AdguardTeam
diff --git a/‎.github/workflows/docker.yml‎
Lines changed: 5 additions & 3 deletions b/‎.github/workflows/docker.yml‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎bamboo-specs/bamboo.yaml‎
Lines changed: 16 additions & 47 deletions b/‎bamboo-specs/bamboo.yaml‎
Lines changed: 16 additions & 47 deletions
diff --git a/‎docker/Dockerfile‎ ‎docker/build.Dockerfile‎docker/Dockerfile renamed to docker/build.Dockerfile b/‎docker/Dockerfile‎ ‎docker/build.Dockerfile‎docker/Dockerfile renamed to docker/build.Dockerfile
diff --git a/‎.dockerignore‎ ‎docker/build.dockerignore‎.dockerignore renamed to docker/build.dockerignore b/‎.dockerignore‎ ‎docker/build.dockerignore‎.dockerignore renamed to docker/build.dockerignore
diff --git a/‎docker/ci.Dockerfile‎
Lines changed: 142 additions & 0 deletions b/‎docker/ci.Dockerfile‎
Lines changed: 142 additions & 0 deletions
diff --git a/‎docker/ci.Dockerfile.dockerignore‎
Lines changed: 7 additions & 0 deletions b/‎docker/ci.Dockerfile.dockerignore‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎scripts/make/build-docker.sh‎
Lines changed: 53 additions & 34 deletions b/‎scripts/make/build-docker.sh‎
Lines changed: 53 additions & 34 deletions
@@ -30,9 +30,11 @@
           'key': "${{ runner.os }}-go-${{ hashFiles('go.sum') }}"
           'restore-keys': '${{ runner.os }}-go-'
       - 'name': 'Set up QEMU'
-        'uses': 'docker/setup-qemu-action@v1'
+        'uses': 'docker/setup-qemu-action@v3'
       - 'name': 'Set up Docker Buildx'
-        'uses': 'docker/setup-buildx-action@v1'
+        'uses': 'docker/setup-buildx-action@v3'
+        'with':
+          'install': true'
       - 'name': 'Publish to Docker Hub'
         'env':
           'DOCKER_USER': ${{ secrets.DOCKER_USER }}
@@ -51,7 +53,7 @@
           make \
             VERSION="${RELEASE_VERSION}" \
             DOCKER_IMAGE_NAME="adguard/dnsproxy" \
-            DOCKER_OUTPUT="type=image,name=adguard/dnsproxy,push=true" \
+            DOCKER_PUSH="1" \
             VERBOSE="1" \
             docker
 
 
@@ -5,6 +5,9 @@
     'key': 'DNSPROXY'
     'name': 'dnsproxy - Build and run tests'
 'variables':
+    # This variable is used to override Docker caching, for example to rerun a
+    # flaky test suite.
+    'cacheBuster': '0'
     'dockerFpm': 'alanfranz/fpm-within-docker:ubuntu-bionic'
     # When there is a patch release of Go available, set this property to an
     # exact patch version as opposed to a minor one to make sure that this exact
@@ -15,48 +18,13 @@
     'name': 'dnsproxy'
 
 'stages':
-# TODO(e.burkov):  Add separate lint stage for texts.
-  - 'Lint':
-      'manual': false
-      'final': false
-      'jobs':
-        - 'Lint'
   - 'Test':
       'manual': false
       'final': false
       'jobs':
         - 'Test'
 
-'Lint':
-    'docker':
-        'image': '${bamboo.dockerGo}'
-        'volumes':
-            '${system.GO_CACHE_DIR}': '${bamboo.cacheGo}'
-            '${system.GO_PKG_CACHE_DIR}': '${bamboo.cacheGoPkg}'
-    'key': 'LINT'
-    'other':
-        'clean-working-dir': true
-    'requirements':
-      - 'adg-docker': true
-    'tasks':
-      - 'checkout':
-             'force-clean-build': true
-      - 'script':
-              'interpreter': 'SHELL'
-              'scripts':
-                - |
-                  #!/bin/sh
-
-                  set -e -f -u -x
-
-                  make VERBOSE=1 GOMAXPROCS=1 go-tools go-lint
-
 'Test':
-    'docker':
-        'image': '${bamboo.dockerGo}'
-        'volumes':
-            '${system.GO_CACHE_DIR}': '${bamboo.cacheGo}'
-            '${system.GO_PKG_CACHE_DIR}': '${bamboo.cacheGoPkg}'
     'final-tasks':
       - 'test-parser':
           # The default pattern, '**/test-reports/*.xml', works, so don't set
@@ -67,8 +35,6 @@
     'key': 'TEST'
     'other':
         'clean-working-dir': true
-    'requirements':
-      - 'adg-docker': true
     'tasks':
       - 'checkout':
             'force-clean-build': true
@@ -82,18 +48,21 @@
 
                 set -e -f -u -x
 
-                make \
-                    GOMAXPROCS=1 \
-                    VERBOSE=1 \
-                    go-deps go-tools
+                docker info
+
+                docker build \
+                    --build-arg "BASE_IMAGE=${bamboo_dockerGo}" \
+                    --build-arg "CACHE_BUSTER=${bamboo_cacheBuster}" \
+                    --output '.' \
+                    --progress 'plain' \
+                    --target 'tester-exporter' \
+                    -f ./docker/ci.Dockerfile \
+                    .
 
-                make \
-                    TEST_REPORTS_DIR="./test-reports/" \
-                    VERBOSE=1 \
-                    go-test \
-                    ;
+                  exit_code="$(cat ./test-reports/test-exit-code.txt)"
+                  readonly exit_code
 
-                exit "$(cat ./test-reports/test-exit-code.txt)"
+                  exit "$exit_code"
 
 'branches':
     'create': 'for-pull-request'
 
@@ -0,0 +1,142 @@
+# syntax=docker/dockerfile:1
+
+# This comment is used to simplify checking local copies of the Dockerfile.
+# Bump this number every time a significant change is made to this Dockerfile.
+#
+# AdGuard-Project-Version: 10
+
+# Dockerfile guidelines:
+#
+# 1. Make sure that Docker correctly caches layers, on a second build attempt it
+#    must not run lint / test second time when it's not required.
+#
+# 2. Use BuildKit to improve the build performance (--mount=type=cache, etc).
+#
+# 3. Prefer using ARG instead of ENV when appropriate, as ARG does not create a
+#    layer in the final image.  However, be careful with what you use ARG for.
+#    Also, prefer to give ARGs sensible default values.
+#
+# 4. Use --output and the export stage if you need to get any output on the host
+#    machine.
+#
+#    NOTE:  Only use --output with FROM scratch.
+#
+# 5. Use .dockerignore to prevent unnecessary files from being sent to the
+#    Docker daemon, which can invalidate the cache.
+#
+# 6. Add a CACHE_BUSTER argument to stages to be able to rerun the stages if
+#    needed.  Keep it in sync with bamboo-specs/bamboo.yaml.
+
+# NOTE:  Keep in sync with bamboo-specs/bamboo.yaml.
+ARG BASE_IMAGE=adguard/go-builder:1.25.5--1
+
+# The dependencies stage is needed to install packages and tool dependencies.
+# This is also where binaries like osslsigncode, which may be required for tests
+# in some projects, must be installed.
+#
+# Use fake BRANCH and REVISION values to both prevent git calls and also not
+# ruin the caching with ARGs.
+#
+# NOTE:  Only ADD the files required to install the dependencies.
+FROM "$BASE_IMAGE" AS dependencies
+RUN ls -la .
+ADD Makefile go.mod go.sum /app/
+ADD scripts /app/scripts
+WORKDIR /app
+RUN \
+	--mount=type=cache,id=gocache,target=/root/.cache/go-build \
+	--mount=type=cache,id=gopath,target=/go \
+<<-'EOF'
+set -e -f -u -x
+make \
+	BRANCH='master' \
+	REVISION='0000000000000000000000000000000000000000' \
+	VERBOSE=1 \
+	go-env \
+	go-deps \
+	go-tools \
+	;
+EOF
+
+# The linter stage is separated from the tester stage to make catching test
+# failures easier.
+#
+# Use fake BRANCH and REVISION values to both prevent git calls and also not
+# ruin the caching with ARGs.  IGNORE_NON_REPRODUCIBLE is set to 1 to make this
+# stage reproducible even when linters that query external sources fail.
+FROM dependencies AS linter
+ADD . /app
+WORKDIR /app
+RUN \
+	--mount=type=cache,id=gocache,target=/root/.cache/go-build \
+	--mount=type=cache,id=gopath,target=/go \
+<<-'EOF'
+set -e -f -u -x
+export GOMAXPROCS=2
+make \
+	BRANCH='master' \
+	IGNORE_NON_REPRODUCIBLE='1' \
+	REVISION='0000000000000000000000000000000000000000' \
+	VERBOSE=1 \
+	go-lint \
+	md-lint \
+	sh-lint \
+	txt-lint \
+	;
+EOF
+
+# The test stage.  TEST_REPORTS_DIR is set to create JUnit reports for the
+# tester-exporter stage; run with --build-arg TEST_REPORTS_DIR='' if you don't
+# need them on your machine.
+#
+# Use fake BRANCH and REVISION values to both prevent git calls and also not
+# ruin the caching with ARGs.
+#
+# To run the tests:
+#
+#   docker build --target tester -t 'app' .
+#
+# Projects that have go-bench and/or go-fuzz targets should add them here as
+# well.
+FROM linter AS tester
+ARG CACHE_BUSTER=0
+ARG TEST_REPORTS_DIR=/test-reports
+RUN \
+	--mount=type=cache,id=gocache,target=/root/.cache/go-build \
+	--mount=type=cache,id=gopath,target=/go \
+<<-'EOF'
+set -e -f -u -x
+export GOMAXPROCS=1
+
+make \
+	BRANCH='master' \
+	REVISION='0000000000000000000000000000000000000000' \
+	TEST_REPORTS_DIR="$TEST_REPORTS_DIR" \
+	VERBOSE=1 \
+	go-test \
+	;
+
+exit_code="$(cat "${TEST_REPORTS_DIR}/test-exit-code.txt")"
+readonly exit_code
+
+# TODO(d.kolyshev):  Run go-fuzz and go-bench.
+
+exit "$exit_code"
+EOF
+
+# tester-exporter exports the test result to the host machine so that it could
+# parse and analyze it.  This stage should only used in a CI.
+#
+# It the file test-report.xml, which contains test results in the JUnit format.
+#
+# Run the following command to export the test result:
+#
+#   docker build \
+#	   --output . \
+#	   --progress plain \
+#	   --target tester-exporter \
+#	   .
+FROM scratch AS tester-exporter
+ARG CACHE_BUSTER=0
+ARG TEST_REPORTS_DIR=/test-reports
+COPY --from=tester "$TEST_REPORTS_DIR" "$TEST_REPORTS_DIR"
@@ -0,0 +1,7 @@
+# This comment is used to simplify checking local copies of the file.  Bump this
+# number every time a significant change is made to this file.
+#
+# AdGuard-Project-Version: 2
+.git
+/bin/
+/tmp/
@@ -1,15 +1,14 @@
 #!/bin/sh
 
+# TODO(a.garipov):  Improve arguments handling.
+
 verbose="${VERBOSE:-0}"
 
 if [ "$verbose" -gt '0' ]; then
 	set -x
-	debug_flags='--debug=1'
 else
 	set +x
-	debug_flags='--debug=0'
 fi
-readonly debug_flags
 
 set -e -f -u
 
@@ -40,15 +39,9 @@ readonly build_date
 docker_image_name="${DOCKER_IMAGE_NAME:-dnsproxy-dev}"
 readonly docker_image_name
 
-# Set DOCKER_OUTPUT to 'type=image,name=adguard/dnsproxy,push=true' if you
-# want (and are allowed) to push to DockerHub.
-#
-# If you want to inspect the resulting image using commands like "docker image
-# ls", change type to docker and also set docker_platforms to a single platform.
-#
-# See https://github.com/docker/buildx/issues/166.
-docker_output="${DOCKER_OUTPUT:-type=image,name=${docker_image_name},push=false}"
-readonly docker_output
+# Set DOCKER_PUSH to '1' if you want (and are allowed) to push to DockerHub.
+docker_push="${DOCKER_PUSH:-0}"
+readonly docker_push
 
 docker_version_tag="--tag=${docker_image_name}:${version}"
 docker_channel_tag="--tag=${docker_image_name}:latest"
@@ -63,7 +56,7 @@ readonly docker_version_tag docker_channel_tag
 
 # Copy the binaries into a new directory under new names, so that it's easier to
 # COPY them later.  DO NOT remove the trailing underscores.  See file
-# docker/Dockerfile.
+# docker/build.Dockerfile.
 dist_docker="${dist_dir}/docker"
 readonly dist_docker
 
@@ -84,24 +77,50 @@ cp "${dist_dir}/linux-ppc64le/dnsproxy" \
 # Prepare the default configuration for the Docker image.
 cp ./config.yaml.dist "${dist_docker}/config.yaml"
 
-# Don't use quotes with $docker_version_tag and $docker_channel_tag, because we
-# want word splitting and or an empty space if tags are empty.
-#
-# TODO(a.garipov): Once flag --tag of docker buildx build supports commas, use
-# them instead.
-#
-# shellcheck disable=SC2086
-$sudo_cmd docker \
-	"$debug_flags" \
-	buildx build \
-	--build-arg BUILD_DATE="$build_date" \
-	--build-arg DIST_DIR="$dist_dir" \
-	--build-arg VCS_REF="$commit" \
-	--build-arg VERSION="$version" \
-	--output "$docker_output" \
-	--platform "$docker_platforms" \
-	$docker_version_tag \
-	$docker_channel_tag \
-	-f ./docker/Dockerfile \
-	. \
-	;
+# docker_build_opt_tag is a function that wraps the call of docker build command
+# with optionally --tag flags.
+docker_build_opt_tag() {
+	if [ "$sudo_cmd" != '' ]; then
+		set -- "$sudo_cmd"
+	fi
+
+	# Set the initial parameters.
+	set -- \
+		"$@" \
+		docker \
+		buildx \
+		build \
+		--build-arg BUILD_DATE="$build_date" \
+		--build-arg DIST_DIR="$dist_dir" \
+		--build-arg VCS_REF="$commit" \
+		--build-arg VERSION="$version" \
+		--platform "$docker_platforms" \
+		--progress 'plain' \
+		;
+
+	# Append the channel tag, if any.
+	if [ "$docker_channel_tag" != '' ]; then
+		set -- "$@" "$docker_channel_tag"
+	fi
+
+	# Append the version tag.
+	set -- "$@" "$docker_version_tag"
+
+	# Push to DockerHub, if requested.
+	if [ "$docker_push" -eq 1 ]; then
+		set -- "$@" '--push'
+	fi
+
+	# Append the rest.
+	set -- \
+		"$@" \
+		-f \
+		./docker/build.Dockerfile \
+		. \
+		;
+
+	# Call the command with the assembled parameters.
+	"$@"
+}
+
+docker_build_opt_tag