Skip to content

[2.14 main] Removing dapper from the build process #1150

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 22 commits into
base: main
Choose a base branch
from
Open

[2.14 main] Removing dapper from the build process #1150

wants to merge 22 commits into from

Conversation

@crobby
Copy link
Collaborator

@crobby crobby commented Oct 30, 2025
edited
Loading

Part of: https://github.com/rancher/rancher-security/issues/1381
rancher/rancher#49201
Removing dapper from our build processes in favor of docker buildx staged builds to facilitate both local and CI needs.

@crobby crobby requested a review from a team as a code owner October 30, 2025 15:16
@crobby crobby marked this pull request as draft October 30, 2025 15:16
@crobby crobby force-pushed the nomoredapper branch 8 times, most recently from fbe9d11 to e6ca548 Compare October 30, 2025 20:45
@tomleb
Copy link
Contributor

tomleb commented Oct 30, 2025

I know it's a draft and not ready to review yet but before I forget. One reason why we want to move away from dapper is that we want to also move the binary building inside of the package/Dockerfile. Right now, that Dockerfile is doing a copy of a binary built with make build, but really, we'd want the Dockerfile to build the binary.

To avoid having two separate go build command (since people will want to build the binary too), we can go the similar route as rancher/rancher where it has a step to build the binary and another to build the image. (eg: server build target: https://github.com/rancher/rancher/blob/main/package/Dockerfile#L381 which builds the binary, then either the binary is copied to scratch (to get it out to the host), or it's copied in the rancher server target.

Anyway, we can discuss further if you want.

@crobby
Copy link
Collaborator Author

crobby commented Oct 31, 2025

I know it's a draft and not ready to review yet but before I forget. One reason why we want to move away from dapper is that we want to also move the binary building inside of the package/Dockerfile. Right now, that Dockerfile is doing a copy of a binary built with make build, but really, we'd want the Dockerfile to build the binary.

To avoid having two separate go build command (since people will want to build the binary too), we can go the similar route as rancher/rancher where it has a step to build the binary and another to build the image. (eg: server build target: https://github.com/rancher/rancher/blob/main/package/Dockerfile#L381 which builds the binary, then either the binary is copied to scratch (to get it out to the host), or it's copied in the rancher server target.

Anyway, we can discuss further if you want.

I think that makes good sense. Thanks for the early feedback.

@crobby crobby force-pushed the nomoredapper branch 2 times, most recently from 95135ed to 7a041de Compare November 3, 2025 12:05
@crobby crobby marked this pull request as ready for review November 3, 2025 19:01
tomleb
tomleb reviewed Nov 3, 2025
View reviewed changes
tomleb
tomleb reviewed Nov 3, 2025
View reviewed changes
tomleb
tomleb reviewed Nov 4, 2025
View reviewed changes
Copy link
Contributor

@tomleb tomleb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for this constant back-and-forth lol, but I think it's starting to look real good 👍

Some more comments.

We might benefit from input from someone doing webhook work too, ensure they're still able to do what they used to do. Maybe check with Peter?

@crobby crobby requested a review from ericpromislow November 4, 2025 15:00
tomleb
tomleb reviewed Nov 4, 2025
View reviewed changes
tomleb
tomleb reviewed Nov 4, 2025
View reviewed changes
@crobby crobby force-pushed the nomoredapper branch 2 times, most recently from c4265d5 to 4bf7aa8 Compare November 4, 2025 16:34
@crobby
Copy link
Collaborator Author

crobby commented Nov 4, 2025

@ericpromislow or @pmatseykanets Can one or both of you give this a whirl on your mac? We want to make sure that this refactoring of our build process doesn't adversely affect anyone. Thanks.

@pmatseykanets
Copy link
Contributor

pmatseykanets commented Nov 4, 2025

@crobby Seems to be working on my Mac.

@crobby
Copy link
Collaborator Author

crobby commented Nov 4, 2025

@crobby Seems to be working on my Mac.

Thanks for checking

tomleb
tomleb reviewed Nov 4, 2025
View reviewed changes
tomleb
tomleb reviewed Nov 4, 2025
View reviewed changes
Copy link
Contributor

@tomleb tomleb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple of nits, but the most important is .github/workflows/release.yaml will probably fail because the docker build step expects VERSION and COMMIT given to it to build the binary, but we're not passing it to it. Right?

@crobby
Copy link
Collaborator Author

crobby commented Nov 4, 2025

A couple of nits, but the most important is .github/workflows/release.yaml will probably fail because the docker build step expects VERSION and COMMIT given to it to build the binary, but we're not passing it to it. Right?

The bigger problem is that release.yaml still calls the old scripts/build. I'll have to adapt that step to the new setup, which will include correct VERSION/COMMIT getting set.

@tomleb
Copy link
Contributor

tomleb commented Nov 4, 2025

A couple of nits, but the most important is .github/workflows/release.yaml will probably fail because the docker build step expects VERSION and COMMIT given to it to build the binary, but we're not passing it to it. Right?

The bigger problem is that release.yaml still calls the old scripts/build. I'll have to adapt that step to the new setup, which will include correct VERSION/COMMIT getting set.

Ah right I didn't even see that. Yeah that should be moved over to the "new way" before merging 👍 I'll approve once that's done

tomleb
tomleb approved these changes Nov 5, 2025
View reviewed changes
Copy link
Contributor

@tomleb tomleb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

nit: make image should probably remain make package to not break devs workflow but heh 🤷

@crobby crobby requested a review from a team November 5, 2025 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tomleb tomleb tomleb approved these changes

@ericpromislow ericpromislow Awaiting requested review from ericpromislow

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@crobby @tomleb @pmatseykanets