From be65398d4b2a415201331a475b63f5084a83cc11 Mon Sep 17 00:00:00 2001 From: Helber Belmiro Date: Tue, 17 Jun 2025 13:02:38 -0300 Subject: [PATCH 1/2] UPSTREAM: : Add support for optional prebuilt Go binaries in Dockerfiles Signed-off-by: Helber Belmiro --- backend/Dockerfile | 11 +++++++++-- backend/Dockerfile.driver | 9 ++++++++- backend/Dockerfile.launcher | 12 ++++++++++-- backend/Dockerfile.persistenceagent | 10 +++++++++- backend/Dockerfile.scheduledworkflow | 10 +++++++++- 5 files changed, 45 insertions(+), 7 deletions(-) diff --git a/backend/Dockerfile b/backend/Dockerfile index c61c3510c70..d2dcce2ac4f 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -31,8 +31,15 @@ RUN GO111MODULE=on go mod download # Copy the source COPY ${SOURCE_CODE}/ ./ -RUN GO111MODULE=on CGO_ENABLED=1 GOEXPERIMENT=strictfipsruntime go build -tags strictfipsruntime -o /bin/apiserver ./backend/src/apiserver/ && \ - dnf clean all +# Accept an optional prebuilt Go binary +ARG PREBUILT_BINARY=unset + +RUN if [ "$PREBUILT_BINARY" = "unset" ]; then \ + GO111MODULE=on CGO_ENABLED=1 GOEXPERIMENT=strictfipsruntime go build -tags strictfipsruntime -o /bin/apiserver ./backend/src/apiserver/ ;\ + else \ + cp "${PREBUILT_BINARY}" /bin/apiserver ;\ + fi \ + && dnf clean all # 2. Compile preloaded pipeline samples FROM registry.access.redhat.com/ubi9/python-39:9.5 as compiler diff --git a/backend/Dockerfile.driver b/backend/Dockerfile.driver index c903f713144..3de7f4e37c4 100644 --- a/backend/Dockerfile.driver +++ b/backend/Dockerfile.driver @@ -34,7 +34,14 @@ RUN GO111MODULE=on go mod download # Copy the source COPY ${SOURCE_CODE}/ ./ -RUN GO111MODULE=on CGO_ENABLED=1 GOOS=linux GOARCH=amd64 GOEXPERIMENT=strictfipsruntime go build -tags 'netgo strictfipsruntime' -o /bin/driver ./backend/src/v2/cmd/driver/*.go +ARG PREBUILT_BINARY=unset + +# If PREBUILT_BINARY is set, use it; otherwise, build from source +RUN if [ "$PREBUILT_BINARY" = "unset" ]; then \ + GO111MODULE=on CGO_ENABLED=1 GOOS=linux GOARCH=amd64 GOEXPERIMENT=strictfipsruntime go build -tags 'netgo strictfipsruntime' -o /bin/driver ./backend/src/v2/cmd/driver/*.go; \ + else \ + cp ${PREBUILT_BINARY} /bin/driver; \ + fi FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5 diff --git a/backend/Dockerfile.launcher b/backend/Dockerfile.launcher index 8db3e46a0c1..be572306b64 100644 --- a/backend/Dockerfile.launcher +++ b/backend/Dockerfile.launcher @@ -36,8 +36,16 @@ RUN GO111MODULE=on go mod download # Copy the source COPY ${SOURCE_CODE}/ ./ -RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -tags netgo -ldflags '-extldflags "-static"' -o /bin/launcher-v2 ./backend/src/v2/cmd/launcher-v2/*.go -RUN GO111MODULE=on CGO_ENABLED=1 GOOS=linux GOARCH=amd64 GOEXPERIMENT=strictfipsruntime go build -tags 'netgo strictfipsruntime' -o /bin/launcher-v2-fips ./backend/src/v2/cmd/launcher-v2/*.go +# Accept an optional prebuilt Go binary +ARG PREBUILT_BINARY=unset + +RUN if [ "$PREBUILT_BINARY" = "unset" ]; then \ + GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -tags netgo -ldflags '-extldflags "-static"' -o /bin/launcher-v2 ./backend/src/v2/cmd/launcher-v2/*.go && \ + GO111MODULE=on CGO_ENABLED=1 GOOS=linux GOARCH=amd64 GOEXPERIMENT=strictfipsruntime go build -tags 'netgo strictfipsruntime' -o /bin/launcher-v2-fips ./backend/src/v2/cmd/launcher-v2/*.go ;\ + else \ + cp "${PREBUILT_BINARY}" /bin/launcher-v2 && \ + cp "${PREBUILT_BINARY}" /bin/launcher-v2-fips ;\ + fi FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5 diff --git a/backend/Dockerfile.persistenceagent b/backend/Dockerfile.persistenceagent index afa82fe00db..ace74bb926c 100644 --- a/backend/Dockerfile.persistenceagent +++ b/backend/Dockerfile.persistenceagent @@ -35,7 +35,15 @@ RUN GO111MODULE=on go mod download # Copy the source COPY ${SOURCE_CODE}/ ./ -RUN GO111MODULE=on CGO_ENABLED=1 GOEXPERIMENT=strictfipsruntime go build -tags strictfipsruntime -o /bin/persistence_agent backend/src/agent/persistence/*.go +# Accept an optional prebuilt Go binary +ARG PREBUILT_BINARY=unset + +# If PREBUILT_BINARY is set, use it; otherwise, build from source +RUN if [ "$PREBUILT_BINARY" = "unset" ]; then \ + GO111MODULE=on CGO_ENABLED=1 GOEXPERIMENT=strictfipsruntime go build -tags strictfipsruntime -o /bin/persistence_agent backend/src/agent/persistence/*.go; \ + else \ + cp ${PREBUILT_BINARY} /bin/persistence_agent; \ + fi FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5 WORKDIR /bin diff --git a/backend/Dockerfile.scheduledworkflow b/backend/Dockerfile.scheduledworkflow index e57ffecc74e..bbf931a310d 100644 --- a/backend/Dockerfile.scheduledworkflow +++ b/backend/Dockerfile.scheduledworkflow @@ -40,7 +40,15 @@ RUN GO111MODULE=on go mod download # Copy the source COPY ${SOURCE_CODE}/ ./ -RUN GO111MODULE=on CGO_ENABLED=1 GOEXPERIMENT=strictfipsruntime go build -tags strictfipsruntime -o /bin/controller backend/src/crd/controller/scheduledworkflow/*.go +# Accept an optional prebuilt Go binary +ARG PREBUILT_BINARY=unset + +# If PREBUILT_BINARY is set, use it; otherwise, build from source +RUN if [ "$PREBUILT_BINARY" = "unset" ]; then \ + GO111MODULE=on CGO_ENABLED=1 GOEXPERIMENT=strictfipsruntime go build -tags strictfipsruntime -o /bin/controller backend/src/crd/controller/scheduledworkflow/*.go; \ + else \ + cp ${PREBUILT_BINARY} /bin/controller; \ + fi FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5 WORKDIR /bin From a7f37ba9e8c104c84632a677ebd57907969fa951 Mon Sep 17 00:00:00 2001 From: Helber Belmiro Date: Mon, 23 Jun 2025 09:20:22 -0300 Subject: [PATCH 2/2] UPSTREAM: : Moved `dnf clean all` together with `dfn install` Signed-off-by: Helber Belmiro --- backend/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/Dockerfile b/backend/Dockerfile index d2dcce2ac4f..6760174a064 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -19,7 +19,8 @@ FROM registry.access.redhat.com/ubi9/go-toolset:1.23 as builder USER root -RUN dnf install -y cmake clang openssl +RUN dnf install -y cmake clang openssl \ + && dnf clean all COPY ${SOURCE_CODE}/go.mod ./ COPY ${SOURCE_CODE}/go.sum ./ @@ -38,8 +39,7 @@ RUN if [ "$PREBUILT_BINARY" = "unset" ]; then \ GO111MODULE=on CGO_ENABLED=1 GOEXPERIMENT=strictfipsruntime go build -tags strictfipsruntime -o /bin/apiserver ./backend/src/apiserver/ ;\ else \ cp "${PREBUILT_BINARY}" /bin/apiserver ;\ - fi \ - && dnf clean all + fi # 2. Compile preloaded pipeline samples FROM registry.access.redhat.com/ubi9/python-39:9.5 as compiler