Access AR repositories via GOPROXY in GBOC (#345)

Author: XuechunHou

google-built-opentelemetry-collector/Dockerfile.image_with_gcloud.build

@@ -0,0 +1,44 @@
+# NOTE: File generated by distrogen. Do not manually edit.
+
+# This Dockerfile provides the same resulting container as
+# the main Dockerfile, but it also performs the build within
+# an earlier layer. The resulting container will be scratch and
+# should be functionally identical.
+
+# By default, this container should have the root of your project
+# where all distributions are container. The generated version will
+# use the respective distribution as the working directory for builds.
+# The whole project is copied to the container in case you provide
+# any custom components contained within your full project structure.
+ARG PROJECT_ROOT="."
+ARG CERT_CONTAINER="alpine:3"
+ARG BUILD_CONTAINER="google/cloud-sdk@sha256:cad12907540b1a43c9279503796723817e62da1f8fd3b8723755effb9d55e1e1"
+FROM --platform=${BUILDPLATFORM:-linux/amd64} ${BUILD_CONTAINER} AS build
+
+RUN apk --update add make curl
+
+ARG PROJECT_ROOT
+COPY ${PROJECT_ROOT} /
+
+WORKDIR /google-built-opentelemetry-collector
+
+ARG BUILDARCH
+ARG BUILDOS
+ARG TARGETOS
+ARG TARGETARCH
+RUN make -f pull_modules_from_ar_repos.mk aoss-build
+
+FROM ${CERT_CONTAINER} AS certs
+RUN apk --update add ca-certificates
+
+FROM scratch
+
+ARG USER_UID=10001
+USER ${USER_UID}
+
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=build --chmod=755 /google-built-opentelemetry-collector/otelcol-google /otelcol-google
+COPY --from=build --chmod=644 /google-built-opentelemetry-collector/config.yaml /etc/otelcol-google/config.yaml
+
+ENTRYPOINT ["/otelcol-google", "--feature-gates=exporter.googlemanagedprometheus.intToDouble,exporter.googlecloud.CustomMonitoredResources"]
+CMD ["--config=/etc/otelcol-google/config.yaml"]

google-built-opentelemetry-collector/pull_modules_from_ar_repos.mk

@@ -0,0 +1,17 @@
+include ./Makefile
+
+AR_AUTH_BIN = $(TOOLS_DIR)/auth
+
+$(AR_AUTH_BIN): $(GO_BIN)
+	@{ \
+	set -e ;\
+	mkdir -p $(TOOLS_DIR) ;\
+	echo "Installing AR Auth tools at $(TOOLS_DIR)" ;\
+	GOBIN=$(TOOLS_DIR) CGO_ENABLED=0 $(GO_BIN) install -trimpath -ldflags="-s -w" github.com/GoogleCloudPlatform/artifact-registry-go-tools/cmd/[email protected] ;\
+	} 
+
+.PHONY: aoss-build
+aoss-build: $(AR_AUTH_BIN)
+	$(AR_AUTH_BIN) add-locations --locations=us && \
+	$(AR_AUTH_BIN) refresh && \
+	$(MAKE) build

kokoro/config/build/build_image.gcl

@@ -12,7 +12,7 @@ config build = common.build {
     {
       key = 'BUILD_CONTAINER'
       value =
-          'us-docker.pkg.dev/artifact-foundry-prod/docker-3p-trusted/alpine:3'
+          'us-docker.pkg.dev/artifact-foundry-prod/docker-3p-trusted/google/cloud-sdk@sha256:cad12907540b1a43c9279503796723817e62da1f8fd3b8723755effb9d55e1e1'
     },
     {
       key = 'CERT_CONTAINER'

kokoro/config/build/experiment_aoss_build_image.gcl

@@ -0,0 +1,35 @@
+import 'common.gcl' as common
+
+config build = common.build {
+  dockerfile_path =
+      'git/otelcol-google/google-built-opentelemetry-collector/Dockerfile.image_with_gcloud.build'
+
+  container_build_argument = [
+    {
+      key = 'PROJECT_ROOT'
+      value = 'git/otelcol-google'
+    },
+    {
+      key = 'BUILD_CONTAINER'
+      value =
+          'us-docker.pkg.dev/artifact-foundry-prod/docker-3p-trusted/google/cloud-sdk@sha256:cad12907540b1a43c9279503796723817e62da1f8fd3b8723755effb9d55e1e1'
+    },
+    {
+      key = 'CERT_CONTAINER'
+      value =
+          'us-docker.pkg.dev/artifact-foundry-prod/docker-3p-trusted/alpine:3'
+    },
+  ]
+ // I'm not sure why, but this build doesn't seem to need container_properties;
+  // null it out for now.
+  container_properties = null
+
+  container_artifact = [
+    {
+      // Path to the container tar file produced by the build. For a container build,
+      // this should always be "container/container.tar"
+      source = 'container/container.tar'
+      destination = 'us-docker.pkg.dev/cloud-ops-agents-art-staging/google-cloud-opentelemetry-collector-staging/otelcol-google'
+    },
+  ]
+}

kokoro/config/build/image.gcl

@@ -12,7 +12,7 @@ config build = common.build {
     {
       key = 'BUILD_CONTAINER'
       value =
-          'us-docker.pkg.dev/artifact-foundry-prod/docker-3p-trusted/alpine:3'
+          'us-docker.pkg.dev/artifact-foundry-prod/docker-3p-trusted/google/cloud-sdk@sha256:cad12907540b1a43c9279503796723817e62da1f8fd3b8723755effb9d55e1e1'
     },
     {
       key = 'CERT_CONTAINER'

templates/google-built-opentelemetry-collector/Dockerfile.image_with_gcloud.build.go.tmpl

@@ -0,0 +1,51 @@
+# This Dockerfile provides the same resulting container as
+# the main Dockerfile, but it also performs the build within
+# an earlier layer. The resulting container will be scratch and
+# should be functionally identical.
+
+# By default, this container should have the root of your project
+# where all distributions are container. The generated version will
+# use the respective distribution as the working directory for builds.
+# The whole project is copied to the container in case you provide
+# any custom components contained within your full project structure.
+ARG PROJECT_ROOT="."
+ARG CERT_CONTAINER="alpine:3"
+{{ if eq .BuildContainer "ubuntu" -}}
+ARG BUILD_CONTAINER="ubuntu:24.04"
+FROM --platform=${BUILDPLATFORM:-linux/amd64} ${BUILD_CONTAINER} AS build
+
+RUN apt-get update && apt-get install -y make curl{{ if .CollectorCGO }} build-essential{{ end }}
+
+{{ else -}}
+ARG BUILD_CONTAINER="google/cloud-sdk@sha256:cad12907540b1a43c9279503796723817e62da1f8fd3b8723755effb9d55e1e1"
+FROM --platform=${BUILDPLATFORM:-linux/amd64} ${BUILD_CONTAINER} AS build
+
+RUN apk --update add make curl{{ if .CollectorCGO }} alpine-sdk{{ end }}
+
+{{ end -}}
+
+ARG PROJECT_ROOT
+COPY ${PROJECT_ROOT} /
+
+WORKDIR /{{ .Name }}
+
+ARG BUILDARCH
+ARG BUILDOS
+ARG TARGETOS
+ARG TARGETARCH
+RUN make -f pull_modules_from_ar_repos.mk aoss-build
+
+FROM ${CERT_CONTAINER} AS certs
+RUN apk --update add ca-certificates
+
+FROM scratch
+
+ARG USER_UID=10001
+USER ${USER_UID}
+
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=build --chmod=755 /{{ .Name }}/{{ .BinaryName }} /{{ .BinaryName }}
+COPY --from=build --chmod=644 /{{ .Name }}/config.yaml /etc/{{ .BinaryName }}/config.yaml
+
+ENTRYPOINT ["/{{ .BinaryName }}"{{ $length := len .FeatureGates }}{{ if gt $length 0 }}, "--feature-gates={{ .FeatureGates.Render }}"{{ end }}]
+CMD ["--config=/etc/{{ .BinaryName }}/config.yaml"]

templates/google-built-opentelemetry-collector/pull_modules_from_ar_repos.mk.go.tmpl

@@ -0,0 +1,17 @@
+include ./Makefile
+
+AR_AUTH_BIN = $(TOOLS_DIR)/auth
+
+$(AR_AUTH_BIN): $(GO_BIN)
+	@{ \
+	set -e ;\
+	mkdir -p $(TOOLS_DIR) ;\
+	echo "Installing AR Auth tools at $(TOOLS_DIR)" ;\
+	GOBIN=$(TOOLS_DIR) CGO_ENABLED=0 $(GO_BIN) install -trimpath -ldflags="-s -w" github.com/GoogleCloudPlatform/artifact-registry-go-tools/cmd/auth@v0.4.0 ;\
+	} 
+
+.PHONY: aoss-build
+aoss-build: $(AR_AUTH_BIN)
+	$(AR_AUTH_BIN) add-locations --locations=us && \
+	$(AR_AUTH_BIN) refresh && \
+	$(MAKE) build