diff --git a/.drone/drone.yml b/.drone/drone.yml index 4a55da51c8e5..f521c097fe5f 100644 --- a/.drone/drone.yml +++ b/.drone/drone.yml @@ -10,7 +10,42 @@ steps: - docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - docker buildx create --name multiarch --driver docker-container --use - - docker buildx build --push --platform linux/amd64,linux/arm64 -t grafana/agent-build-image:$IMAGE_TAG + - docker buildx build --build-arg="GO_RUNTIME=golang:1.22.0-bullseye" --push --platform + linux/amd64,linux/arm64 -t grafana/agent-build-image:$IMAGE_TAG ./build-image + environment: + DOCKER_LOGIN: + from_secret: docker_login + DOCKER_PASSWORD: + from_secret: docker_password + image: docker + name: Build + volumes: + - name: docker + path: /var/run/docker.sock +trigger: + event: + - tag + ref: + - refs/tags/build-image/v* +type: docker +volumes: +- host: + path: /var/run/docker.sock + name: docker +--- +kind: pipeline +name: Create Linux build image for boringcrypto +platform: + arch: amd64 + os: linux +steps: +- commands: + - export IMAGE_TAG=${DRONE_TAG##build-image/v}-boringcrypto + - docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD + - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes + - docker buildx create --name multiarch --driver docker-container --use + - docker buildx build --build-arg="GO_RUNTIME=mcr.microsoft.com/oss/go/microsoft/golang:1.22-bullseye" + --push --platform linux/amd64,linux/arm64 -t grafana/agent-build-image:$IMAGE_TAG ./build-image environment: DOCKER_LOGIN: @@ -1317,6 +1352,6 @@ kind: secret name: updater_private_key --- kind: signature -hmac: a77b4f7b2708cc4417edd42fae39c307abcaec2c4f0f6176212665133bd20d5d +hmac: 2e439110a89f33a78d745a71635d47f9b1a99de6028bb84c258a0be9c09840f2 ... diff --git a/.drone/pipelines/build_images.jsonnet b/.drone/pipelines/build_images.jsonnet index 6df4f8f6cd2c..328c7fc34443 100644 --- a/.drone/pipelines/build_images.jsonnet +++ b/.drone/pipelines/build_images.jsonnet @@ -32,7 +32,7 @@ local locals = { 'docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD', 'docker run --rm --privileged multiarch/qemu-user-static --reset -p yes', 'docker buildx create --name multiarch --driver docker-container --use', - 'docker buildx build --push --platform linux/amd64,linux/arm64 -t grafana/agent-build-image:$IMAGE_TAG ./build-image', + 'docker buildx build --build-arg="GO_RUNTIME=golang:1.22.0-bullseye" --push --platform linux/amd64,linux/arm64 -t grafana/agent-build-image:$IMAGE_TAG ./build-image', ], }], volumes: [{ @@ -40,6 +40,29 @@ local locals = { host: { path: '/var/run/docker.sock' }, }], }, + pipelines.linux('Create Linux build image for boringcrypto') { + trigger: locals.on_build_image_tag, + steps: [{ + name: 'Build', + image: 'docker', + volumes: [{ + name: 'docker', + path: '/var/run/docker.sock', + }], + environment: locals.docker_environment, + commands: [ + 'export IMAGE_TAG=${DRONE_TAG##build-image/v}-boringcrypto', + 'docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD', + 'docker run --rm --privileged multiarch/qemu-user-static --reset -p yes', + 'docker buildx create --name multiarch --driver docker-container --use', + 'docker buildx build --build-arg="GO_RUNTIME=mcr.microsoft.com/oss/go/microsoft/golang:1.22-bullseye" --push --platform linux/amd64,linux/arm64 -t grafana/agent-build-image:$IMAGE_TAG ./build-image', + ], + }], + volumes: [{ + name: 'docker', + host: { path: '/var/run/docker.sock' }, + }], + }, pipelines.windows('Create Windows build image') { trigger: locals.on_build_image_tag, diff --git a/.drone/util/build_image.jsonnet b/.drone/util/build_image.jsonnet index 3d9f5d8a7dc3..4d4f2ec1d4a7 100644 --- a/.drone/util/build_image.jsonnet +++ b/.drone/util/build_image.jsonnet @@ -3,4 +3,5 @@ linux: 'grafana/agent-build-image:%s' % version, windows: 'grafana/agent-build-image:%s-windows' % version, + boringcrypto: 'grafana/agent-build-image:%s-boringcrypto' % version, } diff --git a/.github/workflows/check-linux-build-image.yml b/.github/workflows/check-linux-build-image.yml index ca9201ede824..32737b0b6afd 100644 --- a/.github/workflows/check-linux-build-image.yml +++ b/.github/workflows/check-linux-build-image.yml @@ -23,4 +23,15 @@ jobs: with: context: ./build-image push: false - tags: grafana/agent-build-image:latest \ No newline at end of file + tags: grafana/agent-build-image:latest + build-args: | + GO_RUNTIME=golang:1.22.0-bullseye + + - name: Create test Linux build image for boring crypto + uses: docker/build-push-action@v5 + with: + context: ./build-image + push: false + tags: grafana/agent-build-image:latest + build-args: | + GO_RUNTIME=mcr.microsoft.com/oss/go/microsoft/golang:1.22-bullseye \ No newline at end of file diff --git a/build-image/Dockerfile b/build-image/Dockerfile index 7bce2ddfde9e..602e7cbd1aeb 100644 --- a/build-image/Dockerfile +++ b/build-image/Dockerfile @@ -4,6 +4,10 @@ # default when running `docker buildx build` or when DOCKER_BUILDKIT=1 is set # in environment variables. +# NOTE: The GO_RUNTIME is used to switch between the default google go runtime and mcr.microsoft.com/oss/go/microsoft/golang:1.22-bullseye which is a microsoft +# fork of go that allows using windows crypto instead of boring crypto. Details at https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips +ARG GO_RUNTIME=mustoverride + # # Dependencies # @@ -23,7 +27,7 @@ FROM alpine:3.17 as helm RUN apk add --no-cache helm # Dependency: Go and Go dependencies -FROM golang:1.22.0-bullseye as golang +FROM ${GO_RUNTIME} as golang # Keep in sync with cmd/grafana-agent-operator/DEVELOPERS.md ENV CONTROLLER_GEN_VERSION v0.9.2