Add build image for windows boringcrypto executable. (#6369)

* Add build image for windows boringcrypto executable. * Update Dockerfile * Update build_image.jsonnet * Use ARG instead of duplicate image * force the usage of arg
grafana · Feb 16, 2024 · eef2cf0 · eef2cf0
1 parent e7b95cf
commit eef2cf0
Show file tree

Hide file tree

Showing 5 changed files with 79 additions and 5 deletions.
diff --git a/.drone/drone.yml b/.drone/drone.yml
@@ -10,7 +10,42 @@ steps:
   - docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD
   - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
   - docker buildx create --name multiarch --driver docker-container --use
-  - docker buildx build --push --platform linux/amd64,linux/arm64 -t grafana/agent-build-image:$IMAGE_TAG
+  - docker buildx build --build-arg="GO_RUNTIME=golang:1.22.0-bullseye" --push --platform
+    linux/amd64,linux/arm64 -t grafana/agent-build-image:$IMAGE_TAG ./build-image
+  environment:
+    DOCKER_LOGIN:
+      from_secret: docker_login
+    DOCKER_PASSWORD:
+      from_secret: docker_password
+  image: docker
+  name: Build
+  volumes:
+  - name: docker
+    path: /var/run/docker.sock
+trigger:
+  event:
+  - tag
+  ref:
+  - refs/tags/build-image/v*
+type: docker
+volumes:
+- host:
+    path: /var/run/docker.sock
+  name: docker
+---
+kind: pipeline
+name: Create Linux build image for boringcrypto
+platform:
+  arch: amd64
+  os: linux
+steps:
+- commands:
+  - export IMAGE_TAG=${DRONE_TAG##build-image/v}-boringcrypto
+  - docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD
+  - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
+  - docker buildx create --name multiarch --driver docker-container --use
+  - docker buildx build --build-arg="GO_RUNTIME=mcr.microsoft.com/oss/go/microsoft/golang:1.22-bullseye"
+    --push --platform linux/amd64,linux/arm64 -t grafana/agent-build-image:$IMAGE_TAG
     ./build-image
   environment:
     DOCKER_LOGIN:
@@ -1317,6 +1352,6 @@ kind: secret
 name: updater_private_key
 ---
 kind: signature
-hmac: a77b4f7b2708cc4417edd42fae39c307abcaec2c4f0f6176212665133bd20d5d
+hmac: 2e439110a89f33a78d745a71635d47f9b1a99de6028bb84c258a0be9c09840f2
 
 ...
diff --git a/.drone/pipelines/build_images.jsonnet b/.drone/pipelines/build_images.jsonnet
@@ -32,14 +32,37 @@ local locals = {
         'docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD',
         'docker run --rm --privileged multiarch/qemu-user-static --reset -p yes',
         'docker buildx create --name multiarch --driver docker-container --use',
-        'docker buildx build --push --platform linux/amd64,linux/arm64 -t grafana/agent-build-image:$IMAGE_TAG ./build-image',
+        'docker buildx build --build-arg="GO_RUNTIME=golang:1.22.0-bullseye" --push --platform linux/amd64,linux/arm64 -t grafana/agent-build-image:$IMAGE_TAG ./build-image',
       ],
     }],
     volumes: [{
       name: 'docker',
       host: { path: '/var/run/docker.sock' },
     }],
   },
+  pipelines.linux('Create Linux build image for boringcrypto') {
+    trigger: locals.on_build_image_tag,
+    steps: [{
+      name: 'Build',
+      image: 'docker',
+      volumes: [{
+        name: 'docker',
+        path: '/var/run/docker.sock',
+      }],
+      environment: locals.docker_environment,
+      commands: [
+        'export IMAGE_TAG=${DRONE_TAG##build-image/v}-boringcrypto',
+        'docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD',
+        'docker run --rm --privileged multiarch/qemu-user-static --reset -p yes',
+        'docker buildx create --name multiarch --driver docker-container --use',
+        'docker buildx build --build-arg="GO_RUNTIME=mcr.microsoft.com/oss/go/microsoft/golang:1.22-bullseye" --push --platform linux/amd64,linux/arm64 -t grafana/agent-build-image:$IMAGE_TAG ./build-image',
+      ],
+    }],
+    volumes: [{
+      name: 'docker',
+      host: { path: '/var/run/docker.sock' },
+    }],
+   },
 
   pipelines.windows('Create Windows build image') {
     trigger: locals.on_build_image_tag,

diff --git a/.drone/util/build_image.jsonnet b/.drone/util/build_image.jsonnet
@@ -3,4 +3,5 @@
 
   linux: 'grafana/agent-build-image:%s' % version,
   windows: 'grafana/agent-build-image:%s-windows' % version,
+  boringcrypto: 'grafana/agent-build-image:%s-boringcrypto' % version,
 }
diff --git a/.github/workflows/check-linux-build-image.yml b/.github/workflows/check-linux-build-image.yml
@@ -23,4 +23,15 @@ jobs:
         with:
           context: ./build-image
           push: false
-          tags: grafana/agent-build-image:latest
+          tags: grafana/agent-build-image:latest
+          build-args: |
+            GO_RUNTIME=golang:1.22.0-bullseye
+
+      - name: Create test Linux build image for boring crypto
+        uses: docker/build-push-action@v5
+        with:
+          context: ./build-image
+          push: false
+          tags: grafana/agent-build-image:latest
+          build-args: |
+            GO_RUNTIME=mcr.microsoft.com/oss/go/microsoft/golang:1.22-bullseye
diff --git a/build-image/Dockerfile b/build-image/Dockerfile
@@ -4,6 +4,10 @@
 # default when running `docker buildx build` or when DOCKER_BUILDKIT=1 is set
 # in environment variables.
 
+# NOTE: The GO_RUNTIME is used to switch between the default google go runtime and  mcr.microsoft.com/oss/go/microsoft/golang:1.22-bullseye which is a microsoft
+# fork of go that allows using windows crypto instead of boring crypto. Details at https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips
+ARG GO_RUNTIME=mustoverride
+
 #
 # Dependencies
 #
@@ -23,7 +27,7 @@ FROM alpine:3.17 as helm
 RUN apk add --no-cache helm
 
 # Dependency: Go and Go dependencies
-FROM golang:1.22.0-bullseye as golang
+FROM ${GO_RUNTIME} as golang
 
 # Keep in sync with cmd/grafana-agent-operator/DEVELOPERS.md
 ENV CONTROLLER_GEN_VERSION v0.9.2