Dockerfile: simplify utility-install script, and update gotestsum to v1.7.0#42674
Dockerfile: simplify utility-install script, and update gotestsum to v1.7.0#42674thaJeztah merged 5 commits intomoby:masterfrom
Conversation
776f040 to
f40bb6b
Compare
f40bb6b to
06cbbe8
Compare
There was a problem hiding this comment.
^^ I started working on this, but it was slightly more involved, so I'll push those changes in a follow-up.
There was a problem hiding this comment.
You mean inline just the extra tools (like tomll), or all the containerd, etc too? I'm +1 on the former but hesitant on the latter (since I think those scripts get used elsewhere too right?)
There was a problem hiding this comment.
Yes, correct, the containerd and runc scripts are still used in some other places, so we likely still need those. For the "CI utilities", I think we should be able to put them inside the dockerfile; they're just one-liners now, so having two scripts to run them is just unneeded overhead.
c3c0da9 to
bd22a9b
Compare
|
merged |
bd22a9b to
3761ef0
Compare
|
|
||
| # Do not build with ambient capabilities support | ||
| RUNC_BUILDTAGS="${RUNC_BUILDTAGS:-"seccomp $RUNC_NOKMEM"}" | ||
| RUNC_BUILDTAGS="${RUNC_BUILDTAGS:-"seccomp"}" |
There was a problem hiding this comment.
I think we can also consider removing RUNC_BUILDTAGS now (assuming that make static does the right thing w.r.t. seccomp 🤔
There was a problem hiding this comment.
You mean inline just the extra tools (like tomll), or all the containerd, etc too? I'm +1 on the former but hesitant on the latter (since I think those scripts get used elsewhere too right?)
| git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" | ||
| cd "$GOPATH/src/github.com/opencontainers/runc" | ||
| git checkout -q "$RUNC_COMMIT" | ||
| cd "$GOPATH/src/github.com/opencontainers/runc" || true |
There was a problem hiding this comment.
changing this for -e instead
This build-tag was removed in opencontainers/runc@52390d6, which is part of runc v1.0.0-rc94 and up, so no longer relevant. the kmem options are now always disabled in runc. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The golangci-lint, gotestsum, shfmt, and vndr utilities should generally be ok to be pinned by version instead of a specific sha. Also rename the corresponding env-vars / build-args accordingly: - GOLANGCI_LINT_COMMIT -> GOLANGCI_LINT_VERSION - GOTESTSUM_COMMIT -> GOTESTSUM_VERSION - SHFMT_COMMIT -> SHFMT_VERSION - VNDR_COMMIT -> VNDR_VERSION - CONTAINERD_COMMIT -> CONTAINERD_VERSION - RUNC_COMMIT -> RUNC_VERSION - ROOTLESS_COMMIT -> ROOTLESS_VERSION Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
3761ef0 to
1b8db06
Compare
|
@tonistiigi updated; added |
| # TODO remove GOPROXY override once we updated to Go 1.14+ | ||
| # Using goproxy instead of "direct" to work around an issue in go mod | ||
| # on Go 1.13 not working with older git versions (default version on | ||
| # CentOS 7 is git 1.8), see https://github.com/golang/go/issues/38373 | ||
| export GOPROXY="https://proxy.golang.org" |
There was a problem hiding this comment.
Looks like this issue was not fixed in Go 1.14. go modules still doesn't work (without using the proxy) on CentOS 7 / older git versions; docker/docker-ce-packaging#553 (comment)
Dockerfile: simplify utility-install script, and update gotestsum to v1.7.0
Dockerfile: use version for some utilities instead of commit-sha
The golangci-lint, gotestsum, shfmt, and vndr utilities should generally
be ok to be pinned by version instead of a specific sha. Also rename
the corresponding env-vars / build-args accordingly:
Dockerfile: use "go install" to install utilities
Dockerfile: remove GOPROXY override (was for go < 1.14)
Dockerfile: update gotestsum to v1.7.0
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)