 121 apt-get update && apt-get install -y --no-install-recommends \ 122 ca-certificates \ 123 curl \ 124 jq 125 # Get useful and necessary Hub images so we can "docker load" locally instead of pulling 126 COPY contrib/download-frozen-image-v2.sh / 127 ARG TARGETARCH 128 ARG TARGETVARIANT 129 RUN /download-frozen-image-v2.sh /build \ 130 busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \ 131 busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \ 132 debian:bullseye-slim@sha256:dacf278785a4daa9de07596ec739dbc07131e189942772210709c5c0777e8437 \ 133 hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \ 134 arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1 135 136 # delve 137 FROM base AS delve-src 138 WORKDIR /usr/src/delve 139 RUN git init . && git remote add origin "https://github.com/go-delve/delve.git" 140 # DELVE_VERSION specifies the version of the Delve debugger binary 141 # from the https://github.com/go-delve/delve repository. 142 # It can be used to run Docker with a possibility of 143 # attaching debugger to it. 144 ARG DELVE_VERSION=v1.20.1 145 RUN git fetch -q --depth 1 origin "${DELVE_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 146 147 FROM base AS delve-build 148 WORKDIR /usr/src/delve 149 ARG TARGETPLATFORM 150 RUN --mount=from=delve-src,src=/usr/src/delve,rw \ 151 --mount=type=cache,target=/root/.cache/go-build,id=delve-build-$TARGETPLATFORM \ 152 --mount=type=cache,target=/go/pkg/mod <<EOT 153 set -e 154 GO111MODULE=on xx-go build -o /build/dlv ./cmd/dlv 155 xx-verify /build/dlv 156 EOT 157 158 # delve is currently only supported on linux/amd64 and linux/arm64; 159 # https://github.com/go-delve/delve/blob/v1.8.1/pkg/proc/native/support_sentinel.go#L1-L6 160 FROM binary-dummy AS delve-windows 161 FROM binary-dummy AS delve-linux-arm 162 FROM binary-dummy AS delve-linux-ppc64le 163 FROM binary-dummy AS delve-linux-s390x 164 FROM delve-build AS delve-linux-amd64 165 FROM delve-build AS delve-linux-arm64 166 FROM delve-linux-${TARGETARCH} AS delve-linux 167 FROM delve-${TARGETOS} AS delve 168 169 FROM base AS tomll 170 # GOTOML_VERSION specifies the version of the tomll binary to build and install 171 # from the https://github.com/pelletier/go-toml repository. This binary is used 172 # in CI in the hack/validate/toml script. 173 # 174 # When updating this version, consider updating the github.com/pelletier/go-toml 175 # dependency in vendor.mod accordingly. 176 ARG GOTOML_VERSION=v1.8.1 177 RUN --mount=type=cache,target=/root/.cache/go-build \ 178 --mount=type=cache,target=/go/pkg/mod \ 179 GOBIN=/build/ GO111MODULE=on go install "github.com/pelletier/go-toml/cmd/tomll@${GOTOML_VERSION}" \ 180 && /build/tomll --help 181 182 FROM base AS gowinres 183 # GOWINRES_VERSION defines go-winres tool version 184 ARG GOWINRES_VERSION=v0.3.0 185 RUN --mount=type=cache,target=/root/.cache/go-build \ 186 --mount=type=cache,target=/go/pkg/mod \ 187 GOBIN=/build/ GO111MODULE=on go install "github.com/tc-hib/go-winres@${GOWINRES_VERSION}" \ 188 && /build/go-winres --help 189 190 # containerd 191 FROM base AS containerd-src 192 WORKDIR /usr/src/containerd 193 RUN git init . && git remote add origin "https://github.com/containerd/containerd.git" 194 # CONTAINERD_VERSION is used to build containerd binaries, and used for the 195 # integration tests. The distributed docker .deb and .rpm packages depend on a 196 # separate (containerd.io) package, which may be a different version as is 197 # specified here. The containerd golang package is also pinned in vendor.mod. 198 # When updating the binary version you may also need to update the vendor 199 # version to pick up bug fixes or new APIs, however, usually the Go packages 200 # are built from a commit from the master branch. 201 ARG CONTAINERD_VERSION=v1.7.1 202 RUN git fetch -q --depth 1 origin "${CONTAINERD_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 203 204 FROM base AS containerd-build 205 WORKDIR /go/src/github.com/containerd/containerd 206 ARG DEBIAN_FRONTEND 207 ARG TARGETPLATFORM 208 RUN --mount=type=cache,sharing=locked,id=moby-containerd-aptlib,target=/var/lib/apt \ 209 --mount=type=cache,sharing=locked,id=moby-containerd-aptcache,target=/var/cache/apt \ 210 apt-get update && xx-apt-get install -y --no-install-recommends \ 211 gcc libbtrfs-dev libsecret-1-dev 212 ARG DOCKER_STATIC 213 RUN --mount=from=containerd-src,src=/usr/src/containerd,rw \ 214 --mount=type=cache,target=/root/.cache/go-build,id=containerd-build-$TARGETPLATFORM <<EOT 215 set -e 216 export CC=$(xx-info)-gcc 217 export CGO_ENABLED=$([ "$DOCKER_STATIC" = "1" ] && echo "0" || echo "1") 218 xx-go --wrap 219 make $([ "$DOCKER_STATIC" = "1" ] && echo "STATIC=1") binaries 220 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/containerd 221 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/containerd-shim-runc-v2 222 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/ctr 223 mkdir /build 224 mv bin/containerd bin/containerd-shim-runc-v2 bin/ctr /build 225 EOT 226 227 FROM containerd-build AS containerd-linux 228 FROM binary-dummy AS containerd-windows 229 FROM containerd-${TARGETOS} AS containerd 230 231 FROM base AS golangci_lint 232 ARG GOLANGCI_LINT_VERSION=v1.51.2 233 RUN --mount=type=cache,target=/root/.cache/go-build \ 234 --mount=type=cache,target=/go/pkg/mod \ 235 GOBIN=/build/ GO111MODULE=on go install "github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCI_LINT_VERSION}" \ 236 && /build/golangci-lint --version 237 238 FROM base AS gotestsum 239 ARG GOTESTSUM_VERSION=v1.8.2 240 RUN --mount=type=cache,target=/root/.cache/go-build \ 241 --mount=type=cache,target=/go/pkg/mod \ 242 GOBIN=/build/ GO111MODULE=on go install "gotest.tools/gotestsum@${GOTESTSUM_VERSION}" \ 243 && /build/gotestsum --version 244 245 FROM base AS shfmt 246 ARG SHFMT_VERSION=v3.6.0 247 RUN --mount=type=cache,target=/root/.cache/go-build \ 248 --mount=type=cache,target=/go/pkg/mod \ 249 GOBIN=/build/ GO111MODULE=on go install "mvdan.cc/sh/v3/cmd/shfmt@${SHFMT_VERSION}" \ 250 && /build/shfmt --version 251 252 FROM base AS dockercli 253 WORKDIR /go/src/github.com/docker/cli 254 COPY hack/dockerfile/cli.sh /download-or-build-cli.sh 255 ARG DOCKERCLI_REPOSITORY 256 ARG DOCKERCLI_VERSION 257 ARG TARGETPLATFORM 258 RUN --mount=type=cache,id=dockercli-git-$TARGETPLATFORM,sharing=locked,target=./.git \ 259 --mount=type=cache,target=/root/.cache/go-build,id=dockercli-build-$TARGETPLATFORM \ 260 rm -f ./.git/*.lock \ 261 && /download-or-build-cli.sh ${DOCKERCLI_VERSION} ${DOCKERCLI_REPOSITORY} /build \ 262 && /build/docker --version 263 264 FROM base AS dockercli-integration 265 WORKDIR /go/src/github.com/docker/cli 266 COPY hack/dockerfile/cli.sh /download-or-build-cli.sh 267 ARG DOCKERCLI_INTEGRATION_REPOSITORY 268 ARG DOCKERCLI_INTEGRATION_VERSION 269 ARG TARGETPLATFORM 270 RUN --mount=type=cache,id=dockercli-integration-git-$TARGETPLATFORM,sharing=locked,target=./.git \ 271 --mount=type=cache,target=/root/.cache/go-build,id=dockercli-integration-build-$TARGETPLATFORM \ 272 rm -f ./.git/*.lock \ 273 && /download-or-build-cli.sh ${DOCKERCLI_INTEGRATION_VERSION} ${DOCKERCLI_INTEGRATION_REPOSITORY} /build \ 274 && /build/docker --version 275 276 # runc 277 FROM base AS runc-src 278 WORKDIR /usr/src/runc 279 RUN git init . && git remote add origin "https://github.com/opencontainers/runc.git" 280 # RUNC_VERSION should match the version that is used by the containerd version 281 # that is used. If you need to update runc, open a pull request in the containerd 282 # project first, and update both after that is merged. When updating RUNC_VERSION, 283 # consider updating runc in vendor.mod accordingly. 284 ARG RUNC_VERSION=v1.1.7 285 RUN git fetch -q --depth 1 origin "${RUNC_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 286 287 FROM base AS runc-build 288 WORKDIR /go/src/github.com/opencontainers/runc 289 ARG DEBIAN_FRONTEND 290 ARG TARGETPLATFORM 291 RUN --mount=type=cache,sharing=locked,id=moby-runc-aptlib,target=/var/lib/apt \ 292 --mount=type=cache,sharing=locked,id=moby-runc-aptcache,target=/var/cache/apt \ 293 apt-get update && xx-apt-get install -y --no-install-recommends \ 294 dpkg-dev gcc libc6-dev libseccomp-dev 295 ARG DOCKER_STATIC 296 RUN --mount=from=runc-src,src=/usr/src/runc,rw \ 297 --mount=type=cache,target=/root/.cache/go-build,id=runc-build-$TARGETPLATFORM <<EOT 298 set -e 299 xx-go --wrap 300 CGO_ENABLED=1 make "$([ "$DOCKER_STATIC" = "1" ] && echo "static" || echo "runc")" 301 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") runc 302 mkdir /build 303 mv runc /build/ 304 EOT 305 306 FROM runc-build AS runc-linux 307 FROM binary-dummy AS runc-windows 308 FROM runc-${TARGETOS} AS runc 309 310 # tini 311 FROM base AS tini-src 312 WORKDIR /usr/src/tini 313 RUN git init . && git remote add origin "https://github.com/krallin/tini.git" 314 # TINI_VERSION specifies the version of tini (docker-init) to build. This 315 # binary is used when starting containers with the `--init` option. 316 ARG TINI_VERSION=v0.19.0 317 RUN git fetch -q --depth 1 origin "${TINI_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 318 319 FROM base AS tini-build 320 WORKDIR /go/src/github.com/krallin/tini 321 ARG DEBIAN_FRONTEND 322 RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \ 323 --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \ 324 apt-get update && apt-get install -y --no-install-recommends cmake 325 ARG TARGETPLATFORM 326 RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \ 327 --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \ 328 xx-apt-get install -y --no-install-recommends \ 329 gcc libc6-dev 330 RUN --mount=from=tini-src,src=/usr/src/tini,rw \ 331 --mount=type=cache,target=/root/.cache/go-build,id=tini-build-$TARGETPLATFORM <<EOT 332 set -e 333 CC=$(xx-info)-gcc cmake . 334 make tini-static 335 xx-verify --static tini-static 336 mkdir /build 337 mv tini-static /build/docker-init 338 EOT 339 340 FROM tini-build AS tini-linux 341 FROM binary-dummy AS tini-windows 342 FROM tini-${TARGETOS} AS tini 343 344 # rootlesskit 345 FROM base AS rootlesskit-src 346 WORKDIR /usr/src/rootlesskit 347 RUN git init . && git remote add origin "https://github.com/rootless-containers/rootlesskit.git" 348 # When updating, also update rootlesskit commit in vendor.mod accordingly. 349 ARG ROOTLESSKIT_VERSION=v1.1.0 350 RUN git fetch -q --depth 1 origin "${ROOTLESSKIT_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 351 352 FROM base AS rootlesskit-build 353 WORKDIR /go/src/github.com/rootless-containers/rootlesskit 354 ARG DEBIAN_FRONTEND 355 ARG TARGETPLATFORM 356 RUN --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptlib,target=/var/lib/apt \ 357 --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptcache,target=/var/cache/apt \ 358 apt-get update && xx-apt-get install -y --no-install-recommends \ 359 gcc libc6-dev 360 ENV GO111MODULE=on 361 ARG DOCKER_STATIC 362 RUN --mount=from=rootlesskit-src,src=/usr/src/rootlesskit,rw \ 363 --mount=type=cache,target=/go/pkg/mod \ 364 --mount=type=cache,target=/root/.cache/go-build,id=rootlesskit-build-$TARGETPLATFORM <<EOT 365 set -e 366 export CGO_ENABLED=$([ "$DOCKER_STATIC" = "1" ] && echo "0" || echo "1") 367 xx-go build -o /build/rootlesskit -ldflags="$([ "$DOCKER_STATIC" != "1" ] && echo "-linkmode=external")" ./cmd/rootlesskit 368 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /build/rootlesskit 369 xx-go build -o /build/rootlesskit-docker-proxy -ldflags="$([ "$DOCKER_STATIC" != "1" ] && echo "-linkmode=external")" ./cmd/rootlesskit-docker-proxy 370 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /build/rootlesskit-docker-proxy 371 EOT 372 COPY ./contrib/dockerd-rootless.sh /build/ 373 COPY ./contrib/dockerd-rootless-setuptool.sh /build/ 374 375 FROM rootlesskit-build AS rootlesskit-linux 376 FROM binary-dummy AS rootlesskit-windows 377 FROM rootlesskit-${TARGETOS} AS rootlesskit 378 379 FROM base AS crun 380 ARG CRUN_VERSION=1.4.5 381 RUN --mount=type=cache,sharing=locked,id=moby-crun-aptlib,target=/var/lib/apt \ 382 --mount=type=cache,sharing=locked,id=moby-crun-aptcache,target=/var/cache/apt \ 383 apt-get update && apt-get install -y --no-install-recommends \ 384 autoconf \ 385 automake \ 386 build-essential \ 387 libcap-dev \ 388 libprotobuf-c-dev \ 389 libseccomp-dev \ 390 libsystemd-dev \ 391 libtool \ 392 libudev-dev \ 393 libyajl-dev \ 394 python3 \ 395 ; 396 RUN --mount=type=tmpfs,target=/tmp/crun-build \ 397 git clone https://github.com/containers/crun.git /tmp/crun-build && \ 398 cd /tmp/crun-build && \ 399 git checkout -q "${CRUN_VERSION}" && \ 400 ./autogen.sh && \ 401 ./configure --bindir=/build && \ 402 make -j install 403 404 # vpnkit 405 # use dummy scratch stage to avoid build to fail for unsupported platforms 406 FROM scratch AS vpnkit-windows 407 FROM scratch AS vpnkit-linux-386 408 FROM scratch AS vpnkit-linux-arm 409 FROM scratch AS vpnkit-linux-ppc64le 410 FROM scratch AS vpnkit-linux-riscv64 411 FROM scratch AS vpnkit-linux-s390x 412 FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-amd64 413 FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-arm64 414 FROM vpnkit-linux-${TARGETARCH} AS vpnkit-linux 415 FROM vpnkit-${TARGETOS} AS vpnkit 416 417 # containerutility 418 FROM base AS containerutil-src 419 WORKDIR /usr/src/containerutil 420 RUN git init . && git remote add origin "https://github.com/docker-archive/windows-container-utility.git" 421 ARG CONTAINERUTILITY_VERSION=aa1ba87e99b68e0113bd27ec26c60b88f9d4ccd9 422 RUN git fetch -q --depth 1 origin "${CONTAINERUTILITY_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 423 424 FROM base AS containerutil-build 425 WORKDIR /usr/src/containerutil 426 ARG TARGETPLATFORM 427 RUN xx-apt-get install -y --no-install-recommends gcc g++ libc6-dev 428 RUN --mount=from=containerutil-src,src=/usr/src/containerutil,rw \ 429 --mount=type=cache,target=/root/.cache/go-build,id=containerutil-build-$TARGETPLATFORM <<EOT 430 set -e 431 CC="$(xx-info)-gcc" CXX="$(xx-info)-g++" make 432 xx-verify --static containerutility.exe 433 mkdir /build 434 mv containerutility.exe /build/ 435 EOT 436 437 FROM binary-dummy AS containerutil-linux 438 FROM containerutil-build AS containerutil-windows-amd64 439 FROM containerutil-windows-${TARGETARCH} AS containerutil-windows 440 FROM containerutil-${TARGETOS} AS containerutil 441 FROM docker/buildx-bin:${BUILDX_VERSION} as buildx 442 443 FROM base AS dev-systemd-false 444 COPY --link --from=frozen-images /build/ /docker-frozen-images 445 COPY --link --from=swagger /build/ /usr/local/bin/ 446 COPY --link --from=delve /build/ /usr/local/bin/ 447 COPY --link --from=tomll /build/ /usr/local/bin/ 448 COPY --link --from=gowinres /build/ /usr/local/bin/ 449 COPY --link --from=tini /build/ /usr/local/bin/ 450 COPY --link --from=registry /build/ /usr/local/bin/ 451 452 # Skip the CRIU stage for now, as the opensuse package repository is sometimes 453 # unstable, and we're currently not using it in CI. 454 # 455 # FIXME(thaJeztah): re-enable this stage when https://github.com/moby/moby/issues/38963 is resolved (see https://github.com/moby/moby/pull/38984) 456 # COPY --link --from=criu /build/ /usr/local/bin/ 457 COPY --link --from=gotestsum /build/ /usr/local/bin/ 458 COPY --link --from=golangci_lint /build/ /usr/local/bin/ 459 COPY --link --from=shfmt /build/ /usr/local/bin/ 460 COPY --link --from=runc /build/ /usr/local/bin/ 461 COPY --link --from=containerd /build/ /usr/local/bin/ 462 COPY --link --from=rootlesskit /build/ /usr/local/bin/ 463 COPY --link --from=vpnkit / /usr/local/bin/ 464 COPY --link --from=containerutil /build/ /usr/local/bin/ 465 COPY --link --from=crun /build/ /usr/local/bin/ 466 COPY --link hack/dockerfile/etc/docker/ /etc/docker/ 467 COPY --link --from=buildx /buildx /usr/local/libexec/docker/cli-plugins/docker-buildx 468 469 ENV PATH=/usr/local/cli:$PATH 470 ENV TEST_CLIENT_BINARY=/usr/local/cli-integration/docker 471 ENV CONTAINERD_ADDRESS=/run/docker/containerd/containerd.sock 472 ENV CONTAINERD_NAMESPACE=moby 473 WORKDIR /go/src/github.com/docker/docker 474 VOLUME /var/lib/docker 475 VOLUME /home/unprivilegeduser/.local/share/docker 476 # Wrap all commands in the "docker-in-docker" script to allow nested containers 477 ENTRYPOINT ["hack/dind"] 478 479 FROM dev-systemd-false AS dev-systemd-true 480 RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ 481 --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \ 482 apt-get update && apt-get install -y --no-install-recommends \ 483 dbus \ 484 dbus-user-session \ 485 systemd \ 486 systemd-sysv 487 ENTRYPOINT ["hack/dind-systemd"] 488 489 FROM dev-systemd-${SYSTEMD} AS dev-base 490 ARG DEBIAN_FRONTEND 491 RUN groupadd -r docker 492 RUN useradd --create-home --gid docker unprivilegeduser \ 493 && mkdir -p /home/unprivilegeduser/.local/share/docker \ 494 && chown -R unprivilegeduser /home/unprivilegeduser 495 # Let us use a .bashrc file 496 RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc 497 # Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH 498 RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc 499 RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker 500 RUN ldconfig 501 # Set dev environment as safe git directory to prevent "dubious ownership" errors 502 # when bind-mounting the source into the dev-container. See https://github.com/moby/moby/pull/44930 503 RUN git config --global --add safe.directory $GOPATH/src/github.com/docker/docker 504 # This should only install packages that are specifically needed for the dev environment and nothing else 505 # Do you really need to add another package here? Can it be done in a different build stage? 506 RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ 507 --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \ 508 apt-get update && apt-get install -y --no-install-recommends \ 509 apparmor \ 510 bash-completion \ 511 bzip2 \ 512 inetutils-ping \ 513 iproute2 \ 514 iptables \ 515 jq \ 516 libcap2-bin \ 517 libnet1 \ 518 libnl-3-200 \ 519 libprotobuf-c1 \ 520 libyajl2 \ 521 net-tools \ 522 patch \ 523 pigz \ 524 python3-pip \ 525 python3-setuptools \ 526 python3-wheel \ 527 sudo \ 528 systemd-journal-remote \ 529 thin-provisioning-tools \ 530 uidmap \ 531 vim \ 532 vim-common \ 533 xfsprogs \ 534 xz-utils \ 535 zip \ 536 zstd 537 # Switch to use iptables instead of nftables (to match the CI hosts) 538 # TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824) 539 RUN update-alternatives --set iptables /usr/sbin/iptables-legacy || true \ 540 && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \ 541 && update-alternatives --set arptables /usr/sbin/arptables-legacy || true 542 ARG YAMLLINT_VERSION=1.27.1 543 RUN pip3 install yamllint==${YAMLLINT_VERSION} 544 RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ 545 --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \ 546 apt-get update && apt-get install --no-install-recommends -y \ 547 gcc \ 548 pkg-config \ 549 dpkg-dev \ 550 libapparmor-dev \ 551 libdevmapper-dev \ 552 libseccomp-dev \ 553 libsecret-1-dev \ 554 libsystemd-dev \ 555 libudev-dev 556 COPY --link --from=dockercli /build/ /usr/local/cli 557 COPY --link --from=dockercli-integration /build/ /usr/local/cli-integration 558 559 FROM base AS build 560 COPY --from=gowinres /build/ /usr/local/bin/ 561 WORKDIR /go/src/github.com/docker/docker 562 ENV GO111MODULE=off 563 ENV CGO_ENABLED=1 564 ARG DEBIAN_FRONTEND 565 RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \ 566 --mount=type=cache,sharing=locked,id=moby-build-aptcache,target=/var/cache/apt \ 567 apt-get update && apt-get install --no-install-recommends -y \ 568 clang \ 569 lld \ 570 llvm 571 ARG TARGETPLATFORM 572 RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \ 573 --mount=type=cache,sharing=locked,id=moby-build-aptcache,target=/var/cache/apt \ 574 xx-apt-get install --no-install-recommends -y \ 575 dpkg-dev \ 576 gcc \ 577 libapparmor-dev \ 578 libc6-dev \ 579 libdevmapper-dev \ 580 libseccomp-dev \ 581 libsecret-1-dev \ 582 libsystemd-dev \ 583 libudev-dev 584 ARG DOCKER_BUILDTAGS 585 ARG DOCKER_DEBUG 586 ARG DOCKER_GITCOMMIT=HEAD 587 ARG DOCKER_LDFLAGS 588 ARG DOCKER_STATIC 589 ARG VERSION 590 ARG PLATFORM 591 ARG PRODUCT 592 ARG DEFAULT_PRODUCT_LICENSE 593 ARG PACKAGER_NAME 594 # PREFIX overrides DEST dir in make.sh script otherwise it fails because of 595 # read only mount in current work dir 596 ENV PREFIX=/tmp 597 RUN <<EOT 598 # in bullseye arm64 target does not link with lld so configure it to use ld instead 599 if [ "$(xx-info arch)" = "arm64" ]; then 600 XX_CC_PREFER_LINKER=ld xx-clang --setup-target-triple 601 fi 602 EOT 603 RUN --mount=type=bind,target=. \ 604 --mount=type=tmpfs,target=cli/winresources/dockerd \ 605 --mount=type=tmpfs,target=cli/winresources/docker-proxy \ 606 --mount=type=cache,target=/root/.cache/go-build,id=moby-build-$TARGETPLATFORM <<EOT 607 set -e 608 target=$([ "$DOCKER_STATIC" = "1" ] && echo "binary" || echo "dynbinary") 609 xx-go --wrap 610 PKG_CONFIG=$(xx-go env PKG_CONFIG) ./hack/make.sh $target 611 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /tmp/bundles/${target}-daemon/dockerd$([ "$(xx-info os)" = "windows" ] && echo ".exe") 612 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /tmp/bundles/${target}-daemon/docker-proxy$([ "$(xx-info os)" = "windows" ] && echo ".exe") 613 mkdir /build 614 mv /tmp/bundles/${target}-daemon/* /build/ 615 EOT 616 617 # usage: 618 # > docker buildx bake binary 619 # > DOCKER_STATIC=0 docker buildx bake binary 620 # or 621 # > make binary 622 # > make dynbinary 623 FROM scratch AS binary 624 COPY --from=build /build/ / 625 626 # usage: 627 # > docker buildx bake all 628 FROM scratch AS all 629 COPY --link --from=tini /build/ / 630 COPY --link --from=runc /build/ / 631 COPY --link --from=containerd /build/ / 632 COPY --link --from=rootlesskit /build/ / 633 COPY --link --from=containerutil /build/ / 634 COPY --link --from=vpnkit / / 635 COPY --link --from=build /build / 636 637 # smoke tests 638 # usage: 639 # > docker buildx bake binary-smoketest 640 FROM --platform=$TARGETPLATFORM base AS smoketest 641 WORKDIR /usr/local/bin 642 COPY --from=build /build . 643 RUN <<EOT 644 set -ex 645 file dockerd 646 dockerd --version 647 file docker-proxy 648 docker-proxy --version 649 EOT 650 651 # usage: 652 # > make shell 653 # > SYSTEMD=true make shell 654 FROM dev-base AS dev 655 COPY --link . .