ooni-probe-cli/CLI/go-build-linux-static

#!/bin/bash

set -euo pipefail

if [[ $# -lt 3 ]]; then
	echo "" 1>&2
	echo "Docker-based compiler for a Go PACKAGE producing static linux/OONIARCH binaries." 1>&2
	echo "" 1>&2
	echo "usage: $0 OOGOCACHEDIR OONIARCH PACKAGE..." 1>&2
	echo "" 1>&2
	echo "OOGOCACHEDIR is the directory under which to put GOCACHE and GOMODCACHE for" 1>&2
	echo "this build, which will be mounted and passed to Docker." 1>&2
	echo "" 1>&2
	echo "OONIARCH must be one of: 386, amd64, arm64, armv6, armv7." 1>&2
	echo "" 1>&2
	echo "Features:" 1>&2
	echo "" 1>&2
	echo "* automatically sets -tags=ooni_psiphon_config when possible;" 1>&2
	echo "" 1>&2
	echo "* if GOLANG_EXTRA_FLAGS is set, pass it to the Go compiler." 1>&2
	echo "" 1>&2
	echo "Example:" 1>&2
	echo "" 1>&2
	echo "  ./CLI/go-build-linux-static arm64 ./internal/cmd/miniooni" 1>&2
	echo "" 1>&2
	exit 1
fi

GOLANG_DOCKER_IMAGE=golang:$(cat GOVERSION)-alpine
GOOS=linux
OOGOCACHEDIR=$1
shift
OONIARCH=$1
shift

if [[ $OONIARCH == armv7 ]]; then
	GOARCH=arm
	GOARM=7
	DOCKER_ARCH=arm/v7
elif [[ $OONIARCH == armv6 ]]; then
	GOARCH=arm
	GOARM=6
	DOCKER_ARCH=arm/v6
else
	GOARCH=$OONIARCH
	GOARM=
	DOCKER_ARCH=$OONIARCH
fi

if [[ -f ./internal/engine/psiphon-config.json.age &&
	-f ./internal/engine/psiphon-config.key ]]; then
	OONI_PSIPHON_TAGS=ooni_psiphon_config
else
	OONI_PSIPHON_TAGS=""
fi

# Implementation note: we must run docker as the user that invokes
# it for actions/cache@v3 to be able to cache OOGOCACHEDIR. This
# constraint forces us to run all privileged operations early
# using a Dockerfile, so the build proper runs as $(id -u):$(id -g).

GOCACHE=$OOGOCACHEDIR/oonibuild/v1/$OONIARCH/buildcache
GOMODCACHE=$OOGOCACHEDIR/oonibuild/v1/$OONIARCH/modcache

cat > CLI/Dockerfile << EOF
FROM --platform=linux/$DOCKER_ARCH $GOLANG_DOCKER_IMAGE
RUN apk update
RUN apk upgrade
RUN apk add --no-progress gcc git linux-headers musl-dev
RUN adduser -D -h /home/oobuild -G nobody -u $(id -u) oobuild
ENV HOME=/home/oobuild
EOF

TAGGED_IMAGE=oobuild-$OONIARCH-$(date +%Y%m%d%H)

DOCKER_USER_OPTS="--user $(id -u):$(id -g)"

set -x

mkdir -p $GOCACHE $GOMODCACHE

docker pull --platform linux/$DOCKER_ARCH $GOLANG_DOCKER_IMAGE

if ! docker inspect --type=image $TAGGED_IMAGE 1>/dev/null 2>/dev/null; then
	docker build --platform linux/$DOCKER_ARCH -t $TAGGED_IMAGE CLI
fi

docker run --platform linux/$DOCKER_ARCH $DOCKER_USER_OPTS \
	-e GOCACHE=/__gocache -e GOMODCACHE=/__gomodcache \
	-v "$GOCACHE:/__gocache" -v "$GOMODCACHE:/__gomodcache" \
	-e GOARM=$GOARM -e GOOS=$GOOS -e GOARCH=$GOARCH \
	-e OONI_PSIPHON_TAGS=$OONI_PSIPHON_TAGS \
	-e OONIARCH=$OONIARCH -e GOLANG_EXTRA_FLAGS="${GOLANG_EXTRA_FLAGS:-}" \
	-v $(pwd):/ooni -w /ooni $TAGGED_IMAGE ./CLI/go-build-alpine "$@"