Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: enable cgo and use google buildbase #81

Merged
merged 1 commit into from
Mar 29, 2024
Merged

chore: enable cgo and use google buildbase #81

merged 1 commit into from
Mar 29, 2024

Conversation

pintohutch
Copy link
Collaborator

@pintohutch pintohutch commented Mar 21, 2024
edited
Loading

cgo needs to be enabled to link against boringcrypto, so we add that
here.

In addition, we use the google-go.pkg.dev/golang image as the Go
buildbase to ensure build-time requirements, like boringcrypto, are
enabled.

We also use gke.gcr.io/gke-distroless/libc as our runtime image.

We add the "cryp/tls/fipsonly" import to ensure boringcrypto is
linking properly at build time. We guard this with a build tag
"boring" in a dedicated file.

Finally, we move away from promu in our Dockerfile as it was not obvious
how to pass a go build tag through just in the Docker case. We remove
amtool from the image, as its not intended to be used. This involved
mimicing a lot of what we do in the Prometheus fork's Dockerfile.

@pintohutch pintohutch force-pushed the pintohutch/release-0.25.1-gmp branch 3 times, most recently from 2f8826d to 70e2348 Compare March 21, 2024 21:46
@pintohutch pintohutch requested a review from bernot-dev March 21, 2024 22:03
bernot-dev
bernot-dev reviewed Mar 21, 2024
View reviewed changes
Dockerfile Outdated Show resolved Hide resolved
@pintohutch
chore: enable cgo and use google buildbase
e4ec7f4 
cgo needs to be enabled to link against boringcrypto, so we add that
here.

In addition, we use the google-go.pkg.dev/golang image as the Go
buildbase to ensure build-time requirements, like boringcrypto, are
enabled.

We also use gke.gcr.io/gke-distroless/libc as our runtime image.

We add the "cryp/tls/fipsonly" import to ensure boringcrypto is
linking properly at build time. We guard this with a build tag
"boring" in a dedicated file.

Finally, we move away from promu in our Dockerfile as it was not obvious
how to pass a go build tag through just in the Docker case. We remove
amtool from the image, as its not intended to be used. This involved
mimicing a lot of what we do in the Prometheus fork's Dockerfile.

Signed-off-by: Daniel Clark <danielclark@google.com>
@pintohutch pintohutch force-pushed the pintohutch/release-0.25.1-gmp branch from 432f9c8 to e4ec7f4 Compare March 21, 2024 23:16
@pintohutch pintohutch merged commit 115d36a into release-0.25.1-gmp Mar 29, 2024
7 of 9 checks passed
@pintohutch pintohutch deleted the pintohutch/release-0.25.1-gmp branch March 29, 2024 15:10
This was referenced Jul 16, 2024
Open
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bernot-dev bernot-dev bernot-dev left review comments

@TheSpiritXIII TheSpiritXIII TheSpiritXIII approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pintohutch @TheSpiritXIII @bernot-dev