diff --git a/docker/buildx/centos/Dockerfile b/docker/buildx/centos/Dockerfile index b7e822fac672..f5bbd15ad6da 100644 --- a/docker/buildx/centos/Dockerfile +++ b/docker/buildx/centos/Dockerfile @@ -1,10 +1,10 @@ -FROM centos:7 as builder +FROM centos:7 AS builder ARG CARGO_PROFILE ARG FEATURES ARG OUTPUT_DIR -ENV LANG en_US.utf8 +ENV LANG=en_US.utf8 WORKDIR /greptimedb # Install dependencies @@ -22,7 +22,7 @@ RUN unzip protoc-3.15.8-linux-x86_64.zip -d /usr/local/ # Install Rust SHELL ["/bin/bash", "-c"] RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --no-modify-path --default-toolchain none -y -ENV PATH /usr/local/bin:/root/.cargo/bin/:$PATH +ENV PATH=/usr/local/bin:/root/.cargo/bin/:$PATH # Build the project in release mode. RUN --mount=target=.,rw \ @@ -33,7 +33,7 @@ RUN --mount=target=.,rw \ TARGET_DIR=/out/target # Export the binary to the clean image. -FROM centos:7 as base +FROM centos:7 AS base ARG OUTPUT_DIR @@ -45,7 +45,7 @@ RUN yum install -y epel-release \ WORKDIR /greptime COPY --from=builder /out/target/${OUTPUT_DIR}/greptime /greptime/bin/ -ENV PATH /greptime/bin/:$PATH +ENV PATH=/greptime/bin/:$PATH ENV MALLOC_CONF="prof:true,prof_active:false" diff --git a/docker/buildx/distroless/Dockerfile b/docker/buildx/distroless/Dockerfile new file mode 100644 index 000000000000..b0f3af33e8a7 --- /dev/null +++ b/docker/buildx/distroless/Dockerfile @@ -0,0 +1,65 @@ +FROM ubuntu:22.04 AS builder + +ARG CARGO_PROFILE +ARG FEATURES +ARG OUTPUT_DIR + +ENV LANG=en_US.utf8 +WORKDIR /greptimedb + +RUN apt-get update && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common + +# Install dependencies. +RUN --mount=type=cache,target=/var/cache/apt \ + apt-get update && apt-get install -y \ + libssl-dev \ + protobuf-compiler \ + curl \ + git \ + build-essential \ + pkg-config + +# Install Rust. +SHELL ["/bin/bash", "-c"] +RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --no-modify-path --default-toolchain none -y +ENV PATH=/root/.cargo/bin/:$PATH + +# Build the project in release mode. +RUN --mount=target=. \ + --mount=type=cache,target=/root/.cargo/registry \ + make build \ + CARGO_PROFILE=${CARGO_PROFILE} \ + FEATURES=${FEATURES} \ + TARGET_DIR=/out/target + +FROM ubuntu:22.04 AS libs + +ARG TARGETARCH + +# Copy required library dependencies based on architecture +RUN if [ "$TARGETARCH" = "amd64" ]; then \ + cp /lib/x86_64-linux-gnu/libz.so.1.2.11 /lib/x86_64-linux-gnu/libz.so.1; \ + elif [ "$TARGETARCH" = "arm64" ]; then \ + cp /lib/aarch64-linux-gnu/libz.so.1.2.11 /lib/aarch64-linux-gnu/libz.so.1; \ + else \ + echo "Unsupported architecture: $TARGETARCH" && exit 1; \ + fi + +# Export the binary to the clean distroless image. +FROM gcr.io/distroless/cc-debian12:latest AS base + +ARG OUTPUT_DIR +ARG TARGETARCH + +# Copy required library dependencies +COPY --from=libs /lib /lib +COPY --from=busybox:stable /bin/busybox /bin/busybox + +WORKDIR /greptime +COPY --from=builder /out/target/${OUTPUT_DIR}/greptime /greptime/bin/greptime +ENV PATH=/greptime/bin/:$PATH + +ENV MALLOC_CONF="prof:true,prof_active:false" + +ENTRYPOINT ["greptime"] diff --git a/docker/buildx/ubuntu/Dockerfile b/docker/buildx/ubuntu/Dockerfile index 6306e0468852..b6dc386da494 100644 --- a/docker/buildx/ubuntu/Dockerfile +++ b/docker/buildx/ubuntu/Dockerfile @@ -1,10 +1,10 @@ -FROM ubuntu:22.04 as builder +FROM ubuntu:22.04 AS builder ARG CARGO_PROFILE ARG FEATURES ARG OUTPUT_DIR -ENV LANG en_US.utf8 +ENV LANG=en_US.utf8 WORKDIR /greptimedb RUN apt-get update && \ @@ -23,7 +23,7 @@ RUN --mount=type=cache,target=/var/cache/apt \ # Install Rust. SHELL ["/bin/bash", "-c"] RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --no-modify-path --default-toolchain none -y -ENV PATH /root/.cargo/bin/:$PATH +ENV PATH=/root/.cargo/bin/:$PATH # Build the project in release mode. RUN --mount=target=. \ @@ -35,7 +35,7 @@ RUN --mount=target=. \ # Export the binary to the clean image. # TODO(zyy17): Maybe should use the more secure container image. -FROM ubuntu:22.04 as base +FROM ubuntu:22.04 AS base ARG OUTPUT_DIR @@ -45,7 +45,7 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get \ WORKDIR /greptime COPY --from=builder /out/target/${OUTPUT_DIR}/greptime /greptime/bin/ -ENV PATH /greptime/bin/:$PATH +ENV PATH=/greptime/bin/:$PATH ENV MALLOC_CONF="prof:true,prof_active:false" diff --git a/docker/ci/centos/Dockerfile b/docker/ci/centos/Dockerfile index 480f2196b24d..67efadd7dc68 100644 --- a/docker/ci/centos/Dockerfile +++ b/docker/ci/centos/Dockerfile @@ -13,7 +13,7 @@ ARG TARGETARCH ADD $TARGETARCH/greptime /greptime/bin/ -ENV PATH /greptime/bin/:$PATH +ENV PATH=/greptime/bin/:$PATH ENV MALLOC_CONF="prof:true,prof_active:false" diff --git a/docker/ci/distroless/Dockerfile b/docker/ci/distroless/Dockerfile new file mode 100644 index 000000000000..f5e7ebd88eec --- /dev/null +++ b/docker/ci/distroless/Dockerfile @@ -0,0 +1,40 @@ +FROM ubuntu:22.04 AS libs + +ARG TARGETARCH + +# Copy required library dependencies based on architecture +# TARGETARCH values: amd64, arm64 +# Ubuntu library paths: x86_64-linux-gnu, aarch64-linux-gnu +RUN if [ "$TARGETARCH" = "amd64" ]; then \ + mkdir -p /output/x86_64-linux-gnu && \ + cp /lib/x86_64-linux-gnu/libz.so.1.2.11 /output/x86_64-linux-gnu/libz.so.1; \ + elif [ "$TARGETARCH" = "arm64" ]; then \ + mkdir -p /output/aarch64-linux-gnu && \ + cp /lib/aarch64-linux-gnu/libz.so.1.2.11 /output/aarch64-linux-gnu/libz.so.1; \ + else \ + echo "Unsupported architecture: $TARGETARCH" && exit 1; \ + fi + +FROM gcr.io/distroless/cc-debian12:latest + +# The root path under which contains all the dependencies to build this Dockerfile. +ARG DOCKER_BUILD_ROOT=. +# The binary name of GreptimeDB executable. +# Defaults to "greptime", but sometimes in other projects it might be different. +ARG TARGET_BIN=greptime + +ARG TARGETARCH + +# Copy required library dependencies +COPY --from=libs /output /lib +COPY --from=busybox:stable /bin/busybox /bin/busybox + +ADD $TARGETARCH/$TARGET_BIN /greptime/bin/ + +ENV PATH=/greptime/bin/:$PATH + +ENV TARGET_BIN=$TARGET_BIN + +ENV MALLOC_CONF="prof:true,prof_active:false" + +ENTRYPOINT ["greptime"] diff --git a/docker/ci/ubuntu/Dockerfile b/docker/ci/ubuntu/Dockerfile index 046fd62972fc..c1a88e02c8ba 100644 --- a/docker/ci/ubuntu/Dockerfile +++ b/docker/ci/ubuntu/Dockerfile @@ -14,7 +14,7 @@ ARG TARGETARCH ADD $TARGETARCH/$TARGET_BIN /greptime/bin/ -ENV PATH /greptime/bin/:$PATH +ENV PATH=/greptime/bin/:$PATH ENV TARGET_BIN=$TARGET_BIN