Skip to content

UPSTREAM: <carry>: Add support for optional prebuilt Go binaries in Dockerfiles #183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

UPSTREAM: <carry>: Add support for optional prebuilt Go binaries in Dockerfiles #183

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
be65398
UPSTREAM: <carry>: Add support for optional prebuilt Go binaries in D…
hbelmiro Jun 17, 2025
a7f37ba
UPSTREAM: <carry>: Moved `dnf clean all` together with `dfn install`
hbelmiro Jun 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 10 additions & 3 deletions backend/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@ FROM registry.access.redhat.com/ubi9/go-toolset:1.23 as builder

USER root

RUN dnf install -y cmake clang openssl
RUN dnf install -y cmake clang openssl \
&& dnf clean all

COPY ${SOURCE_CODE}/go.mod ./
COPY ${SOURCE_CODE}/go.sum ./
Expand All @@ -31,8 +32,14 @@ RUN GO111MODULE=on go mod download
# Copy the source
COPY ${SOURCE_CODE}/ ./

RUN GO111MODULE=on CGO_ENABLED=1 GOEXPERIMENT=strictfipsruntime go build -tags strictfipsruntime -o /bin/apiserver ./backend/src/apiserver/ && \
dnf clean all
# Accept an optional prebuilt Go binary
ARG PREBUILT_BINARY=unset

RUN if [ "$PREBUILT_BINARY" = "unset" ]; then \
GO111MODULE=on CGO_ENABLED=1 GOEXPERIMENT=strictfipsruntime go build -tags strictfipsruntime -o /bin/apiserver ./backend/src/apiserver/ ;\
else \
cp "${PREBUILT_BINARY}" /bin/apiserver ;\
fi

# 2. Compile preloaded pipeline samples
FROM registry.access.redhat.com/ubi9/python-39:9.5 as compiler
Expand Down
9 changes: 8 additions & 1 deletion backend/Dockerfile.driver
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,14 @@ RUN GO111MODULE=on go mod download
# Copy the source
COPY ${SOURCE_CODE}/ ./

RUN GO111MODULE=on CGO_ENABLED=1 GOOS=linux GOARCH=amd64 GOEXPERIMENT=strictfipsruntime go build -tags 'netgo strictfipsruntime' -o /bin/driver ./backend/src/v2/cmd/driver/*.go
ARG PREBUILT_BINARY=unset

# If PREBUILT_BINARY is set, use it; otherwise, build from source
RUN if [ "$PREBUILT_BINARY" = "unset" ]; then \
GO111MODULE=on CGO_ENABLED=1 GOOS=linux GOARCH=amd64 GOEXPERIMENT=strictfipsruntime go build -tags 'netgo strictfipsruntime' -o /bin/driver ./backend/src/v2/cmd/driver/*.go; \
else \
cp ${PREBUILT_BINARY} /bin/driver; \
fi

Comment on lines +39 to 45
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Improve prebuilt-binary copy logic

  • Wrap the path in quotes: cp "${PREBUILT_BINARY}" /bin/driver
  • Pre-check with [ -f "$PREBUILT_BINARY" ] to fail fast with a clear error if missing.
🤖 Prompt for AI Agents 
In backend/Dockerfile.driver around lines 39 to 45, the copy command for the
prebuilt binary should be improved by wrapping the PREBUILT_BINARY variable in
quotes to handle paths with spaces, and adding a pre-check using [ -f
"$PREBUILT_BINARY" ] to verify the file exists before copying. If the file is
missing, the build should fail immediately with a clear error message. Update
the RUN command to include these checks and quoted variable usage.

FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5

Expand Down
12 changes: 10 additions & 2 deletions backend/Dockerfile.launcher
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,16 @@ RUN GO111MODULE=on go mod download
# Copy the source
COPY ${SOURCE_CODE}/ ./

RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -tags netgo -ldflags '-extldflags "-static"' -o /bin/launcher-v2 ./backend/src/v2/cmd/launcher-v2/*.go
RUN GO111MODULE=on CGO_ENABLED=1 GOOS=linux GOARCH=amd64 GOEXPERIMENT=strictfipsruntime go build -tags 'netgo strictfipsruntime' -o /bin/launcher-v2-fips ./backend/src/v2/cmd/launcher-v2/*.go
# Accept an optional prebuilt Go binary
ARG PREBUILT_BINARY=unset

RUN if [ "$PREBUILT_BINARY" = "unset" ]; then \
GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -tags netgo -ldflags '-extldflags "-static"' -o /bin/launcher-v2 ./backend/src/v2/cmd/launcher-v2/*.go && \
GO111MODULE=on CGO_ENABLED=1 GOOS=linux GOARCH=amd64 GOEXPERIMENT=strictfipsruntime go build -tags 'netgo strictfipsruntime' -o /bin/launcher-v2-fips ./backend/src/v2/cmd/launcher-v2/*.go ;\
else \
cp "${PREBUILT_BINARY}" /bin/launcher-v2 && \
cp "${PREBUILT_BINARY}" /bin/launcher-v2-fips ;\
fi
Comment on lines +42 to +48
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add explicit existence check and clear error for the prebuilt binary
Relying on cp alone yields a generic failure if the path is wrong. To improve diagnostics, wrap the copy in a file‐test, for example:

if [ -f "$PREBUILT_BINARY" ]; then \
  cp "$PREBUILT_BINARY" /bin/launcher-v2 && cp "$PREBUILT_BINARY" /bin/launcher-v2-fips; \
else \
  echo "Error: PREBUILT_BINARY '$PREBUILT_BINARY' not found" >&2; exit 1; \
fi
🤖 Prompt for AI Agents 
In backend/Dockerfile.launcher around lines 42 to 48, the current script copies
the prebuilt binary without checking if the file exists, causing unclear errors
if the path is wrong. Modify the else block to first check if the file at
PREBUILT_BINARY exists using a file test. If it exists, proceed with copying to
/bin/launcher-v2 and /bin/launcher-v2-fips; if not, output a clear error message
to stderr and exit with status 1 to improve diagnostics.


FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5

Expand Down
10 changes: 9 additions & 1 deletion backend/Dockerfile.persistenceagent
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,15 @@ RUN GO111MODULE=on go mod download
# Copy the source
COPY ${SOURCE_CODE}/ ./

RUN GO111MODULE=on CGO_ENABLED=1 GOEXPERIMENT=strictfipsruntime go build -tags strictfipsruntime -o /bin/persistence_agent backend/src/agent/persistence/*.go
# Accept an optional prebuilt Go binary
ARG PREBUILT_BINARY=unset

# If PREBUILT_BINARY is set, use it; otherwise, build from source
RUN if [ "$PREBUILT_BINARY" = "unset" ]; then \
GO111MODULE=on CGO_ENABLED=1 GOEXPERIMENT=strictfipsruntime go build -tags strictfipsruntime -o /bin/persistence_agent backend/src/agent/persistence/*.go; \
else \
cp ${PREBUILT_BINARY} /bin/persistence_agent; \
fi

Comment on lines +41 to 47
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Robustify the prebuilt-binary copy step

  • Quote the argument: cp "${PREBUILT_BINARY}" /bin/persistence_agent
  • Add an existence check to emit a clear “file not found” error before attempting the copy.
🤖 Prompt for AI Agents 
In backend/Dockerfile.persistenceagent around lines 41 to 47, the cp command
copying the prebuilt binary should quote the variable to handle paths with
spaces by using cp "${PREBUILT_BINARY}" /bin/persistence_agent. Additionally,
add a check before the copy to verify the file exists, and if not, output a
clear error message and exit to prevent silent failures.

FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5
WORKDIR /bin
Expand Down
10 changes: 9 additions & 1 deletion backend/Dockerfile.scheduledworkflow
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,15 @@ RUN GO111MODULE=on go mod download
# Copy the source
COPY ${SOURCE_CODE}/ ./

RUN GO111MODULE=on CGO_ENABLED=1 GOEXPERIMENT=strictfipsruntime go build -tags strictfipsruntime -o /bin/controller backend/src/crd/controller/scheduledworkflow/*.go
# Accept an optional prebuilt Go binary
ARG PREBUILT_BINARY=unset

# If PREBUILT_BINARY is set, use it; otherwise, build from source
RUN if [ "$PREBUILT_BINARY" = "unset" ]; then \
GO111MODULE=on CGO_ENABLED=1 GOEXPERIMENT=strictfipsruntime go build -tags strictfipsruntime -o /bin/controller backend/src/crd/controller/scheduledworkflow/*.go; \
else \
cp ${PREBUILT_BINARY} /bin/controller; \
fi

Comment on lines +47 to 52
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Strengthen the prebuilt-binary copy step

  • Quote the path to handle spaces:
    cp "${PREBUILT_BINARY}" /bin/controller
  • Add a [ -f ] test before cp to surface a clear “file not found” error instead of a cryptic cp failure.
🤖 Prompt for AI Agents 
In backend/Dockerfile.scheduledworkflow around lines 47 to 52, the prebuilt
binary copy step should be improved by quoting the PREBUILT_BINARY variable to
handle paths with spaces and adding a file existence check before copying.
Modify the else branch to first test if the file exists using [ -f
"${PREBUILT_BINARY}" ] and if not, output a clear error message and exit; if it
exists, then copy it with cp "${PREBUILT_BINARY}" /bin/controller.

FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5
WORKDIR /bin
Expand Down
Loading