From d8aa45d6952ce1aade8f1bb04394fde5d82f5741 Mon Sep 17 00:00:00 2001
From: Andrea Peruffo <andrea.peruffo1982@gmail.com>
Date: Tue, 27 Jun 2023 18:52:30 +0100
Subject: [PATCH] Native image fully statically linked (#3459)

Co-authored-by: Eric Wittmann <eric.wittmann@gmail.com>
---
 .github/workflows/release-images.yaml         |  1 +
 Makefile                                      | 21 +++++++++++-
 .../src/main/docker/Dockerfile.native-scratch | 33 +++++++++++++++++++
 3 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 distro/docker/src/main/docker/Dockerfile.native-scratch

diff --git a/.github/workflows/release-images.yaml b/.github/workflows/release-images.yaml
index c5aedcff51..ce83f9b0e7 100644
--- a/.github/workflows/release-images.yaml
+++ b/.github/workflows/release-images.yaml
@@ -21,6 +21,7 @@ jobs:
   release-images:
     if: github.repository_owner == 'Apicurio'
     runs-on: ubuntu-20.04
+    timeout-minutes: 120
     env:
       RELEASE_TYPE: release
     steps:
diff --git a/Makefile b/Makefile
index 0a6e4d4c7d..25cac56ed1 100644
--- a/Makefile
+++ b/Makefile
@@ -129,6 +129,15 @@ build-mem-native-image:
 	@echo "------------------------------------------------------------------------"
 	docker build -f $(DOCKERFILE_LOCATION)/Dockerfile.native -t $(IMAGE_REPO)/apicurio/apicurio-registry-mem-native:$(IMAGE_TAG) app/
 
+.PHONY: build-mem-native-scratch-image ## Builds native docker image from scratch for 'mem' storage variant. Variables available for override [IMAGE_REPO, IMAGE_TAG]
+build-mem-native-scratch-image:
+	@echo "------------------------------------------------------------------------"
+	@echo " Building Image For In-Memory Storage Variant (using Native Executable)"
+	@echo " Repository: $(IMAGE_REPO)"
+	@echo " Tag: $(IMAGE_TAG)"
+	@echo "------------------------------------------------------------------------"
+	docker build -f $(DOCKERFILE_LOCATION)/Dockerfile.native-scratch -t $(IMAGE_REPO)/apicurio/apicurio-registry-mem-native-scratch:$(IMAGE_TAG) ./
+
 
 .PHONY: push-mem-native-image ## Pushes native docker image for 'mem' storage variant. Variables available for override [IMAGE_REPO, IMAGE_TAG]
 push-mem-native-image:
@@ -278,8 +287,18 @@ kafkasql-multiarch-images:
 	@echo "------------------------------------------------------------------------"
 	docker buildx build --push -f $(DOCKERFILE_LOCATION)/$(KAFKASQL_DOCKERFILE) -t $(IMAGE_REPO)/apicurio/apicurio-registry-kafkasql:$(IMAGE_TAG) --platform $(IMAGE_PLATFORMS) $(DOCKER_BUILD_WORKSPACE)
 
+.PHONY: kafkasql-multiarch-images ## Builds and pushes multi-arch images for mem storage variant based on scratch. Variables available for override [MEM_SCRATCH_DOCKERFILE, IMAGE_REPO, IMAGE_TAG, DOCKER_BUILD_WORKSPACE]
+kafkasql-multiarch-images:
+	@echo "------------------------------------------------------------------------"
+	@echo " Building Multi-arch Images For Mem Storage Variant on Scratch"
+	@echo " Supported Platforms: $(IMAGE_PLATFORMS)"
+	@echo " Repository: $(IMAGE_REPO)"
+	@echo " Tag: $(IMAGE_TAG)"
+	@echo "------------------------------------------------------------------------"
+	docker buildx build --push -f $(DOCKERFILE_LOCATION)/$(MEM_SCRATCH_DOCKERFILE) -t $(IMAGE_REPO)/apicurio/apicurio-registry-mem-native-scratch:$(IMAGE_TAG) --platform $(IMAGE_PLATFORMS) $(DOCKER_BUILD_WORKSPACE)
+
 .PHONY: multiarch-registry-images ## Builds and pushes multi-arch registry images for all variants. Variables available for override [IMAGE_REPO, IMAGE_TAG]
-multiarch-registry-images: mem-multiarch-images sql-multiarch-images mssql-multiarch-images kafkasql-multiarch-images
+multiarch-registry-images: mem-multiarch-images sql-multiarch-images mssql-multiarch-images kafkasql-multiarch-images build-mem-native-scratch-image
 
 
 
diff --git a/distro/docker/src/main/docker/Dockerfile.native-scratch b/distro/docker/src/main/docker/Dockerfile.native-scratch
new file mode 100644
index 0000000000..c4ef27d26e
--- /dev/null
+++ b/distro/docker/src/main/docker/Dockerfile.native-scratch
@@ -0,0 +1,33 @@
+FROM quay.io/quarkus/ubi-quarkus-graalvmce-builder-image:22.3-java17 AS build
+
+USER root
+
+RUN microdnf install make gcc
+
+COPY --chown=quarkus:quarkus . /code
+
+RUN mkdir /musl && \
+    curl -L -o musl.tar.gz https://more.musl.cc/11.2.1/x86_64-linux-musl/x86_64-linux-musl-native.tgz && \
+    tar -xvzf musl.tar.gz -C /musl --strip-components 1 && \
+    curl -L -o zlib.tar.gz https://www.zlib.net/zlib-1.2.13.tar.gz && \
+    mkdir zlib && tar -xvzf zlib.tar.gz -C zlib --strip-components 1 && \
+    cd zlib && ./configure --static --prefix=/musl && \
+    make && make install && \
+    cd .. && rm -rf zlib && rm -f zlib.tar.gz && rm -f musl.tar.gz
+ENV PATH="/musl/bin:${PATH}"
+
+USER quarkus
+
+WORKDIR /code
+
+RUN ./mvnw clean install -DskipTests
+RUN ./mvnw -T 1.5C package -B -Pnative -Pprod -DskipTests -Dquarkus.native.additional-build-args="--initialize-at-run-time=org.apache.kafka.common.security.authenticator.SaslClientAuthenticator","--allow-incomplete-classpath","--static","--libc=musl" -f ./app/pom.xml
+
+FROM scratch
+
+COPY --from=build /code/app/target/meta /work/meta
+COPY --from=build /code/app/target/*-runner /application
+
+EXPOSE 8080
+
+CMD ["./application", "-Dquarkus.http.host=0.0.0.0"]