Cherry-pick #173 into narnia (#189)

divviup · Nov 11, 2020 · 2b8049a · 2b8049a
2 parents 1467d44 + 95ce459
commit 2b8049a
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 21 deletions.
diff --git a/workflow-manager/Dockerfile b/workflow-manager/Dockerfile
@@ -1,4 +1,23 @@
+FROM golang:1.15 as builder
+# set GOPATH to empty since we're building with modules.
+ENV GOPATH=
+WORKDIR /workspace/
+COPY go.mod go.mod
+COPY go.sum go.sum
+RUN go mod download
+COPY . .
+ARG BUILD_INFO=unspecified
+RUN \
+  CGO_ENABLED=0 \
+  GOOS=linux \
+  go build -ldflags="-w -X 'main.BuildInfo=${BUILD_INFO}'" -o workflow-manager ./
+
 FROM scratch
-COPY ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
-COPY workflow-manager workflow-manager
+ARG BUILD_INFO=unspecified
+LABEL build_info="${BUILD_INFO}"
+# The container needs a copy of trusted roots. Copy them from the builder image.
+# See
+# https://medium.com/@kelseyhightower/optimizing-docker-images-for-static-binaries-b5696e26eb07
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=builder /workspace/workflow-manager workflow-manager
 ENTRYPOINT ["/workflow-manager"]
diff --git a/workflow-manager/build.sh b/workflow-manager/build.sh
@@ -1,20 +1,10 @@
 #!/bin/bash -eux
-# The container needs a copy of trusted roots. Try to copy them from the OS.
-# See
-# https://medium.com/@kelseyhightower/optimizing-docker-images-for-static-binaries-b5696e26eb07
-# and
-# https://github.com/golang/go/blob/master/src/crypto/x509/root_linux.go#L7
 cd $(dirname $0)
 
 # Embed info about the build.
 COMMIT_ID="$(git rev-parse --short=8 HEAD)"
 BUILD_ID="$(git symbolic-ref --short HEAD 2>/dev/null || true)+${COMMIT_ID}"
-BUILD_TIME="$(date -u)"
-GO_BUILD_FLAGS="-ldflags=-w -X 'main.BuildID=${BUILD_ID}' -X 'main.BuildTime=${BUILD_TIME}'"
+BUILD_TIME="$(date)"
+BUILD_INFO="${BUILD_ID} - ${BUILD_TIME}"
 
-cp /etc/ssl/certs/ca-certificates.crt . \
- || cp /etc/pki/tls/certs/ca-bundle.crt ca-certificates.crt \
- || cp /etc/pki/tls/certs/ca-bundle.crt ca-certificates.crt
-CGO_ENABLED=0 GOOS=linux go build "$GO_BUILD_FLAGS" -o workflow-manager main.go
-docker build --tag letsencrypt/prio-workflow-manager .
-rm ca-certificates.crt
+docker build --tag letsencrypt/prio-workflow-manager --build-arg BUILD_INFO="${BUILD_INFO}" .
diff --git a/workflow-manager/main.go b/workflow-manager/main.go
@@ -38,11 +38,8 @@ import (
 	"k8s.io/client-go/rest"
 )
 
-// BuildID is generated at build time and contains the branch and short hash.
-var BuildID string
-
-// BuildTime is generated at build time and contains the build time.
-var BuildTime string
+// BuildInfo is generated at build time - see the Dockerfile.
+var BuildInfo string
 
 type batchPath struct {
 	aggregationID  string
@@ -158,7 +155,7 @@ var aggregationPeriod = flag.String("aggregation-period", "3h", "How much time e
 var gracePeriod = flag.String("grace-period", "1h", "Wait this amount of time after the end of an aggregation timeslice to run the aggregation")
 
 func main() {
-	log.Printf("starting %s version %s - %s. Args: %s", os.Args[0], BuildID, BuildTime, os.Args[1:])
+	log.Printf("starting %s version %s. Args: %s", os.Args[0], BuildInfo, os.Args[1:])
 	flag.Parse()
 
 	ownValidationBucket, err := newBucket(*ownValidationInput, *ownValidationIdentity)