Skip to content

Commit d733a7b

Browse files
Hyperkid123claude
Hyperkid123
and
claude
committed
fix(infra): build caddy from UBI go-toolset instead of docker.io base
Konflux Enterprise Contract rejects caddy:2.11.2-builder (docker.io). Replace with ubi9/go-toolset multi-stage build using custom main.go that imports plugins directly — same pattern as caddy-ubi. RHCLOUD-47012 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 85e128a commit d733a7b

4 files changed

Lines changed: 797 additions & 8 deletions

File tree

Dockerfile

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,8 @@
1-
# Dev proxy — build Caddy with HCC plugins from source
2-
FROM caddy:2.11.2-builder AS dev-proxy-builder
3-
COPY dev-proxy/rh_identity_transform /src/rh_identity_transform
4-
RUN xcaddy build \
5-
--with github.com/caddyserver/cache-handler \
6-
--with github.com/caddyserver/transform-encoder \
7-
--with rh_identity_transform=/src/rh_identity_transform
1+
# Dev proxy — build custom Caddy from source on UBI (passes EC)
2+
FROM registry.access.redhat.com/ubi9/go-toolset:latest AS dev-proxy-builder
3+
COPY dev-proxy/ /tmp/dev-proxy/
4+
RUN cd /tmp/dev-proxy \
5+
&& go build -o /tmp/caddy .
86

97
FROM registry.access.redhat.com/ubi9/ubi:latest
108

@@ -111,7 +109,7 @@ RUN ARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/') \
111109
| tar -xz -C /usr/local/bin grype
112110

113111
# Dev proxy (custom Caddy for local UI verification against stage)
114-
COPY --from=dev-proxy-builder /usr/bin/caddy /usr/local/bin/caddy
112+
COPY --from=dev-proxy-builder /tmp/caddy /usr/local/bin/caddy
115113
COPY dev-proxy/Caddyfile /etc/caddy/Caddyfile
116114
COPY dev-proxy/start-proxy.sh /usr/local/bin/start-dev-proxy.sh
117115
RUN chmod +x /usr/local/bin/start-dev-proxy.sh

dev-proxy/go.mod

Lines changed: 185 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,185 @@
1+
module dev-proxy
2+
3+
go 1.25.0
4+
5+
require github.com/caddyserver/caddy/v2 v2.11.2
6+
7+
require (
8+
github.com/caddyserver/cache-handler v0.16.0
9+
github.com/caddyserver/transform-encoder v0.0.0-20260417205707-a6a89df4bc65
10+
rh_identity_transform v0.0.0
11+
)
12+
13+
require (
14+
cel.dev/expr v0.25.1 // indirect
15+
cloud.google.com/go/auth v0.18.2 // indirect
16+
cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
17+
cloud.google.com/go/compute/metadata v0.9.0 // indirect
18+
dario.cat/mergo v1.0.2 // indirect
19+
filippo.io/bigmod v0.1.0 // indirect
20+
filippo.io/edwards25519 v1.2.0 // indirect
21+
github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 // indirect
22+
github.com/BurntSushi/toml v1.6.0 // indirect
23+
github.com/DeRuina/timberjack v1.3.9 // indirect
24+
github.com/KimMachineGun/automemlimit v0.7.5 // indirect
25+
github.com/Masterminds/goutils v1.1.1 // indirect
26+
github.com/Masterminds/semver/v3 v3.4.0 // indirect
27+
github.com/Masterminds/sprig/v3 v3.3.0 // indirect
28+
github.com/alecthomas/chroma/v2 v2.23.1 // indirect
29+
github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
30+
github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b // indirect
31+
github.com/beorn7/perks v1.0.1 // indirect
32+
github.com/buger/jsonparser v1.1.2 // indirect
33+
github.com/caddyserver/certmagic v0.25.2 // indirect
34+
github.com/caddyserver/zerossl v0.1.5 // indirect
35+
github.com/ccoveille/go-safecast/v2 v2.0.0 // indirect
36+
github.com/cenkalti/backoff/v5 v5.0.3 // indirect
37+
github.com/cespare/xxhash v1.1.0 // indirect
38+
github.com/cespare/xxhash/v2 v2.3.0 // indirect
39+
github.com/chzyer/readline v1.5.1 // indirect
40+
github.com/cloudflare/circl v1.6.3 // indirect
41+
github.com/coreos/go-oidc/v3 v3.17.0 // indirect
42+
github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
43+
github.com/darkweak/go-esi v0.0.5 // indirect
44+
github.com/darkweak/souin v1.7.7 // indirect
45+
github.com/darkweak/storages/core v0.0.15 // indirect
46+
github.com/dgraph-io/badger v1.6.2 // indirect
47+
github.com/dgraph-io/badger/v2 v2.2007.4 // indirect
48+
github.com/dgraph-io/ristretto v0.2.0 // indirect
49+
github.com/dgryski/go-farm v0.0.0-20240924180020-3414d57e47da // indirect
50+
github.com/dlclark/regexp2 v1.11.5 // indirect
51+
github.com/dustin/go-humanize v1.0.1 // indirect
52+
github.com/felixge/httpsnoop v1.0.4 // indirect
53+
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
54+
github.com/go-chi/chi/v5 v5.2.5 // indirect
55+
github.com/go-jose/go-jose/v3 v3.0.4 // indirect
56+
github.com/go-jose/go-jose/v4 v4.1.3 // indirect
57+
github.com/go-logr/logr v1.4.3 // indirect
58+
github.com/go-logr/stdr v1.2.2 // indirect
59+
github.com/go-sql-driver/mysql v1.9.3 // indirect
60+
github.com/golang-jwt/jwt/v5 v5.3.1 // indirect
61+
github.com/golang/protobuf v1.5.4 // indirect
62+
github.com/golang/snappy v1.0.0 // indirect
63+
github.com/google/cel-go v0.27.0 // indirect
64+
github.com/google/certificate-transparency-go v1.1.8-0.20240110162603-74a5dd331745 // indirect
65+
github.com/google/go-tpm v0.9.8 // indirect
66+
github.com/google/go-tspi v0.3.0 // indirect
67+
github.com/google/s2a-go v0.1.9 // indirect
68+
github.com/google/uuid v1.6.0 // indirect
69+
github.com/googleapis/enterprise-certificate-proxy v0.3.14 // indirect
70+
github.com/googleapis/gax-go/v2 v2.18.0 // indirect
71+
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.7 // indirect
72+
github.com/huandu/xstrings v1.5.0 // indirect
73+
github.com/inconshreveable/mousetrap v1.1.0 // indirect
74+
github.com/jackc/pgpassfile v1.0.0 // indirect
75+
github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
76+
github.com/jackc/pgx/v5 v5.9.0 // indirect
77+
github.com/jackc/puddle/v2 v2.2.2 // indirect
78+
github.com/klauspost/compress v1.18.4 // indirect
79+
github.com/klauspost/cpuid/v2 v2.3.0 // indirect
80+
github.com/libdns/libdns v1.1.1 // indirect
81+
github.com/manifoldco/promptui v0.9.0 // indirect
82+
github.com/mattn/go-colorable v0.1.14 // indirect
83+
github.com/mattn/go-isatty v0.0.20 // indirect
84+
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
85+
github.com/mholt/acmez/v3 v3.1.6 // indirect
86+
github.com/miekg/dns v1.1.72 // indirect
87+
github.com/mitchellh/copystructure v1.2.0 // indirect
88+
github.com/mitchellh/go-ps v1.0.0 // indirect
89+
github.com/mitchellh/reflectwalk v1.0.2 // indirect
90+
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
91+
github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect
92+
github.com/pierrec/lz4/v4 v4.1.22 // indirect
93+
github.com/pires/go-proxyproto v0.11.0 // indirect
94+
github.com/pkg/errors v0.9.1 // indirect
95+
github.com/pquerna/cachecontrol v0.2.0 // indirect
96+
github.com/prometheus/client_golang v1.23.2 // indirect
97+
github.com/prometheus/client_model v0.6.2 // indirect
98+
github.com/prometheus/common v0.67.5 // indirect
99+
github.com/prometheus/otlptranslator v1.0.0 // indirect
100+
github.com/prometheus/procfs v0.20.1 // indirect
101+
github.com/quic-go/qpack v0.6.0 // indirect
102+
github.com/quic-go/quic-go v0.59.0 // indirect
103+
github.com/rs/xid v1.6.0 // indirect
104+
github.com/russross/blackfriday/v2 v2.1.0 // indirect
105+
github.com/shopspring/decimal v1.4.0 // indirect
106+
github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
107+
github.com/sirupsen/logrus v1.9.4 // indirect
108+
github.com/slackhq/nebula v1.10.3 // indirect
109+
github.com/smallstep/certificates v0.30.0-rc4 // indirect
110+
github.com/smallstep/cli-utils v0.12.2 // indirect
111+
github.com/smallstep/go-attestation v0.4.4-0.20241119153605-2306d5b464ca // indirect
112+
github.com/smallstep/linkedca v0.25.0 // indirect
113+
github.com/smallstep/nosql v0.7.0 // indirect
114+
github.com/smallstep/pkcs7 v0.2.1 // indirect
115+
github.com/smallstep/scep v0.0.0-20260311011040-6d82bb27e647 // indirect
116+
github.com/smallstep/truststore v0.13.0 // indirect
117+
github.com/spf13/cast v1.10.0 // indirect
118+
github.com/spf13/cobra v1.10.2 // indirect
119+
github.com/spf13/pflag v1.0.10 // indirect
120+
github.com/tailscale/go-winio v0.0.0-20231025203758-c4f33415bf55 // indirect
121+
github.com/tailscale/tscert v0.0.0-20251216020129-aea342f6d747 // indirect
122+
github.com/urfave/cli v1.22.17 // indirect
123+
github.com/x448/float16 v0.8.4 // indirect
124+
github.com/yuin/goldmark v1.7.16 // indirect
125+
github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc // indirect
126+
github.com/zeebo/blake3 v0.2.4 // indirect
127+
go.etcd.io/bbolt v1.4.3 // indirect
128+
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
129+
go.opentelemetry.io/contrib/bridges/prometheus v0.65.0 // indirect
130+
go.opentelemetry.io/contrib/exporters/autoexport v0.65.0 // indirect
131+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 // indirect
132+
go.opentelemetry.io/contrib/propagators/autoprop v0.65.0 // indirect
133+
go.opentelemetry.io/contrib/propagators/aws v1.40.0 // indirect
134+
go.opentelemetry.io/contrib/propagators/b3 v1.40.0 // indirect
135+
go.opentelemetry.io/contrib/propagators/jaeger v1.40.0 // indirect
136+
go.opentelemetry.io/contrib/propagators/ot v1.40.0 // indirect
137+
go.opentelemetry.io/otel v1.42.0 // indirect
138+
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.16.0 // indirect
139+
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.16.0 // indirect
140+
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.40.0 // indirect
141+
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.40.0 // indirect
142+
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.40.0 // indirect
143+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.40.0 // indirect
144+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.40.0 // indirect
145+
go.opentelemetry.io/otel/exporters/prometheus v0.62.0 // indirect
146+
go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.16.0 // indirect
147+
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.40.0 // indirect
148+
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.40.0 // indirect
149+
go.opentelemetry.io/otel/log v0.16.0 // indirect
150+
go.opentelemetry.io/otel/metric v1.42.0 // indirect
151+
go.opentelemetry.io/otel/sdk v1.42.0 // indirect
152+
go.opentelemetry.io/otel/sdk/log v0.16.0 // indirect
153+
go.opentelemetry.io/otel/sdk/metric v1.42.0 // indirect
154+
go.opentelemetry.io/otel/trace v1.42.0 // indirect
155+
go.opentelemetry.io/proto/otlp v1.9.0 // indirect
156+
go.step.sm/crypto v0.76.2 // indirect
157+
go.uber.org/automaxprocs v1.6.0 // indirect
158+
go.uber.org/multierr v1.11.0 // indirect
159+
go.uber.org/zap v1.27.1 // indirect
160+
go.uber.org/zap/exp v0.3.0 // indirect
161+
go.yaml.in/yaml/v2 v2.4.4 // indirect
162+
go.yaml.in/yaml/v3 v3.0.4 // indirect
163+
golang.org/x/crypto v0.49.0 // indirect
164+
golang.org/x/crypto/x509roots/fallback v0.0.0-20260310173709-159944f128e9 // indirect
165+
golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 // indirect
166+
golang.org/x/mod v0.34.0 // indirect
167+
golang.org/x/net v0.52.0 // indirect
168+
golang.org/x/oauth2 v0.36.0 // indirect
169+
golang.org/x/sync v0.20.0 // indirect
170+
golang.org/x/sys v0.42.0 // indirect
171+
golang.org/x/term v0.41.0 // indirect
172+
golang.org/x/text v0.35.0 // indirect
173+
golang.org/x/time v0.15.0 // indirect
174+
golang.org/x/tools v0.43.0 // indirect
175+
google.golang.org/api v0.272.0 // indirect
176+
google.golang.org/genproto/googleapis/api v0.0.0-20260217215200-42d3e9bedb6d // indirect
177+
google.golang.org/genproto/googleapis/rpc v0.0.0-20260316180232-0b37fe3546d5 // indirect
178+
google.golang.org/grpc v1.79.2 // indirect
179+
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.6.1 // indirect
180+
google.golang.org/protobuf v1.36.11 // indirect
181+
gopkg.in/yaml.v3 v3.0.1 // indirect
182+
howett.net/plist v1.0.1 // indirect
183+
)
184+
185+
replace rh_identity_transform => ./rh_identity_transform

0 commit comments

Comments
 (0)