#!/bin/bash set -euo pipefail if [[ $# -lt 3 ]]; then echo "" 1>&2 echo "Docker-based compiler for a Go PACKAGE producing static linux/OONIARCH binaries." 1>&2 echo "" 1>&2 echo "usage: $0 OOGOCACHEDIR OONIARCH PACKAGE..." 1>&2 echo "" 1>&2 echo "OOGOCACHEDIR is the directory under which to put GOCACHE and GOMODCACHE for" 1>&2 echo "this build, which will be mounted and passed to Docker." 1>&2 echo "" 1>&2 echo "OONIARCH must be one of: 386, amd64, arm64, armv6, armv7." 1>&2 echo "" 1>&2 echo "Features:" 1>&2 echo "" 1>&2 echo "* automatically sets -tags=ooni_psiphon_config when possible;" 1>&2 echo "" 1>&2 echo "* if GOLANG_EXTRA_FLAGS is set, pass it to the Go compiler." 1>&2 echo "" 1>&2 echo "Example:" 1>&2 echo "" 1>&2 echo " ./CLI/go-build-linux-static arm64 ./internal/cmd/miniooni" 1>&2 echo "" 1>&2 exit 1 fi GOLANG_DOCKER_IMAGE=golang:$(cat GOVERSION)-alpine GOOS=linux OOGOCACHEDIR=$1 shift OONIARCH=$1 shift if [[ $OONIARCH == armv7 ]]; then GOARCH=arm GOARM=7 DOCKER_ARCH=arm/v7 elif [[ $OONIARCH == armv6 ]]; then GOARCH=arm GOARM=6 DOCKER_ARCH=arm/v6 else GOARCH=$OONIARCH GOARM= DOCKER_ARCH=$OONIARCH fi if [[ -f ./internal/engine/psiphon-config.json.age && -f ./internal/engine/psiphon-config.key ]]; then OONI_PSIPHON_TAGS=ooni_psiphon_config else OONI_PSIPHON_TAGS="" fi # Implementation note: we must run docker as the user that invokes # it for actions/cache@v3 to be able to cache OOGOCACHEDIR. This # constraint forces us to run all privileged operations early # using a Dockerfile, so the build proper runs as $(id -u):$(id -g). GOCACHE=$OOGOCACHEDIR/oonibuild/v1/$OONIARCH/buildcache GOMODCACHE=$OOGOCACHEDIR/oonibuild/v1/$OONIARCH/modcache cat > CLI/Dockerfile << EOF FROM --platform=linux/$DOCKER_ARCH $GOLANG_DOCKER_IMAGE RUN apk update RUN apk upgrade RUN apk add --no-progress gcc git linux-headers musl-dev RUN adduser -D -h /home/oobuild -G nobody -u $(id -u) oobuild ENV HOME=/home/oobuild EOF TAGGED_IMAGE=oobuild-$OONIARCH-$(date +%Y%m%d%H) DOCKER_USER_OPTS="--user $(id -u):$(id -g)" set -x mkdir -p $GOCACHE $GOMODCACHE docker pull --platform linux/$DOCKER_ARCH $GOLANG_DOCKER_IMAGE if ! docker inspect --type=image $TAGGED_IMAGE 1>/dev/null 2>/dev/null; then docker build --platform linux/$DOCKER_ARCH -t $TAGGED_IMAGE CLI fi docker run --platform linux/$DOCKER_ARCH $DOCKER_USER_OPTS \ -e GOCACHE=/__gocache -e GOMODCACHE=/__gomodcache \ -v "$GOCACHE:/__gocache" -v "$GOMODCACHE:/__gomodcache" \ -e GOARM=$GOARM -e GOOS=$GOOS -e GOARCH=$GOARCH \ -e OONI_PSIPHON_TAGS=$OONI_PSIPHON_TAGS \ -e OONIARCH=$OONIARCH -e GOLANG_EXTRA_FLAGS="${GOLANG_EXTRA_FLAGS:-}" \ -v $(pwd):/ooni -w /ooni $TAGGED_IMAGE ./CLI/go-build-alpine "$@"