Browse code
binary targets do not need the dev environment
This makes the binary build targets use a minimal build env instead of
having to build all the stuff needed for the full dev enviornment.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Brian Goff authored on 2019/11/06 05:11:49Showing 1 changed files
| ... | ... |
@@ -4,6 +4,7 @@ ARG CROSS="false" |
| 4 | 4 |
ARG GO_VERSION=1.13.4 |
| 5 | 5 |
ARG DEBIAN_FRONTEND=noninteractive |
| 6 | 6 |
ARG VPNKIT_DIGEST=e508a17cfacc8fd39261d5b4e397df2b953690da577e2c987a47630cd0c42f8e |
| 7 |
+ARG DOCKER_BUILDTAGS="apparmor seccomp selinux" |
|
| 7 | 8 |
|
| 8 | 9 |
FROM golang:${GO_VERSION}-stretch AS base
|
| 9 | 10 |
RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache |
| ... | ... |
@@ -111,10 +112,16 @@ ARG DEBIAN_FRONTEND |
| 111 | 111 |
RUN --mount=type=cache,sharing=locked,id=moby-cross-false-aptlib,target=/var/lib/apt \ |
| 112 | 112 |
--mount=type=cache,sharing=locked,id=moby-cross-false-aptcache,target=/var/cache/apt \ |
| 113 | 113 |
apt-get update && apt-get install -y --no-install-recommends \ |
| 114 |
+ binutils-mingw-w64 \ |
|
| 115 |
+ btrfs-tools \ |
|
| 116 |
+ g++-mingw-w64-x86-64 \ |
|
| 114 | 117 |
libapparmor-dev \ |
| 115 |
- libseccomp-dev |
|
| 118 |
+ libdevmapper-dev \ |
|
| 119 |
+ libseccomp-dev \ |
|
| 120 |
+ libsystemd-dev \ |
|
| 121 |
+ libudev-dev |
|
| 116 | 122 |
|
| 117 |
-FROM --platform=linux/amd64 cross-true AS runtime-dev-cross-true |
|
| 123 |
+FROM --platform=linux/amd64 runtime-dev-cross-false AS runtime-dev-cross-true |
|
| 118 | 124 |
ARG DEBIAN_FRONTEND |
| 119 | 125 |
# These crossbuild packages rely on gcc-<arch>, but this doesn't want to install |
| 120 | 126 |
# on non-amd64 systems. |
| ... | ... |
@@ -128,11 +135,7 @@ RUN --mount=type=cache,sharing=locked,id=moby-cross-true-aptlib,target=/var/lib/ |
| 128 | 128 |
libapparmor-dev:armhf \ |
| 129 | 129 |
libseccomp-dev:arm64 \ |
| 130 | 130 |
libseccomp-dev:armel \ |
| 131 |
- libseccomp-dev:armhf \ |
|
| 132 |
- # install this arches seccomp here due to compat issues with the v0 builder |
|
| 133 |
- # This is as opposed to inheriting from runtime-dev-cross-false |
|
| 134 |
- libapparmor-dev \ |
|
| 135 |
- libseccomp-dev |
|
| 131 |
+ libseccomp-dev:armhf |
|
| 136 | 132 |
|
| 137 | 133 |
FROM runtime-dev-cross-${CROSS} AS runtime-dev
|
| 138 | 134 |
|
| ... | ... |
@@ -261,19 +264,13 @@ RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ |
| 261 | 261 |
apparmor \ |
| 262 | 262 |
aufs-tools \ |
| 263 | 263 |
bash-completion \ |
| 264 |
- binutils-mingw-w64 \ |
|
| 265 |
- btrfs-tools \ |
|
| 266 | 264 |
bzip2 \ |
| 267 |
- g++-mingw-w64-x86-64 \ |
|
| 268 | 265 |
iptables \ |
| 269 | 266 |
jq \ |
| 270 | 267 |
libcap2-bin \ |
| 271 |
- libdevmapper-dev \ |
|
| 272 | 268 |
libnet1 \ |
| 273 | 269 |
libnl-3-200 \ |
| 274 | 270 |
libprotobuf-c1 \ |
| 275 |
- libsystemd-dev \ |
|
| 276 |
- libudev-dev \ |
|
| 277 | 271 |
net-tools \ |
| 278 | 272 |
pigz \ |
| 279 | 273 |
python3-pip \ |
| ... | ... |
@@ -304,15 +301,17 @@ COPY --from=containerd /build/ /usr/local/bin/ |
| 304 | 304 |
COPY --from=rootlesskit /build/ /usr/local/bin/ |
| 305 | 305 |
COPY --from=vpnkit /vpnkit /usr/local/bin/vpnkit.x86_64 |
| 306 | 306 |
COPY --from=proxy /build/ /usr/local/bin/ |
| 307 |
- |
|
| 308 | 307 |
ENV PATH=/usr/local/cli:$PATH |
| 309 |
-ENV DOCKER_BUILDTAGS apparmor seccomp selinux |
|
| 308 |
+ARG DOCKER_BUILDTAGS |
|
| 309 |
+ENV DOCKER_BUILDTAGS="${DOCKER_BUILDTAGS}"
|
|
| 310 | 310 |
WORKDIR /go/src/github.com/docker/docker |
| 311 | 311 |
VOLUME /var/lib/docker |
| 312 | 312 |
# Wrap all commands in the "docker-in-docker" script to allow nested containers |
| 313 | 313 |
ENTRYPOINT ["hack/dind"] |
| 314 | 314 |
|
| 315 |
-FROM dev AS src |
|
| 315 |
+FROM runtime-dev AS src |
|
| 316 |
+# Make arg inheritable |
|
| 317 |
+WORKDIR /go/src/github.com/docker/docker |
|
| 316 | 318 |
COPY . /go/src/github.com/docker/docker |
| 317 | 319 |
|
| 318 | 320 |
FROM src AS binary-base |
| ... | ... |
@@ -326,6 +325,16 @@ ARG PRODUCT |
| 326 | 326 |
ENV PRODUCT=${PRODUCT}
|
| 327 | 327 |
ARG DEFAULT_PRODUCT_LICENSE |
| 328 | 328 |
ENV DEFAULT_PRODUCT_LICENSE=${DEFAULT_PRODUCT_LICENSE}
|
| 329 |
+ARG DOCKER_BUILDTAGS |
|
| 330 |
+ENV DOCKER_BUILDTAGS="${DOCKER_BUILDTAGS}"
|
|
| 331 |
+# TODO: This is here because hack/make.sh binary copies these extras binaries |
|
| 332 |
+# from $PATH into the bundles dir. |
|
| 333 |
+# It would be nice to handle this in a different way. |
|
| 334 |
+COPY --from=tini /build/ /usr/local/bin/ |
|
| 335 |
+COPY --from=runc /build/ /usr/local/bin/ |
|
| 336 |
+COPY --from=containerd /build/ /usr/local/bin/ |
|
| 337 |
+COPY --from=rootlesskit /build/ /usr/local/bin/ |
|
| 338 |
+COPY --from=proxy /build/ /usr/local/bin/ |
|
| 329 | 339 |
|
| 330 | 340 |
FROM binary-base AS build-binary |
| 331 | 341 |
RUN --mount=type=cache,target=/root/.cache/go-build \ |
| ... | ... |
@@ -337,7 +346,6 @@ RUN --mount=type=cache,target=/root/.cache/go-build \ |
| 337 | 337 |
|
| 338 | 338 |
FROM binary-base AS build-cross |
| 339 | 339 |
ARG DOCKER_CROSSPLATFORMS |
| 340 |
-RUN --mount=type=cache,target=/root/.cache/go-build \ |
|
| 341 | 340 |
hack/make.sh cross |
| 342 | 341 |
|
| 343 | 342 |
FROM scratch AS binary |