From ac04d3c99fdf226f8a5a49a49747a928b2418259 Mon Sep 17 00:00:00 2001 From: Stephan Renatus Date: Mon, 31 May 2021 10:26:08 +0200 Subject: [PATCH 1/3] build: add static (wasm-disabled) linux build Fixes #3499. Signed-off-by: Stephan Renatus --- .github/workflows/post-merge.yaml | 2 +- .github/workflows/post-tag.yaml | 2 +- .github/workflows/pull-request.yaml | 2 +- Dockerfile | 4 ++-- Makefile | 24 +++++++++++++++++++----- 5 files changed, 24 insertions(+), 10 deletions(-) diff --git a/.github/workflows/post-merge.yaml b/.github/workflows/post-merge.yaml index bd0117d463..e201dd807d 100644 --- a/.github/workflows/post-merge.yaml +++ b/.github/workflows/post-merge.yaml @@ -66,7 +66,7 @@ jobs: uses: actions/checkout@v2 - name: Build Linux and Windows - run: make ci-go-ci-build-linux ci-go-ci-build-windows + run: make ci-go-ci-build-linux ci-go-build-linux-static ci-go-ci-build-windows timeout-minutes: 30 env: TELEMETRY_URL: ${{ secrets.TELEMETRY_URL }} diff --git a/.github/workflows/post-tag.yaml b/.github/workflows/post-tag.yaml index 40328e9b56..3fd44c14e0 100644 --- a/.github/workflows/post-tag.yaml +++ b/.github/workflows/post-tag.yaml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v2 - name: Build Linux and Windows - run: make ci-go-ci-build-linux ci-go-ci-build-windows + run: make ci-go-ci-build-linux ci-go-ci-build-linux-static ci-go-ci-build-windows timeout-minutes: 30 env: TELEMETRY_URL: ${{ secrets.TELEMETRY_URL }} diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml index 92afef3d8c..eb15b0dc76 100644 --- a/.github/workflows/pull-request.yaml +++ b/.github/workflows/pull-request.yaml @@ -14,7 +14,7 @@ jobs: uses: actions/checkout@v2 - name: Build Linux - run: make ci-go-ci-build-linux + run: make ci-go-ci-build-linux ci-go-ci-build-linux-static timeout-minutes: 30 - name: Upload binaries diff --git a/Dockerfile b/Dockerfile index 0c73f264b5..097f95c752 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,8 +18,8 @@ MAINTAINER Torin Sandall # _Something_ needs to be between the two COPY steps. USER ${USER} -ARG BIN_DIR=. -COPY ${BIN_DIR}/opa_linux_amd64 /opa +ARG BIN=./opa_linux_amd64 +COPY ${BIN} /opa ENTRYPOINT ["/opa"] CMD ["run"] diff --git a/Makefile b/Makefile index 15c94ef284..60d2507e65 100644 --- a/Makefile +++ b/Makefile @@ -263,6 +263,12 @@ ci-build-linux: ensure-release-dir chmod +x opa_linux_$(GOARCH) mv opa_linux_$(GOARCH) $(RELEASE_DIR)/ +.PHONY: ci-build-linux-static +ci-build-linux-static: ensure-release-dir + @$(MAKE) build GOOS=linux WASM_ENABLED=0 CGO_ENABLED=0 + chmod +x opa_linux_$(GOARCH) + mv opa_linux_$(GOARCH) $(RELEASE_DIR)/opa_linux_$(GOARCH)_static + .PHONY: ci-build-darwin ci-build-darwin: ensure-release-dir @$(MAKE) build GOOS=darwin @@ -282,32 +288,40 @@ ensure-release-dir: mkdir -p $(RELEASE_DIR) .PHONY: build-all-platforms -build-all-platforms: ci-build-linux ci-build-darwin ci-build-windows +build-all-platforms: ci-build-linux ci-build-linux-static ci-build-darwin ci-build-windows .PHONY: image-quick image-quick: - chmod +x $(RELEASE_DIR)/opa_linux_amd64 + chmod +x $(RELEASE_DIR)/opa_linux_amd64* $(DOCKER) build \ -t $(DOCKER_IMAGE):$(VERSION) \ --build-arg BASE=gcr.io/distroless/cc \ - --build-arg BIN_DIR=$(RELEASE_DIR) \ + --build-arg BIN=$(RELEASE_DIR)/opa_linux_amd64 \ . $(DOCKER) build \ -t $(DOCKER_IMAGE):$(VERSION)-debug \ --build-arg BASE=gcr.io/distroless/cc:debug \ - --build-arg BIN_DIR=$(RELEASE_DIR) \ + --build-arg BIN=$(RELEASE_DIR)/opa_linux_amd64 \ . $(DOCKER) build \ -t $(DOCKER_IMAGE):$(VERSION)-rootless \ --build-arg USER=1000 \ --build-arg BASE=gcr.io/distroless/cc \ - --build-arg BIN_DIR=$(RELEASE_DIR) \ + --build-arg BIN=$(RELEASE_DIR)/opa_linux_amd64 \ . + # this isn't published, only used for smoke testing the binaries + $(DOCKER) build \ + -t $(DOCKER_IMAGE):$(VERSION)-static-ci-only \ + --build-arg BASE=alpine \ + --build-arg BIN=$(RELEASE_DIR)/opa_linux_amd64_static \ + . + .PHONY: ci-image-smoke-test ci-image-smoke-test: image-quick $(DOCKER) run $(DOCKER_IMAGE):$(VERSION) version $(DOCKER) run $(DOCKER_IMAGE):$(VERSION)-debug version $(DOCKER) run $(DOCKER_IMAGE):$(VERSION)-rootless version + $(DOCKER) run $(DOCKER_IMAGE):$(VERSION)-static-ci-only version .PHONY: push push: From 2967a7cdb9b634d32f50d436be3be14ab8c395ba Mon Sep 17 00:00:00 2001 From: Stephan Renatus Date: Mon, 31 May 2021 10:31:45 +0200 Subject: [PATCH 2/3] build: deprecate 'release' and 'release-local' targets These aren't used in our build anymore, and will go away eventually. Signed-off-by: Stephan Renatus --- Makefile | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/Makefile b/Makefile index 60d2507e65..4604e6562b 100644 --- a/Makefile +++ b/Makefile @@ -399,24 +399,6 @@ check-fuzz: # ###################################################### -.PHONY: release -release: - $(DOCKER) run $(DOCKER_FLAGS) \ - -v $(PWD)/$(RELEASE_DIR):/$(RELEASE_DIR) \ - -v $(PWD):/_src \ - -e TELEMETRY_URL=$(TELEMETRY_URL) \ - $(RELEASE_BUILD_IMAGE) \ - /_src/build/build-release.sh --version=$(VERSION) --output-dir=/$(RELEASE_DIR) --source-url=/_src - -.PHONY: release-local -release-local: - $(DOCKER) run $(DOCKER_FLAGS) \ - -v $(PWD)/$(RELEASE_DIR):/$(RELEASE_DIR) \ - -v $(PWD):/_src \ - -e TELEMETRY_URL=$(TELEMETRY_URL) \ - $(RELEASE_BUILD_IMAGE) \ - /_src/build/build-release.sh --output-dir=/$(RELEASE_DIR) --source-url=/_src - .PHONY: release-patch release-patch: @$(DOCKER) run $(DOCKER_FLAGS) \ @@ -433,10 +415,12 @@ dev-patch: /_src/build/gen-dev-patch.sh --version=$(VERSION) --source-url=/_src # Deprecated targets. To be removed. -.PHONY: build-linux depr-build-linux build-windows depr-build-windows build-darwin depr-build-darwin +.PHONY: build-linux depr-build-linux build-windows depr-build-windows build-darwin depr-build-darwin release release-local build-linux: deprecation-build-linux build-windows: deprecation-build-windows build-darwin: deprecation-build-darwin +release: deprecation-release +release-local: deprecation-release-local .PHONY: deprecation-% deprecation-%: @@ -459,3 +443,19 @@ depr-build-darwin: ensure-release-dir depr-build-windows: ensure-release-dir @$(MAKE) build GOOS=windows CGO_ENABLED=0 WASM_ENABLED=0 mv opa_windows_$(GOARCH) $(RELEASE_DIR)/opa_windows_$(GOARCH).exe + +depr-release: + $(DOCKER) run $(DOCKER_FLAGS) \ + -v $(PWD)/$(RELEASE_DIR):/$(RELEASE_DIR) \ + -v $(PWD):/_src \ + -e TELEMETRY_URL=$(TELEMETRY_URL) \ + $(RELEASE_BUILD_IMAGE) \ + /_src/build/build-release.sh --version=$(VERSION) --output-dir=/$(RELEASE_DIR) --source-url=/_src + +depr-release-local: + $(DOCKER) run $(DOCKER_FLAGS) \ + -v $(PWD)/$(RELEASE_DIR):/$(RELEASE_DIR) \ + -v $(PWD):/_src \ + -e TELEMETRY_URL=$(TELEMETRY_URL) \ + $(RELEASE_BUILD_IMAGE) \ + /_src/build/build-release.sh --output-dir=/$(RELEASE_DIR) --source-url=/_src From 37582b881bc87a881335475f4060ac65414e5f39 Mon Sep 17 00:00:00 2001 From: Stephan Renatus Date: Mon, 31 May 2021 10:57:18 +0200 Subject: [PATCH 3/3] wasm-sdk: update message when wasm disabled in build Signed-off-by: Stephan Renatus --- internal/rego/opa/nop.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/internal/rego/opa/nop.go b/internal/rego/opa/nop.go index 624665e719..2c377c66f9 100644 --- a/internal/rego/opa/nop.go +++ b/internal/rego/opa/nop.go @@ -20,8 +20,9 @@ type OPA struct { func New() *OPA { fmt.Fprintf(os.Stderr, `WebAssembly runtime not supported in this build. ---------------------------------------------------------------------------------- -Please download OPA from https://www.openpolicyagent.org/docs/latest/#running-opa, -or build it yourself with Wasm enabled. +Please download an OPA binay with Wasm enabled from + https://www.openpolicyagent.org/docs/latest/#running-opa +or build it yourself (with Wasm enabled). ---------------------------------------------------------------------------------- `) os.Exit(1)