openshift · littlejawa · Mar 26, 2025 · Mar 26, 2025 · Mar 25, 2025 · Mar 26, 2025
diff --git a/.tekton/caa-build-args.env b/.tekton/caa-build-args.env
@@ -0,0 +1,3 @@
+BUILD_TYPE=release
+RELEASE_BUILD=true
+YQ_VERSION=v4.35.1
diff --git a/.tekton/osc-caa-pull-request.yaml b/.tekton/osc-caa-pull-request.yaml
@@ -29,6 +29,8 @@ spec:
     value: cloud-api-adaptor/Dockerfile.openshift
   - name: path-context
     value: src
+  - name: build-args-file
+    value: '.tekton/caa-build-args.env'
   pipelineSpec:
     description: |
       This pipeline is ideal for building container images from a Containerfile while reducing network traffic.

diff --git a/.tekton/osc-caa-push.yaml b/.tekton/osc-caa-push.yaml
@@ -26,6 +26,8 @@ spec:
     value: cloud-api-adaptor/Dockerfile.openshift
   - name: path-context
     value: src
+  - name: build-args-file
+    value: '.tekton/caa-build-args.env'
   pipelineSpec:
     description: |
       This pipeline is ideal for building container images from a Containerfile while reducing network traffic.

diff --git a/podvm-payload/Dockerfile b/podvm-payload/Dockerfile
@@ -1,6 +1,5 @@
 ## GOLANG ##
-FROM registry.access.redhat.com/ubi9/go-toolset:1.22.9-1739801907 as go_builder
-USER root
+FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_golang_1.23 as go_builder
 ARG ARCH
 ENV ARCH=${ARCH}
 
@@ -10,6 +9,7 @@ COPY src/cloud-api-adaptor /workdir
 
 # binary: agent-protocol-forwarder, proccess-user-data (golang)
 WORKDIR /workdir
+ENV GOFLAGS="-tags=strictfipsruntime,aws,azure,ibmcloud,vsphere,libvirt,gcp"
 RUN CGO_ENABLED=1 GOOS=linux go build \
 -ldflags=-X=github.com/openshift/cloud-api-adaptor/cmd.VERSION=${CI_CLOUD_API_ADAPTOR_UPSTREAM_VERSION} \
 -ldflags=-X=github.com/openshift/cloud-api-adaptor/cmd.COMMIT=${CI_CLOUD_API_ADAPTOR_UPSTREAM_COMMIT} \

diff --git a/src/cloud-api-adaptor/Dockerfile.openshift b/src/cloud-api-adaptor/Dockerfile.openshift
@@ -1,9 +1,12 @@
 # This Dockerfile is a copy of the upstream one, customized for Openshift builds
 # We're commenting out everything not necessary for our build, so that it's
 # easy to diff and sync with upstream changes.
+# The parameters for the build comes from a separate file in the .tekton folder.
+# For a local build, use:
+# $ podman build --build-arg-file ../../.tekton/caa-build-args.env .. -f Dockerfile.openshift
 ############
 
-ARG BUILD_TYPE=release
+ARG BUILD_TYPE=dev
 #ARG BUILDER_BASE=quay.io/confidential-containers/golang-fedora:1.22.7-40
 #ARG BASE=registry.fedoraproject.org/fedora:40
 
@@ -12,18 +15,17 @@ ARG BUILD_TYPE=release
 # binary into the container image of the target platform ($TARGETPLATFORM)
 # that was specified with --platform. For more details see:
 # https://www.docker.com/blog/faster-multi-platform-builds-dockerfile-cross-compilation-guide/
-FROM registry.access.redhat.com/ubi9/go-toolset:1.22.9-1739801907 AS builder-release
-ARG YQ_VERSION=v4.35.1
-# "USER root" is required for podman builds
-USER root
-# the build process assumes go is under "/go", so let's make sure it works
-RUN ln -s /opt/app-root/src/go /go
+FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_golang_1.23 AS builder-release
+# openshift-golang-builder: GOFLAGS is set to "-mod=vendor" by default in our builder image.
+# We need to disable that to keep the build running.
+ENV GOFLAGS=""
+ARG YQ_VERSION
 RUN go install github.com/mikefarah/yq/v4@$YQ_VERSION
+
 # This registering RHEL when building on an unsubscribed system
 # If you are running a UBI container on a registered and subscribed RHEL host,
 # the main RHEL Server repository is enabled inside the standard UBI container.
-RUN --mount=type=bind,source=activation-key,target=/activation-key \
-    if command -v subscription-manager; then \
+RUN if command -v subscription-manager; then \
         REPO_ARCH=$(uname -m) && \
         subscription-manager register --org "$(cat /activation-key/org)" --activationkey "$(cat /activation-key/activationkey)" && \
         subscription-manager repos --enable rhel-9-for-${REPO_ARCH}-appstream-rpms --enable codeready-builder-for-rhel-9-${REPO_ARCH}-rpms; \
@@ -39,11 +41,10 @@ RUN --mount=type=bind,source=activation-key,target=/activation-key \
 RUN dnf install -y libvirt-devel && dnf clean all
 
 FROM builder-${BUILD_TYPE} AS builder
-ARG RELEASE_BUILD=true
+ARG RELEASE_BUILD
 ARG COMMIT
 ARG VERSION
 ARG TARGETARCH
-USER root
 
 WORKDIR /work
 COPY cloud-api-adaptor/go.mod cloud-api-adaptor/go.sum ./cloud-api-adaptor/
@@ -59,8 +60,8 @@ COPY cloud-api-adaptor/proto ./proto
 
 # Set the desired cloud providers for our downstream build (not upsream default)
 ENV BUILTIN_CLOUD_PROVIDERS="strictfipsruntime aws azure ibmcloud vsphere libvirt gcp"
-# Make sure the PATH and GOPATH are set appropriately - our builder image being different, the upstream scripts fail otherwise
-ENV PATH=/opt/app-root/src/go/bin:$PATH
+# Make sure the PATH is set appropriately - our builder image being different, the upstream scripts fail otherwise
+ENV PATH=$GOPATH/bin:$PATH
 RUN CC=gcc make ARCH=$TARGETARCH COMMIT=$COMMIT VERSION=$VERSION RELEASE_BUILD=$RELEASE_BUILD cloud-api-adaptor
 
 # FROM builder-release AS iptables

diff --git a/src/cloud-api-adaptor/Makefile b/src/cloud-api-adaptor/Makefile
@@ -76,8 +76,8 @@ help: ## Display this help.
 VERSION ?= $(shell git describe --match "v[0-9]*" --tags 2> /dev/null | sed -E 's/-[0-9]+-g[0-9a-f]+$$/-dev/' || echo unknown)
 COMMIT  ?= $(shell cat .git-commit)
 
-GOFLAGS += -ldflags="-X 'github.com/openshift/cloud-api-adaptor/src/cloud-api-adaptor/cmd.VERSION=$(VERSION)' \
-                     -X 'github.com/openshift/cloud-api-adaptor/src/cloud-api-adaptor/cmd.COMMIT=$(COMMIT)'"
+GOFLAGS += -ldflags=-X='github.com/openshift/cloud-api-adaptor/src/cloud-api-adaptor/cmd.VERSION=$(VERSION)'
+GOFLAGS += -ldflags=-X='github.com/openshift/cloud-api-adaptor/src/cloud-api-adaptor/cmd.COMMIT=$(COMMIT)'
 
 # Build tags required to build cloud-api-adaptor are derived from BUILTIN_CLOUD_PROVIDERS.
 # When libvirt is specified, CGO_ENABLED is set to 1.

diff --git a/src/webhook/Dockerfile b/src/webhook/Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM registry.access.redhat.com/ubi9/go-toolset:1.22.9-1739801907 AS builder
+FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_golang_1.23 AS builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -18,7 +18,7 @@ COPY pkg/ pkg/
 # Build
 ARG TARGETARCH
 ENV GOFLAGS="-tags=strictfipsruntime"
-USER root
+
 RUN CGO_ENABLED=1 GOOS=linux GOARCH=$TARGETARCH go build -mod=readonly -a -o manager main.go
 
 FROM registry.access.redhat.com/ubi9/ubi-micro:latest