From 1b309ef61f4130498d2d92b155802d705422471a Mon Sep 17 00:00:00 2001 From: Xun Jiang Date: Tue, 13 Dec 2022 18:09:11 +0800 Subject: [PATCH 1/2] Add Restic builder in Dockerfile. Signed-off-by: Xun Jiang --- Dockerfile | 41 ++++++++++++++++---------- changelogs/unreleased/5685-blackpiglet | 1 + hack/build-restic.sh | 1 + hack/modify_acces_denied_code.txt | 13 ++++++++ 4 files changed, 41 insertions(+), 15 deletions(-) create mode 100644 changelogs/unreleased/5685-blackpiglet create mode 100644 hack/modify_acces_denied_code.txt diff --git a/Dockerfile b/Dockerfile index 0cd6202f6c..e2987ecc4d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,48 +11,59 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM --platform=$BUILDPLATFORM golang:1.18.8-bullseye as builder-env + +# Setup build environment +ARG GOLANG_VERSION=1.18.8 +FROM --platform=$BUILDPLATFORM golang:${GOLANG_VERSION} as builder-env ARG GOPROXY +ARG BIN ARG PKG ARG VERSION +ARG REGISTRY ARG GIT_SHA ARG GIT_TREE_STATE -ARG REGISTRY +ARG RESTIC_VERSION +ARG TARGETOS +ARG TARGETARCH +ARG TARGETVARIANT ENV CGO_ENABLED=0 \ GO111MODULE=on \ GOPROXY=${GOPROXY} \ + GOOS=${TARGETOS} \ + GOARCH=${TARGETARCH} \ + GOARM=${TARGETVARIANT} \ LDFLAGS="-X ${PKG}/pkg/buildinfo.Version=${VERSION} -X ${PKG}/pkg/buildinfo.GitSHA=${GIT_SHA} -X ${PKG}/pkg/buildinfo.GitTreeState=${GIT_TREE_STATE} -X ${PKG}/pkg/buildinfo.ImageRegistry=${REGISTRY}" WORKDIR /go/src/github.com/vmware-tanzu/velero COPY . /go/src/github.com/vmware-tanzu/velero +# Velero binary build section +ARG GOLANG_VERSION=1.18.8 FROM --platform=$BUILDPLATFORM builder-env as builder -ARG TARGETOS -ARG TARGETARCH -ARG TARGETVARIANT -ARG PKG -ARG BIN -ARG RESTIC_VERSION - -ENV GOOS=${TARGETOS} \ - GOARCH=${TARGETARCH} \ - GOARM=${TARGETVARIANT} - RUN mkdir -p /output/usr/bin && \ export GOARM=$( echo "${GOARM}" | cut -c2-) && \ - bash ./hack/build-restic.sh && \ go build -o /output/${BIN} \ -ldflags "${LDFLAGS}" ${PKG}/cmd/${BIN} -FROM gcr.io/distroless/base-debian11@sha256:4b22ca3c68018333c56f8dddcf1f8b55f32889f2dd12d28ab60856eba1130d04 +# Restic binary build section +ARG GOLANG_VERSION=1.19.4-bullseye +FROM --platform=$BUILDPLATFORM builder-env as restic-builder + +RUN mkdir -p /output/usr/bin && \ + bash /go/src/github.com/vmware-tanzu/velero/hack/build-restic.sh + +# Velero image packing section +FROM gcr.io/distroless/base-debian11@sha256:99133cb0878bb1f84d1753957c6fd4b84f006f2798535de22ebf7ba170bbf434 LABEL maintainer="Nolan Brubaker " COPY --from=builder /output / +COPY --from=restic-builder /output / + USER nonroot:nonroot diff --git a/changelogs/unreleased/5685-blackpiglet b/changelogs/unreleased/5685-blackpiglet new file mode 100644 index 0000000000..13df2faf72 --- /dev/null +++ b/changelogs/unreleased/5685-blackpiglet @@ -0,0 +1 @@ +Add Restic builder in Dockerfile, and keep the used built Golang image version in accordance with upstream Restic. \ No newline at end of file diff --git a/hack/build-restic.sh b/hack/build-restic.sh index 5859414fd3..c6a19c02c7 100755 --- a/hack/build-restic.sh +++ b/hack/build-restic.sh @@ -50,6 +50,7 @@ fi mkdir ${build_path}/restic git clone -b v${RESTIC_VERSION} https://github.com/restic/restic.git ${build_path}/restic pushd ${build_path}/restic +git apply /go/src/github.com/vmware-tanzu/velero/hack/modify_acces_denied_code.txt go run build.go --goos "${GOOS}" --goarch "${GOARCH}" --goarm "${GOARM}" -o ${restic_bin} chmod +x ${restic_bin} popd diff --git a/hack/modify_acces_denied_code.txt b/hack/modify_acces_denied_code.txt new file mode 100644 index 0000000000..5c2577b698 --- /dev/null +++ b/hack/modify_acces_denied_code.txt @@ -0,0 +1,13 @@ +diff --git a/internal/backend/s3/s3.go b/internal/backend/s3/s3.go +index 0b3816c06..eec10f9c7 100644 +--- a/internal/backend/s3/s3.go ++++ b/internal/backend/s3/s3.go +@@ -164,7 +164,7 @@ func isAccessDenied(err error) bool { + debug.Log("isAccessDenied(%T, %#v)", err, err) + + var e minio.ErrorResponse +- return errors.As(err, &e) && e.Code == "Access Denied" ++ return errors.As(err, &e) && e.Code == "AccessDenied" + } + + // IsNotExist returns true if the error is caused by a not existing file. From 0f9f5f0b71253bb46e79865d9219dd007191a4db Mon Sep 17 00:00:00 2001 From: Xun Jiang Date: Thu, 12 Jan 2023 15:41:48 +0800 Subject: [PATCH 2/2] Fix Dockerfile issue. Signed-off-by: Xun Jiang --- Dockerfile | 30 ++++++++++++------- .../{5685-blackpiglet => 5765-blackpiglet} | 0 2 files changed, 19 insertions(+), 11 deletions(-) rename changelogs/unreleased/{5685-blackpiglet => 5765-blackpiglet} (100%) diff --git a/Dockerfile b/Dockerfile index e2987ecc4d..598fbf38ac 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,9 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Setup build environment -ARG GOLANG_VERSION=1.18.8 -FROM --platform=$BUILDPLATFORM golang:${GOLANG_VERSION} as builder-env +# Velero binary build section +FROM --platform=$BUILDPLATFORM golang:1.18.8 as velero-builder ARG GOPROXY ARG BIN @@ -23,7 +22,6 @@ ARG VERSION ARG REGISTRY ARG GIT_SHA ARG GIT_TREE_STATE -ARG RESTIC_VERSION ARG TARGETOS ARG TARGETARCH ARG TARGETVARIANT @@ -40,18 +38,28 @@ WORKDIR /go/src/github.com/vmware-tanzu/velero COPY . /go/src/github.com/vmware-tanzu/velero -# Velero binary build section -ARG GOLANG_VERSION=1.18.8 -FROM --platform=$BUILDPLATFORM builder-env as builder - RUN mkdir -p /output/usr/bin && \ export GOARM=$( echo "${GOARM}" | cut -c2-) && \ go build -o /output/${BIN} \ -ldflags "${LDFLAGS}" ${PKG}/cmd/${BIN} # Restic binary build section -ARG GOLANG_VERSION=1.19.4-bullseye -FROM --platform=$BUILDPLATFORM builder-env as restic-builder +FROM --platform=$BUILDPLATFORM golang:1.19.4-bullseye as restic-builder + +ARG BIN +ARG TARGETOS +ARG TARGETARCH +ARG TARGETVARIANT +ARG RESTIC_VERSION + +env CGO_ENABLED=0 \ + GO111MODULE=on \ + GOPROXY=${GOPROXY} \ + GOOS=${TARGETOS} \ + GOARCH=${TARGETARCH} \ + GOARM=${TARGETVARIANT} + +COPY . /go/src/github.com/vmware-tanzu/velero RUN mkdir -p /output/usr/bin && \ bash /go/src/github.com/vmware-tanzu/velero/hack/build-restic.sh @@ -61,7 +69,7 @@ FROM gcr.io/distroless/base-debian11@sha256:99133cb0878bb1f84d1753957c6fd4b84f00 LABEL maintainer="Nolan Brubaker " -COPY --from=builder /output / +COPY --from=velero-builder /output / COPY --from=restic-builder /output / diff --git a/changelogs/unreleased/5685-blackpiglet b/changelogs/unreleased/5765-blackpiglet similarity index 100% rename from changelogs/unreleased/5685-blackpiglet rename to changelogs/unreleased/5765-blackpiglet