Dockerfile.test: split dev stage, and optimize order

thaJeztah · thaJeztah · commit e9f26eb877fa · 2021-07-17T17:08:04.000+02:00
This makes the following changes:

- The containerd/config.toml, and docker-entrypoint.sh only occasionally change,
  so copy them before copying the source code to allow them to be cached.
- The cri-in-userns stage does not need files from proto3, so do not copy them
- The dev environment does need the file from the proto3 stage, so copy them there.
- Change the order of stages. Our CI uses `podman build` which (I think) does not
  skips stages that are not used for the specified target (like BuildKit does).
  So I moved stages that are not used for the `cri-in-userns` after that stage.

Signed-off-by: Sebastiaan van Stijn &lt;github@gone.nl&gt;
diff --git a/contrib/Dockerfile.test b/contrib/Dockerfile.test
@@ -12,25 +12,10 @@
 
 ARG GOLANG_VERSION=1.16.6
 
-FROM golang:${GOLANG_VERSION} AS golang-base
-RUN mkdir -p /go/src/github.com/containerd/containerd
-WORKDIR /go/src/github.com/containerd/containerd
-
-# Install proto3
-FROM golang-base AS proto3
-RUN apt-get update && apt-get install -y \
-   autoconf \
-   automake \
-   g++ \
-   libtool \
-   unzip \
- --no-install-recommends
-
-COPY script/setup/install-protobuf install-protobuf
-RUN ./install-protobuf
+FROM golang:${GOLANG_VERSION} AS golang
 
 # Install runc
-FROM golang-base AS runc
+FROM golang AS runc
 RUN apt-get update && apt-get install -y \
     libseccomp-dev \
   --no-install-recommends
@@ -41,38 +26,53 @@ ARG RUNC_VERSION
 ARG GOPROXY=direct
 RUN ./install-runc
 
-FROM golang-base AS dev
+FROM golang AS build-env
 RUN apt-get update && apt-get install -y \
     libbtrfs-dev \
     btrfs-progs \
     libseccomp-dev \
     xfsprogs \
   --no-install-recommends
-
-COPY --from=proto3 /usr/local/bin/protoc     /usr/local/bin/protoc
-COPY --from=proto3 /usr/local/include/google /usr/local/include/google
-COPY --from=runc   /usr/local/sbin/runc      /usr/local/go/bin/runc
-
-COPY . .
+RUN mkdir -p /go/src/github.com/containerd/containerd
+WORKDIR /go/src/github.com/containerd/containerd
 
 # cri-in-userns stage is for testing "CRI-in-UserNS", which should be used in conjunction with
 # "Kubelet-in-UserNS": https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2033-kubelet-in-userns-aka-rootless
 # This feature is mostly expected to be used for `kind` and `minikube`.
 #
 # Requires Rootless Docker/Podman/nerdctl with cgroup v2 delegation: https://rootlesscontaine.rs/getting-started/common/cgroup2/
 # (Rootless Docker/Podman/nerdctl prepares the UserNS, so we do not need to create UserNS by ourselves)
-FROM dev AS cri-in-userns
-RUN make BUILDTAGS="no_btrfs no_devmapper" binaries install
+FROM build-env AS cri-in-userns
 RUN apt-get update && apt-get install -y iptables
+COPY contrib/Dockerfile.test.d/cri-in-userns/etc_containerd_config.toml /etc/containerd/config.toml
+COPY contrib/Dockerfile.test.d/cri-in-userns/docker-entrypoint.sh       /docker-entrypoint.sh
+COPY --from=runc   /usr/local/sbin/runc      /usr/local/go/bin/runc
+COPY . .
 RUN ./script/setup/install-cni
 RUN ./script/setup/install-critools
-COPY contrib/Dockerfile.test.d/cri-in-userns/etc_containerd_config.toml /etc/containerd/config.toml
-COPY contrib/Dockerfile.test.d/cri-in-userns/docker-entrypoint.sh /docker-entrypoint.sh
+RUN make BUILDTAGS="no_btrfs no_devmapper" binaries install
 VOLUME /var/lib/containerd
 ENTRYPOINT ["/docker-entrypoint.sh"]
 # Skip "runtime should support unsafe sysctls": `container init caused:  write sysctl key fs.mqueue.msg_max: open /proc/sys/fs/mqueue/msg_max: permission denied`
 # Skip "runtime should support safe sysctls": `container init caused: write sysctl key kernel.shm_rmid_forced: open /proc/sys/kernel/shm_rmid_forced: permission denied`
 # Skip "should allow privilege escalation when (NoNewPrivis is) false": expected log "Effective uid: 0\n" (stream="stdout") not found in logs [{timestamp:{wall:974487519 ext:63761339984 loc:<nil>} stream:stdout log:Effective uid: 1000) }]
 CMD ["critest", "--ginkgo.skip=should support unsafe sysctls|should support safe sysctls|should allow privilege escalation when false"]
 
-FROM dev AS default
+# Install proto3
+FROM golang AS proto3
+RUN apt-get update && apt-get install -y \
+   autoconf \
+   automake \
+   g++ \
+   libtool \
+   unzip \
+ --no-install-recommends
+
+COPY script/setup/install-protobuf install-protobuf
+RUN ./install-protobuf
+
+FROM build-env AS dev
+COPY --from=proto3 /usr/local/bin/protoc     /usr/local/bin/protoc
+COPY --from=proto3 /usr/local/include/google /usr/local/include/google
+COPY --from=runc   /usr/local/sbin/runc      /usr/local/go/bin/runc
+COPY . .
