From 54675558fd0da918fe1af6a480285f2c20a06147 Mon Sep 17 00:00:00 2001
From: Ahmad Mahmoudi <ahmad.mahmoudi@att.com>
Date: Mon, 6 Jan 2020 16:53:17 -0600
Subject: [PATCH] Update image build script to run in a docker

Updated Makefile to run the build baclient package for go on the
host instead of as a docker container, to allow the Makefile be
called from another container. Reason being, in a docker-in-docker,
volume mapping requires knowledge of host filesystem path instead
of the docker daemon filesystem path.

Corrected proxy configuration in the scripts to use the USE_PROXY,
PROXY and NO_PROXY environment variables.

Updated Dockerfile to add multi-stage build, to avoid including the
golang-go package in the docker image. Stage one creates the
baclient Go library, and stage two creates the drydock image, and
copies the baclient from stage one image.

Change-Id: I29a30e870da8f44279dcd62bb1173165fa939d43
---
 Makefile                     | 10 +++++-----
 hostdeps.sh                  |  6 +++---
 images/drydock/Dockerfile    | 27 ++++++++++++++++++++++++++-
 tools/baclient_build.sh      | 22 ++++++++++++++++++++++
 tools/drydock_image_build.sh | 19 ++++++++++++-------
 5 files changed, 68 insertions(+), 16 deletions(-)
 create mode 100755 tools/baclient_build.sh

diff --git a/Makefile b/Makefile
index 792a19cf..c4d5b08f 100644
--- a/Makefile
+++ b/Makefile
@@ -27,7 +27,6 @@ PUSH_IMAGE      	?= false
 LABEL           	?= org.airshipit.build=community
 COMMIT          	?= $(shell git rev-parse HEAD)
 IMAGE           	?= ${DOCKER_REGISTRY}/${IMAGE_PREFIX}/${IMAGE_NAME}:${IMAGE_TAG}
-GO_BUILDER      	?= docker.io/golang:1.10-stretch
 
 export
 
@@ -91,7 +90,7 @@ helm-install:
 
 # Make targets intended for use by the primary targets above.
 
-build_drydock: external_dep build_baclient
+build_drydock: external_dep
 	export; tools/drydock_image_build.sh
 ifeq ($(PUSH_IMAGE), true)
 	docker push $(IMAGE)
@@ -99,11 +98,12 @@ endif
 
 # Make target for building bootaction signal client
 build_baclient: external_dep
-	docker run -tv $(shell realpath go):/work -v $(shell realpath $(BUILD_DIR)):/build -e GOPATH=/work $(GO_BUILDER)  go build -o /build/baclient baclient
+	sudo ./tools/baclient_build.sh $(shell realpath go) $(shell realpath ${BUILD_DIR})
+	touch ./baclient_built
 
 # Make target for testing bootaction signal client
-test_baclient: external_dep
-	docker run -tv $(shell realpath go):/work -e GOPATH=/work $(GO_BUILDER)  go test -v baclient
+test_baclient: external_dep build_baclient
+	GOPATH=$(shell realpath go) go test -v baclient
 
 docs: clean drydock_docs
 
diff --git a/hostdeps.sh b/hostdeps.sh
index 63620774..1fbe4552 100755
--- a/hostdeps.sh
+++ b/hostdeps.sh
@@ -6,8 +6,8 @@ set -x
 
 if [[ ! -z $(uname -a | grep Ubuntu) ]]
 then
-  apt update
-  installed_pkgs=$(apt list --installed | cut -d'/' -f1)
+  apt-get update
+  installed_pkgs=$(dpkg --get-selections | awk '!/deinstall/ { gsub(/:.*/,"",$1); print $1 }')
   set -a added_pkgs
   for reqfile in $(ls requirements-host*.txt)
   do
@@ -33,7 +33,7 @@ then
   done
   if [[ ${#added_pkgs[@]} -gt 0 ]]
   then
-    DEBIAN_FRONTEND=noninteractive apt \
+    DEBIAN_FRONTEND=noninteractive apt-get \
       -o Dpkg::Options::="--force-confdef" \
       -o Dpkg::Options::="--force-confold" \
       install -y --no-install-recommends "${added_pkgs[@]}"
diff --git a/images/drydock/Dockerfile b/images/drydock/Dockerfile
index 1ef8730a..da3212ea 100644
--- a/images/drydock/Dockerfile
+++ b/images/drydock/Dockerfile
@@ -13,6 +13,31 @@
 # limitations under the License.
 
 ARG FROM=ubuntu:16.04
+FROM ${FROM} AS baclient_builder
+
+ARG UBUNTU_REPO=http://archive.ubuntu.com/ubuntu
+ARG TRUSTED_UBUNTU_REPO=no
+ARG ALLOW_UNAUTHENTICATED=false
+ARG BUILD_DIR
+ENV container docker
+ENV LC_ALL C.UTF-8
+ENV LANG C.UTF-8
+
+# Copy direct dependency requirements only to build a dependency layer
+RUN echo "deb  ${UBUNTU_REPO} xenial main restricted universe multiverse" > /etc/apt/sources.list; \
+    echo "deb  ${UBUNTU_REPO} xenial-security main restricted universe multiverse" >> /etc/apt/sources.list; \
+    echo "deb  ${UBUNTU_REPO} xenial-updates main restricted universe multiverse" >> /etc/apt/sources.list; \
+    cat /etc/apt/sources.list; \
+    echo "APT::Get::AllowUnauthenticated ${ALLOW_UNAUTHENTICATED};" >> /etc/apt/apt.conf.d/00-local-mirrors;
+
+
+COPY ./tools/baclient_build.sh /tmp/drydock/
+COPY ./go /tmp/drydock/go
+WORKDIR /tmp/drydock
+RUN ./baclient_build.sh /tmp/drydock/go /tmp/drydock/baclient; \
+    rm -r /var/lib/apt/lists/*
+
+
 FROM ${FROM}
 
 LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc://#airshipit@freenode' \
@@ -60,7 +85,7 @@ COPY ./alembic /tmp/drydock/alembic
 COPY ./alembic.ini /tmp/drydock/alembic.ini
 COPY ./entrypoint.sh /tmp/drydock/entrypoint.sh
 
-COPY ${BUILD_DIR}/baclient /tmp/drydock/python/drydock_provisioner/assets/baclient
+COPY --from=baclient_builder /tmp/drydock/baclient /tmp/drydock/python/drydock_provisioner/assets/baclient
 
 
 EXPOSE $PORT
diff --git a/tools/baclient_build.sh b/tools/baclient_build.sh
new file mode 100755
index 00000000..b9187642
--- /dev/null
+++ b/tools/baclient_build.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# Install golang-go package, and build the baclient library
+set -x
+
+if $(uname -a | grep -q Ubuntu); then
+  GOPATH=$1
+  BUILD_DIR=$2
+  if [[ ! -f ./baclient_built ]]; then
+    apt-get update
+    DEBIAN_FRONTEND=noninteractive apt-get \
+      -o Dpkg::Options::="--force-confdef" \
+      -o Dpkg::Options::="--force-confold" \
+      install -y --no-install-recommends golang-go
+    GOPATH=${GOPATH} go build -o ${BUILD_DIR}/baclient baclient
+  else
+    echo "Baclient library is already built. No action."
+  fi
+else
+  echo "Only support testing on Ubuntu hosts at this time."
+fi
+
diff --git a/tools/drydock_image_build.sh b/tools/drydock_image_build.sh
index c6a72c35..0709841e 100755
--- a/tools/drydock_image_build.sh
+++ b/tools/drydock_image_build.sh
@@ -28,16 +28,21 @@ then
   ADDL_BUILD_ARGS="${ADDL_BUILD_ARGS} --build-arg PIP_TRUSTED_HOST=${PIP_TRUSTED_HOST}"
 fi
 
+PROXY_ARGS=""
+if [[ "${USE_PROXY}" == true ]]; then
+  PROXY_ARGS="--build-arg http_proxy=${PROXY} \
+    --build-arg https_proxy=${PROXY} \
+    --build-arg HTTP_PROXY=${PROXY} \
+    --build-arg HTTPS_PROXY=${PROXY} \
+    --build-arg no_proxy=${NO_PROXY} \
+    --build-arg NO_PROXY=${NO_PROXY}"
+fi
+
 docker build --network host -t ${IMAGE} --label ${LABEL} \
   --label org.opencontainers.image.revision=${COMMIT} \
   --label org.opencontainers.image.created="$(date --rfc-3339=seconds --utc)" \
   --label org.opencontainers.image.title=${IMAGE_NAME} \
   -f images/drydock/Dockerfile \
-  ${ADDL_BUILD_ARGS} \
   --build-arg BUILD_DIR=${BUILD_DIR} \
-  --build-arg http_proxy=${http_proxy} \
-  --build-arg https_proxy=${https_proxy} \
-  --build-arg HTTP_PROXY=${HTTP_PROXY} \
-  --build-arg HTTPS_PROXY=${HTTPS_PROXY} \
-  --build-arg no_proxy=${no_proxy} \
-  --build-arg NO_PROXY=${NO_PROXY} .
+  ${PROXY_ARGS} \
+  ${ADDL_BUILD_ARGS} .
\ No newline at end of file