kserve · ckadner · Jan 31, 2024 · Jan 31, 2024 · Jan 31, 2024 · Jan 31, 2024
diff --git a/Dockerfile.develop b/Dockerfile.develop
@@ -14,13 +14,59 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# NOTE: for syntax, either use "experimental" or "1.3" (or later) to enable multi-arch build with mount option
-# see https://hub.docker.com/r/docker/dockerfile (https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.3.0)
+# NOTE: for syntax, either use "experimental" or "1.3" (or later) to enable
+# multi-arch build with mount option, see https://hub.docker.com/r/docker/dockerfile
+# (https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.3.0)
 
 ###############################################################################
 # Create the develop, test, and build environment
 ###############################################################################
-FROM registry.access.redhat.com/ubi8/go-toolset:1.20
+
+# TODO: replace the "go_toolset" build stage once ubi8/go-toolset:1.21 is available
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.9 as go-toolset
+
+# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
+# We need TARGETOS and TARGETARCH (not BUILDOS and BUILDARCH) since the developer
+# image should be built for the OS of the developer using it (this is not a "builder image")
+ARG TARGETOS
+ARG TARGETARCH
+
+ARG GOLANG_VERSION=1.21.6
+
+USER root
+
+ENV HOME=/root \
+    PATH=/usr/local/go/bin:$PATH:
+
+WORKDIR /workspace
+
+# install necessary tools that are included in the ubi/go-toolset image that we are temporarily replacing
+RUN --mount=type=cache,target=/root/.cache/microdnf:rw \
+    microdnf --setopt=cachedir=/root/.cache/microdnf --nodocs install \
+       diffutils \
+       gcc-c++ \
+       make \
+       wget \
+       tar \
+       git \
+       which \
+    && microdnf update --nodocs \
+    && true
+
+# install go
+RUN true \
+    && wget -qO go.tgz "https://golang.org/dl/go${GOLANG_VERSION}.${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" \
+    && tar -C /usr/local -xzf go.tgz \
+    && go version \
+    && rm go.tgz \
+    && true
+
+
+####################################################################################
+# TODO: replace "go-toolset" build stage with ubi/go-toolset:1.21 once available   #
+#       and swap `microdnf` commands for `dnf`                                     #
+####################################################################################
+FROM go-toolset
 
 # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
 # don't provide "default" values (e.g. 'ARG TARGETARCH=amd64') for non-buildx environments,
@@ -43,7 +89,7 @@ WORKDIR /workspace
 # Install build and dev tools
 # NOTE: Require python38 to install pre-commit
 RUN --mount=type=cache,target=/root/.cache/dnf:rw \
-    dnf install --setopt=cachedir=/root/.cache/dnf -y --nodocs \
+    microdnf install --setopt=cachedir=/root/.cache/dnf -y --nodocs \
        nodejs \
        jq \
        python38 \
@@ -59,14 +105,14 @@ RUN --mount=type=cache,target=/root/.cache/pip \
 # First download and extract older dist of kubebuilder which includes required etcd, kube-apiserver and kubectl binaries
 # Then download and overwrite kubebuilder binary with desired/latest version
 RUN true \
-    && curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_${TARGETOS}_${TARGETARCH}.tar.gz | tar -xz -C /tmp/ \
-    && mv /tmp/kubebuilder_*_${TARGETOS}_${TARGETARCH} /usr/local/kubebuilder \
-    && curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/${KUBEBUILDER_VERSION}/kubebuilder_${TARGETOS}_${TARGETARCH} -o /usr/local/kubebuilder/bin/kubebuilder \
+    && curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_${TARGETOS:-linux}_${TARGETARCH:-amd64}.tar.gz | tar -xz -C /tmp/ \
+    && mv /tmp/kubebuilder_*_${TARGETOS:-linux}_${TARGETARCH:-amd64} /usr/local/kubebuilder \
+    && curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/${KUBEBUILDER_VERSION}/kubebuilder_${TARGETOS:-linux}_${TARGETARCH:-amd64} -o /usr/local/kubebuilder/bin/kubebuilder \
     && true
 
 # Download openshift-cli
 RUN true \
-    && curl -sSLf --output /tmp/oc_client.tar.gz https://mirror.openshift.com/pub/openshift-v4/${TARGETARCH}/clients/ocp/latest-${OPENSHIFT_VERSION}/openshift-client-${TARGETOS}.tar.gz \
+    && curl -sSLf --output /tmp/oc_client.tar.gz https://mirror.openshift.com/pub/openshift-v4/${TARGETARCH:-amd64}/clients/ocp/latest-${OPENSHIFT_VERSION}/openshift-client-${TARGETOS:-linux}.tar.gz \
     && tar -xvf /tmp/oc_client.tar.gz -C /tmp \
     && mv /tmp/oc /usr/local/bin \
     && mv /tmp/kubectl /usr/local/bin \
@@ -76,7 +122,7 @@ RUN true \
 
 # Download kustomize
 RUN true \
-    && curl -sSLf --output /tmp/kustomize.tar.gz https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz \
+    && curl -sSLf --output /tmp/kustomize.tar.gz https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_${TARGETOS:-linux}_${TARGETARCH:-amd64}.tar.gz \
     && tar -xvf /tmp/kustomize.tar.gz -C /tmp \
     && mv /tmp/kustomize /usr/local/bin \
     && chmod a+x /usr/local/bin/kustomize \

diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/kserve/modelmesh-serving
 
-go 1.20
+go 1.21
 
 require (
 	github.com/dereklstinson/cifar v0.0.0-20200421171932-5722a3b6a0c7
@@ -32,10 +32,7 @@ require (
 	sigs.k8s.io/yaml v1.3.0
 )
 
-// when adding/remove replace, remove the following block of indirect dependencies
-// and run `go mod tidy -compat=1.20` (based on go version above)
 require (
-	cloud.google.com/go v0.110.2 // indirect
 	cloud.google.com/go/compute v1.19.3 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	cloud.google.com/go/iam v1.0.1 // indirect
@@ -129,15 +126,17 @@ require (
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 )
 
+// when adding/remove replace, remove the following block of indirect dependencies
+// and run `go mod tidy -compat=1.20` (based on go version above)
+require cloud.google.com/go v0.110.2 // indirect
+
 replace (
 	// Fixes CVE-2022-21698 and CVE-2023-45142
 	// this dependency comes from k8s.io/[email protected] and k8s.io/[email protected]
 	// before removing it make sure that the next version of the related k8s dependencies contains the fix
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp => go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0
 	// Update Go Crypto to avoid CVE-2022-27191, CVE-2021-43565, CVE-2020-29652, CVE-2023-48795
 	golang.org/x/crypto => golang.org/x/crypto v0.17.0
-	// Update Go Networking to avoid CVE-2023-44487 and CVE-2023-39325
-	golang.org/x/net => golang.org/x/net v0.17.0
 	// remove when upgrade to controller-runtime 0.15.x or apimachinery to 0.27.x
 	// Fixes github.com/elazarl/goproxy Denial of Service (DoS)
 	// This dependency was removed from apimachinery 0.27.0