Use buildkit on cloudbuild (#16)

Author: zchee

.dockerignore

@@ -1,2 +1,10 @@
-*
-*/
+.git/
+hack/
+.dockerignore
+.gcloudignore
+.gitattributes
+.gitignore
+Dockerfile
+LICENSE
+README.md
+cloudbuild.yaml

.gcloudignore

@@ -1,3 +1,5 @@
 #!include:.dockerignore
+
 !cloudbuild.*.yaml
 !Dockerfile
+!hack/

Dockerfile

@@ -1,10 +1,9 @@
-# syntax = docker.io/docker/dockerfile-upstream:master-experimental
+# syntax=docker/dockerfile:1.3
 
 ARG GOLANG_VERSION
 ARG ALPINE_VERSION
 
-# target: protoc-builder
-FROM docker.io/debian:buster-slim AS protoc-builder
+FROM debian:bullseye-slim AS protoc-builder
 ENV DEBIAN_FRONTEND=noninteractive
 ARG PROTOC_VERSION
 RUN set -eux && \
@@ -18,71 +17,66 @@ RUN set -eux && \
 	unzip protoc-${PROTOC_VERSION}-linux-x86_64.zip -d protoc && \
 	rm protoc-${PROTOC_VERSION}-linux-x86_64.zip
 
-# target: protoc
 FROM gcr.io/distroless/base:nonroot AS protoc
 COPY --from=protoc-builder --chown=nonroot:nonroot /protoc/bin/protoc /
 COPY --from=protoc-builder --chown=nonroot:nonroot /protoc/include/google/ /usr/local/include/google
 USER nonroot:nonroot
-LABEL \
-	maintainer="The containerz Authors" \
+LABEL maintainer="The containerz Authors" \
 	org.opencontainers.image.title="gcr.io/containerz/protoc/protoc" \
 	org.opencontainers.image.description="protoc container image" \
 	org.opencontainers.image.url="https://github.com/containerz-dev/protoc" \
 	org.opencontainers.image.source="[email protected]:containerz-dev/protoc" 
 ENTRYPOINT ["/protoc"]
 
-# target: protoc-debug
 FROM gcr.io/distroless/base:debug-nonroot AS protoc-debug
 COPY --from=protoc-builder --chown=nonroot:nonroot /protoc/bin/protoc /
 COPY --from=protoc-builder --chown=nonroot:nonroot /protoc/include/google/ /usr/local/include/google
 USER nonroot:nonroot
-LABEL \
-	maintainer="The containerz Authors" \
+LABEL maintainer="The containerz Authors" \
 	org.opencontainers.image.title="gcr.io/containerz/protoc/protoc:debug" \
 	org.opencontainers.image.description="protoc container image" \
 	org.opencontainers.image.url="https://github.com/containerz-dev/protoc" \
 	org.opencontainers.image.source="[email protected]:containerz-dev/protoc" 
 ENTRYPOINT ["/protoc"]
 
-# target: golang-builder
-FROM docker.io/golang:${GOLANG_VERSION}-alpine${ALPINE_VERSION} AS golang-builder
+FROM golang:${GOLANG_VERSION}-alpine${ALPINE_VERSION} AS golang-builder
 ENV \
 	OUTDIR=/out \
 	CGO_ENABLED=0 \
 	GO111MODULE=on
 RUN set -eux && \
-	apk --no-cache add \
+	apk add --no-cache \
+		build-base \
 		git
 ARG PROTOC_GEN_GO_VERSION
+RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache \
+	set -eux && \
+	GOBIN="${OUTDIR}/usr/local/bin" go install -v -tags='osusergo,netgo,static,static_build' -buildmode=pie -ldflags='-s -w -d -linkmode external "-extldflags=-static-pie"' -installsuffix='netgo' \
+		google.golang.org/protobuf/cmd/protoc-gen-go@${PROTOC_GEN_GO_VERSION}
 ARG PROTOC_GEN_GO_GRPC_VERSION
-RUN set -eux && \
-	GOBIN="${OUTDIR}/usr/local/bin" go install -v -trimpath -tags='osusergo,netgo,static' -gcflags="all=-trimpath=${GOPATH}" -ldflags="-d -s -w '-extldflags=-static'" -asmflags="all=-trimpath=${GOPATH}" -installsuffix='netgo' \
-		google.golang.org/protobuf/cmd/protoc-gen-go@${PROTOC_GEN_GO_VERSION} && \
-	GOBIN="${OUTDIR}/usr/local/bin" go install -v -trimpath -tags='osusergo,netgo,static' -gcflags="all=-trimpath=${GOPATH}" -ldflags="-d -s -w '-extldflags=-static'" -asmflags="all=-trimpath=${GOPATH}" -installsuffix='netgo' \
+RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache \
+	set -eux && \
+	GOBIN="${OUTDIR}/usr/local/bin" go install -v -tags='osusergo,netgo,static,static_build' -buildmode=pie -ldflags='-s -w -d -linkmode external "-extldflags=-static-pie"' -installsuffix='netgo' \
 		google.golang.org/grpc/cmd/protoc-gen-go-grpc@${PROTOC_GEN_GO_GRPC_VERSION}
 
-# target: golang
 FROM gcr.io/distroless/base:nonroot AS golang
 USER nonroot:nonroot
 COPY --from=golang-builder --chown=nonroot:nonroot /out/ /
 COPY --from=protoc --chown=nonroot:nonroot /protoc /usr/local/bin/protoc
 COPY --from=protoc --chown=nonroot:nonroot /usr/local/include /usr/local/include/
-LABEL \
-	maintainer="The containerz Authors" \
+LABEL maintainer="The containerz Authors" \
 	org.opencontainers.image.title="gcr.io/containerz/protoc/golang" \
 	org.opencontainers.image.description="protoc and protoc-gen-go related binaries container image" \
 	org.opencontainers.image.url="https://github.com/containerz-dev/protoc" \
 	org.opencontainers.image.source="[email protected]:containerz-dev/protoc" 
 ENTRYPOINT ["protoc"]
 
-# target: golang-debug
 FROM gcr.io/distroless/base:debug-nonroot AS golang-debug
 USER nonroot:nonroot
 COPY --from=golang-builder --chown=nonroot:nonroot /out/ /
 COPY --from=protoc-debug --chown=nonroot:nonroot /protoc /usr/local/bin/protoc
 COPY --from=protoc-debug --chown=nonroot:nonroot /usr/local/include /usr/local/include/
-LABEL \
-	maintainer="The containerz Authors" \
+LABEL maintainer="The containerz Authors" \
 	org.opencontainers.image.title="gcr.io/containerz/protoc/golang:debug" \
 	org.opencontainers.image.description="protoc and protoc-gen-go related binaries container image" \
 	org.opencontainers.image.url="https://github.com/containerz-dev/protoc" \

cloudbuild.yaml

@@ -1,94 +1,142 @@
 steps:
+  - id: docker
+    name: docker:20.10
+    args:
+      - build
+      - --target=docker
+      - --build-arg=DOCKER_VERSION=${_DOCKER_VERSION}
+      - --build-arg=BUILDX_DIGEST=${_BUILDX_DIGEST}
+      - --tag=docker-buildx:cloudbuild
+      - --file=hack/dockerfiles/buildx.dockerfile
+      - hack/dockerfiles
+    env:
+      - "DOCKER_BUILDKIT=1"
+    waitFor: ["-"]
+
+  - id: protoc-builder
+    name: docker-buildx:cloudbuild
+    args:
+      - buildx
+      - build
+      - --target=protoc-builder
+      - --build-arg=BUILDKIT_INLINE_CACHE=1
+      - --build-arg=PROTOC_VERSION=${_PROTOC_VERSION}
+      - --build-arg=GOLANG_VERSION=${_GOLANG_VERSION}
+      - --build-arg=ALPINE_VERSION=${_ALPINE_VERSION}
+      - --allow=network.host
+      - --network=host
+      - .
+    waitFor: ["docker"]
+
   - id: protoc
-    name: gcr.io/kaniko-project/executor:latest
+    name: docker-buildx:cloudbuild
     args:
-      - --destination=gcr.io/$PROJECT_ID/protoc/protoc:${_PROTOC_VERSION}
-      - --destination=gcr.io/$PROJECT_ID/protoc/protoc:latest
-      - --cache=true
-      - --cache-repo=gcr.io/$PROJECT_ID/protoc/protoc/cache
-      - --dockerfile=Dockerfile
-      - --context=dir:///workspace
-      - --reproducible
-      - --log-timestamp
-      - --skip-unused-stages=true
+      - buildx
+      - build
       - --target=protoc
-      - --use-new-run
+      - --build-arg=BUILDKIT_INLINE_CACHE=1
       - --build-arg=PROTOC_VERSION=${_PROTOC_VERSION}
       - --build-arg=GOLANG_VERSION=${_GOLANG_VERSION}
       - --build-arg=ALPINE_VERSION=${_ALPINE_VERSION}
-    waitFor: ['-']
+      - --output=type=image,name=gcr.io/$PROJECT_ID/protoc/protoc:${_PROTOC_VERSION},push=false
+      - --allow=network.host
+      - --network=host
+      - .
+    waitFor:
+      - "protoc-builder"
 
   - id: protoc-debug
-    name: gcr.io/kaniko-project/executor:latest
+    name: docker-buildx:cloudbuild
     args:
-      - --destination=gcr.io/$PROJECT_ID/protoc/protoc:${_PROTOC_VERSION}-debug
-      - --destination=gcr.io/$PROJECT_ID/protoc/protoc:debug
-      - --cache=true
-      - --cache-repo=gcr.io/$PROJECT_ID/protoc/protoc/cache
-      - --dockerfile=Dockerfile
-      - --context=dir:///workspace
-      - --reproducible
-      - --log-timestamp
-      - --skip-unused-stages=true
+      - buildx
+      - build
       - --target=protoc-debug
-      - --use-new-run
+      - --build-arg=BUILDKIT_INLINE_CACHE=1
+      - --build-arg=PROTOC_VERSION=${_PROTOC_VERSION}
+      - --build-arg=GOLANG_VERSION=${_GOLANG_VERSION}
+      - --build-arg=ALPINE_VERSION=${_ALPINE_VERSION}
+      - --output=type=image,name=gcr.io/$PROJECT_ID/protoc/protoc:${_PROTOC_VERSION}-debug,push=false
+      - --allow=network.host
+      - --network=host
+      - .
+    waitFor:
+      - "protoc-builder"
+
+  - id: golang-builder
+    name: docker-buildx:cloudbuild
+    args:
+      - buildx
+      - build
+      - --target=golang-builder
+      - --build-arg=BUILDKIT_INLINE_CACHE=1
       - --build-arg=PROTOC_VERSION=${_PROTOC_VERSION}
       - --build-arg=GOLANG_VERSION=${_GOLANG_VERSION}
       - --build-arg=ALPINE_VERSION=${_ALPINE_VERSION}
-    waitFor: ['-']
+      - --build-arg=PROTOC_GEN_GO_VERSION=${_PROTOC_GEN_GO_VERSION}
+      - --build-arg=PROTOC_GEN_GO_GRPC_VERSION=${_PROTOC_GEN_GO_GRPC_VERSION}
+      - --allow=network.host
+      - --network=host
+      - .
+    waitFor:
+      - "protoc"
+      - "protoc-debug"
 
   - id: golang
-    name: gcr.io/kaniko-project/executor:latest
+    name: docker-buildx:cloudbuild
     args:
-      - --destination=gcr.io/$PROJECT_ID/protoc/golang:${_PROTOC_VERSION}-${_GOLANG_VERSION}
-      - --destination=gcr.io/$PROJECT_ID/protoc/golang:${_PROTOC_VERSION}
-      - --destination=gcr.io/$PROJECT_ID/protoc/golang:latest
-      - --cache=true
-      - --cache-repo=gcr.io/$PROJECT_ID/protoc/golang/cache
-      - --dockerfile=Dockerfile
-      - --context=dir:///workspace
-      - --reproducible
-      - --log-timestamp
-      - --skip-unused-stages=true
+      - buildx
+      - build
       - --target=golang
-      - --use-new-run
+      - --build-arg=BUILDKIT_INLINE_CACHE=1
       - --build-arg=PROTOC_VERSION=${_PROTOC_VERSION}
       - --build-arg=GOLANG_VERSION=${_GOLANG_VERSION}
       - --build-arg=ALPINE_VERSION=${_ALPINE_VERSION}
       - --build-arg=PROTOC_GEN_GO_VERSION=${_PROTOC_GEN_GO_VERSION}
       - --build-arg=PROTOC_GEN_GO_GRPC_VERSION=${_PROTOC_GEN_GO_GRPC_VERSION}
+      - --tag=gcr.io/$PROJECT_ID/protoc/golang:${_PROTOC_VERSION}-${_GOLANG_VERSION}
+      - --tag=gcr.io/$PROJECT_ID/protoc/golang:${_PROTOC_VERSION}
+      - --allow=network.host
+      - --network=host
+      - .
     waitFor:
-      - protoc
+      - "golang-builder"
 
   - id: golang-debug
-    name: gcr.io/kaniko-project/executor:latest
+    name: docker-buildx:cloudbuild
     args:
-      - --destination=gcr.io/$PROJECT_ID/protoc/golang:${_PROTOC_VERSION}-${_GOLANG_VERSION}-debug
-      - --destination=gcr.io/$PROJECT_ID/protoc/golang:${_PROTOC_VERSION}-debug
-      - --destination=gcr.io/$PROJECT_ID/protoc/golang:debug
-      - --cache=true
-      - --cache-repo=gcr.io/$PROJECT_ID/protoc/golang/cache
-      - --dockerfile=Dockerfile
-      - --context=dir:///workspace
-      - --reproducible
-      - --log-timestamp
-      - --skip-unused-stages=true
+      - buildx
+      - build
       - --target=golang-debug
-      - --use-new-run
+      - --build-arg=BUILDKIT_INLINE_CACHE=1
       - --build-arg=PROTOC_VERSION=${_PROTOC_VERSION}
       - --build-arg=GOLANG_VERSION=${_GOLANG_VERSION}
       - --build-arg=ALPINE_VERSION=${_ALPINE_VERSION}
       - --build-arg=PROTOC_GEN_GO_VERSION=${_PROTOC_GEN_GO_VERSION}
       - --build-arg=PROTOC_GEN_GO_GRPC_VERSION=${_PROTOC_GEN_GO_GRPC_VERSION}
+      - --tag=gcr.io/$PROJECT_ID/protoc/golang:${_PROTOC_VERSION}-${_GOLANG_VERSION}-debug
+      - --tag=gcr.io/$PROJECT_ID/protoc/golang:${_PROTOC_VERSION}-debug
+      - --allow=network.host
+      - --network=host
+      - .
     waitFor:
-      - protoc-debug
+      - "golang-builder"
 
 substitutions:
-  _PROTOC_VERSION: "3.15.7"
-  _GOLANG_VERSION: "1.16"
-  _ALPINE_VERSION: "3.13"
-  _PROTOC_GEN_GO_VERSION: "v1.26.0"
-  _PROTOC_GEN_GO_GRPC_VERSION: "v1.1.0"
+  _DOCKER_VERSION: "20.10"
+  _BUILDX_DIGEST: "2ec838c5f74e1cdd5e6ea4e789c0c0f5573807550b50b2ddc6deb2c2033a286b"  # https://github.com/docker/buildx/tree/084b6c0a95ce, https://github.com/docker/buildx/runs/3947339794
+  _PROTOC_VERSION: "3.19.0"  # https://github.com/protocolbuffers/protobuf/releases/tag/v3.19.0
+  _GOLANG_VERSION: "1.17"
+  _ALPINE_VERSION: "3.14"
+  _PROTOC_GEN_GO_VERSION: "v1.27.1"  # https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.27.1
+  _PROTOC_GEN_GO_GRPC_VERSION: "9c668aeab869"  # https://github.com/grpc/grpc-go/tree/9c668aeab869
+
+images:
+  - "gcr.io/$PROJECT_ID/protoc/protoc:${_PROTOC_VERSION}"
+  - "gcr.io/$PROJECT_ID/protoc/protoc:${_PROTOC_VERSION}-debug"
+  - "gcr.io/$PROJECT_ID/protoc/golang:${_PROTOC_VERSION}-${_GOLANG_VERSION}"
+  - "gcr.io/$PROJECT_ID/protoc/golang:${_PROTOC_VERSION}"
+  - "gcr.io/$PROJECT_ID/protoc/golang:${_PROTOC_VERSION}-${_GOLANG_VERSION}-debug"
+  - "gcr.io/$PROJECT_ID/protoc/golang:${_PROTOC_VERSION}-debug"
 
 tags:
   - "protoc.protoc"

hack/dockerfiles/buildx.dockerfile

@@ -0,0 +1,10 @@
+# syntax=docker/dockerfile:1.3
+
+ARG DOCKER_VERSION
+ARG BUILDX_DIGEST
+
+FROM --platform=$BUILDPLATFORM docker/buildx-bin@sha256:${BUILDX_DIGEST} AS buildx
+
+FROM --platform=$BUILDPLATFORM docker:${DOCKER_VERSION} AS docker
+COPY --from=buildx /buildx /usr/libexec/docker/cli-plugins/docker-buildx
+RUN docker buildx version