Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support s390x cross-platform go-build #379

Closed
wants to merge 13 commits into from
145 changes: 110 additions & 35 deletions Dockerfile.s390x
Original file line number Diff line number Diff line change
@@ -1,18 +1,21 @@
FROM alpine:3.11 as qemu
huoqifeng marked this conversation as resolved.
Show resolved Hide resolved

ARG QEMU_VERSION=4.2.0-6
ARG QEMU_VERSION=6.1.0-8
ARG QEMU_ARCHS="s390x"

RUN apk --update add curl

# Enable non-native runs on amd64 architecture hosts
RUN for i in ${QEMU_ARCHS}; do curl -L https://github.com/multiarch/qemu-user-static/releases/download/v${QEMU_VERSION}/qemu-${i}-static.tar.gz | tar zxvf - -C /usr/bin; done
RUN chmod +x /usr/bin/qemu-*
RUN curl -L https://github.com/multiarch/qemu-user-static/releases/download/v${QEMU_VERSION}/qemu-${QEMU_ARCHS}-static.tar.gz | tar zxvf - -C /usr/bin &&\
chmod +x /usr/bin/qemu-s390x-static

FROM s390x/golang:1.17.9-alpine3.14
FROM calico/bpftool:v5.3-s390x as bpftool

FROM s390x/golang:1.17.9-buster
MAINTAINER LoZ Open Source Ecosystem (https://www.ibm.com/developerworks/community/groups/community/lozopensource)

ARG MANIFEST_TOOL_VERSION=v1.0.2
ARG GO111MODULE=auto
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should always be "on" now

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree, corrected.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also appears to still be here


# Enable non-native builds of this image on an amd64 hosts.
# This must be the first RUN command in this file!
Expand All @@ -28,43 +31,96 @@ COPY --from=qemu /usr/bin/qemu-*-static /usr/bin/
# Install make for building things
# Install util-linux for column command (used for output formatting).
# Install grep, sed, zip, and jq for use in some Makefiles
# Install shadow for useradd (it allows to use big UID)
RUN apk update && apk add --no-cache su-exec curl bash git openssh mercurial make wget util-linux tini file grep sed jq zip shadow libpcap-dev
RUN apk upgrade --no-cache
# Install gcc for cgo.
# Install lsb-release software-properties-common for llvm upgrade script
# Install clang, libbpf and newer kernel headers for building BPF binaries.
# Install apt-utils, libpcre++-dev and libraries for ModSecurity dependencies.
RUN echo 'APT::Default-Release "buster";' > /etc/apt/apt.conf.d/99defaultrelease && \
echo 'deb http://ftp.am.debian.org/debian/ buster-backports main contrib non-free' > /etc/apt/sources.list.d/buster-backports.list && \
apt-get -y -o Acquire::Check-Valid-Until=false update && \
apt-get -y upgrade && \
apt-get install --no-install-recommends -y -t buster-backports \
libbpf-dev linux-headers-5.10.0-0.bpo.9-s390x && \
apt-get install --no-install-recommends -y \
curl bash git openssh-client mercurial make wget util-linux file grep sed jq zip \
lsb-release software-properties-common binutils file iproute2 \
ca-certificates gcc mingw-w64 libc-dev bsdmainutils strace libpcap-dev \
apt-utils autoconf automake build-essential \
libcurl4-openssl-dev libgeoip-dev liblmdb-dev \
libpcre++-dev libtool libxml2-dev libyajl-dev \
pkgconf zlib1g-dev && \
rm -rf /var/lib/apt/lists/*

RUN wget https://apt.llvm.org/llvm.sh
RUN sed -i 's/apt-get update/apt-get -o Acquire::Check-Valid-Until=false update/g' llvm.sh
RUN bash ./llvm.sh 12
RUN apt install clang-12

# su-exec is used by the entrypoint script to execute the user's command with the right UID/GID.
# (sudo doesn't work easily in a container.) The version was current master at the time of writing.
ARG SU_EXEC_VER=212b75144bbc06722fbd7661f651390dc47a43d1
RUN set -ex; \
curl -o /sbin/su-exec.c https://raw.githubusercontent.com/ncopa/su-exec/${SU_EXEC_VER}/su-exec.c; \
gcc -Wall /sbin/su-exec.c -o/sbin/su-exec; \
chown root:root /sbin/su-exec; \
chmod 0755 /sbin/su-exec; \
rm /sbin/su-exec.c

# Install fossa for foss license checks
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fossa can actually be removed - we don't use this any more

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deleted.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this is still here @huoqifeng

ARG FOSSA_VER=1.0.1
RUN git clone -b v1.0.1 https://github.com/fossas/fossa-cli.git $GOPATH/src/github.com/fossas/fossa-cli; \
cd $GOPATH/src/github.com/fossas/fossa-cli; \
make; \
cp $GOPATH/bin/fossa /usr/local/bin; \
chmod +x /usr/local/bin/fossa

ARG MOCKERY_VER=2.3.0
RUN git clone -b v2.3.0 https://github.com/vektra/mockery.git $GOPATH/src/github.com/vektra/mockery.git; \
cd $GOPATH/src/github.com/vektra/mockery.git; \
go get github.com/vektra/mockery/v2/.../; \
cp $GOPATH/bin/mockery /usr/local/bin/mockery; \
chmod +x /usr/local/bin/mockery

# Disable ssh host key checking
RUN echo 'Host *' >> /etc/ssh/ssh_config \
&& echo ' StrictHostKeyChecking no' >> /etc/ssh/ssh_config

# Disable cgo so that binaries we build will be fully static.
ENV CGO_ENABLED=0

# Recompile the standard library with cgo disabled. This prevents the standard library from being
# marked stale, causing full rebuilds every time.
RUN go install -v std

# Install ginkgo CLI tool for running tests
RUN go get github.com/onsi/ginkgo/ginkgo

# Install linting tools.
RUN wget -O - -q https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s v1.20.0
RUN golangci-lint --version

# Install license checking tool.
RUN go get github.com/pmezard/licenses

# Install tool to merge coverage reports.
RUN go get github.com/wadey/gocovmerge
# We want to be able to do both cgo and non-cgo builds. That's awkward because toggling cgo
# results in parts of the stdlib getting rebuilt (which fails due to the container's read-only
# filesystem). As a workaround: take a copy of the go root for cgo builds and have the
# entrypoint script swap it into the path if it detects CGO_ENABLED=1.
ENV GOROOT=/usr/local/go
ENV GOCGO=/usr/local/go-cgo

# Install CLI tool for working with yaml files
RUN GO111MODULE=on go get github.com/mikefarah/yq/v3

# Delete all the Go sources that were downloaded, we only rely on the binaries
RUN rm -rf /go/src/*
# Disable cgo by default so that binaries we build will be fully static by default.
ENV CGO_ENABLED=0

# Install generation tools.
RUN go get -u k8s.io/code-generator/cmd/openapi-gen
RUN go get -u k8s.io/code-generator/cmd/deepcopy-gen
RUN cp -a $GOROOT $GOCGO && \
go install -v std && \
rm -rf /go/src/* /root/.cache

# golint
RUN wget https://github.com/golangci/golangci-lint/releases/download/v1.46.2/golangci-lint-1.46.2-linux-s390x.tar.gz && \
tar -xvf golangci-lint-1.46.2-linux-s390x.tar.gz && mv golangci-lint-1.46.2-linux-s390x/golangci-lint /usr/local/bin/ && \
rm golangci-lint-1.46.2-linux-s390x.tar.gz && rm -rf golangci-lint-1.46.2-linux-s390x && \
golangci-lint --version

# Install go programs that we rely on
RUN go get github.com/onsi/ginkgo/ginkgo && \
go get golang.org/x/tools/cmd/goimports && \
go get github.com/pmezard/licenses && \
go get github.com/wadey/gocovmerge && \
GO111MODULE=on go get github.com/mikefarah/yq/v3 && \
go get -u github.com/jstemmer/go-junit-report && \
go get -u golang.org/x/tools/cmd/stringer && \
GO111MODULE=on go get k8s.io/code-generator/cmd/openapi-gen@v0.24.0 && \
GO111MODULE=on go get k8s.io/code-generator/cmd/deepcopy-gen@v0.24.0 && \
GO111MODULE=on go get k8s.io/code-generator/cmd/client-gen@v0.24.0 && \
GO111MODULE=on go get k8s.io/code-generator/cmd/lister-gen@v0.24.0 && \
GO111MODULE=on go get k8s.io/code-generator/cmd/informer-gen@v0.24.0 && \
GO111MODULE=on go get k8s.io/code-generator/cmd/defaulter-gen@v0.24.0 && \
GO111MODULE=on go get k8s.io/code-generator/cmd/conversion-gen@v0.24.0 && \
rm -rf /go/src/* /root/.cache

# Install ginkgo v2 as ginkgo2 and keep ginkgo v1 as ginkgo
RUN mv /go/bin/ginkgo /go/bin/ginkgo1 && \
Expand All @@ -77,12 +133,31 @@ RUN wget https://dl.k8s.io/v1.24.0/bin/linux/s390x/kube-apiserver -O /usr/local/
wget https://dl.k8s.io/release/v1.24.0/bin/linux/s390x/kubectl -O /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl && \
wget https://dl.k8s.io/v1.24.0/bin/linux/s390x/kube-controller-manager -O /usr/local/bin/kube-controller-manager && chmod +x /usr/local/bin/kube-controller-manager

# Used for generating CRD files.
# Download a version of controller-gen that has been hacked to support additional types (e.g., float).
# We can remove this once we update the Calico v3 APIs to use only types which are supported by the upstream controller-gen
# tooling. Example: float, all the types in the numorstring package, etc.
RUN wget -O ${GOPATH}/bin/controller-gen https://github.com/projectcalico/controller-tools/releases/download/calico-0.1/controller-gen && chmod +x ${GOPATH}/bin/controller-gen
huoqifeng marked this conversation as resolved.
Show resolved Hide resolved

# Ensure that everything under the GOPATH is writable by everyone
RUN chmod -R 777 $GOPATH

RUN curl -sSL https://github.com/estesp/manifest-tool/releases/download/${MANIFEST_TOOL_VERSION}/manifest-tool-linux-s390x > manifest-tool && \
chmod +x manifest-tool && \
mv manifest-tool /usr/bin/

# crane is needed for our release targets to copy images from the dev registries to the release registries.
RUN wget https://github.com/google/go-containerregistry/releases/download/v0.7.0/go-containerregistry_Linux_s390x.tar.gz && \
tar -xvf go-containerregistry_Linux_s390x.tar.gz && \
chmod +x crane && \
mv crane /usr/bin

# Add bpftool for Felix UT/FV.
COPY --from=bpftool /bpftool /usr/bin

# Build ModSecurity for Dikastes.
COPY scripts/modsec.sh /usr/local/bin/scripts/modsec.sh
RUN /usr/local/bin/scripts/modsec.sh

COPY entrypoint.sh /usr/local/bin/entrypoint.sh
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/entrypoint.sh"]
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ all: image-all
# The target architecture is select by setting the ARCH variable.
# When ARCH is undefined it is set to the detected host architecture.
# When ARCH differs from the host architecture a crossbuild will be performed.
ARCHES = amd64 armv7 arm64 ppc64le
ARCHES = amd64 armv7 arm64 ppc64le s390x

# BUILDARCH is the host architecture
# ARCH is the target architecture
Expand Down