From f82ca0129ae7435a853ea64d561155a422a77ea2 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Thu, 26 Mar 2020 18:48:14 +0100
Subject: [PATCH 1/2] Add support for static builds

Currently only supporting a debian base-image for building (e.g. ubuntu).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 .dockerignore              |  1 +
 Makefile                   | 12 ++++++++
 README.md                  |  7 +++++
 dockerfiles/deb.dockerfile | 21 ++++++++++++++
 scripts/build-static       | 59 ++++++++++++++++++++++++++++++++++++++
 5 files changed, 100 insertions(+)
 create mode 100755 scripts/build-static

diff --git a/.dockerignore b/.dockerignore
index 279e5e9d..c0b6337b 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -4,6 +4,7 @@
 /archive
 /build
 /common/*.mk
+/dockerfiles
 /*.md
 /Jenkinsfile
 /Makefile
diff --git a/Makefile b/Makefile
index 2b5662a0..9517e97a 100644
--- a/Makefile
+++ b/Makefile
@@ -76,6 +76,18 @@ checkout: src
 	./scripts/checkout.sh src/github.com/containerd/containerd "$(REF)"
 	./scripts/checkout.sh src/github.com/opencontainers/runc "$$(./scripts/determine-runc-version)"
 
+# NOTE: building static binaries currently only works when using an
+#       ubuntu/debian BUILD_IMAGE, because build-dependencies are not
+#       installed beforehand.
+.PHONY: static
+static: TARGET=binaries
+static: build
+
+# This target is used for building rpm, deb, and static packages:
+#
+# - If TARGET=binaries, static binaries are built
+# - If TARGET is not specified, the default is either "rpm" or "deb",
+#   depending on the BUILD_IMAGE
 .PHONY: build
 build: checkout common/containerd.service
 build:
diff --git a/README.md b/README.md
index 5b89c960..cd1a2e38 100644
--- a/README.md
+++ b/README.md
@@ -15,6 +15,13 @@ make docker.io/library/<distro>:<version> [docker.io/library/<distro>:<version>
 
 After build completes, packages can be found in the `build` directory.
 
+To build static binaries:
+
+```bash
+make clean
+make static
+```
+
 ## Building a package from a local source directory
 
 Specify the path to the local source directory using `CONTAINERD_DIR` and/or
diff --git a/dockerfiles/deb.dockerfile b/dockerfiles/deb.dockerfile
index 3aea65cf..805c8c71 100644
--- a/dockerfiles/deb.dockerfile
+++ b/dockerfiles/deb.dockerfile
@@ -90,6 +90,7 @@ COPY debian/ debian/
 RUN apt-get update -q \
  && mk-build-deps -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i debian/control
 COPY scripts/build-deb    /root/
+COPY scripts/build-static /root/
 COPY scripts/.helpers     /root/
 
 ARG PACKAGE
@@ -128,6 +129,26 @@ FROM scratch AS packages
 COPY --from=build-packages  /archive /archive
 COPY --from=verify-packages /build   /build
 
+FROM build-env AS build-binaries
+# NOTE: not using a cache-mount for /root/.cache/go-build, to prevent issues
+#       with CGO when building multiple distros on the same machine / build-cache
+RUN --mount=type=bind,from=golang,source=/usr/local/go/,target=/usr/local/go/ \
+    --mount=type=bind,source=/src,target=/go/src,rw \
+    /root/build-static
+ARG UID=0
+ARG GID=0
+RUN chown -R ${UID}:${GID} /build
+
+FROM distro-image AS verify-binaries
+COPY --from=build-binaries /build /build
+RUN tar -C /usr/local/bin/ --strip-components 1 -xzf "$(find /build/static -type f -name containerd.io*.tar.gz)"
+RUN containerd --version
+RUN ctr --version
+RUN runc --version
+
+FROM scratch AS binaries
+COPY --from=verify-binaries /build /build
+
 # This stage is mainly for debugging (running the build interactively with mounted source)
 FROM build-env AS runtime
 COPY --from=golang /usr/local/go/ /usr/local/go/
diff --git a/scripts/build-static b/scripts/build-static
new file mode 100755
index 00000000..cbb2a89f
--- /dev/null
+++ b/scripts/build-static
@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+
+#   Copyright 2018-2022 Docker Inc.
+
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+
+#       http://www.apache.org/licenses/LICENSE-2.0
+
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+set -e
+
+REF=$(git --git-dir "${GO_SRC_PATH}/.git" rev-parse --verify "HEAD^{commit}")
+VERSION="$(git --git-dir "${GO_SRC_PATH}/.git" describe --tags | sed 's/^v//')"
+# Check if we're on a tagged version, change VERSION to dev build if not
+if ! git --git-dir "${GO_SRC_PATH}/.git" describe --exact-match HEAD >/dev/null 2>&1; then
+	git_date=$(date --date "@$(git --git-dir "${GO_SRC_PATH}/.git" log -1 --pretty='%at')" +'%Y%m%d.%H%M%S')
+	git_sha=$(git --git-dir "${GO_SRC_PATH}/.git" log -1 --pretty='%h')
+	VERSION="${git_date}~${git_sha}"
+fi
+
+ARCH=$(uname -m)
+DEST_DIR="/build/static/${ARCH}/"
+BIN_DIR="usr/local/bin"
+
+# Build containerd
+(
+	set -x
+	# see https://github.com/containerd/containerd/blob/main/BUILDING.md#static-binaries
+	make -C "/go/src/github.com/containerd/containerd" STATIC=1 VERSION="${VERSION}" REVISION="${REF}" PACKAGE="${PACKAGE}"
+
+	# containerd installs in ${DESTDIR}${PREFIX}/bin (${DESTDIR}/usr/local/bin)
+	make -C "/go/src/github.com/containerd/containerd" DESTDIR="${DEST_DIR}" install
+)
+
+# Build runc
+(
+	set -x
+	# runc installs in ${DEST_DIR}${BINDIR}
+	make -C "/go/src/github.com/opencontainers/runc" DESTDIR="${DEST_DIR}" BINDIR="${BIN_DIR}" static install
+)
+
+# Create archive and checksum
+(
+	set -x
+
+	archive_name="containerd.io-${VERSION}.linux-${ARCH}.tar.gz"
+
+	cd "${DEST_DIR:?}"
+	tar --exclude=containerd-stress --transform "s,^${BIN_DIR},containerd.io," -czf "${archive_name}" "${BIN_DIR}"
+	sha256sum "${archive_name}" > "${archive_name}".sha256sum
+	rm -r "${BIN_DIR}"
+)

From 312281b6c5daf67c2300467af7b5ac1ab1fc21ca Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Sat, 4 Jun 2022 23:24:59 +0200
Subject: [PATCH 2/2] Jenkinsfile: also build static binaries on ubuntu

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 Jenkinsfile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Jenkinsfile b/Jenkinsfile
index 735b9a32..b686db39 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -41,6 +41,10 @@ def generatePackageStep(opts, arch) {
                     sh 'make clean'
                     withDockerRegistry([url: "", credentialsId: "dockerbuildbot-index.docker.io"]) {
                         sh "make CREATE_ARCHIVE=1 ${opts.image}"
+                        if (opts.image == "docker.io/library/ubuntu:focal") {
+                            // also build static packages
+                            sh "make CREATE_ARCHIVE=1 ${opts.image} static"
+                        }
                     }
                     archiveArtifacts(artifacts: 'archive/*.tar.gz', onlyIfSuccessful: true)
                 } finally {