blob: 7e73347e543112db5ec45a31b670651ebba6d488 [file] [log] [blame]
# Step 1: build all bundled programs built with Bazel
FROM gcr.io/cloud-builders/bazel AS bazel_builder
ARG _BUILD_TOOLS_CACHE
ADD . /workspace
WORKDIR /workspace
RUN bazel build \
--remote_cache=$_BUILD_TOOLS_CACHE \
//src/cmd/cos_customizer:cos_customizer \
//src/cmd/provisioner:provisioner_amd64 \
//src/cmd/provisioner:provisioner_arm64 \
//src/cmd/metadata_watcher:metadata_watcher_amd64 \
//src/cmd/metadata_watcher:metadata_watcher_arm64 \
//src/cmd/handle_disk_layout:handle_disk_layout_bin_amd64 \
//src/cmd/handle_disk_layout:handle_disk_layout_bin_arm64 \
@com_github_googlecloudplatform_docker_credential_gcr//:docker-credential-gcr_amd64 \
@com_github_googlecloudplatform_docker_credential_gcr//:docker-credential-gcr_arm64; \
mkdir -p _out/amd64; \
cp \
$(bazel cquery --output=files //src/cmd/cos_customizer:cos_customizer) \
$(bazel cquery --output=files //src/cmd/provisioner:provisioner_amd64) \
$(bazel cquery --output=files //src/cmd/metadata_watcher:metadata_watcher_amd64) \
$(bazel cquery --output=files //src/cmd/handle_disk_layout:handle_disk_layout_bin_amd64) \
$(bazel cquery --output=files @com_github_googlecloudplatform_docker_credential_gcr//:docker-credential-gcr_amd64) \
_out/amd64; \
mkdir -p _out/arm64; \
cp \
$(bazel cquery --output=files //src/cmd/provisioner:provisioner_arm64) \
$(bazel cquery --output=files //src/cmd/metadata_watcher:metadata_watcher_arm64) \
$(bazel cquery --output=files //src/cmd/handle_disk_layout:handle_disk_layout_bin_arm64) \
$(bazel cquery --output=files @com_github_googlecloudplatform_docker_credential_gcr//:docker-credential-gcr_arm64) \
_out/arm64
# Step 2: build CIDATA and SCRATCH images
FROM debian:bookworm AS cidata_builder
RUN dpkg --add-architecture arm64; apt-get update; \
apt-get install -y --no-install-recommends dosfstools mtools
# Output in /opt/veritysetup_amd64/veritysetup_amd64.tar.gz
RUN mkdir -p /opt/veritysetup_amd64/{root,debs}
WORKDIR /opt/veritysetup_amd64/debs
RUN apt-get download \
coreutils:amd64 \
tar:amd64 \
libacl1:amd64 \
libattr1:amd64 \
libc6:amd64 \
libselinux1:amd64 \
libpcre3:amd64 \
cryptsetup-bin:amd64 \
libblkid1:amd64 \
libcryptsetup12:amd64 \
libpopt0:amd64 \
libuuid1:amd64 \
libdevmapper1.02.1:amd64 \
libgcrypt20:amd64 \
libargon2-1:amd64 \
libjson-c5:amd64 \
libudev1:amd64 \
libssl3:amd64 \
libpcre2-8-0:amd64
WORKDIR /opt/veritysetup_amd64
RUN for f in debs/*.deb; do dpkg-deb --extract $f root; done; \
tar czf veritysetup_amd64.tar.gz -C root .
# Output in /opt/veritysetup_arm64/veritysetup_arm64.tar.gz
RUN mkdir -p /opt/veritysetup_arm64/{root,debs}
WORKDIR /opt/veritysetup_arm64/debs
RUN apt-get download \
coreutils:arm64 \
tar:arm64 \
libacl1:arm64 \
libattr1:arm64 \
libc6:arm64 \
libselinux1:arm64 \
libpcre3:arm64 \
cryptsetup-bin:arm64 \
libblkid1:arm64 \
libcryptsetup12:arm64 \
libpopt0:arm64 \
libuuid1:arm64 \
libdevmapper1.02.1:arm64 \
libgcrypt20:arm64 \
libargon2-1:arm64 \
libjson-c5:arm64 \
libudev1:arm64 \
libssl3:arm64 \
libpcre2-8-0:arm64
WORKDIR /opt/veritysetup_arm64
RUN for f in debs/*.deb; do dpkg-deb --extract $f root; done; \
tar czf veritysetup_arm64.tar.gz -C root .
# Output in /opt/cidata/cidata.img
RUN mkdir -p /opt/cidata/deps
WORKDIR /opt/cidata
COPY --from=bazel_builder /workspace/src/data/startup.yaml deps/user-data
COPY --from=bazel_builder /workspace/_out/amd64 deps/amd64
COPY --from=bazel_builder /workspace/_out/arm64 deps/arm64
RUN mkfs.fat -n CIDATA -S 512 -s 8 -C cidata.img 131072; \
touch meta-data; \
mcopy -i cidata.img deps/user-data ::/user-data; \
mcopy -i cidata.img meta-data ::/meta-data; \
mcopy -i cidata.img deps/amd64/provisioner_amd64 ::/provisioner_amd64; \
mcopy -i cidata.img deps/arm64/provisioner_arm64 ::/provisioner_arm64; \
mcopy -i cidata.img deps/amd64/metadata_watcher_amd64 ::/metadata_watcher_amd64; \
mcopy -i cidata.img deps/arm64/metadata_watcher_arm64 ::/metadata_watcher_arm64; \
mcopy -i cidata.img deps/amd64/docker-credential-gcr_amd64 ::/docker-credential-gcr_amd64; \
mcopy -i cidata.img deps/arm64/docker-credential-gcr_arm64 ::/docker-credential-gcr_arm64; \
mcopy -i cidata.img deps/amd64/handle_disk_layout_bin_amd64 ::/handle_disk_layout_bin_amd64; \
mcopy -i cidata.img deps/arm64/handle_disk_layout_bin_arm64 ::/handle_disk_layout_bin_arm64; \
mcopy -i cidata.img /opt/veritysetup_amd64/veritysetup_amd64.tar.gz ::/veritysetup_amd64.tar.gz; \
mcopy -i cidata.img /opt/veritysetup_arm64/veritysetup_arm64.tar.gz ::/veritysetup_arm64.tar.gz
# Output in /opt/scratch/scratch.img
RUN mkdir -p /opt/scratch
WORKDIR /opt/scratch
RUN fallocate -l 512M scratch.img; \
mkfs.ext4 scratch.img; \
tune2fs -c0 -i0 scratch.img; \
e2label scratch.img SCRATCH
# Step 3: build the cos-customizer container image
FROM gcr.io/compute-image-tools/daisy@sha256:a23774074d5941ed9e25f64ee7e02f96d2f8e09a4d7cee7131b49664267c33c7 AS daisy
FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y --no-install-recommends \
tar \
mtools \
ca-certificates
RUN mkdir -p /tmp; mkdir -p /workspace
COPY --from=bazel_builder /workspace/src/data /data
COPY --from=bazel_builder /workspace/_out/amd64/cos_customizer /cos_customizer
COPY --from=daisy /daisy /daisy
COPY --from=cidata_builder /opt/cidata/cidata.img /cidata.img
COPY --from=cidata_builder /opt/scratch/scratch.img /scratch.img
ENTRYPOINT ["/cos_customizer"]