fixup! Use Signed Binaries for Docker Build

Author: sheylatrudo

.pipelines/build/dockerfiles/azure-ipam.Dockerfile

@@ -1,11 +1,11 @@
 ARG ARTIFACT_DIR
 
 FROM scratch AS linux
-COPY ${ARTIFACT_DIR}/bins/dropgz dropgz
+COPY ${ARTIFACT_DIR}/bin/dropgz dropgz
 ENTRYPOINT [ "/dropgz" ]
 
 
 # skopeo inspect docker://mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0 --format "{{.Name}}@{{.Digest}}"
 FROM mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b as windows
-COPY ${ARTIFACT_DIR}/bins/dropgz dropgz.exe
+COPY ${ARTIFACT_DIR}/bin/dropgz dropgz.exe
 ENTRYPOINT [ "/dropgz.exe" ]

.pipelines/build/dockerfiles/cni.Dockerfile

@@ -2,15 +2,15 @@ ARG ARCH
 ARG ARTIFACT_DIR
 
 FROM scratch AS linux
-ADD ${ARTIFACT_DIR}/bins/dropgz dropgz
+ADD ${ARTIFACT_DIR}/bin/dropgz dropgz
 ENTRYPOINT [ "/dropgz" ]
 
 
 # mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0
 FROM --platform=windows/${ARCH} mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b as hpc
 
 FROM hpc as windows
-ADD ${ARTIFACT_DIR}/bins/dropgz dropgz.exe
+ADD ${ARTIFACT_DIR}/bin/dropgz dropgz.exe
 ENTRYPOINT [ "/dropgz.exe" ]
 
 

.pipelines/build/dockerfiles/cns.Dockerfile

@@ -9,7 +9,7 @@ RUN tdnf install -y iptables
 FROM mcr.microsoft.com/cbl-mariner/distroless/minimal@sha256:7778a86d86947d5f64c1280a7ee0cf36c6c6d76b5749dd782fbcc14f113961bf AS linux
 COPY --from=iptables /usr/sbin/*tables* /usr/sbin/
 COPY --from=iptables /usr/lib /usr/lib
-COPY ${ARTIFACT_DIR}/bins/azure-cns /usr/local/bin/azure-cns
+COPY ${ARTIFACT_DIR}/bin/azure-cns /usr/local/bin/azure-cns
 ENTRYPOINT [ "/usr/local/bin/azure-cns" ]
 EXPOSE 10090
 
@@ -18,6 +18,6 @@ EXPOSE 10090
 FROM --platform=windows/${ARCH} mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b AS windows
 COPY ${ARTIFACT_DIR}/files/kubeconfigtemplate.yaml kubeconfigtemplate.yaml
 COPY ${ARTIFACT_DIR}/files/setkubeconfigpath.ps1 setkubeconfigpath.ps1
-COPY ${ARTIFACT_DIR}/bins/azure-cns /azure-cns.exe
+COPY ${ARTIFACT_DIR}/bin/azure-cns /azure-cns.exe
 ENTRYPOINT ["azure-cns.exe"]
 EXPOSE 10090

.pipelines/build/dockerfiles/ipv6-hp-bpf.Dockerfile

@@ -2,7 +2,7 @@ ARG ARTIFACT_DIR
 
 FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0 AS linux
 COPY ${ARTIFACT_DIR}/lib/* /lib
-COPY ${ARTIFACT_DIR}/bins/ipv6-hp-bpf /ipv6-hp-bpf
-COPY ${ARTIFACT_DIR}/bins/nft /usr/sbin/nft
-COPY ${ARTIFACT_DIR}/bins/ip /sbin/ip
+COPY ${ARTIFACT_DIR}/bin/ipv6-hp-bpf /ipv6-hp-bpf
+COPY ${ARTIFACT_DIR}/bin/nft /usr/sbin/nft
+COPY ${ARTIFACT_DIR}/bin/ip /sbin/ip
 CMD ["/ipv6-hp-bpf"]

.pipelines/build/dockerfiles/npm.Dockerfile

@@ -1,10 +1,13 @@
+ARG ARTIFACT_DIR
+
 FROM mcr.microsoft.com/mirror/docker/library/ubuntu:20.04 as linux
 
 RUN apt-get update && \
   apt-get install -y libc-bin=2.31-0ubuntu9.17 libc6=2.31-0ubuntu9.17 libtasn1-6=4.16.0-2ubuntu0.1 libgnutls30=3.6.13-2ubuntu1.12 iptables ipset ca-certificates && \
   apt-get autoremove -y && \
   apt-get clean
 
+COPY ${ARTIFACT_DIR}/bin/azure-npm /usr/bin/azure-npm
 RUN chmod +x /usr/bin/azure-npm
 ENTRYPOINT ["/usr/bin/azure-npm", "start"]
 
@@ -15,6 +18,6 @@ FROM mcr.microsoft.com/windows/servercore@sha256:45952938708fbde6ec0b5b94de68bcd
 COPY ${ARTIFACT_DIR}/files/kubeconfigtemplate.yaml kubeconfigtemplate.yaml
 COPY ${ARTIFACT_DIR}/files/setkubeconfigpath.ps1 setkubeconfigpath.ps1
 COPY ${ARTIFACT_DIR}/files/setkubeconfigpath-capz.ps1 setkubeconfigpath-capz.ps1
-COPY ${ARTIFACT_DIR}/bins/azure-npm.exe npm.exe
+COPY ${ARTIFACT_DIR}/bin/azure-npm npm.exe
 
 CMD ["npm.exe", "start" "--kubeconfig=.\\kubeconfig"]

.pipelines/build/scripts/azure-ipam.sh

@@ -4,21 +4,22 @@ set -nex
 pwd
 ls -la
 
-mkdir -p "$OUT_DIR"/bins
-mkdir -p "$GEN_DIR"
+export GOOS=$OS
+export GOARCH=$ARCH
+export CGO_ENABLED=0 
 
-DROPGZ_VERSION="${DROPGZ_VERSION:-v0.0.12}"
-IPAM_BUILD_DIR=$(mktemp -d -p "$GEN_DIR")
+mkdir -p "$OUT_DIR"/bin
+mkdir -p "$OUT_DIR"/files
 
 pushd "$ROOT_DIR"/azure-ipam
-  GOOS=$OS CGO_ENABLED=0 go build -v -a -o "$IPAM_BUILD_DIR"/azure-ipam -trimpath -ldflags "-X github.com/Azure/azure-container-networking/azure-ipam/internal/buildinfo.Version="$AZURE_IPAM_VERSION" main.version="$VERSION"" -gcflags="-dwarflocationlists=true"
-  cp *.conflist "$IPAM_BUILD_DIR"
-  sha256sum * > sum.txt
-  gzip --verbose --best --recursive "$IPAM_BUILD_DIR" && for f in *.gz; do mv -- "$f" "${f%%.gz}"; done
-popd
+  go build -v -a -trimpath \
+    -o "$OUT_DIR"/bin/azure-ipam \
+     -ldflags "-X github.com/Azure/azure-container-networking/azure-ipam/internal/buildinfo.Version="$AZURE_IPAM_VERSION" -X main.version="$AZURE_IPAM_VERSION"" \
+     -gcflags="-dwarflocationlists=true" \
 
-go mod download github.com/azure/azure-container-networking/dropgz@$DROPGZ_VERSION
-pushd "$GOPATH"/pkg/mod/github.com/azure/azure-container-networking/dropgz\@$DROPGZ_VERSION
-  cp "$IPAM_BUILD_DIR"/* pkg/embed/fs/
-  GOOS=$OS CGO_ENABLED=0 go build -a -o "$OUT_DIR"/bins/dropgz -trimpath -ldflags "-X github.com/Azure/azure-container-networking/dropgz/internal/buildinfo.Version="$VERSION"" -gcflags="-dwarflocationlists=true" main.go
+  cp *.conflist "$OUT_DIR"/files/
 popd
+
+
+# Build with DropGZ
+./dropgz.sh

.pipelines/build/scripts/cni.sh

@@ -4,36 +4,26 @@ pwd
 ls -la
 
 mkdir -p "$OUT_DIR"/files
-mkdir -p "$OUT_DIR"/bins
+mkdir -p "$OUT_DIR"/bin
 
 export GOOS=$OS
 export GOARCH=$ARCH
 export CGO_ENABLED=0 
 
-CNI_BUILD_DIR="$REPO_ROOT"/cni
-STATELESS_CNI_BUILD_DIR="$CNI_BUILD_DIR"/stateless
-CNI_MULTITENANCY_BUILD_DIR="$REPO_ROOT"/cni-multitenancy
-CNI_MULTITENANCY_TRANSPARENT_VLAN_BUILD_DIR="$REPO_ROOT"/cni-multitenancy-transparent-vlan
-CNI_SWIFT_BUILD_DIR="$REPO_ROOT"/cni-swift
-CNI_OVERLAY_BUILD_DIR="$REPO_ROOT"/cni-overlay
-CNI_BAREMETAL_BUILD_DIR="$REPO_ROOT"/cni-baremetal
-CNI_DUALSTACK_BUILD_DIR="$REPO_ROOT"/cni-dualstack
-
-CNI_TEMP_DIR=$(mktemp -d -p "$GEN_DIR")
 
 CNI_NET_DIR="$REPO_ROOT"/cni/network/plugin
 pushd "$CNI_NET_DIR"
   go build -v -a -trimpath \
-    -o "$OUT_DIR"/bins/azure-vnet \
+    -o "$OUT_DIR"/bin/azure-vnet \
     -ldflags "-X main.version="$CNI_VERSION"" \
     -gcflags="-dwarflocationlists=true" \
     ./main.go
 popd
 
-STATELESS_CNI_NET_DIR="$REPO_ROOT"/cni/network/stateless
-pushd "$STATELESS_CNI_NET_DIR"
+STATELESS_CNI_BUILD_DIR="$REPO_ROOT"/cni/network/stateless
+pushd "$STATELESS_CNI_BUILD_DIR"
   go build -v -a -trimpath \
-    -o "$OUT_DIR"/bins/azure-vnet-stateless \
+    -o "$OUT_DIR"/bin/azure-vnet-stateless \
     -ldflags "-X main.version="$CNI_VERSION"" \
     -gcflags="-dwarflocationlists=true" \
     ./main.go
@@ -42,7 +32,7 @@ popd
 CNI_IPAM_DIR="$REPO_ROOT"/cni/ipam/plugin
 pushd "$CNI_IPAM_DIR"
   go build -v -a -trimpath \
-    -o "$OUT_DIR"/bins/azure-vnet-ipam \
+    -o "$OUT_DIR"/bin/azure-vnet-ipam \
     -ldflags "-X main.version="$CNI_VERSION"" \
     -gcflags="-dwarflocationlists=true" \
     ./main.go
@@ -51,7 +41,7 @@ popd
 CNI_IPAMV6_DIR="$REPO_ROOT"/cni/ipam/pluginv6
 pushd "$CNI_IPAMV6_DIR"
   go build -v -a -trimpath \
-    -o "$OUT_DIR"/bins/azure-vnet-ipamv6 
+    -o "$OUT_DIR"/bin/azure-vnet-ipamv6 
     -ldflags "-X main.version="$CNI_VERSION"" \
     -gcflags="-dwarflocationlists=true" \
     ./main.go
@@ -60,7 +50,7 @@ popd
 CNI_TELEMETRY_DIR="$REPO_ROOT"/cni/telemetry/service
 pushd "$CNI_TELEMETRY_DIR"
   go build -v -a -trimpath \
-    -o "$OUT_DIR"/bins/azure-vnet-telemetry \
+    -o "$OUT_DIR"/bin/azure-vnet-telemetry \
     -ldflags "-X main.version="$CNI_VERSION" -X "$CNI_AI_PATH"="$CNI_AI_ID"" \
     -gcflags="-dwarflocationlists=true" \
    ./telemetrymain.go
@@ -73,21 +63,10 @@ pushd "$REPO_ROOT"/cni
   cp azure-$OS-swift-overlay.conflist "$OUT_DIR"/files/azure-swift-overlay.conflist
   cp azure-$OS-swift-overlay-dualstack.conflist "$OUT_DIR"/files/azure-swift-overlay-dualstack.conflist
   cp azure-$OS-multitenancy.conflist "$OUT_DIR"/files/multitenancy.conflist
-  cp ../telemetry/azure-vnet-telemetry.config "$OUT_DIR"/files/azure-vnet-telemetry.config
-  sha256sum * > sum.txt
+  cp "$REPO_ROOT"/telemetry/azure-vnet-telemetry.config "$OUT_DIR"/files/azure-vnet-telemetry.config
+  #sha256sum * > sum.txt
   #gzip --verbose --best --recursive "$OUT_DIR" && for f in *.gz; do mv -- "$f" "${f%%.gz}"; done
 popd
 
-
-mkdir -p "$CNI_TEMP_DIR"
-GOPATH="$CNI_TEMP_DIR" go mod download github.com/azure/azure-container-networking/dropgz@$DROPGZ_VERSION
-
-pushd "$CNI_TEMP_DIR"/pkg/mod/github.com/azure/azure-container-networking/dropgz\@$DROPGZ_VERSION
-  cp "$OUT_DIR"/files/* pkg/embed/fs/
-  cp "$OUT_DIR"/bins/* pkg/embed/fs/
-  go build -a \
-    -o "$OUT_DIR"/bins/dropgz \
-    -ldflags "-X github.com/Azure/azure-container-networking/dropgz/internal/buildinfo.Version="$VERSION"" \
-    -gcflags="-dwarflocationlists=true" \
-    ./main.go
-popd
+# Build with DropGZ
+./dropgz.sh

.pipelines/build/scripts/cns.sh

@@ -6,11 +6,11 @@ export GOARCH=$ARCH
 export CGO_ENABLED=0 
 
 mkdir -p "$OUT_DIR"/files
-mkdir -p "$OUT_DIR"/bins
+mkdir -p "$OUT_DIR"/bin
 
 pushd "$REPO_ROOT"/cns
   go build -v -a \
-    -o "$OUT_DIR"/bins/azure-cns \
+    -o "$OUT_DIR"/bin/azure-cns \
     -ldflags "-X main.version="$CNS_VERSION" -X "$CNS_AI_PATH"="$CNS_AI_ID"" \
     -gcflags="-dwarflocationlists=true" \
     service/*.go

.pipelines/build/scripts/dropgz.sh

@@ -0,0 +1,23 @@
+export GOOS=$OS
+export GOARCH=$ARCH
+export CGO_ENABLED=0 
+
+DROPGZ_VERSION="${DROPGZ_VERSION:-v0.0.12}"
+DROPGZ_BUILD_DIR=$(mktemp -d -p "$GEN_DIR")
+DROPGZ_MOD_DOWNLOAD_PATH=""$ACN_PACKAGE_PATH"/dropgz@"$DROPGZ_VERSION""
+
+mkdir -p "$OUT_DIR"/bin
+mkdir -p "$DROPGZ_BUILD_DIR"
+
+GOPATH="$DROPGZ_BUILD_DIR" \
+  go mod download "$DROPGZ_MOD_DOWNLOAD_PATH"
+
+pushd "$DROPGZ_BUILD_DIR"/pkg/mod/"$DROPGZ_MOD_DOWNLOAD_PATH"
+  [[ -n $(stat "$OUT_DIR"/files 2>/dev/null || true) ]] && cp "$OUT_DIR"/files/* pkg/embed/fs/
+  [[ -n $(stat "$OUT_DIR"/bin 2>/dev/null || true) ]] && cp "$OUT_DIR"/bin/* pkg/embed/fs/
+  go build -v -trimpath -a \
+    -o "$OUT_DIR"/bin/dropgz \
+    -ldflags "-X github.com/Azure/azure-container-networking/dropgz/internal/buildinfo.Version="$DROPGZ_VERSION"" \
+    -gcflags="-dwarflocationlists=true" \
+    main.go
+popd

.pipelines/build/scripts/ipv6-hp-bpf.sh

@@ -1,9 +1,12 @@
 #!/bin/bash
 set -nex
-pwd
-ls -la
 
-mkdir -p "$OUT_DIR"/bins
+export GOOS=$OS
+export GOARCH=$ARCH
+export CGO_ENABLED=0 
+export C_INCLUDE_PATH=/usr/include/bpf
+
+mkdir -p "$OUT_DIR"/bin
 mkdir -p "$OUT_DIR"/lib
 
 # Package up Needed C Files
@@ -48,19 +51,21 @@ cp /lib/"$ARCH"/libbsd.so.0 "$OUT_DIR"/lib/
 cp /lib/"$ARCH"/libmd.so.0 "$OUT_DIR"/lib/
 
 # Add Needed Binararies
-cp /usr/sbin/nft "$OUT_DIR"/bins/nft
-cp /sbin/ip "$OUT_DIR"/bins/ip
+cp /usr/sbin/nft "$OUT_DIR"/bin/nft
+cp /sbin/ip "$OUT_DIR"/bin/ip
 
 
 # Build IPv6 HP BPF
-export C_INCLUDE_PATH=/usr/include/bpf
 pushd "$REPO_ROOT"/bpf-prog/ipv6-hp-bpf
-  cp ./cmd/ipv6-hp-bpf/*.go ./
+  cp ./cmd/ipv6-hp-bpf/*.go .
 
   if [ "$DEBUG" = "true" ]; then 
     echo "\n#define DEBUG" >> ./include/helper.h
   fi
 
-  GOOS=$OS CGO_ENABLED=0 go generate ./...
-  GOOS=$OS CGO_ENABLED=0 go build -a -o "$OUT_DIR"/bins/ipv6-hp-bpf -trimpath -ldflags "-X main.version="$VERSION"" -gcflags="-dwarflocationlists=true" .
+  go generate ./...
+  go build -v -a -trimpath \
+    -o "$OUT_DIR"/bin/ipv6-hp-bpf \
+     -ldflags "-X main.version="$IPV6_HP_BPF_VERSION"" \
+     -gcflags="-dwarflocationlists=true" .
 popd