talos
/
Dockerfile
1067 строк · 43.5 Кб
1# syntax = docker/dockerfile-upstream:1.8.1-labs2# Meta args applied to stage base names.4ARG TOOLS6ARG PKGS7ARG EXTRAS8ARG INSTALLER_ARCH9ARG PKGS_PREFIX11ARG PKG_FHS12ARG PKG_CA_CERTIFICATES13ARG PKG_CRYPTSETUP14ARG PKG_CONTAINERD15ARG PKG_DOSFSTOOLS16ARG PKG_EUDEV17ARG PKG_GRUB18ARG PKG_SD_BOOT19ARG PKG_IPTABLES20ARG PKG_IPXE21ARG PKG_LIBINIH22ARG PKG_LIBJSON_C23ARG PKG_LIBPOPT24ARG PKG_LIBURCU25ARG PKG_OPENSSL26ARG PKG_LIBSECCOMP27ARG PKG_LINUX_FIRMWARE28ARG PKG_LVM229ARG PKG_LIBAIO30ARG PKG_MUSL31ARG PKG_RUNC32ARG PKG_XFSPROGS33ARG PKG_APPARMOR34ARG PKG_UTIL_LINUX35ARG PKG_KMOD36ARG PKG_KERNEL37ARG PKG_TALOSCTL_CNI_BUNDLE_INSTALL38# Resolve package images using ${PKGS} to be used later in COPY --from=.40FROM ${PKG_FHS} AS pkg-fhs42FROM ${PKG_CA_CERTIFICATES} AS pkg-ca-certificates43FROM --platform=amd64 ${PKG_APPARMOR} AS pkg-apparmor-amd6445FROM --platform=arm64 ${PKG_APPARMOR} AS pkg-apparmor-arm6446FROM --platform=amd64 ${PKG_CRYPTSETUP} AS pkg-cryptsetup-amd6448FROM --platform=arm64 ${PKG_CRYPTSETUP} AS pkg-cryptsetup-arm6449FROM --platform=amd64 ${PKG_CONTAINERD} AS pkg-containerd-amd6451FROM --platform=arm64 ${PKG_CONTAINERD} AS pkg-containerd-arm6452FROM --platform=amd64 ${PKG_DOSFSTOOLS} AS pkg-dosfstools-amd6454FROM --platform=arm64 ${PKG_DOSFSTOOLS} AS pkg-dosfstools-arm6455FROM --platform=amd64 ${PKG_EUDEV} AS pkg-eudev-amd6457FROM --platform=arm64 ${PKG_EUDEV} AS pkg-eudev-arm6458FROM ${PKG_GRUB} AS pkg-grub60FROM --platform=amd64 ${PKG_GRUB} AS pkg-grub-amd6461FROM --platform=arm64 ${PKG_GRUB} AS pkg-grub-arm6462FROM ${PKG_SD_BOOT} AS pkg-sd-boot64FROM --platform=amd64 ${PKG_SD_BOOT} AS pkg-sd-boot-amd6465FROM --platform=arm64 ${PKG_SD_BOOT} AS pkg-sd-boot-arm6466FROM --platform=amd64 ${PKG_IPTABLES} AS pkg-iptables-amd6468FROM --platform=arm64 ${PKG_IPTABLES} AS pkg-iptables-arm6469FROM --platform=amd64 ${PKG_IPXE} AS pkg-ipxe-amd6471FROM --platform=arm64 ${PKG_IPXE} AS pkg-ipxe-arm6472FROM --platform=amd64 ${PKG_LIBINIH} AS pkg-libinih-amd6474FROM --platform=arm64 ${PKG_LIBINIH} AS pkg-libinih-arm6475FROM --platform=amd64 ${PKG_LIBJSON_C} AS pkg-libjson-c-amd6477FROM --platform=arm64 ${PKG_LIBJSON_C} AS pkg-libjson-c-arm6478FROM --platform=amd64 ${PKG_LIBPOPT} AS pkg-libpopt-amd6480FROM --platform=arm64 ${PKG_LIBPOPT} AS pkg-libpopt-arm6481FROM --platform=amd64 ${PKG_LIBURCU} AS pkg-liburcu-amd6483FROM --platform=arm64 ${PKG_LIBURCU} AS pkg-liburcu-arm6484FROM --platform=amd64 ${PKG_OPENSSL} AS pkg-openssl-amd6486FROM --platform=arm64 ${PKG_OPENSSL} AS pkg-openssl-arm6487FROM --platform=amd64 ${PKG_LIBSECCOMP} AS pkg-libseccomp-amd6489FROM --platform=arm64 ${PKG_LIBSECCOMP} AS pkg-libseccomp-arm6490# linux-firmware is not arch-specific92FROM --platform=amd64 ${PKG_LINUX_FIRMWARE} AS pkg-linux-firmware93FROM --platform=amd64 ${PKG_LVM2} AS pkg-lvm2-amd6495FROM --platform=arm64 ${PKG_LVM2} AS pkg-lvm2-arm6496FROM --platform=amd64 ${PKG_LIBAIO} AS pkg-libaio-amd6498FROM --platform=arm64 ${PKG_LIBAIO} AS pkg-libaio-arm6499FROM --platform=amd64 ${PKG_MUSL} AS pkg-musl-amd64101FROM --platform=arm64 ${PKG_MUSL} AS pkg-musl-arm64102FROM --platform=amd64 ${PKG_RUNC} AS pkg-runc-amd64104FROM --platform=arm64 ${PKG_RUNC} AS pkg-runc-arm64105FROM --platform=amd64 ${PKG_XFSPROGS} AS pkg-xfsprogs-amd64107FROM --platform=arm64 ${PKG_XFSPROGS} AS pkg-xfsprogs-arm64108FROM --platform=amd64 ${PKG_UTIL_LINUX} AS pkg-util-linux-amd64110FROM --platform=arm64 ${PKG_UTIL_LINUX} AS pkg-util-linux-arm64111FROM --platform=amd64 ${PKG_KMOD} AS pkg-kmod-amd64113FROM --platform=arm64 ${PKG_KMOD} AS pkg-kmod-arm64114FROM ${PKG_KERNEL} AS pkg-kernel116FROM --platform=amd64 ${PKG_KERNEL} AS pkg-kernel-amd64117FROM --platform=arm64 ${PKG_KERNEL} AS pkg-kernel-arm64118# Resolve package images using ${EXTRAS} to be used later in COPY --from=.120FROM ${PKG_TALOSCTL_CNI_BUNDLE_INSTALL} AS extras-talosctl-cni-bundle-install122# The tools target provides base toolchain for the build.124FROM --platform=${BUILDPLATFORM} $TOOLS AS tools126ENV PATH=/toolchain/bin:/toolchain/go/bin127ENV LD_LIBRARY_PATH=/toolchain/lib128ENV GOTOOLCHAIN=local129RUN ["/toolchain/bin/mkdir", "/bin", "/tmp"]130RUN ["/toolchain/bin/ln", "-svf", "/toolchain/bin/bash", "/bin/sh"]131RUN ["/toolchain/bin/ln", "-svf", "/toolchain/etc/ssl", "/etc/ssl"]132ARG GOLANGCILINT_VERSION133RUN --mount=type=cache,target=/.cache go install github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCILINT_VERSION} \134&& mv /go/bin/golangci-lint /toolchain/go/bin/golangci-lint135ARG GOIMPORTS_VERSION136RUN --mount=type=cache,target=/.cache go install golang.org/x/tools/cmd/goimports@${GOIMPORTS_VERSION} \137&& mv /go/bin/goimports /toolchain/go/bin/goimports138ARG GOFUMPT_VERSION139RUN --mount=type=cache,target=/.cache go install mvdan.cc/gofumpt@${GOFUMPT_VERSION} \140&& mv /go/bin/gofumpt /toolchain/go/bin/gofumpt141ARG DEEPCOPY_VERSION142RUN --mount=type=cache,target=/.cache go install github.com/siderolabs/deep-copy@${DEEPCOPY_VERSION} \143&& mv /go/bin/deep-copy /toolchain/go/bin/deep-copy144ARG STRINGER_VERSION145RUN --mount=type=cache,target=/.cache go install golang.org/x/tools/cmd/stringer@${STRINGER_VERSION} \146&& mv /go/bin/stringer /toolchain/go/bin/stringer147ARG ENUMER_VERSION148RUN --mount=type=cache,target=/.cache go install github.com/dmarkham/enumer@${ENUMER_VERSION} \149&& mv /go/bin/enumer /toolchain/go/bin/enumer150ARG DEEPCOPY_GEN_VERSION151RUN --mount=type=cache,target=/.cache go install k8s.io/code-generator/cmd/deepcopy-gen@${DEEPCOPY_GEN_VERSION} \152&& mv /go/bin/deepcopy-gen /toolchain/go/bin/deepcopy-gen153ARG VTPROTOBUF_VERSION154RUN --mount=type=cache,target=/.cache go install github.com/planetscale/vtprotobuf/cmd/protoc-gen-go-vtproto@${VTPROTOBUF_VERSION} \155&& mv /go/bin/protoc-gen-go-vtproto /toolchain/go/bin/protoc-gen-go-vtproto156ARG IMPORTVET_VERSION157RUN --mount=type=cache,target=/.cache go install github.com/siderolabs/importvet/cmd/importvet@${IMPORTVET_VERSION} \158&& mv /go/bin/importvet /toolchain/go/bin/importvet159RUN --mount=type=cache,target=/.cache go install golang.org/x/vuln/cmd/govulncheck@latest \160&& mv /go/bin/govulncheck /toolchain/go/bin/govulncheck161RUN --mount=type=cache,target=/.cache go install github.com/uber/prototool/cmd/prototool@v1.10.0 \162&& mv /go/bin/prototool /toolchain/go/bin/prototool163COPY ./hack/docgen /go/src/github.com/siderolabs/talos-hack-docgen164RUN --mount=type=cache,target=/.cache cd /go/src/github.com/siderolabs/talos-hack-docgen \165&& go build -o docgen . \166&& mv docgen /toolchain/go/bin/167COPY ./hack/gotagsrewrite /go/src/github.com/siderolabs/gotagsrewrite168RUN --mount=type=cache,target=/.cache cd /go/src/github.com/siderolabs/gotagsrewrite \169&& go build -o gotagsrewrite . \170&& mv gotagsrewrite /toolchain/go/bin/171COPY ./hack/structprotogen /go/src/github.com/siderolabs/structprotogen172RUN --mount=type=cache,target=/.cache cd /go/src/github.com/siderolabs/structprotogen \173&& go build -o structprotogen . \174&& mv structprotogen /toolchain/go/bin/175# The build target creates a container that will be used to build Talos source177# code.178FROM --platform=${BUILDPLATFORM} tools AS build180SHELL ["/toolchain/bin/bash", "-c"]181ENV PATH=/toolchain/bin:/toolchain/go/bin182ENV GO111MODULE=on183ENV GOPROXY=https://proxy.golang.org184ARG CGO_ENABLED185ENV CGO_ENABLED=${CGO_ENABLED}186ENV GOCACHE=/.cache/go-build187ENV GOMODCACHE=/.cache/mod188ENV PROTOTOOL_CACHE_PATH=/.cache/prototool189ARG SOURCE_DATE_EPOCH190ENV SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH}191WORKDIR /src192# The build-go target creates a container to build Go code with Go modules downloaded and verified.194FROM build AS build-go196COPY ./go.mod ./go.sum ./197COPY ./pkg/machinery/go.mod ./pkg/machinery/go.sum ./pkg/machinery/198WORKDIR /src/pkg/machinery199RUN --mount=type=cache,target=/.cache go mod download200WORKDIR /src201RUN --mount=type=cache,target=/.cache go mod download202RUN --mount=type=cache,target=/.cache go mod verify203# The generate target generates code from protobuf service definitions and machinery config.205# generate API descriptors207FROM build AS api-descriptors-build208WORKDIR /src/api209COPY api .210RUN --mount=type=cache,target=/.cache prototool format --overwrite --protoc-bin-path=/toolchain/bin/protoc --protoc-wkt-path=/toolchain/include211RUN --mount=type=cache,target=/.cache prototool break descriptor-set --output-path=api.descriptors --protoc-bin-path=/toolchain/bin/protoc --protoc-wkt-path=/toolchain/include212FROM --platform=${BUILDPLATFORM} scratch AS api-descriptors214COPY --from=api-descriptors-build /src/api/api.descriptors /api/api.descriptors215# format protobuf service definitions217FROM build AS proto-format-build218WORKDIR /src/api219COPY api .220RUN --mount=type=cache,target=/.cache prototool format --overwrite --protoc-bin-path=/toolchain/bin/protoc --protoc-wkt-path=/toolchain/include221FROM --platform=${BUILDPLATFORM} scratch AS fmt-protobuf223COPY --from=proto-format-build /src/api/ /api/224# run docgen for machinery config226FROM build-go AS go-generate227COPY ./pkg ./pkg228COPY ./hack/boilerplate.txt ./hack/boilerplate.txt229RUN --mount=type=cache,target=/.cache go generate ./pkg/...230RUN goimports -w -local github.com/siderolabs/talos ./pkg/231RUN gofumpt -w ./pkg/232WORKDIR /src/pkg/machinery233RUN --mount=type=cache,target=/.cache go generate ./...234RUN gotagsrewrite .235RUN goimports -w -local github.com/siderolabs/talos ./236RUN gofumpt -w ./237FROM go-generate AS gen-proto-go239WORKDIR /src/240RUN --mount=type=cache,target=/.cache structprotogen github.com/siderolabs/talos/pkg/machinery/... /api/resource/definitions/241# compile protobuf service definitions243FROM build AS generate-build244COPY --from=proto-format-build /src/api /api/245# Common needs to be at or near the top to satisfy the subsequent imports246COPY ./api/vendor/ /api/vendor/247COPY ./api/common/common.proto /api/common/common.proto248RUN protoc -I/api -I/api/vendor/ --go_out=paths=source_relative:/api --go-grpc_out=paths=source_relative:/api --go-vtproto_out=paths=source_relative:/api --go-vtproto_opt=features=marshal+unmarshal+size common/common.proto249COPY ./api/security/security.proto /api/security/security.proto250RUN protoc -I/api -I/api/vendor/ --go_out=paths=source_relative:/api --go-grpc_out=paths=source_relative:/api --go-vtproto_out=paths=source_relative:/api --go-vtproto_opt=features=marshal+unmarshal+size security/security.proto251COPY ./api/storage/storage.proto /api/storage/storage.proto252RUN protoc -I/api -I/api/vendor/ --go_out=paths=source_relative:/api --go-grpc_out=paths=source_relative:/api --go-vtproto_out=paths=source_relative:/api --go-vtproto_opt=features=marshal+unmarshal+size storage/storage.proto253COPY ./api/machine/machine.proto /api/machine/machine.proto254RUN protoc -I/api -I/api/vendor/ --go_out=paths=source_relative:/api --go-grpc_out=paths=source_relative:/api --go-vtproto_out=paths=source_relative:/api --go-vtproto_opt=features=marshal+unmarshal+size machine/machine.proto255COPY ./api/time/time.proto /api/time/time.proto256RUN protoc -I/api -I/api/vendor/ --go_out=paths=source_relative:/api --go-grpc_out=paths=source_relative:/api --go-vtproto_out=paths=source_relative:/api --go-vtproto_opt=features=marshal+unmarshal+size time/time.proto257COPY ./api/cluster/cluster.proto /api/cluster/cluster.proto258RUN protoc -I/api -I/api/vendor/ --go_out=paths=source_relative:/api --go-grpc_out=paths=source_relative:/api --go-vtproto_out=paths=source_relative:/api --go-vtproto_opt=features=marshal+unmarshal+size cluster/cluster.proto259COPY ./api/resource/config/config.proto /api/resource/config/config.proto260RUN protoc -I/api -I/api/vendor/ --go_out=paths=source_relative:/api --go-grpc_out=paths=source_relative:/api --go-vtproto_out=paths=source_relative:/api --go-vtproto_opt=features=marshal+unmarshal+size resource/config/config.proto261COPY ./api/resource/network/device_config.proto /api/resource/network/device_config.proto262RUN protoc -I/api -I/api/vendor/ --go_out=paths=source_relative:/api --go-grpc_out=paths=source_relative:/api --go-vtproto_out=paths=source_relative:/api --go-vtproto_opt=features=marshal+unmarshal+size resource/network/device_config.proto263COPY ./api/inspect/inspect.proto /api/inspect/inspect.proto264RUN protoc -I/api -I/api/vendor/ --go_out=paths=source_relative:/api --go-grpc_out=paths=source_relative:/api --go-vtproto_out=paths=source_relative:/api --go-vtproto_opt=features=marshal+unmarshal+size inspect/inspect.proto265COPY --from=gen-proto-go /api/resource/definitions/ /api/resource/definitions/266RUN find /api/resource/definitions/ -type f -name "*.proto" | xargs -I {} /bin/sh -c 'protoc -I/api -I/api/vendor/ --go_out=paths=source_relative:/api --go-grpc_out=paths=source_relative:/api --go-vtproto_out=paths=source_relative:/api --go-vtproto_opt=features=marshal+unmarshal+size {} && mkdir -p /api/resource/definitions_go/$(basename {} .proto) && mv /api/resource/definitions/$(basename {} .proto)/*.go /api/resource/definitions_go/$(basename {} .proto)'267# Goimports and gofumpt generated files to adjust import order268RUN goimports -w -local github.com/siderolabs/talos /api/269RUN gofumpt -w /api/270FROM build AS embed-generate272ARG NAME273ARG SHA274ARG USERNAME275ARG REGISTRY276ARG TAG277ARG ARTIFACTS278ARG PKGS279ARG EXTRAS280RUN mkdir -p pkg/machinery/gendata/data && \281echo -n ${NAME} > pkg/machinery/gendata/data/name && \282echo -n ${SHA} > pkg/machinery/gendata/data/sha && \283echo -n ${USERNAME} > pkg/machinery/gendata/data/username && \284echo -n ${REGISTRY} > pkg/machinery/gendata/data/registry && \285echo -n ${EXTRAS} > pkg/machinery/gendata/data/extras && \286echo -n ${PKGS} > pkg/machinery/gendata/data/pkgs && \287echo -n ${TAG} > pkg/machinery/gendata/data/tag && \288echo -n ${ARTIFACTS} > pkg/machinery/gendata/data/artifacts289FROM scratch AS embed291COPY --from=embed-generate /src/pkg/machinery/gendata/data /pkg/machinery/gendata/data292FROM embed-generate AS embed-abbrev-generate294ARG ABBREV_TAG295RUN echo -n "undefined" > pkg/machinery/gendata/data/sha && \296echo -n ${ABBREV_TAG} > pkg/machinery/gendata/data/tag297RUN mkdir -p _out && \298echo PKGS=${PKGS} >> _out/talos-metadata && \299echo TAG=${TAG} >> _out/talos-metadata && \300echo EXTRAS=${EXTRAS} >> _out/talos-metadata301COPY --from=pkg-kernel /certs/signing_key.x509 _out/signing_key.x509302FROM scratch AS embed-abbrev304COPY --from=embed-abbrev-generate /src/pkg/machinery/gendata/data /pkg/machinery/gendata/data305COPY --from=embed-abbrev-generate /src/_out/talos-metadata /_out/talos-metadata306COPY --from=embed-abbrev-generate /src/_out/signing_key.x509 /_out/signing_key.x509307FROM scratch AS ipxe-generate309COPY --from=pkg-ipxe-amd64 /usr/libexec/snp.efi /amd64/snp.efi310COPY --from=pkg-ipxe-arm64 /usr/libexec/snp.efi /arm64/snp.efi311FROM --platform=${BUILDPLATFORM} scratch AS generate313COPY --from=proto-format-build /src/api /api/314COPY --from=generate-build /api/common/*.pb.go /pkg/machinery/api/common/315COPY --from=generate-build /api/resource/definitions/ /api/resource/definitions/316COPY --from=generate-build /api/resource/definitions_go/ /pkg/machinery/api/resource/definitions/317COPY --from=generate-build /api/security/*.pb.go /pkg/machinery/api/security/318COPY --from=generate-build /api/machine/*.pb.go /pkg/machinery/api/machine/319COPY --from=generate-build /api/time/*.pb.go /pkg/machinery/api/time/320COPY --from=generate-build /api/cluster/*.pb.go /pkg/machinery/api/cluster/321COPY --from=generate-build /api/storage/*.pb.go /pkg/machinery/api/storage/322COPY --from=generate-build /api/resource/*.pb.go /pkg/machinery/api/resource/323COPY --from=generate-build /api/resource/config/*.pb.go /pkg/machinery/api/resource/config/324COPY --from=generate-build /api/resource/network/*.pb.go /pkg/machinery/api/resource/network/325COPY --from=generate-build /api/inspect/*.pb.go /pkg/machinery/api/inspect/326COPY --from=go-generate /src/pkg/flannel/ /pkg/flannel/327COPY --from=go-generate /src/pkg/imager/profile/ /pkg/imager/profile/328COPY --from=go-generate /src/pkg/machinery/resources/ /pkg/machinery/resources/329COPY --from=go-generate /src/pkg/machinery/config/schemas/ /pkg/machinery/config/schemas/330COPY --from=go-generate /src/pkg/machinery/config/types/ /pkg/machinery/config/types/331COPY --from=go-generate /src/pkg/machinery/nethelpers/ /pkg/machinery/nethelpers/332COPY --from=go-generate /src/pkg/machinery/extensions/ /pkg/machinery/extensions/333COPY --from=ipxe-generate / /pkg/provision/providers/vm/internal/ipxe/data/ipxe/334COPY --from=embed-abbrev / /335# The base target provides a container that can be used to build all Talos337# assets.338FROM build-go AS base340COPY ./cmd ./cmd341COPY ./pkg ./pkg342COPY ./internal ./internal343COPY --from=generate /pkg/flannel/ ./pkg/flannel/344COPY --from=generate /pkg/imager/ ./pkg/imager/345COPY --from=generate /pkg/machinery/ ./pkg/machinery/346COPY --from=embed / ./347RUN --mount=type=cache,target=/.cache go list all >/dev/null348WORKDIR /src/pkg/machinery349RUN --mount=type=cache,target=/.cache go list all >/dev/null350WORKDIR /src351# The vulncheck target runs the vulnerability check tool.353FROM base AS lint-vulncheck355RUN --mount=type=cache,target=/.cache govulncheck ./...356# The init target builds the init binary.358FROM base AS init-build-amd64360WORKDIR /src/internal/app/init361ARG GO_BUILDFLAGS362ARG GO_LDFLAGS363RUN --mount=type=cache,target=/.cache GOOS=linux GOARCH=amd64 GOAMD64=v1 go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS}" -o /init364RUN chmod +x /init365FROM base AS init-build-arm64367WORKDIR /src/internal/app/init368ARG GO_BUILDFLAGS369ARG GO_LDFLAGS370RUN --mount=type=cache,target=/.cache GOOS=linux GOARCH=arm64 go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS}" -o /init371RUN chmod +x /init372FROM init-build-${TARGETARCH} AS init-build374FROM scratch AS init376COPY --from=init-build /init /init377# The machined target builds the machined binary.379FROM base AS machined-build-amd64381WORKDIR /src/internal/app/machined382ARG GO_BUILDFLAGS383ARG GO_LDFLAGS384ARG GOAMD64385RUN --mount=type=cache,target=/.cache GOOS=linux GOARCH=amd64 GOAMD64=${GOAMD64} go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS}" -o /machined386RUN chmod +x /machined387FROM base AS machined-build-arm64389WORKDIR /src/internal/app/machined390ARG GO_BUILDFLAGS391ARG GO_LDFLAGS392RUN --mount=type=cache,target=/.cache GOOS=linux GOARCH=arm64 go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS}" -o /machined393RUN chmod +x /machined394FROM machined-build-${TARGETARCH} AS machined-build396FROM scratch AS machined398COPY --from=machined-build /machined /machined399# The talosctl targets build the talosctl binaries.401FROM base AS talosctl-linux-amd64-build403WORKDIR /src/cmd/talosctl404ARG GO_BUILDFLAGS405ARG GO_LDFLAGS406ARG GOAMD64407RUN --mount=type=cache,target=/.cache GOOS=linux GOARCH=amd64 GOAMD64=${GOAMD64} go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS}" -o /talosctl-linux-amd64408RUN chmod +x /talosctl-linux-amd64409RUN touch --date="@${SOURCE_DATE_EPOCH}" /talosctl-linux-amd64410FROM base AS talosctl-linux-arm64-build412WORKDIR /src/cmd/talosctl413ARG GO_BUILDFLAGS414ARG GO_LDFLAGS415RUN --mount=type=cache,target=/.cache GOOS=linux GOARCH=arm64 go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS}" -o /talosctl-linux-arm64416RUN chmod +x /talosctl-linux-arm64417RUN touch --date="@${SOURCE_DATE_EPOCH}" /talosctl-linux-arm64418FROM base AS talosctl-linux-armv7-build420WORKDIR /src/cmd/talosctl421ARG GO_BUILDFLAGS422ARG GO_LDFLAGS423RUN --mount=type=cache,target=/.cache GOOS=linux GOARCH=arm GOARM=7 go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS}" -o /talosctl-linux-armv7424RUN chmod +x /talosctl-linux-armv7425RUN touch --date="@${SOURCE_DATE_EPOCH}" /talosctl-linux-armv7426FROM base AS talosctl-darwin-amd64-build428WORKDIR /src/cmd/talosctl429ARG GO_BUILDFLAGS430ARG GO_LDFLAGS431ARG GOAMD64432RUN --mount=type=cache,target=/.cache GOOS=darwin GOARCH=amd64 GOAMD64=${GOAMD64} go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS}" -o /talosctl-darwin-amd64433RUN chmod +x /talosctl-darwin-amd64434RUN touch --date="@${SOURCE_DATE_EPOCH}" /talosctl-darwin-amd64435FROM base AS talosctl-darwin-arm64-build437WORKDIR /src/cmd/talosctl438ARG GO_BUILDFLAGS439ARG GO_LDFLAGS440RUN --mount=type=cache,target=/.cache GOOS=darwin GOARCH=arm64 go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS}" -o /talosctl-darwin-arm64441RUN chmod +x /talosctl-darwin-arm64442RUN touch --date="@${SOURCE_DATE_EPOCH}" talosctl-darwin-arm64443FROM base AS talosctl-windows-amd64-build445WORKDIR /src/cmd/talosctl446ARG GO_BUILDFLAGS447ARG GO_LDFLAGS448ARG GOAMD64449RUN --mount=type=cache,target=/.cache GOOS=windows GOARCH=amd64 GOAMD64=${GOAMD64} go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS}" -o /talosctl-windows-amd64.exe450RUN touch --date="@${SOURCE_DATE_EPOCH}" /talosctl-windows-amd64.exe451FROM base AS talosctl-freebsd-amd64-build453WORKDIR /src/cmd/talosctl454ARG GO_BUILDFLAGS455ARG GO_LDFLAGS456ARG GOAMD64457RUN --mount=type=cache,target=/.cache GOOS=freebsd GOARCH=amd64 GOAMD64=${GOAMD64} go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS}" -o /talosctl-freebsd-amd64458RUN touch --date="@${SOURCE_DATE_EPOCH}" /talosctl-freebsd-amd64459FROM base AS talosctl-freebsd-arm64-build461WORKDIR /src/cmd/talosctl462ARG GO_BUILDFLAGS463ARG GO_LDFLAGS464RUN --mount=type=cache,target=/.cache GOOS=freebsd GOARCH=arm64 go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS}" -o /talosctl-freebsd-arm64465RUN touch --date="@${SOURCE_DATE_EPOCH}" /talosctl-freebsd-arm64466FROM scratch AS talosctl-linux-amd64468COPY --from=talosctl-linux-amd64-build /talosctl-linux-amd64 /talosctl-linux-amd64469FROM scratch AS talosctl-linux-arm64471COPY --from=talosctl-linux-arm64-build /talosctl-linux-arm64 /talosctl-linux-arm64472FROM scratch AS talosctl-linux-armv7474COPY --from=talosctl-linux-armv7-build /talosctl-linux-armv7 /talosctl-linux-armv7475FROM scratch AS talosctl-darwin-amd64477COPY --from=talosctl-darwin-amd64-build /talosctl-darwin-amd64 /talosctl-darwin-amd64478FROM scratch AS talosctl-darwin-arm64480COPY --from=talosctl-darwin-arm64-build /talosctl-darwin-arm64 /talosctl-darwin-arm64481FROM scratch AS talosctl-freebsd-amd64483COPY --from=talosctl-freebsd-amd64-build /talosctl-freebsd-amd64 /talosctl-freebsd-amd64484FROM scratch AS talosctl-freebsd-arm64486COPY --from=talosctl-freebsd-arm64-build /talosctl-freebsd-arm64 /talosctl-freebsd-arm64487FROM scratch AS talosctl-windows-amd64489COPY --from=talosctl-windows-amd64-build /talosctl-windows-amd64.exe /talosctl-windows-amd64.exe490FROM --platform=${BUILDPLATFORM} talosctl-${TARGETOS}-${TARGETARCH} AS talosctl-targetarch492FROM scratch AS talosctl-all494COPY --from=talosctl-linux-amd64 / /495COPY --from=talosctl-linux-arm64 / /496COPY --from=talosctl-linux-armv7 / /497COPY --from=talosctl-darwin-amd64 / /498COPY --from=talosctl-darwin-arm64 / /499COPY --from=talosctl-freebsd-amd64 / /500COPY --from=talosctl-freebsd-arm64 / /501COPY --from=talosctl-windows-amd64 / /502FROM scratch AS talosctl504ARG TARGETARCH505COPY --from=talosctl-all /talosctl-linux-${TARGETARCH} /talosctl506ARG TAG507ENV VERSION ${TAG}508LABEL "alpha.talos.dev/version"="${VERSION}"509LABEL org.opencontainers.image.source https://github.com/siderolabs/talos510ENTRYPOINT ["/talosctl"]511# The kernel target is the linux kernel.513FROM scratch AS kernel514ARG TARGETARCH515COPY --from=pkg-kernel /boot/vmlinuz /vmlinuz-${TARGETARCH}516# The sd-boot target is the systemd-boot asset.518FROM scratch AS sd-boot519ARG TARGETARCH520COPY --from=pkg-sd-boot /*.efi /sd-boot-${TARGETARCH}.efi521# The sd-stub target is the systemd-stub asset.523FROM scratch AS sd-stub524ARG TARGETARCH525COPY --from=pkg-sd-boot /*.efi.stub /sd-stub-${TARGETARCH}.efi526FROM tools AS depmod-amd64528WORKDIR /staging529COPY hack/modules-amd64.txt .530COPY --from=pkg-kernel-amd64 /lib/modules lib/modules531RUN <<EOF532set -euo pipefail533KERNEL_VERSION=$(ls lib/modules)535xargs -a modules-amd64.txt -I {} install -D lib/modules/${KERNEL_VERSION}/{} /build/lib/modules/${KERNEL_VERSION}/{}537depmod -b /build ${KERNEL_VERSION}539EOF540FROM scratch AS modules-amd64542COPY --from=depmod-amd64 /build/lib/modules /lib/modules543FROM tools AS depmod-arm64545WORKDIR /staging546COPY hack/modules-arm64.txt .547COPY --from=pkg-kernel-arm64 /lib/modules lib/modules548RUN <<EOF549set -euo pipefail550KERNEL_VERSION=$(ls lib/modules)552xargs -a modules-arm64.txt -I {} install -D lib/modules/${KERNEL_VERSION}/{} /build/lib/modules/${KERNEL_VERSION}/{}554depmod -b /build ${KERNEL_VERSION}556EOF557FROM scratch AS modules-arm64559COPY --from=depmod-arm64 /build/lib/modules /lib/modules560# The rootfs target provides the Talos rootfs.562FROM build AS rootfs-base-amd64563COPY --link --from=pkg-fhs / /rootfs564COPY --link --from=pkg-ca-certificates / /rootfs565COPY --link --from=pkg-apparmor-amd64 / /rootfs566COPY --link --from=pkg-cryptsetup-amd64 / /rootfs567COPY --link --from=pkg-containerd-amd64 / /rootfs568COPY --link --from=pkg-dosfstools-amd64 / /rootfs569COPY --link --from=pkg-eudev-amd64 / /rootfs570COPY --link --from=pkg-iptables-amd64 / /rootfs571COPY --link --from=pkg-libinih-amd64 / /rootfs572COPY --link --from=pkg-libjson-c-amd64 / /rootfs573COPY --link --from=pkg-libpopt-amd64 / /rootfs574COPY --link --from=pkg-liburcu-amd64 / /rootfs575COPY --link --from=pkg-openssl-amd64 / /rootfs576COPY --link --from=pkg-libseccomp-amd64 / /rootfs577COPY --link --from=pkg-lvm2-amd64 / /rootfs578COPY --link --from=pkg-libaio-amd64 / /rootfs579COPY --link --from=pkg-musl-amd64 / /rootfs580COPY --link --from=pkg-runc-amd64 / /rootfs581COPY --link --from=pkg-xfsprogs-amd64 / /rootfs582COPY --link --from=pkg-util-linux-amd64 /lib/libblkid.* /rootfs/lib/583COPY --link --from=pkg-util-linux-amd64 /lib/libuuid.* /rootfs/lib/584COPY --link --from=pkg-util-linux-amd64 /lib/libmount.* /rootfs/lib/585COPY --link --from=pkg-kmod-amd64 /usr/lib/libkmod.* /rootfs/lib/586COPY --link --from=pkg-kmod-amd64 /usr/bin/kmod /rootfs/sbin/modprobe587COPY --link --from=modules-amd64 /lib/modules /rootfs/lib/modules588COPY --link --from=machined-build-amd64 /machined /rootfs/sbin/init589RUN <<END590# the orderly_poweroff call by the kernel will call '/sbin/poweroff'591ln /rootfs/sbin/init /rootfs/sbin/poweroff592chmod +x /rootfs/sbin/poweroff593# some extensions like qemu-guest agent will call '/sbin/shutdown'594ln /rootfs/sbin/init /rootfs/sbin/shutdown595chmod +x /rootfs/sbin/shutdown596ln /rootfs/sbin/init /rootfs/sbin/wrapperd597chmod +x /rootfs/sbin/wrapperd598ln /rootfs/sbin/init /rootfs/sbin/dashboard599chmod +x /rootfs/sbin/dashboard600END601# NB: We run the cleanup step before creating extra directories, files, and602# symlinks to avoid accidentally cleaning them up.603COPY ./hack/cleanup.sh /toolchain/bin/cleanup.sh604RUN <<END605cleanup.sh /rootfs606mkdir -pv /rootfs/{boot/EFI,etc/cri/conf.d/hosts,lib/firmware,usr/local/share,usr/share/zoneinfo/Etc,mnt,system,opt,.extra}607mkdir -pv /rootfs/{etc/kubernetes/manifests,etc/cni/net.d,usr/libexec/kubernetes,/usr/local/lib/kubelet/credentialproviders}608mkdir -pv /rootfs/opt/{containerd/bin,containerd/lib}609END610COPY --chmod=0644 hack/zoneinfo/Etc/UTC /rootfs/usr/share/zoneinfo/Etc/UTC611COPY --chmod=0644 hack/nfsmount.conf /rootfs/etc/nfsmount.conf612COPY --chmod=0644 hack/containerd.toml /rootfs/etc/containerd/config.toml613COPY --chmod=0644 hack/cri-containerd.toml /rootfs/etc/cri/containerd.toml614COPY --chmod=0644 hack/cri-plugin.part /rootfs/etc/cri/conf.d/00-base.part615COPY --chmod=0644 hack/udevd/80-net-name-slot.rules /rootfs/usr/lib/udev/rules.d/616COPY --chmod=0644 hack/lvm.conf /rootfs/etc/lvm/lvm.conf617RUN <<END618ln -s /usr/share/zoneinfo/Etc/UTC /rootfs/etc/localtime619touch /rootfs/etc/{extensions.yaml,resolv.conf,hosts,os-release,machine-id,cri/conf.d/cri.toml,cri/conf.d/01-registries.part,cri/conf.d/20-customization.part}620ln -s ca-certificates /rootfs/etc/ssl/certs/ca-certificates.crt621ln -s /etc/ssl /rootfs/etc/pki622ln -s /etc/ssl /rootfs/usr/share/ca-certificates623ln -s /etc/ssl /rootfs/usr/local/share/ca-certificates624ln -s /etc/ssl /rootfs/etc/ca-certificates625END626FROM build AS rootfs-base-arm64628COPY --link --from=pkg-fhs / /rootfs629COPY --link --from=pkg-ca-certificates / /rootfs630COPY --link --from=pkg-apparmor-arm64 / /rootfs631COPY --link --from=pkg-cryptsetup-arm64 / /rootfs632COPY --link --from=pkg-containerd-arm64 / /rootfs633COPY --link --from=pkg-dosfstools-arm64 / /rootfs634COPY --link --from=pkg-eudev-arm64 / /rootfs635COPY --link --from=pkg-iptables-arm64 / /rootfs636COPY --link --from=pkg-libinih-arm64 / /rootfs637COPY --link --from=pkg-libjson-c-arm64 / /rootfs638COPY --link --from=pkg-libpopt-arm64 / /rootfs639COPY --link --from=pkg-liburcu-arm64 / /rootfs640COPY --link --from=pkg-openssl-arm64 / /rootfs641COPY --link --from=pkg-libseccomp-arm64 / /rootfs642COPY --link --from=pkg-lvm2-arm64 / /rootfs643COPY --link --from=pkg-libaio-arm64 / /rootfs644COPY --link --from=pkg-musl-arm64 / /rootfs645COPY --link --from=pkg-runc-arm64 / /rootfs646COPY --link --from=pkg-xfsprogs-arm64 / /rootfs647COPY --link --from=pkg-util-linux-arm64 /lib/libblkid.* /rootfs/lib/648COPY --link --from=pkg-util-linux-arm64 /lib/libuuid.* /rootfs/lib/649COPY --link --from=pkg-util-linux-arm64 /lib/libmount.* /rootfs/lib/650COPY --link --from=pkg-kmod-arm64 /usr/lib/libkmod.* /rootfs/lib/651COPY --link --from=pkg-kmod-arm64 /usr/bin/kmod /rootfs/sbin/modprobe652COPY --link --from=modules-arm64 /lib/modules /rootfs/lib/modules653COPY --link --from=machined-build-arm64 /machined /rootfs/sbin/init654RUN <<END655# the orderly_poweroff call by the kernel will call '/sbin/poweroff'656ln /rootfs/sbin/init /rootfs/sbin/poweroff657chmod +x /rootfs/sbin/poweroff658# some extensions like qemu-guest agent will call '/sbin/shutdown'659ln /rootfs/sbin/init /rootfs/sbin/shutdown660chmod +x /rootfs/sbin/shutdown661ln /rootfs/sbin/init /rootfs/sbin/wrapperd662chmod +x /rootfs/sbin/wrapperd663ln /rootfs/sbin/init /rootfs/sbin/dashboard664chmod +x /rootfs/sbin/dashboard665END666# NB: We run the cleanup step before creating extra directories, files, and667# symlinks to avoid accidentally cleaning them up.668COPY ./hack/cleanup.sh /toolchain/bin/cleanup.sh669RUN <<END670cleanup.sh /rootfs671mkdir -pv /rootfs/{boot/EFI,etc/cri/conf.d/hosts,lib/firmware,usr/local/share,usr/share/zoneinfo/Etc,mnt,system,opt,.extra}672mkdir -pv /rootfs/{etc/kubernetes/manifests,etc/cni/net.d,usr/libexec/kubernetes,/usr/local/lib/kubelet/credentialproviders}673mkdir -pv /rootfs/opt/{containerd/bin,containerd/lib}674END675COPY --chmod=0644 hack/zoneinfo/Etc/UTC /rootfs/usr/share/zoneinfo/Etc/UTC676COPY --chmod=0644 hack/nfsmount.conf /rootfs/etc/nfsmount.conf677COPY --chmod=0644 hack/containerd.toml /rootfs/etc/containerd/config.toml678COPY --chmod=0644 hack/cri-containerd.toml /rootfs/etc/cri/containerd.toml679COPY --chmod=0644 hack/cri-plugin.part /rootfs/etc/cri/conf.d/00-base.part680COPY --chmod=0644 hack/udevd/80-net-name-slot.rules /rootfs/usr/lib/udev/rules.d/681COPY --chmod=0644 hack/lvm.conf /rootfs/etc/lvm/lvm.conf682RUN <<END683ln -s /usr/share/zoneinfo/Etc/UTC /rootfs/etc/localtime684touch /rootfs/etc/{extensions.yaml,resolv.conf,hosts,os-release,machine-id,cri/conf.d/cri.toml,cri/conf.d/01-registries.part,cri/conf.d/20-customization.part}685ln -s /etc/ssl /rootfs/etc/pki686ln -s ca-certificates /rootfs/etc/ssl/certs/ca-certificates.crt687ln -s /etc/ssl /rootfs/usr/share/ca-certificates688ln -s /etc/ssl /rootfs/usr/local/share/ca-certificates689ln -s /etc/ssl /rootfs/etc/ca-certificates690END691FROM rootfs-base-${TARGETARCH} AS rootfs-base693RUN find /rootfs -print0 \694| xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}"695FROM rootfs-base-arm64 AS rootfs-squashfs-arm64697ARG ZSTD_COMPRESSION_LEVEL698RUN find /rootfs -print0 \699| xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}"700RUN mksquashfs /rootfs /rootfs.sqsh -all-root -noappend -comp zstd -Xcompression-level ${ZSTD_COMPRESSION_LEVEL} -no-progress701FROM rootfs-base-amd64 AS rootfs-squashfs-amd64703ARG ZSTD_COMPRESSION_LEVEL704RUN find /rootfs -print0 \705| xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}"706RUN mksquashfs /rootfs /rootfs.sqsh -all-root -noappend -comp zstd -Xcompression-level ${ZSTD_COMPRESSION_LEVEL} -no-progress707FROM scratch AS squashfs-arm64709COPY --from=rootfs-squashfs-arm64 /rootfs.sqsh /710FROM scratch AS squashfs-amd64712COPY --from=rootfs-squashfs-amd64 /rootfs.sqsh /713FROM scratch AS rootfs715COPY --from=rootfs-base /rootfs /716# The initramfs target provides the Talos initramfs image.718FROM build AS initramfs-archive-arm64720WORKDIR /initramfs721ARG ZSTD_COMPRESSION_LEVEL722COPY --from=squashfs-arm64 /rootfs.sqsh .723COPY --from=init-build-arm64 /init .724RUN find . -print0 \725| xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}"726RUN set -o pipefail \727&& find . 2>/dev/null \728| LC_ALL=c sort \729| cpio --reproducible -H newc -o \730| zstd -c -T0 -${ZSTD_COMPRESSION_LEVEL} \731> /initramfs.xz732FROM build AS initramfs-archive-amd64734WORKDIR /initramfs735ARG ZSTD_COMPRESSION_LEVEL736COPY --from=squashfs-amd64 /rootfs.sqsh .737COPY --from=init-build-amd64 /init .738RUN find . -print0 \739| xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}"740RUN set -o pipefail \741&& find . 2>/dev/null \742| LC_ALL=c sort \743| cpio --reproducible -H newc -o \744| zstd -c -T0 -${ZSTD_COMPRESSION_LEVEL} \745> /initramfs.xz746FROM initramfs-archive-${TARGETARCH} AS initramfs-archive748FROM scratch AS initramfs750ARG TARGETARCH751COPY --from=initramfs-archive /initramfs.xz /initramfs-${TARGETARCH}.xz752# The talos target generates a docker image that can be used to run Talos754# in containers.755FROM scratch AS talos757COPY --from=rootfs / /758LABEL org.opencontainers.image.source https://github.com/siderolabs/talos759ENTRYPOINT ["/sbin/init"]760# The installer target generates an image that can be used to install Talos to762# various environments.763FROM base AS installer-build764ARG GO_BUILDFLAGS765ARG GO_LDFLAGS766WORKDIR /src/cmd/installer767ARG TARGETARCH768RUN --mount=type=cache,target=/.cache GOOS=linux GOARCH=${TARGETARCH} go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS}" -o /installer769RUN chmod +x /installer770FROM alpine:3.18.4 AS unicode-pf2772RUN apk add --no-cache --update --no-scripts grub773FROM scratch AS install-artifacts-amd64775COPY --from=pkg-kernel-amd64 /boot/vmlinuz /usr/install/amd64/vmlinuz776COPY --from=initramfs-archive-amd64 /initramfs.xz /usr/install/amd64/initramfs.xz777COPY --from=pkg-sd-boot-amd64 /linuxx64.efi.stub /usr/install/amd64/systemd-stub.efi778COPY --from=pkg-sd-boot-amd64 /systemd-bootx64.efi /usr/install/amd64/systemd-boot.efi779FROM scratch AS install-artifacts-arm64781COPY --from=pkg-kernel-arm64 /boot/vmlinuz /usr/install/arm64/vmlinuz782COPY --from=initramfs-archive-arm64 /initramfs.xz /usr/install/arm64/initramfs.xz783COPY --from=pkg-sd-boot-arm64 /linuxaa64.efi.stub /usr/install/arm64/systemd-stub.efi784COPY --from=pkg-sd-boot-arm64 /systemd-bootaa64.efi /usr/install/arm64/systemd-boot.efi785FROM scratch AS install-artifacts-all787COPY --from=install-artifacts-amd64 / /788COPY --from=install-artifacts-arm64 / /789FROM install-artifacts-${TARGETARCH} AS install-artifacts-targetarch791FROM install-artifacts-${INSTALLER_ARCH} AS install-artifacts793FROM alpine:3.18.4 AS installer-image795ARG SOURCE_DATE_EPOCH796ENV SOURCE_DATE_EPOCH ${SOURCE_DATE_EPOCH}797RUN apk add --no-cache --update --no-scripts \798bash \799binutils-aarch64 \800binutils-x86_64 \801cpio \802dosfstools \803efibootmgr \804kmod \805mtools \806pigz \807qemu-img \808squashfs-tools \809tar \810util-linux \811xfsprogs \812xorriso \813xz \814zstd815ARG TARGETARCH816ENV TARGETARCH ${TARGETARCH}817COPY --from=installer-build /installer /bin/installer818COPY --chmod=0644 hack/extra-modules.conf /etc/modules.d/10-extra-modules.conf819COPY --from=pkg-grub / /820COPY --from=pkg-grub-arm64 /usr/lib/grub /usr/lib/grub821COPY --from=pkg-grub-amd64 /usr/lib/grub /usr/lib/grub822COPY --from=unicode-pf2 /usr/share/grub/unicode.pf2 /usr/share/grub/unicode.pf2823RUN ln /bin/installer /bin/imager824RUN find /bin /etc /lib /usr /sbin | grep -Ev '/etc/hosts|/etc/resolv.conf' \825| xargs -r touch --date="@${SOURCE_DATE_EPOCH}" --no-dereference826FROM scratch AS installer-image-squashed828COPY --from=installer-image / /829ARG TAG830ENV VERSION ${TAG}831LABEL "alpha.talos.dev/version"="${VERSION}"832LABEL org.opencontainers.image.source https://github.com/siderolabs/talos833ENTRYPOINT ["/bin/installer"]834FROM installer-image-squashed AS installer836COPY --from=install-artifacts / /837FROM installer-image-squashed AS imager839COPY --from=install-artifacts / /840ENTRYPOINT ["/bin/imager"]841FROM imager AS iso-amd64-build843ARG SOURCE_DATE_EPOCH844ENV SOURCE_DATE_EPOCH ${SOURCE_DATE_EPOCH}845RUN /bin/installer \846iso \847--arch amd64 \848--output /out849FROM imager AS iso-arm64-build851ARG SOURCE_DATE_EPOCH852ENV SOURCE_DATE_EPOCH ${SOURCE_DATE_EPOCH}853RUN /bin/installer \854iso \855--arch arm64 \856--output /out857FROM scratch AS iso-amd64859COPY --from=iso-amd64-build /out /860FROM scratch AS iso-arm64862COPY --from=iso-arm64-build /out /863FROM --platform=${BUILDPLATFORM} iso-${TARGETARCH} AS iso865# The test target performs tests on the source code.867FROM base AS unit-tests-runner868RUN unlink /etc/ssl869COPY --from=rootfs / /870ARG TESTPKGS871ENV PLATFORM container872ARG GO_LDFLAGS873RUN --security=insecure --mount=type=cache,id=testspace,target=/tmp --mount=type=cache,target=/.cache go test -failfast -v \874-ldflags "${GO_LDFLAGS}" \875-covermode=atomic -coverprofile=coverage.txt -coverpkg=${TESTPKGS} -count 1 -p 4 ${TESTPKGS}876FROM scratch AS unit-tests877COPY --from=unit-tests-runner /src/coverage.txt /coverage.txt878# The unit-tests-race target performs tests with race detector.880FROM base AS unit-tests-race882RUN unlink /etc/ssl883COPY --from=rootfs / /884ARG TESTPKGS885ENV PLATFORM container886ENV CGO_ENABLED 1887ARG GO_LDFLAGS888RUN --security=insecure --mount=type=cache,id=testspace,target=/tmp --mount=type=cache,target=/.cache go test -v \889-ldflags "${GO_LDFLAGS}" \890-race -count 1 -p 4 ${TESTPKGS}891# The integration-test targets builds integration test binary.893FROM base AS integration-test-linux-build895ARG GO_BUILDFLAGS896ARG GO_LDFLAGS897ARG GOAMD64898RUN --mount=type=cache,target=/.cache GOOS=linux GOARCH=amd64 GOAMD64=${GOAMD64} go test -v -c ${GO_BUILDFLAGS} \899-ldflags "${GO_LDFLAGS}" \900-tags integration,integration_api,integration_cli,integration_k8s \901./internal/integration902FROM scratch AS integration-test-linux904COPY --from=integration-test-linux-build /src/integration.test /integration-test-linux-amd64905FROM base AS integration-test-darwin-build907ARG GO_BUILDFLAGS908ARG GO_LDFLAGS909ARG GOAMD64910RUN --mount=type=cache,target=/.cache GOOS=darwin GOARCH=amd64 GOAMD64=${GOAMD64} go test -v -c ${GO_BUILDFLAGS} \911-ldflags "${GO_LDFLAGS}" \912-tags integration,integration_api,integration_cli,integration_k8s \913./internal/integration914FROM scratch AS integration-test-darwin916COPY --from=integration-test-darwin-build /src/integration.test /integration-test-darwin-amd64917# The integration-test-provision target builds integration test binary with provisioning tests.919FROM base AS integration-test-provision-linux-build921ARG GO_BUILDFLAGS922ARG GO_LDFLAGS923ARG GOAMD64924RUN --mount=type=cache,target=/.cache GOOS=linux GOARCH=amd64 GOAMD64=${GOAMD64} go test -v -c ${GO_BUILDFLAGS} \925-ldflags "${GO_LDFLAGS}" \926-tags integration,integration_provision \927./internal/integration928FROM scratch AS integration-test-provision-linux930COPY --from=integration-test-provision-linux-build /src/integration.test /integration-test-provision-linux-amd64931# The module-sig-verify targets builds module-sig-verify binary.933FROM build-go AS module-sig-verify-linux-build934ARG GO_BUILDFLAGS935ARG GO_LDFLAGS936ARG GOAMD64937WORKDIR /src/module-sig-verify938COPY ./hack/module-sig-verify/go.mod ./hack/module-sig-verify/go.sum ./939RUN --mount=type=cache,target=/.cache go mod download940COPY ./hack/module-sig-verify/main.go .941RUN --mount=type=cache,target=/.cache GOOS=linux GOARCH=amd64 GOAMD64=${GOAMD64} go build -o module-sig-verify .942FROM scratch AS module-sig-verify-linux944COPY --from=module-sig-verify-linux-build /src/module-sig-verify/module-sig-verify /module-sig-verify-linux-amd64945# The lint target performs linting on the source code.947FROM base AS lint-go948COPY .golangci.yml .949ENV GOGC=50950ENV GOLANGCI_LINT_CACHE=/.cache/lint951RUN golangci-lint config verify --config .golangci.yml952RUN --mount=type=cache,target=/.cache golangci-lint run --config .golangci.yml953WORKDIR /src/pkg/machinery954RUN --mount=type=cache,target=/.cache golangci-lint run --config ../../.golangci.yml955COPY ./hack/cloud-image-uploader /src/hack/cloud-image-uploader956WORKDIR /src/hack/cloud-image-uploader957RUN --mount=type=cache,target=/.cache golangci-lint run --config ../../.golangci.yml958WORKDIR /src959RUN --mount=type=cache,target=/.cache importvet github.com/siderolabs/talos/...960# The protolint target performs linting on protobuf files.962FROM base AS lint-protobuf964WORKDIR /src/api965COPY api .966RUN --mount=type=cache,target=/.cache prototool lint --protoc-bin-path=/toolchain/bin/protoc --protoc-wkt-path=/toolchain/include967RUN --mount=type=cache,target=/.cache prototool break check --descriptor-set-path=api.descriptors --protoc-bin-path=/toolchain/bin/protoc --protoc-wkt-path=/toolchain/include968# The markdownlint target performs linting on Markdown files.970FROM oven/bun:1-alpine AS lint-markdown972ARG MARKDOWNLINTCLI_VERSION973ARG TEXTLINT_VERSION974ARG TEXTLINT_FILTER_RULE_COMMENTS_VERSION975ARG TEXTLINT_RULE_ONE_SENTENCE_PER_LINE_VERSION976RUN apk add --no-cache findutils977RUN bun i -g markdownlint-cli@${MARKDOWNLINTCLI_VERSION} textlint@${TEXTLINT_VERSION} textlint-filter-rule-comments@${TEXTLINT_FILTER_RULE_COMMENTS_VERSION} textlint-rule-one-sentence-per-line@${TEXTLINT_RULE_ONE_SENTENCE_PER_LINE_VERSION}978WORKDIR /src979COPY . .980RUN bun run --bun markdownlint \981--ignore '**/LICENCE.md' \982--ignore '**/CHANGELOG.md' \983--ignore '**/CODE_OF_CONDUCT.md' \984--ignore '**/node_modules/**' \985--ignore '**/hack/chglog/**' \986--ignore 'website/content/*/reference/*' \987--ignore 'website/themes/**' \988--disable MD045 MD056 -- \989.990RUN find . \991-name '*.md' \992-not -path './LICENCE.md' \993-not -path './CHANGELOG.md' \994-not -path './CODE_OF_CONDUCT.md' \995-not -path '*/node_modules/*' \996-not -path './hack/chglog/**' \997-not -path './website/content/*/reference/*' \998-not -path './website/themes/**' \999-print0 \1000| xargs -0 bun run --bun textlint1001# The docs target generates documentation.1003FROM base AS docs-build1005ARG TARGETOS1006ARG TARGETARCH1007WORKDIR /src1008COPY --from=talosctl-targetarch /talosctl-${TARGETOS}-${TARGETARCH} /bin/talosctl1009RUN env HOME=/home/user TAG=latest /bin/talosctl docs --config /tmp/configuration \1010&& env HOME=/home/user TAG=latest /bin/talosctl docs --cli /tmp1011COPY ./pkg/machinery/config/schemas/*.schema.json /tmp/schemas/1012FROM pseudomuto/protoc-gen-doc AS proto-docs-build1014COPY --from=generate-build /api /protos1015COPY ./hack/protoc-gen-doc/markdown.tmpl /tmp/markdown.tmpl1016RUN protoc \1017-I/protos \1018-I/protos/common \1019-I/protos/resource/definitions \1020-I/protos/inspect \1021-I/protos/machine \1022-I/protos/resource \1023-I/protos/security \1024-I/protos/storage \1025-I/protos/time \1026-I/protos/vendor \1027--doc_opt=/tmp/markdown.tmpl,api.md \1028--doc_out=/tmp \1029/protos/common/*.proto \1030/protos/resource/definitions/**/*.proto \1031/protos/inspect/*.proto \1032/protos/machine/*.proto \1033/protos/security/*.proto \1034/protos/storage/*.proto \1035/protos/time/*.proto1036FROM scratch AS docs1038COPY --from=docs-build /tmp/configuration/ /website/content/v1.8/reference/configuration/1039COPY --from=docs-build /tmp/cli.md /website/content/v1.8/reference/1040COPY --from=docs-build /tmp/schemas /website/content/v1.8/schemas/1041COPY --from=proto-docs-build /tmp/api.md /website/content/v1.8/reference/1042# The talosctl-cni-bundle builds the CNI bundle for talosctl.1044FROM scratch AS talosctl-cni-bundle1046ARG TARGETARCH1047COPY --from=extras-talosctl-cni-bundle-install /opt/cni/bin/ /talosctl-cni-bundle-${TARGETARCH}/1048# The go-mod-outdated target lists all outdated modules.1050FROM base AS go-mod-outdated1052RUN --mount=type=cache,target=/.cache go install github.com/psampaz/go-mod-outdated@latest \1053&& mv /go/bin/go-mod-outdated /toolchain/go/bin/go-mod-outdated1054COPY ./hack/cloud-image-uploader ./hack/cloud-image-uploader1055COPY ./hack/docgen ./hack/docgen1056COPY ./hack/gotagsrewrite ./hack/gotagsrewrite1057COPY ./hack/module-sig-verify ./hack/module-sig-verify1058COPY ./hack/structprotogen ./hack/structprotogen1059# fail always to get the output back1060RUN --mount=type=cache,target=/.cache <<EOF1061for project in pkg/machinery . hack/cloud-image-uploader hack/docgen hack/gotagsrewrite hack/module-sig-verify hack/structprotogen; do1062echo -e "\n>>>> ${project}:" && \1063(cd "${project}" && go list -u -m -json all | go-mod-outdated -update -direct)1064done1065exit 11067EOF1068