diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ab31f9b..350599b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -3,17 +3,56 @@ name: Test and Build container on: pull_request: branches: - - main + - main jobs: build: - runs-on: ubuntu-latest + # Self-hosted runners: musl.cc blocks GitHub-hosted runner IPs wholesale + # (since 2025-05-27), so the cross-toolchain downloads fail on ubuntu-latest. + # rehosting-arc egress is not blocked and matches the publish environment. + runs-on: rehosting-arc steps: + - name: Trust Harbor's self-signed certificate + run: | + echo "Fetching certificate from ${{ secrets.REHOSTING_ARC_REGISTRY }}" + openssl s_client -showcerts -connect ${{ secrets.REHOSTING_ARC_REGISTRY }}:443 < /dev/null 2>/dev/null | openssl x509 -outform PEM | sudo tee /usr/local/share/ca-certificates/harbor.crt > /dev/null + sudo update-ca-certificates + + - name: Log in to Rehosting Arc Registry + uses: docker/login-action@v3 + with: + registry: ${{ secrets.REHOSTING_ARC_REGISTRY }} + username: ${{ secrets.REHOSTING_ARC_REGISTRY_USER }} + password: ${{ secrets.REHOSTING_ARC_REGISTRY_PASSWORD }} + - name: 'Checkout code' uses: actions/checkout@v4 - - - name: Build - run: | - docker build -t base_container --target base . - docker build -t rust_container . + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + # Use buildx's default (pinned, stable) buildkit image rather than the + # floating moby/buildkit:master. A recent master regressed on the + # rehosting-arc runners with: runc ... can't mask dir "/proc/acpi" + # ... invalid argument, failing every RUN step. + driver-opts: | + network=host + buildkitd-config-inline: | + [registry."${{ secrets.REHOSTING_ARC_REGISTRY }}"] + insecure = true + http = true + + # Validate the image builds (exercises every cross-toolchain stage). + # Reuse the publish cache so unchanged layers don't re-download from + # musl.cc; don't push -- this is a PR check. + - name: Build embedded-toolchains (validate, no push) + uses: docker/build-push-action@v6 + with: + context: . + push: false + target: final + build-args: | + REGISTRY=${{ secrets.REHOSTING_ARC_REGISTRY }}/proxy + cache-from: | + type=registry,ref=${{ secrets.REHOSTING_ARC_REGISTRY }}/rehosting/embedded-toolchains:cache,mode=max diff --git a/Dockerfile b/Dockerfile index a57605a..05924b3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ COPY --from=go /go/dwarf2json/dwarf2json /bin/dwarf2json # i686 FROM base AS i686 RUN mkdir -p /opt/cross && \ - wget https://musl.cc/i686-linux-musl-cross.tgz -O - | tar -xz -C /opt/cross && \ + wget https://musl.cc/i686-linux-musl-cross.tgz -O - | tar --no-same-owner -xz -C /opt/cross && \ ln -s /opt/cross/i686-linux-musl-cross /opt/cross/i686-linux-musl && \ echo 'ln -sf /opt/cross/i686-linux-musl-cross /opt/cross/i686-linux-musl' >> /opt/cross/setup-cross.sh && \ bash /opt/cross/setup-cross.sh @@ -67,7 +67,7 @@ ENV PATH="/opt/cross/x86_64-legacy/bin:${PATH}" # x86_64 FROM base AS x86_64 RUN mkdir -p /opt/cross && \ - wget https://musl.cc/x86_64-linux-musl-cross.tgz -O - | tar -xz -C /opt/cross && \ + wget https://musl.cc/x86_64-linux-musl-cross.tgz -O - | tar --no-same-owner -xz -C /opt/cross && \ ln -s /opt/cross/x86_64-linux-musl-cross /opt/cross/x86_64-linux-musl && \ echo 'ln -sf /opt/cross/x86_64-linux-musl-cross /opt/cross/x86_64-linux-musl' >> /opt/cross/setup-cross.sh && \ bash /opt/cross/setup-cross.sh @@ -79,7 +79,7 @@ ENV PATH="${PATH}:/opt/cross/x86_64-legacy/bin" # armel FROM base AS armel RUN mkdir -p /opt/cross && \ - wget https://musl.cc/arm-linux-musleabi-cross.tgz -O - | tar -xz -C /opt/cross && \ + wget https://musl.cc/arm-linux-musleabi-cross.tgz -O - | tar --no-same-owner -xz -C /opt/cross && \ ln -s /opt/cross/arm-linux-musleabi-cross /opt/cross/arm-linux-musleabi && \ echo 'ln -sf /opt/cross/arm-linux-musleabi-cross /opt/cross/arm-linux-musleabi' >> /opt/cross/setup-cross.sh && \ bash /opt/cross/setup-cross.sh @@ -88,7 +88,7 @@ ENV PATH="/opt/cross/arm-linux-musleabi/bin:${PATH}" # arm64 FROM base AS arm64 RUN mkdir -p /opt/cross && \ - wget https://musl.cc/aarch64-linux-musl-cross.tgz -O - | tar -xz -C /opt/cross && \ + wget https://musl.cc/aarch64-linux-musl-cross.tgz -O - | tar --no-same-owner -xz -C /opt/cross && \ ln -s /opt/cross/aarch64-linux-musl-cross /opt/cross/aarch64-linux-musl && \ echo 'ln -sf /opt/cross/aarch64-linux-musl-cross /opt/cross/aarch64-linux-musl' >> /opt/cross/setup-cross.sh && \ bash /opt/cross/setup-cross.sh @@ -97,21 +97,21 @@ ENV PATH="/opt/cross/aarch64-linux-musl/bin:${PATH}" # mipseb FROM base AS mipseb RUN mkdir -p /opt/cross && \ - wget http://panda.re/secret/mipseb-linux-musl_gcc-5.3.0.tar.gz -O - | tar -xz -C /opt/cross && \ + wget http://panda.re/secret/mipseb-linux-musl_gcc-5.3.0.tar.gz -O - | tar --no-same-owner -xz -C /opt/cross && \ bash /opt/cross/setup-cross.sh ENV PATH="/opt/cross/mipseb-linux-musl/bin:${PATH}" # mipsel FROM base AS mipsel RUN mkdir -p /opt/cross && \ - wget http://panda.re/secret/mipsel-linux-musl_gcc-5.3.0.tar.gz -O - | tar -xz -C /opt/cross && \ + wget http://panda.re/secret/mipsel-linux-musl_gcc-5.3.0.tar.gz -O - | tar --no-same-owner -xz -C /opt/cross && \ bash /opt/cross/setup-cross.sh ENV PATH="/opt/cross/mipsel-linux-musl/bin:${PATH}" # mips64eb FROM base AS mips64eb RUN mkdir -p /opt/cross && \ - wget http://panda.re/secret/mips64-linux-musl-cross_gcc-6.5.0.tar.gz -O - | tar -xz -C /opt/cross && \ + wget http://panda.re/secret/mips64-linux-musl-cross_gcc-6.5.0.tar.gz -O - | tar --no-same-owner -xz -C /opt/cross && \ echo 'ln -sf /opt/cross/mips64-linux-musl-cross /opt/cross/mips64eb-linux-musl' >> /opt/cross/setup-cross.sh && \ # Dynamically create symlinks for every tool: mips64-linux-musl-* -> mips64eb-linux-musl-* echo 'for f in /opt/cross/mips64eb-linux-musl/bin/mips64-linux-musl-*; do [ -e "$f" ] || continue; b=$(basename "$f"); suf=${b#mips64-linux-musl-}; ln -sf "$f" "/opt/cross/mips64eb-linux-musl/bin/mips64eb-linux-musl-$suf"; done' >> /opt/cross/setup-cross.sh && \ @@ -132,7 +132,7 @@ ENV PATH="/opt/cross/mips64eb-linux-musl/bin:${PATH}" # It's a bit nutty to symlink all of these, but easier to keep track of what's needed for the future FROM base AS mips64el RUN mkdir -p /opt/cross && \ - wget https://musl.cc/mips64el-linux-musl-cross.tgz -O - | tar -xz -C /opt/cross && \ + wget https://musl.cc/mips64el-linux-musl-cross.tgz -O - | tar --no-same-owner -xz -C /opt/cross && \ ln -s /opt/cross/mips64el-linux-musl-cross /opt/cross/mips64el-linux-musl && \ echo 'ln -sf /opt/cross/mips64el-linux-musl-cross /opt/cross/mips64el-linux-musl' >> /opt/cross/setup-cross.sh && \ bash /opt/cross/setup-cross.sh @@ -141,7 +141,7 @@ ENV PATH="/opt/cross/mips64el-linux-musl/bin:${PATH}" # arm FROM base AS arm RUN mkdir -p /opt/cross && \ - wget https://musl.cc/arm-linux-musleabi-cross.tgz -O - | tar -xz -C /opt/cross && \ + wget https://musl.cc/arm-linux-musleabi-cross.tgz -O - | tar --no-same-owner -xz -C /opt/cross && \ ln -s /opt/cross/arm-linux-musleabi-cross /opt/cross/arm-linux-musleabi && \ echo 'ln -sf /opt/cross/arm-linux-musleabi-cross /opt/cross/arm-linux-musleabi' >> /opt/cross/setup-cross.sh && \ bash /opt/cross/setup-cross.sh @@ -150,7 +150,7 @@ ENV PATH="/opt/cross/arm-linux-musleabi/bin:${PATH}" # armhf FROM base AS armhf RUN mkdir -p /opt/cross && \ - wget https://musl.cc/arm-linux-musleabihf-cross.tgz -O - | tar -xz -C /opt/cross && \ + wget https://musl.cc/arm-linux-musleabihf-cross.tgz -O - | tar --no-same-owner -xz -C /opt/cross && \ ln -s /opt/cross/arm-linux-musleabihf-cross /opt/cross/arm-linux-musleabihf && \ echo 'ln -sf /opt/cross/arm-linux-musleabihf-cross /opt/cross/arm-linux-musleabihf' >> /opt/cross/setup-cross.sh && \ bash /opt/cross/setup-cross.sh @@ -160,7 +160,7 @@ ENV PATH="/opt/cross/arm-linux-musleabihf/bin:${PATH}" FROM base AS riscv32 RUN apt-get update && apt-get install -y gcc-riscv64-linux-gnu && rm -rf /var/lib/apt/lists/* RUN mkdir -p /opt/cross && \ - wget https://musl.cc/riscv32-linux-musl-cross.tgz -O - | tar -xz -C /opt/cross && \ + wget https://musl.cc/riscv32-linux-musl-cross.tgz -O - | tar --no-same-owner -xz -C /opt/cross && \ ln -s /opt/cross/riscv32-linux-musl-cross /opt/cross/riscv32-linux-musl && \ echo 'ln -sf /opt/cross/riscv32-linux-musl-cross /opt/cross/riscv32-linux-musl' >> /opt/cross/setup-cross.sh && \ bash /opt/cross/setup-cross.sh @@ -170,7 +170,7 @@ ENV PATH="/opt/cross/riscv32-linux-musl/bin:${PATH}" FROM base AS riscv64 RUN apt-get update && apt-get install -y gcc-riscv64-linux-gnu && rm -rf /var/lib/apt/lists/* RUN mkdir -p /opt/cross && \ - wget https://musl.cc/riscv64-linux-musl-cross.tgz -O - | tar -xz -C /opt/cross && \ + wget https://musl.cc/riscv64-linux-musl-cross.tgz -O - | tar --no-same-owner -xz -C /opt/cross && \ ln -s /opt/cross/riscv64-linux-musl-cross /opt/cross/riscv64-linux-musl && \ echo 'ln -sf /opt/cross/riscv64-linux-musl-cross /opt/cross/riscv64-linux-musl' >> /opt/cross/setup-cross.sh && \ bash /opt/cross/setup-cross.sh @@ -179,7 +179,7 @@ ENV PATH="/opt/cross/riscv64-linux-musl/bin:${PATH}" # powerpc64 FROM base AS powerpc64 RUN mkdir -p /opt/cross && \ - wget https://musl.cc/powerpc64-linux-musl-cross.tgz -O - | tar -xz -C /opt/cross && \ + wget https://musl.cc/powerpc64-linux-musl-cross.tgz -O - | tar --no-same-owner -xz -C /opt/cross && \ ln -s /opt/cross/powerpc64-linux-musl-cross /opt/cross/powerpc64-linux-musl && \ echo 'ln -sf /opt/cross/powerpc64-linux-musl-cross /opt/cross/powerpc64-linux-musl' >> /opt/cross/setup-cross.sh && \ bash /opt/cross/setup-cross.sh @@ -193,7 +193,7 @@ RUN sed -i 's/^# deb \(.*\) universe$/deb \1 universe/' /etc/apt/sources.list & # powerpc64le FROM powerpc64 AS powerpc64le RUN mkdir -p /opt/cross && \ - wget https://musl.cc/powerpc64le-linux-musl-cross.tgz -O - | tar -xz -C /opt/cross && \ + wget https://musl.cc/powerpc64le-linux-musl-cross.tgz -O - | tar --no-same-owner -xz -C /opt/cross && \ ln -s /opt/cross/powerpc64le-linux-musl-cross /opt/cross/powerpc64le-linux-musl && \ echo 'ln -sf /opt/cross/powerpc64le-linux-musl-cross /opt/cross/powerpc64le-linux-musl' >> /opt/cross/setup-cross.sh && \ bash /opt/cross/setup-cross.sh @@ -202,7 +202,7 @@ ENV PATH="/opt/cross/powerpc64le-linux-musl/bin:${PATH}" # powerpc FROM powerpc64 AS powerpc RUN mkdir -p /opt/cross && \ - wget https://musl.cc/powerpc-linux-musl-cross.tgz -O - | tar -xz -C /opt/cross && \ + wget https://musl.cc/powerpc-linux-musl-cross.tgz -O - | tar --no-same-owner -xz -C /opt/cross && \ ln -s /opt/cross/powerpc-linux-musl-cross /opt/cross/powerpc-linux-musl && \ echo 'ln -sf /opt/cross/powerpc-linux-musl-cross /opt/cross/powerpc-linux-musl' >> /opt/cross/setup-cross.sh && \ bash /opt/cross/setup-cross.sh @@ -211,7 +211,7 @@ ENV PATH="/opt/cross/powerpc-linux-musl/bin:${PATH}" # powerpcle FROM powerpc64 AS powerpcle RUN mkdir -p /opt/cross && \ - wget https://musl.cc/powerpcle-linux-musl-cross.tgz -O - | tar -xz -C /opt/cross && \ + wget https://musl.cc/powerpcle-linux-musl-cross.tgz -O - | tar --no-same-owner -xz -C /opt/cross && \ ln -s /opt/cross/powerpcle-linux-musl-cross /opt/cross/powerpcle-linux-musl && \ echo 'ln -sf /opt/cross/powerpcle-linux-musl-cross /opt/cross/powerpcle-linux-musl' >> /opt/cross/setup-cross.sh && \ bash /opt/cross/setup-cross.sh @@ -220,7 +220,7 @@ ENV PATH="/opt/cross/powerpcle-linux-musl/bin:${PATH}" # loongarch64 FROM base AS loongarch64 RUN mkdir -p /opt/cross && \ - wget https://github.com/loongson/build-tools/releases/download/2025.02.21/x86_64-cross-tools-loongarch64-binutils_2.44-gcc_14.2.0-glibc_2.41.tar.xz -O - | tar -xJ -C /tmp && \ + wget https://github.com/loongson/build-tools/releases/download/2025.02.21/x86_64-cross-tools-loongarch64-binutils_2.44-gcc_14.2.0-glibc_2.41.tar.xz -O - | tar --no-same-owner -xJ -C /tmp && \ mv /tmp/cross-tools/ /opt/cross/loongarch64-linux-gcc-cross && \ ln -s /opt/cross/loongarch-linux-gcc-cross /opt/cross/loongarch-linux-musl && \ echo 'ln -sf /opt/cross/loongarch64-linux-gcc-cross /opt/cross/loongarch-linux-musl' >> /opt/cross/setup-cross.sh && \