Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Brian Goff authored on 2019/05/23 08:49:55... | ... |
@@ -1,34 +1,11 @@ |
1 |
-# This file describes the standard way to build Docker, using docker |
|
2 |
-# |
|
3 |
-# Usage: |
|
4 |
-# |
|
5 |
-# # Use make to build a development environment image and run it in a container. |
|
6 |
-# # This is slow the first time. |
|
7 |
-# make BIND_DIR=. shell |
|
8 |
-# |
|
9 |
-# The following commands are executed inside the running container. |
|
10 |
- |
|
11 |
-# # Make a dockerd binary. |
|
12 |
-# # hack/make.sh binary |
|
13 |
-# |
|
14 |
-# # Install dockerd to /usr/local/bin |
|
15 |
-# # make install |
|
16 |
-# |
|
17 |
-# # Run unit tests |
|
18 |
-# # hack/test/unit |
|
19 |
-# |
|
20 |
-# # Run tests e.g. integration, py |
|
21 |
-# # hack/make.sh binary test-integration test-docker-py |
|
22 |
-# |
|
23 |
-# Note: AppArmor used to mess with privileged mode, but this is no longer |
|
24 |
-# the case. Therefore, you don't have to disable it anymore. |
|
25 |
-# |
|
1 |
+# syntax=docker/dockerfile:1.1.3-experimental |
|
26 | 2 |
|
27 | 3 |
ARG CROSS="false" |
28 | 4 |
ARG GO_VERSION=1.13.1 |
29 | 5 |
ARG DEBIAN_FRONTEND=noninteractive |
30 | 6 |
|
31 | 7 |
FROM golang:${GO_VERSION}-stretch AS base |
8 |
+RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache |
|
32 | 9 |
ARG APT_MIRROR |
33 | 10 |
RUN sed -ri "s/(httpredir|deb).debian.org/${APT_MIRROR:-deb.debian.org}/g" /etc/apt/sources.list \ |
34 | 11 |
&& sed -ri "s/(security).debian.org/${APT_MIRROR:-security.debian.org}/g" /etc/apt/sources.list |
... | ... |
@@ -36,19 +13,21 @@ ENV GO111MODULE=off |
36 | 36 |
|
37 | 37 |
FROM base AS criu |
38 | 38 |
ARG DEBIAN_FRONTEND |
39 |
+# Install dependency packages specific to criu |
|
40 |
+RUN --mount=type=cache,sharing=locked,id=moby-criu-aptlib,target=/var/lib/apt \ |
|
41 |
+ --mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \ |
|
42 |
+ apt-get update && apt-get install -y --no-install-recommends \ |
|
43 |
+ libnet-dev \ |
|
44 |
+ libprotobuf-c-dev \ |
|
45 |
+ libprotobuf-dev \ |
|
46 |
+ libnl-3-dev \ |
|
47 |
+ libcap-dev \ |
|
48 |
+ protobuf-compiler \ |
|
49 |
+ protobuf-c-compiler \ |
|
50 |
+ python-protobuf |
|
51 |
+ |
|
39 | 52 |
# Install CRIU for checkpoint/restore support |
40 | 53 |
ENV CRIU_VERSION 3.12 |
41 |
-# Install dependency packages specific to criu |
|
42 |
-RUN apt-get update && apt-get install -y --no-install-recommends \ |
|
43 |
- libnet-dev \ |
|
44 |
- libprotobuf-c-dev \ |
|
45 |
- libprotobuf-dev \ |
|
46 |
- libnl-3-dev \ |
|
47 |
- libcap-dev \ |
|
48 |
- protobuf-compiler \ |
|
49 |
- protobuf-c-compiler \ |
|
50 |
- python-protobuf \ |
|
51 |
- && rm -rf /var/lib/apt/lists/* |
|
52 | 54 |
RUN mkdir -p /usr/src/criu \ |
53 | 55 |
&& curl -sSL https://github.com/checkpoint-restore/criu/archive/v${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \ |
54 | 56 |
&& cd /usr/src/criu \ |
... | ... |
@@ -62,37 +41,42 @@ FROM base AS registry |
62 | 62 |
# and schema2 manifests. |
63 | 63 |
ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd |
64 | 64 |
ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827 |
65 |
-RUN set -x \ |
|
66 |
- && export GOPATH="$(mktemp -d)" \ |
|
67 |
- && git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \ |
|
68 |
- && (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \ |
|
69 |
- && GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \ |
|
70 |
- go build -buildmode=pie -o /build/registry-v2 github.com/docker/distribution/cmd/registry \ |
|
71 |
- && case $(dpkg --print-architecture) in \ |
|
72 |
- amd64|ppc64*|s390x) \ |
|
73 |
- (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1"); \ |
|
74 |
- GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"; \ |
|
75 |
- go build -buildmode=pie -o /build/registry-v2-schema1 github.com/docker/distribution/cmd/registry; \ |
|
76 |
- ;; \ |
|
77 |
- esac \ |
|
78 |
- && rm -rf "$GOPATH" |
|
65 |
+RUN --mount=type=cache,target=/root/.cache/go-build \ |
|
66 |
+ --mount=type=cache,target=/go/pkg/mod \ |
|
67 |
+ set -x \ |
|
68 |
+ && export GOPATH="$(mktemp -d)" \ |
|
69 |
+ && git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \ |
|
70 |
+ && (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \ |
|
71 |
+ && GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \ |
|
72 |
+ go build -buildmode=pie -o /build/registry-v2 github.com/docker/distribution/cmd/registry \ |
|
73 |
+ && case $(dpkg --print-architecture) in \ |
|
74 |
+ amd64|ppc64*|s390x) \ |
|
75 |
+ (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1"); \ |
|
76 |
+ GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"; \ |
|
77 |
+ go build -buildmode=pie -o /build/registry-v2-schema1 github.com/docker/distribution/cmd/registry; \ |
|
78 |
+ ;; \ |
|
79 |
+ esac \ |
|
80 |
+ && rm -rf "$GOPATH" |
|
79 | 81 |
|
80 | 82 |
FROM base AS swagger |
81 | 83 |
# Install go-swagger for validating swagger.yaml |
82 | 84 |
ENV GO_SWAGGER_COMMIT c28258affb0b6251755d92489ef685af8d4ff3eb |
83 |
-RUN set -x \ |
|
84 |
- && export GOPATH="$(mktemp -d)" \ |
|
85 |
- && git clone https://github.com/go-swagger/go-swagger.git "$GOPATH/src/github.com/go-swagger/go-swagger" \ |
|
86 |
- && (cd "$GOPATH/src/github.com/go-swagger/go-swagger" && git checkout -q "$GO_SWAGGER_COMMIT") \ |
|
87 |
- && go build -o /build/swagger github.com/go-swagger/go-swagger/cmd/swagger \ |
|
88 |
- && rm -rf "$GOPATH" |
|
85 |
+RUN --mount=type=cache,target=/root/.cache/go-build \ |
|
86 |
+ --mount=type=cache,target=/go/pkg/mod \ |
|
87 |
+ set -x \ |
|
88 |
+ && export GOPATH="$(mktemp -d)" \ |
|
89 |
+ && git clone https://github.com/go-swagger/go-swagger.git "$GOPATH/src/github.com/go-swagger/go-swagger" \ |
|
90 |
+ && (cd "$GOPATH/src/github.com/go-swagger/go-swagger" && git checkout -q "$GO_SWAGGER_COMMIT") \ |
|
91 |
+ && go build -o /build/swagger github.com/go-swagger/go-swagger/cmd/swagger \ |
|
92 |
+ && rm -rf "$GOPATH" |
|
89 | 93 |
|
90 | 94 |
FROM base AS frozen-images |
91 | 95 |
ARG DEBIAN_FRONTEND |
92 |
-RUN apt-get update && apt-get install -y --no-install-recommends \ |
|
93 |
- ca-certificates \ |
|
94 |
- jq \ |
|
95 |
- && rm -rf /var/lib/apt/lists/* |
|
96 |
+RUN --mount=type=cache,sharing=locked,id=moby-frozen-images-aptlib,target=/var/lib/apt \ |
|
97 |
+ --mount=type=cache,sharing=locked,id=moby-frozen-images-aptcache,target=/var/cache/apt \ |
|
98 |
+ apt-get update && apt-get install -y --no-install-recommends \ |
|
99 |
+ ca-certificates \ |
|
100 |
+ jq |
|
96 | 101 |
# Get useful and necessary Hub images so we can "docker load" locally instead of pulling |
97 | 102 |
COPY contrib/download-frozen-image-v2.sh / |
98 | 103 |
RUN /download-frozen-image-v2.sh /build \ |
... | ... |
@@ -110,42 +94,47 @@ ARG DEBIAN_FRONTEND |
110 | 110 |
RUN dpkg --add-architecture armhf |
111 | 111 |
RUN dpkg --add-architecture arm64 |
112 | 112 |
RUN dpkg --add-architecture armel |
113 |
-RUN if [ "$(go env GOHOSTARCH)" = "amd64" ]; then \ |
|
114 |
- apt-get update && apt-get install -y --no-install-recommends \ |
|
115 |
- crossbuild-essential-armhf \ |
|
116 |
- crossbuild-essential-arm64 \ |
|
117 |
- crossbuild-essential-armel \ |
|
118 |
- && rm -rf /var/lib/apt/lists/*; \ |
|
119 |
- fi |
|
113 |
+RUN --mount=type=cache,sharing=locked,id=moby-cross-true-aptlib,target=/var/lib/apt \ |
|
114 |
+ --mount=type=cache,sharing=locked,id=moby-cross-true-aptcache,target=/var/cache/apt \ |
|
115 |
+ if [ "$(go env GOHOSTARCH)" = "amd64" ]; then \ |
|
116 |
+ apt-get update && apt-get install -y --no-install-recommends \ |
|
117 |
+ crossbuild-essential-armhf \ |
|
118 |
+ crossbuild-essential-arm64 \ |
|
119 |
+ crossbuild-essential-armel \ |
|
120 |
+ fi |
|
120 | 121 |
|
121 | 122 |
FROM cross-${CROSS} as dev-base |
122 | 123 |
|
123 | 124 |
FROM dev-base AS runtime-dev-cross-false |
124 | 125 |
ARG DEBIAN_FRONTEND |
125 |
-RUN apt-get update && apt-get install -y --no-install-recommends \ |
|
126 |
- libapparmor-dev \ |
|
127 |
- libseccomp-dev \ |
|
128 |
- && rm -rf /var/lib/apt/lists/* |
|
126 |
+RUN --mount=type=cache,sharing=locked,id=moby-cross-false-aptlib,target=/var/lib/apt \ |
|
127 |
+ --mount=type=cache,sharing=locked,id=moby-cross-false-aptcache,target=/var/cache/apt \ |
|
128 |
+ apt-get update && apt-get install -y --no-install-recommends \ |
|
129 |
+ libapparmor-dev \ |
|
130 |
+ libseccomp-dev |
|
131 |
+ |
|
129 | 132 |
FROM cross-true AS runtime-dev-cross-true |
130 | 133 |
ARG DEBIAN_FRONTEND |
131 | 134 |
# These crossbuild packages rely on gcc-<arch>, but this doesn't want to install |
132 | 135 |
# on non-amd64 systems. |
133 | 136 |
# Additionally, the crossbuild-amd64 is currently only on debian:buster, so |
134 | 137 |
# other architectures cannnot crossbuild amd64. |
135 |
-RUN if [ "$(go env GOHOSTARCH)" = "amd64" ]; then \ |
|
136 |
- apt-get update && apt-get install -y --no-install-recommends \ |
|
137 |
- libseccomp-dev:armhf \ |
|
138 |
- libseccomp-dev:arm64 \ |
|
139 |
- libseccomp-dev:armel \ |
|
140 |
- libapparmor-dev:armhf \ |
|
141 |
- libapparmor-dev:arm64 \ |
|
142 |
- libapparmor-dev:armel \ |
|
143 |
- # install this arches seccomp here due to compat issues with the v0 builder |
|
144 |
- # This is as opposed to inheriting from runtime-dev-cross-false |
|
145 |
- libapparmor-dev \ |
|
146 |
- libseccomp-dev \ |
|
147 |
- && rm -rf /var/lib/apt/lists/*; \ |
|
148 |
- fi |
|
138 |
+RUN --mount=type=cache,sharing=locked,id=moby-cross-true-aptlib,target=/var/lib/apt \ |
|
139 |
+ --mount=type=cache,sharing=locked,id=moby-cross-true-aptcache,target=/var/cache/apt \ |
|
140 |
+ if [ "$(go env GOHOSTARCH)" = "amd64" ]; then \ |
|
141 |
+ apt-get update && apt-get install -y --no-install-recommends \ |
|
142 |
+ libseccomp-dev:armhf \ |
|
143 |
+ libseccomp-dev:arm64 \ |
|
144 |
+ libseccomp-dev:armel \ |
|
145 |
+ libapparmor-dev:armhf \ |
|
146 |
+ libapparmor-dev:arm64 \ |
|
147 |
+ libapparmor-dev:armel \ |
|
148 |
+ # install this arches seccomp here due to compat issues with the v0 builder |
|
149 |
+ # This is as opposed to inheriting from runtime-dev-cross-false |
|
150 |
+ libapparmor-dev \ |
|
151 |
+ libseccomp-dev \ |
|
152 |
+ fi |
|
153 |
+ |
|
149 | 154 |
|
150 | 155 |
FROM runtime-dev-cross-${CROSS} AS runtime-dev |
151 | 156 |
|
... | ... |
@@ -153,70 +142,92 @@ FROM base AS tomlv |
153 | 153 |
ENV INSTALL_BINARY_NAME=tomlv |
154 | 154 |
COPY hack/dockerfile/install/install.sh ./install.sh |
155 | 155 |
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
156 |
-RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
156 |
+RUN --mount=type=cache,target=/root/.cache/go-build \ |
|
157 |
+ --mount=type=cache,target=/go/pkg/mod \ |
|
158 |
+ PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
157 | 159 |
|
158 | 160 |
FROM base AS vndr |
159 | 161 |
ENV INSTALL_BINARY_NAME=vndr |
160 | 162 |
COPY hack/dockerfile/install/install.sh ./install.sh |
161 | 163 |
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
162 |
-RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
164 |
+RUN --mount=type=cache,target=/root/.cache/go-build \ |
|
165 |
+ --mount=type=cache,target=/go/pkg/mod \ |
|
166 |
+ PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
163 | 167 |
|
164 | 168 |
FROM dev-base AS containerd |
165 | 169 |
ARG DEBIAN_FRONTEND |
166 |
-RUN apt-get update && apt-get install -y --no-install-recommends \ |
|
167 |
- btrfs-tools \ |
|
168 |
- && rm -rf /var/lib/apt/lists/* |
|
170 |
+RUN --mount=type=cache,sharing=locked,id=moby-containerd-aptlib,target=/var/lib/apt \ |
|
171 |
+ --mount=type=cache,sharing=locked,id=moby-containerd-aptcache,target=/var/cache/apt \ |
|
172 |
+ apt-get update && apt-get install -y --no-install-recommends \ |
|
173 |
+ btrfs-tools |
|
169 | 174 |
ENV INSTALL_BINARY_NAME=containerd |
170 | 175 |
COPY hack/dockerfile/install/install.sh ./install.sh |
171 | 176 |
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
172 |
-RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
177 |
+RUN --mount=type=cache,target=/root/.cache/go-build \ |
|
178 |
+ --mount=type=cache,target=/go/pkg/mod \ |
|
179 |
+ PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
173 | 180 |
|
174 | 181 |
FROM dev-base AS proxy |
175 | 182 |
ENV INSTALL_BINARY_NAME=proxy |
176 | 183 |
COPY hack/dockerfile/install/install.sh ./install.sh |
177 | 184 |
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
178 |
-RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
185 |
+RUN --mount=type=cache,target=/root/.cache/go-build \ |
|
186 |
+ --mount=type=cache,target=/go/pkg/mod \ |
|
187 |
+ PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
179 | 188 |
|
180 | 189 |
FROM base AS golangci_lint |
181 | 190 |
ENV INSTALL_BINARY_NAME=golangci_lint |
182 | 191 |
COPY hack/dockerfile/install/install.sh ./install.sh |
183 | 192 |
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
184 |
-RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
193 |
+RUN --mount=type=cache,target=/root/.cache/go-build \ |
|
194 |
+ --mount=type=cache,target=/go/pkg/mod \ |
|
195 |
+ PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
185 | 196 |
|
186 | 197 |
FROM base AS gotestsum |
187 | 198 |
ENV INSTALL_BINARY_NAME=gotestsum |
188 | 199 |
COPY hack/dockerfile/install/install.sh ./install.sh |
189 | 200 |
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
190 |
-RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
201 |
+RUN --mount=type=cache,target=/root/.cache/go-build \ |
|
202 |
+ --mount=type=cache,target=/go/pkg/mod \ |
|
203 |
+ PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
191 | 204 |
|
192 | 205 |
FROM dev-base AS dockercli |
193 | 206 |
ENV INSTALL_BINARY_NAME=dockercli |
194 | 207 |
COPY hack/dockerfile/install/install.sh ./install.sh |
195 | 208 |
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
196 |
-RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
209 |
+RUN --mount=type=cache,target=/root/.cache/go-build \ |
|
210 |
+ --mount=type=cache,target=/go/pkg/mod \ |
|
211 |
+ PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
197 | 212 |
|
198 | 213 |
FROM runtime-dev AS runc |
199 | 214 |
ENV INSTALL_BINARY_NAME=runc |
200 | 215 |
COPY hack/dockerfile/install/install.sh ./install.sh |
201 | 216 |
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
202 |
-RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
217 |
+RUN --mount=type=cache,target=/root/.cache/go-build \ |
|
218 |
+ --mount=type=cache,target=/go/pkg/mod \ |
|
219 |
+ PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
203 | 220 |
|
204 | 221 |
FROM dev-base AS tini |
205 | 222 |
ARG DEBIAN_FRONTEND |
206 |
-RUN apt-get update && apt-get install -y --no-install-recommends \ |
|
207 |
- cmake \ |
|
208 |
- vim-common \ |
|
209 |
- && rm -rf /var/lib/apt/lists/* |
|
223 |
+RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \ |
|
224 |
+ --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \ |
|
225 |
+ apt-get update && apt-get install -y --no-install-recommends \ |
|
226 |
+ cmake \ |
|
227 |
+ vim-common |
|
210 | 228 |
COPY hack/dockerfile/install/install.sh ./install.sh |
211 | 229 |
ENV INSTALL_BINARY_NAME=tini |
212 | 230 |
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
213 |
-RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
231 |
+RUN --mount=type=cache,target=/root/.cache/go-build \ |
|
232 |
+ --mount=type=cache,target=/go/pkg/mod \ |
|
233 |
+ PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
214 | 234 |
|
215 | 235 |
FROM dev-base AS rootlesskit |
216 | 236 |
ENV INSTALL_BINARY_NAME=rootlesskit |
217 | 237 |
COPY hack/dockerfile/install/install.sh ./install.sh |
218 | 238 |
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
219 |
-RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME |
|
239 |
+RUN --mount=type=cache,target=/root/.cache/go-build \ |
|
240 |
+ --mount=type=cache,target=/go/pkg/mod \ |
|
241 |
+ PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME |
|
220 | 242 |
COPY ./contrib/dockerd-rootless.sh /build |
221 | 243 |
|
222 | 244 |
# TODO: Some of this is only really needed for testing, it would be nice to split this up |
... | ... |
@@ -232,35 +243,37 @@ RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker |
232 | 232 |
RUN ldconfig |
233 | 233 |
# This should only install packages that are specifically needed for the dev environment and nothing else |
234 | 234 |
# Do you really need to add another package here? Can it be done in a different build stage? |
235 |
-RUN apt-get update && apt-get install -y --no-install-recommends \ |
|
236 |
- apparmor \ |
|
237 |
- aufs-tools \ |
|
238 |
- bash-completion \ |
|
239 |
- btrfs-tools \ |
|
240 |
- iptables \ |
|
241 |
- jq \ |
|
242 |
- libcap2-bin \ |
|
243 |
- libdevmapper-dev \ |
|
244 |
- libudev-dev \ |
|
245 |
- libsystemd-dev \ |
|
246 |
- binutils-mingw-w64 \ |
|
247 |
- g++-mingw-w64-x86-64 \ |
|
248 |
- net-tools \ |
|
249 |
- pigz \ |
|
250 |
- python3-pip \ |
|
251 |
- python3-setuptools \ |
|
252 |
- python3-wheel \ |
|
253 |
- thin-provisioning-tools \ |
|
254 |
- vim \ |
|
255 |
- vim-common \ |
|
256 |
- xfsprogs \ |
|
257 |
- zip \ |
|
258 |
- bzip2 \ |
|
259 |
- xz-utils \ |
|
260 |
- libprotobuf-c1 \ |
|
261 |
- libnet1 \ |
|
262 |
- libnl-3-200 \ |
|
263 |
- && rm -rf /var/lib/apt/lists/* |
|
235 |
+RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ |
|
236 |
+ --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \ |
|
237 |
+ apt-get update && apt-get install -y --no-install-recommends \ |
|
238 |
+ apparmor \ |
|
239 |
+ aufs-tools \ |
|
240 |
+ bash-completion \ |
|
241 |
+ btrfs-tools \ |
|
242 |
+ iptables \ |
|
243 |
+ jq \ |
|
244 |
+ libcap2-bin \ |
|
245 |
+ libdevmapper-dev \ |
|
246 |
+ libudev-dev \ |
|
247 |
+ libsystemd-dev \ |
|
248 |
+ binutils-mingw-w64 \ |
|
249 |
+ g++-mingw-w64-x86-64 \ |
|
250 |
+ net-tools \ |
|
251 |
+ pigz \ |
|
252 |
+ python3-pip \ |
|
253 |
+ python3-setuptools \ |
|
254 |
+ python3-wheel \ |
|
255 |
+ thin-provisioning-tools \ |
|
256 |
+ vim \ |
|
257 |
+ vim-common \ |
|
258 |
+ xfsprogs \ |
|
259 |
+ zip \ |
|
260 |
+ bzip2 \ |
|
261 |
+ xz-utils \ |
|
262 |
+ libprotobuf-c1 \ |
|
263 |
+ libnet1 \ |
|
264 |
+ libnl-3-200 |
|
265 |
+ |
|
264 | 266 |
|
265 | 267 |
RUN pip3 install yamllint==1.16.0 |
266 | 268 |
|
... | ... |
@@ -286,7 +299,31 @@ WORKDIR /go/src/github.com/docker/docker |
286 | 286 |
VOLUME /var/lib/docker |
287 | 287 |
# Wrap all commands in the "docker-in-docker" script to allow nested containers |
288 | 288 |
ENTRYPOINT ["hack/dind"] |
289 |
+COPY . /go/src/github.com/docker/docker |
|
290 |
+ |
|
291 |
+FROM dev AS build-binary |
|
292 |
+ARG DOCKER_GITCOMMIT=HEAD |
|
293 |
+RUN --mount=type=cache,target=/root/.cache/go-build \ |
|
294 |
+ hack/make.sh binary |
|
295 |
+ |
|
296 |
+FROM dev AS build-dynbinary |
|
297 |
+ARG DOCKER_GITCOMMIT=HEAD |
|
298 |
+RUN --mount=type=cache,target=/root/.cache/go-build \ |
|
299 |
+ hack/make.sh dynbinary |
|
300 |
+ |
|
301 |
+FROM dev AS build-cross |
|
302 |
+ARG DOCKER_GITCOMMIT=HEAD |
|
303 |
+ARG DOCKER_CROSSPLATFORMS="" |
|
304 |
+RUN --mount=type=cache,target=/root/.cache/go-build \ |
|
305 |
+ hack/make.sh cross |
|
306 |
+ |
|
307 |
+FROM scratch AS binary |
|
308 |
+COPY --from=build-binary /go/src/github.com/docker/docker/bundles/ / |
|
309 |
+ |
|
310 |
+FROM scratch AS dynbinary |
|
311 |
+COPY --from=build-dynbinary /go/src/github.com/docker/docker/bundles/ / |
|
312 |
+ |
|
313 |
+FROM scratch AS cross |
|
314 |
+COPY --from=build-cross /go/src/github.com/docker/docker/bundles/ / |
|
289 | 315 |
|
290 | 316 |
FROM dev AS final |
291 |
-# Upload docker source |
|
292 |
-COPY . /go/src/github.com/docker/docker |
293 | 317 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,278 @@ |
0 |
+# syntax=docker.io/docker/dockerfile:experimental@sha256:9022e911101f01b2854c7a4b2c77f524b998891941da55208e71c0335e6e82c3 |
|
1 |
+ |
|
2 |
+ARG CROSS="false" |
|
3 |
+ |
|
4 |
+FROM golang:1.12.5 AS base |
|
5 |
+# allow replacing httpredir or deb mirror |
|
6 |
+ARG APT_MIRROR=deb.debian.org |
|
7 |
+RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list |
|
8 |
+ |
|
9 |
+FROM base AS criu |
|
10 |
+# Install CRIU for checkpoint/restore support |
|
11 |
+ENV CRIU_VERSION 3.11 |
|
12 |
+# Install dependency packages specific to criu |
|
13 |
+RUN --mount=type=cache,id=apt-cache,target=/var/cache/apt,sharing=private \ |
|
14 |
+ --mount=type=cache,id=apt-lib,target=/var/lib/apt,sharing=private \ |
|
15 |
+ apt-get update && apt-get install -y \ |
|
16 |
+ libnet-dev \ |
|
17 |
+ libprotobuf-c0-dev \ |
|
18 |
+ libprotobuf-dev \ |
|
19 |
+ libnl-3-dev \ |
|
20 |
+ libcap-dev \ |
|
21 |
+ protobuf-compiler \ |
|
22 |
+ protobuf-c-compiler \ |
|
23 |
+ python-protobuf \ |
|
24 |
+ && mkdir -p /usr/src/criu \ |
|
25 |
+ && curl -sSL https://github.com/checkpoint-restore/criu/archive/v${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \ |
|
26 |
+ && cd /usr/src/criu \ |
|
27 |
+ && make \ |
|
28 |
+ && make PREFIX=/build/ install-criu |
|
29 |
+ |
|
30 |
+FROM base AS registry |
|
31 |
+ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827 |
|
32 |
+RUN set -x \ |
|
33 |
+ && export GOPATH="$(mktemp -d)" \ |
|
34 |
+ && git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \ |
|
35 |
+ && (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \ |
|
36 |
+ && GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \ |
|
37 |
+ go build -buildmode=pie -o /build/registry-v2 github.com/docker/distribution/cmd/registry \ |
|
38 |
+ && rm -rf "$GOPATH" |
|
39 |
+ |
|
40 |
+ |
|
41 |
+ |
|
42 |
+FROM base AS docker-py |
|
43 |
+# Get the "docker-py" source so we can run their integration tests |
|
44 |
+ENV DOCKER_PY_COMMIT ac922192959870774ad8428344d9faa0555f7ba6 |
|
45 |
+RUN git clone https://github.com/docker/docker-py.git /build \ |
|
46 |
+ && cd /build \ |
|
47 |
+ && git checkout -q $DOCKER_PY_COMMIT |
|
48 |
+ |
|
49 |
+ |
|
50 |
+ |
|
51 |
+FROM base AS swagger |
|
52 |
+# Install go-swagger for validating swagger.yaml |
|
53 |
+ENV GO_SWAGGER_COMMIT c28258affb0b6251755d92489ef685af8d4ff3eb |
|
54 |
+RUN --mount=type=cache,id=gocache,target=/root/.cache/go-build set -x \ |
|
55 |
+ && export GOPATH="$(mktemp -d)" \ |
|
56 |
+ && git clone https://github.com/go-swagger/go-swagger.git "$GOPATH/src/github.com/go-swagger/go-swagger" \ |
|
57 |
+ && (cd "$GOPATH/src/github.com/go-swagger/go-swagger" && git checkout -q "$GO_SWAGGER_COMMIT") \ |
|
58 |
+ && go build -o /build/swagger github.com/go-swagger/go-swagger/cmd/swagger \ |
|
59 |
+ && rm -rf "$GOPATH" |
|
60 |
+ |
|
61 |
+ |
|
62 |
+FROM base AS frozen-images |
|
63 |
+RUN --mount=type=cache,id=apt-cache,target=/var/cache/apt,sharing=private \ |
|
64 |
+ --mount=type=cache,id=apt-lib,target=/var/lib/apt,sharing=private \ |
|
65 |
+ apt-get update && apt-get install -y jq ca-certificates --no-install-recommends |
|
66 |
+# Get useful and necessary Hub images so we can "docker load" locally instead of pulling |
|
67 |
+COPY contrib/download-frozen-image-v2.sh / |
|
68 |
+RUN /download-frozen-image-v2.sh /build \ |
|
69 |
+ buildpack-deps:jessie@sha256:dd86dced7c9cd2a724e779730f0a53f93b7ef42228d4344b25ce9a42a1486251 \ |
|
70 |
+ busybox:latest@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0 \ |
|
71 |
+ busybox:glibc@sha256:0b55a30394294ab23b9afd58fab94e61a923f5834fba7ddbae7f8e0c11ba85e6 \ |
|
72 |
+ debian:jessie@sha256:287a20c5f73087ab406e6b364833e3fb7b3ae63ca0eb3486555dc27ed32c6e60 \ |
|
73 |
+ hello-world:latest@sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c |
|
74 |
+# See also ensureFrozenImagesLinux() in "integration-cli/fixtures_linux_daemon_test.go" (which needs to be updated when adding images to this list) |
|
75 |
+ |
|
76 |
+FROM base AS cross-false |
|
77 |
+ |
|
78 |
+FROM base AS cross-true |
|
79 |
+RUN --mount=type=cache,id=apt-cache,target=/var/cache/apt,sharing=private \ |
|
80 |
+ --mount=type=cache,id=apt-lib,target=/var/lib/apt,sharing=private \ |
|
81 |
+ dpkg --add-architecture armhf \ |
|
82 |
+ && dpkg --add-architecture arm64 \ |
|
83 |
+ && dpkg --add-architecture armel |
|
84 |
+RUN --mount=type=cache,id=apt-cache,target=/var/cache/apt,sharing=private \ |
|
85 |
+ --mount=type=cache,id=apt-lib,target=/var/lib/apt,sharing=private \ |
|
86 |
+ if [ "$(go env GOHOSTARCH)" = "amd64" ]; then \ |
|
87 |
+ apt-get update \ |
|
88 |
+ && apt-get install -y --no-install-recommends \ |
|
89 |
+ crossbuild-essential-armhf \ |
|
90 |
+ crossbuild-essential-arm64 \ |
|
91 |
+ crossbuild-essential-armel; \ |
|
92 |
+ fi |
|
93 |
+ |
|
94 |
+FROM cross-${CROSS} as dev-base |
|
95 |
+ |
|
96 |
+FROM dev-base AS runtime-dev-cross-false |
|
97 |
+RUN --mount=type=cache,id=apt-cache,target=/var/cache/apt,sharing=private \ |
|
98 |
+ --mount=type=cache,id=apt-lib,target=/var/lib/apt,sharing=private \ |
|
99 |
+ apt-get update && apt-get install -y \ |
|
100 |
+ libapparmor-dev \ |
|
101 |
+ libseccomp-dev |
|
102 |
+ |
|
103 |
+FROM cross-true AS runtime-dev-cross-true |
|
104 |
+# These crossbuild packages rely on gcc-<arch>, but this doesn't want to install |
|
105 |
+# on non-amd64 systems. |
|
106 |
+# Additionally, the crossbuild-amd64 is currently only on debian:buster, so |
|
107 |
+# other architectures cannnot crossbuild amd64. |
|
108 |
+RUN --mount=type=cache,id=apt-cache,target=/var/cache/apt,sharing=private \ |
|
109 |
+ --mount=type=cache,id=apt-lib,target=/var/lib/apt,sharing=private \ |
|
110 |
+ if [ "$(go env GOHOSTARCH)" = "amd64" ]; then \ |
|
111 |
+ apt-get update \ |
|
112 |
+ && apt-get install -y \ |
|
113 |
+ libseccomp-dev:armhf \ |
|
114 |
+ libseccomp-dev:arm64 \ |
|
115 |
+ libseccomp-dev:armel \ |
|
116 |
+ libapparmor-dev:armhf \ |
|
117 |
+ libapparmor-dev:arm64 \ |
|
118 |
+ libapparmor-dev:armel \ |
|
119 |
+ # install this arches seccomp here due to compat issues with the v0 builder |
|
120 |
+ # This is as opposed to inheriting from runtime-dev-cross-false |
|
121 |
+ libapparmor-dev \ |
|
122 |
+ libseccomp-dev; \ |
|
123 |
+ fi |
|
124 |
+ |
|
125 |
+FROM runtime-dev-cross-${CROSS} AS runtime-dev |
|
126 |
+ |
|
127 |
+FROM base AS tomlv |
|
128 |
+ENV INSTALL_BINARY_NAME=tomlv |
|
129 |
+COPY hack/dockerfile/install/install.sh ./install.sh |
|
130 |
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
|
131 |
+RUN --mount=type=cache,id=gocache,target=/root/.cache/go-build \ |
|
132 |
+ PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
133 |
+ |
|
134 |
+FROM base AS vndr |
|
135 |
+ENV INSTALL_BINARY_NAME=vndr |
|
136 |
+COPY hack/dockerfile/install/install.sh ./install.sh |
|
137 |
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
|
138 |
+RUN --mount=type=cache,id=gocache,target=/root/.cache/go-build \ |
|
139 |
+ PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
140 |
+ |
|
141 |
+FROM dev-base AS containerd |
|
142 |
+RUN apt-get update && apt-get install -y btrfs-tools |
|
143 |
+ENV INSTALL_BINARY_NAME=containerd |
|
144 |
+COPY hack/dockerfile/install/install.sh ./install.sh |
|
145 |
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
|
146 |
+RUN --mount=type=cache,id=gocache,target=/root/.cache/go-build \ |
|
147 |
+ PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
148 |
+ |
|
149 |
+FROM dev-base AS proxy |
|
150 |
+ENV INSTALL_BINARY_NAME=proxy |
|
151 |
+COPY hack/dockerfile/install/install.sh ./install.sh |
|
152 |
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
|
153 |
+RUN --mount=type=cache,id=gocache,target=/root/.cache/go-build \ |
|
154 |
+ PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
155 |
+ |
|
156 |
+FROM base AS gometalinter |
|
157 |
+ENV INSTALL_BINARY_NAME=gometalinter |
|
158 |
+COPY hack/dockerfile/install/install.sh ./install.sh |
|
159 |
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
|
160 |
+RUN --mount=type=cache,id=gocache,target=/root/.cache/go-build \ |
|
161 |
+ PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
162 |
+ |
|
163 |
+FROM dev-base AS dockercli |
|
164 |
+ENV INSTALL_BINARY_NAME=dockercli |
|
165 |
+COPY hack/dockerfile/install/install.sh ./install.sh |
|
166 |
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
|
167 |
+RUN --mount=type=cache,id=gocache,target=/root/.cache/go-build \ |
|
168 |
+ PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
169 |
+ |
|
170 |
+FROM runtime-dev AS runc |
|
171 |
+ENV INSTALL_BINARY_NAME=runc |
|
172 |
+COPY hack/dockerfile/install/install.sh ./install.sh |
|
173 |
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
|
174 |
+RUN --mount=type=cache,id=gocache,target=/root/.cache/go-build \ |
|
175 |
+ PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
176 |
+ |
|
177 |
+FROM dev-base AS tini |
|
178 |
+RUN apt-get update && apt-get install -y cmake vim-common |
|
179 |
+COPY hack/dockerfile/install/install.sh ./install.sh |
|
180 |
+ENV INSTALL_BINARY_NAME=tini |
|
181 |
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
|
182 |
+RUN --mount=type=cache,id=gocache,target=/root/.cache/go-build \ |
|
183 |
+ PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
|
184 |
+ |
|
185 |
+FROM dev-base AS rootlesskit |
|
186 |
+ENV INSTALL_BINARY_NAME=rootlesskit |
|
187 |
+COPY hack/dockerfile/install/install.sh ./install.sh |
|
188 |
+COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
|
189 |
+RUN --mount=type=cache,id=gocache,target=/root/.cache/go-build \ |
|
190 |
+ PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME |
|
191 |
+COPY ./contrib/dockerd-rootless.sh /build |
|
192 |
+ |
|
193 |
+# TODO: Some of this is only really needed for testing, it would be nice to split this up |
|
194 |
+FROM runtime-dev AS dev |
|
195 |
+RUN groupadd -r docker |
|
196 |
+RUN useradd --create-home --gid docker unprivilegeduser |
|
197 |
+# Let us use a .bashrc file |
|
198 |
+RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc |
|
199 |
+# Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH |
|
200 |
+RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc |
|
201 |
+RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker |
|
202 |
+RUN ldconfig |
|
203 |
+# This should only install packages that are specifically needed for the dev environment and nothing else |
|
204 |
+# Do you really need to add another package here? Can it be done in a different build stage? |
|
205 |
+RUN --mount=type=cache,id=apt-cache,target=/var/cache/apt,sharing=private \ |
|
206 |
+ --mount=type=cache,id=apt-lib,target=/var/lib/apt,sharing=private \ |
|
207 |
+apt-get update && apt-get install -y \ |
|
208 |
+ apparmor \ |
|
209 |
+ aufs-tools \ |
|
210 |
+ bash-completion \ |
|
211 |
+ btrfs-tools \ |
|
212 |
+ iptables \ |
|
213 |
+ jq \ |
|
214 |
+ libcap2-bin \ |
|
215 |
+ libdevmapper-dev \ |
|
216 |
+# libffi-dev and libssl-dev appear to be required for compiling paramiko on s390x/ppc64le |
|
217 |
+ libffi-dev \ |
|
218 |
+ libssl-dev \ |
|
219 |
+ libudev-dev \ |
|
220 |
+ libsystemd-dev \ |
|
221 |
+ binutils-mingw-w64 \ |
|
222 |
+ g++-mingw-w64-x86-64 \ |
|
223 |
+ net-tools \ |
|
224 |
+ pigz \ |
|
225 |
+ python-backports.ssl-match-hostname \ |
|
226 |
+ python-dev \ |
|
227 |
+# python-cffi appears to be required for compiling paramiko on s390x/ppc64le |
|
228 |
+ python-cffi \ |
|
229 |
+ python-mock \ |
|
230 |
+ python-pip \ |
|
231 |
+ python-requests \ |
|
232 |
+ python-setuptools \ |
|
233 |
+ python-websocket \ |
|
234 |
+ python-wheel \ |
|
235 |
+ thin-provisioning-tools \ |
|
236 |
+ vim \ |
|
237 |
+ vim-common \ |
|
238 |
+ xfsprogs \ |
|
239 |
+ zip \ |
|
240 |
+ bzip2 \ |
|
241 |
+ xz-utils \ |
|
242 |
+ libprotobuf-c1 \ |
|
243 |
+ libnet1 \ |
|
244 |
+ libnl-3-200 \ |
|
245 |
+ --no-install-recommends |
|
246 |
+COPY --from=swagger /build/swagger* /usr/local/bin/ |
|
247 |
+COPY --from=frozen-images /build/ /docker-frozen-images |
|
248 |
+COPY --from=gometalinter /build/ /usr/local/bin/ |
|
249 |
+COPY --from=tomlv /build/ /usr/local/bin/ |
|
250 |
+COPY --from=vndr /build/ /usr/local/bin/ |
|
251 |
+COPY --from=tini /build/ /usr/local/bin/ |
|
252 |
+COPY --from=runc /build/ /usr/local/bin/ |
|
253 |
+COPY --from=containerd /build/ /usr/local/bin/ |
|
254 |
+COPY --from=proxy /build/ /usr/local/bin/ |
|
255 |
+COPY --from=dockercli /build/ /usr/local/cli |
|
256 |
+COPY --from=registry /build/registry* /usr/local/bin/ |
|
257 |
+COPY --from=criu /build/ /usr/local/ |
|
258 |
+COPY --from=docker-py /build/ /docker-py |
|
259 |
+COPY --from=rootlesskit /build/ /usr/local/bin/ |
|
260 |
+COPY --from=djs55/vpnkit@sha256:e508a17cfacc8fd39261d5b4e397df2b953690da577e2c987a47630cd0c42f8e /vpnkit /usr/local/bin/vpnkit.x86_64 |
|
261 |
+ |
|
262 |
+ENV PATH=/usr/local/cli:$PATH |
|
263 |
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux |
|
264 |
+# Options for hack/validate/gometalinter |
|
265 |
+ENV GOMETALINTER_OPTS="--deadline=2m" |
|
266 |
+WORKDIR /go/src/github.com/docker/docker |
|
267 |
+VOLUME /var/lib/docker |
|
268 |
+# Wrap all commands in the "docker-in-docker" script to allow nested containers |
|
269 |
+ENTRYPOINT ["hack/dind"] |
|
270 |
+ |
|
271 |
+FROM dev AS final |
|
272 |
+# Upload docker source |
|
273 |
+COPY . /go/src/github.com/docker/docker |
|
274 |
+ARG DOCKER_GITCOMMIT=HEAD |
|
275 |
+RUN --mount=type=cache,id=gocache,target=/root/.cache/go-build \ |
|
276 |
+ hack/make.sh binary |
|
277 |
+RUN hack/make.sh install-binary |