1# syntax=docker/dockerfile:1
2
3ARG GO_VERSION=1.20.6
4ARG XX_VERSION=1.2.1
5ARG OSXCROSS_VERSION=11.3-r7-debian
6ARG GOLANGCI_LINT_VERSION=v1.51.1
7ARG DEBIAN_FRONTEND=noninteractive
8
9ARG PACKAGE=github.com/docker/docker-credential-helpers
10
11# xx is a helper for cross-compilation
12FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
13
14# osxcross contains the MacOSX cross toolchain for xx
15FROM crazymax/osxcross:${OSXCROSS_VERSION} AS osxcross
16
17FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-bullseye AS gobase
18COPY --from=xx / /
19ARG DEBIAN_FRONTEND
20RUN apt-get update && apt-get install -y --no-install-recommends clang dpkg-dev file git lld llvm make pkg-config rsync
21ENV GOFLAGS="-mod=vendor"
22ENV CGO_ENABLED="1"
23WORKDIR /src
24
25FROM gobase AS vendored
26RUN --mount=target=/context \
27 --mount=target=.,type=tmpfs \
28 --mount=target=/go/pkg/mod,type=cache <<EOT
29 set -e
30 rsync -a /context/. .
31 go mod tidy
32 go mod vendor
33 mkdir /out
34 cp -r go.mod go.sum vendor /out
35EOT
36
37FROM scratch AS vendor-update
38COPY --from=vendored /out /
39
40FROM vendored AS vendor-validate
41RUN --mount=target=/context \
42 --mount=target=.,type=tmpfs <<EOT
43 set -e
44 rsync -a /context/. .
45 git add -A
46 rm -rf vendor
47 cp -rf /out/* .
48 if [ -n "$(git status --porcelain -- go.mod go.sum vendor)" ]; then
49 echo >&2 'ERROR: Vendor result differs. Please vendor your package with "make vendor"'
50 git status --porcelain -- go.mod go.sum vendor
51 exit 1
52 fi
53EOT
54
55FROM golangci/golangci-lint:${GOLANGCI_LINT_VERSION} AS golangci-lint
56FROM gobase AS lint
57ARG DEBIAN_FRONTEND
58RUN apt-get install -y binutils gcc libc6-dev libgcc-10-dev libsecret-1-dev pkg-config
59RUN --mount=type=bind,target=. \
60 --mount=type=cache,target=/root/.cache \
61 --mount=from=golangci-lint,source=/usr/bin/golangci-lint,target=/usr/bin/golangci-lint \
62 golangci-lint run ./...
63
64FROM gobase AS base
65ARG TARGETPLATFORM
66ARG DEBIAN_FRONTEND
67RUN xx-apt-get install -y binutils gcc libc6-dev libgcc-10-dev libsecret-1-dev pkg-config
68
69FROM base AS test
70ARG DEBIAN_FRONTEND
71RUN xx-apt-get install -y dbus-x11 gnome-keyring gpg-agent gpgconf libsecret-1-dev pass
72RUN --mount=type=bind,target=. \
73 --mount=type=cache,target=/root/.cache \
74 --mount=type=cache,target=/go/pkg/mod <<EOT
75 set -e
76 cp -r .github/workflows/fixtures /root/.gnupg
77 gpg-connect-agent "RELOADAGENT" /bye
78 gpg --import --batch --yes /root/.gnupg/7D851EB72D73BDA0.key
79 gpg --update-trustdb
80 echo '5\ny\n' | gpg --command-fd 0 --no-tty --edit-key 7D851EB72D73BDA0 trust
81 gpg-connect-agent "PRESET_PASSPHRASE 3E2D1142AA59E08E16B7E2C64BA6DDC773B1A627 -1 77697468207374757069642070617373706872617365" /bye
82 gpg-connect-agent "KEYINFO 3E2D1142AA59E08E16B7E2C64BA6DDC773B1A627" /bye
83 gpg-connect-agent "PRESET_PASSPHRASE BA83FC8947213477F28ADC019F6564A956456163 -1 77697468207374757069642070617373706872617365" /bye
84 gpg-connect-agent "KEYINFO BA83FC8947213477F28ADC019F6564A956456163" /bye
85 pass init 7D851EB72D73BDA0
86 gpg -k
87
88 mkdir /out
89 xx-go --wrap
90 make test COVERAGEDIR=/out
91EOT
92
93FROM scratch AS test-coverage
94COPY --from=test /out /
95
96FROM gobase AS version
97RUN --mount=target=. \
98 echo -n "$(./hack/git-meta version)" | tee /tmp/.version ; echo -n "$(./hack/git-meta revision)" | tee /tmp/.revision
99
100FROM base AS build-linux
101ARG PACKAGE
102RUN --mount=type=bind,target=. \
103 --mount=type=cache,target=/root/.cache \
104 --mount=type=cache,target=/go/pkg/mod \
105 --mount=type=bind,source=/tmp/.version,target=/tmp/.version,from=version \
106 --mount=type=bind,source=/tmp/.revision,target=/tmp/.revision,from=version <<EOT
107 set -ex
108 xx-go --wrap
109 make build-pass build-secretservice PACKAGE=$PACKAGE VERSION=$(cat /tmp/.version) REVISION=$(cat /tmp/.revision) DESTDIR=/out
110 xx-verify /out/docker-credential-pass
111 xx-verify /out/docker-credential-secretservice
112EOT
113
114FROM base AS build-darwin
115ARG PACKAGE
116RUN --mount=type=bind,target=. \
117 --mount=type=cache,target=/root/.cache \
118 --mount=type=cache,target=/go/pkg/mod \
119 --mount=type=bind,from=osxcross,src=/osxsdk,target=/xx-sdk \
120 --mount=type=bind,source=/tmp/.version,target=/tmp/.version,from=version \
121 --mount=type=bind,source=/tmp/.revision,target=/tmp/.revision,from=version <<EOT
122 set -ex
123 export MACOSX_VERSION_MIN=$(make print-MACOSX_DEPLOYMENT_TARGET)
124 xx-go --wrap
125 go install std
126 make build-osxkeychain build-pass PACKAGE=$PACKAGE VERSION=$(cat /tmp/.version) REVISION=$(cat /tmp/.revision) DESTDIR=/out
127 xx-verify /out/docker-credential-osxkeychain
128 xx-verify /out/docker-credential-pass
129EOT
130
131FROM base AS build-windows
132ARG PACKAGE
133RUN --mount=type=bind,target=. \
134 --mount=type=cache,target=/root/.cache \
135 --mount=type=cache,target=/go/pkg/mod \
136 --mount=type=bind,source=/tmp/.version,target=/tmp/.version,from=version \
137 --mount=type=bind,source=/tmp/.revision,target=/tmp/.revision,from=version <<EOT
138 set -ex
139 xx-go --wrap
140 make build-wincred PACKAGE=$PACKAGE VERSION=$(cat /tmp/.version) REVISION=$(cat /tmp/.revision) DESTDIR=/out
141 mv /out/docker-credential-wincred /out/docker-credential-wincred.exe
142 xx-verify /out/docker-credential-wincred.exe
143EOT
144
145FROM build-$TARGETOS AS build
146
147FROM scratch AS binaries
148COPY --from=build /out /
149
150FROM --platform=$BUILDPLATFORM alpine AS releaser
151WORKDIR /work
152ARG TARGETOS
153ARG TARGETARCH
154ARG TARGETVARIANT
155RUN --mount=from=binaries \
156 --mount=type=bind,source=/tmp/.version,target=/tmp/.version,from=version <<EOT
157 set -e
158 mkdir /out
159 version="$(cat /tmp/.version)"
160 [ "$TARGETOS" = "windows" ] && ext=".exe"
161 for f in *; do
162 cp "$f" "/out/${f%.*}-${version}.${TARGETOS}-${TARGETARCH}${TARGETVARIANT}${ext}"
163 done
164EOT
165
166FROM scratch AS release
167COPY --from=releaser /out/ /
168
169FROM binaries
View as plain text