diff --git a/Dockerfile b/Dockerfile index 757b03c07..598fbf38a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,48 +11,67 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM --platform=$BUILDPLATFORM golang:1.18 as builder-env + +# Velero binary build section +FROM --platform=$BUILDPLATFORM golang:1.18.8 as velero-builder ARG GOPROXY +ARG BIN ARG PKG ARG VERSION +ARG REGISTRY ARG GIT_SHA ARG GIT_TREE_STATE -ARG REGISTRY +ARG TARGETOS +ARG TARGETARCH +ARG TARGETVARIANT ENV CGO_ENABLED=0 \ GO111MODULE=on \ GOPROXY=${GOPROXY} \ + GOOS=${TARGETOS} \ + GOARCH=${TARGETARCH} \ + GOARM=${TARGETVARIANT} \ LDFLAGS="-X ${PKG}/pkg/buildinfo.Version=${VERSION} -X ${PKG}/pkg/buildinfo.GitSHA=${GIT_SHA} -X ${PKG}/pkg/buildinfo.GitTreeState=${GIT_TREE_STATE} -X ${PKG}/pkg/buildinfo.ImageRegistry=${REGISTRY}" WORKDIR /go/src/github.com/vmware-tanzu/velero COPY . /go/src/github.com/vmware-tanzu/velero -FROM --platform=$BUILDPLATFORM builder-env as builder - -ARG TARGETOS -ARG TARGETARCH -ARG TARGETVARIANT -ARG PKG -ARG BIN -ARG RESTIC_VERSION - -ENV GOOS=${TARGETOS} \ - GOARCH=${TARGETARCH} \ - GOARM=${TARGETVARIANT} - RUN mkdir -p /output/usr/bin && \ export GOARM=$( echo "${GOARM}" | cut -c2-) && \ - bash ./hack/build-restic.sh && \ go build -o /output/${BIN} \ -ldflags "${LDFLAGS}" ${PKG}/cmd/${BIN} -FROM gcr.io/distroless/base-debian11:nonroot +# Restic binary build section +FROM --platform=$BUILDPLATFORM golang:1.19.4-bullseye as restic-builder + +ARG BIN +ARG TARGETOS +ARG TARGETARCH +ARG TARGETVARIANT +ARG RESTIC_VERSION + +env CGO_ENABLED=0 \ + GO111MODULE=on \ + GOPROXY=${GOPROXY} \ + GOOS=${TARGETOS} \ + GOARCH=${TARGETARCH} \ + GOARM=${TARGETVARIANT} + +COPY . /go/src/github.com/vmware-tanzu/velero + +RUN mkdir -p /output/usr/bin && \ + bash /go/src/github.com/vmware-tanzu/velero/hack/build-restic.sh + +# Velero image packing section +FROM gcr.io/distroless/base-debian11@sha256:99133cb0878bb1f84d1753957c6fd4b84f006f2798535de22ebf7ba170bbf434 LABEL maintainer="Nolan Brubaker " -COPY --from=builder /output / +COPY --from=velero-builder /output / + +COPY --from=restic-builder /output / USER nonroot:nonroot diff --git a/changelogs/unreleased/5764-blackpiglet b/changelogs/unreleased/5764-blackpiglet new file mode 100644 index 000000000..13df2faf7 --- /dev/null +++ b/changelogs/unreleased/5764-blackpiglet @@ -0,0 +1 @@ +Add Restic builder in Dockerfile, and keep the used built Golang image version in accordance with upstream Restic. \ No newline at end of file diff --git a/hack/build-restic.sh b/hack/build-restic.sh index 5859414fd..c6a19c02c 100755 --- a/hack/build-restic.sh +++ b/hack/build-restic.sh @@ -50,6 +50,7 @@ fi mkdir ${build_path}/restic git clone -b v${RESTIC_VERSION} https://github.com/restic/restic.git ${build_path}/restic pushd ${build_path}/restic +git apply /go/src/github.com/vmware-tanzu/velero/hack/modify_acces_denied_code.txt go run build.go --goos "${GOOS}" --goarch "${GOARCH}" --goarm "${GOARM}" -o ${restic_bin} chmod +x ${restic_bin} popd diff --git a/hack/modify_acces_denied_code.txt b/hack/modify_acces_denied_code.txt new file mode 100644 index 000000000..5c2577b69 --- /dev/null +++ b/hack/modify_acces_denied_code.txt @@ -0,0 +1,13 @@ +diff --git a/internal/backend/s3/s3.go b/internal/backend/s3/s3.go +index 0b3816c06..eec10f9c7 100644 +--- a/internal/backend/s3/s3.go ++++ b/internal/backend/s3/s3.go +@@ -164,7 +164,7 @@ func isAccessDenied(err error) bool { + debug.Log("isAccessDenied(%T, %#v)", err, err) + + var e minio.ErrorResponse +- return errors.As(err, &e) && e.Code == "Access Denied" ++ return errors.As(err, &e) && e.Code == "AccessDenied" + } + + // IsNotExist returns true if the error is caused by a not existing file.