[autoinstrumentation] remove dependency on busybox, use native cp

open-telemetry · Jan 30, 2025 · 574778d · 574778d
1 parent f26a319
commit 574778d
Show file tree

Hide file tree

Showing 21 changed files with 331 additions and 19 deletions.
diff --git a/.chloggen/native_cp.yaml b/.chloggen/native_cp.yaml
@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+
+# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action)
+component: autoinstrumentation
+
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Implement native cp, remove dependency on busybox for all autoinstrumentation images
+
+# One or more tracking issues related to the change
+issues: [1600]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
diff --git a/.github/workflows/publish-autoinstrumentation-apache-httpd.yaml b/.github/workflows/publish-autoinstrumentation-apache-httpd.yaml
@@ -12,13 +12,19 @@ on:
       - 'autoinstrumentation/apache-httpd/**'
       - '.github/workflows/publish-autoinstrumentation-apache-httpd.yaml'
   workflow_dispatch:
+  workflow_run:
+    workflows: [ "Publish cp Auto-Instrumentation" ]
+    branches: [ main ]
+    types:
+      - completed
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
 jobs:
   publish:
+    if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }}
     runs-on: ubuntu-22.04
 
     steps:

diff --git a/.github/workflows/publish-autoinstrumentation-cp.yaml b/.github/workflows/publish-autoinstrumentation-cp.yaml
@@ -0,0 +1,59 @@
+name: "Publish cp Auto-Instrumentation"
+
+on:
+  push:
+    paths:
+      - 'autoinstrumentation/cp/**'
+      - '.github/workflows/publish-autoinstrumentation-cp.yaml'
+    branches:
+      - main
+  pull_request:
+    paths:
+      - 'autoinstrumentation/cp/**'
+      - '.github/workflows/publish-autoinstrumentation-cp.yaml'
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  publish:
+    runs-on: ubuntu-22.04
+    services:
+      # Start a local registry for pushing the multiarch manifest and images
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Read version
+        run: echo "VERSION=$(cat autoinstrumentation/cp/version.txt)" >> $GITHUB_ENV
+
+      - uses: docker/setup-buildx-action@v3
+        id: multiarch-otelcol-builder
+        with:
+          driver: docker-container   # Create a builder with the docker-container driver required for multiarch builds
+          driver-opts: network=host  # Required for the builder to push to the local registry service
+
+      - name: Login to GitHub Package Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create docker image
+        run: |
+          cd autoinstrumentation/cp
+          VERSION=${{ env.VERSION }} REPOSITORY=localhost:5000 make docker
+
+      - name: Push
+        run: |
+          docker tag localhost:5000/cp:${{ env.VERSION }} ghcr.io/open-telemetry/opentelemetry-operator/cp:${{ env.VERSION }}
+          docker tag localhost:5000/cp:${{ env.VERSION }}-fips ghcr.io/open-telemetry/opentelemetry-operator/cp:${{ env.VERSION }}-fips
+          docker push ghcr.io/open-telemetry/opentelemetry-operator/cp:${{ env.VERSION }}
+          docker push ghcr.io/open-telemetry/opentelemetry-operator/cp:${{ env.VERSION }}-fips
diff --git a/.github/workflows/publish-autoinstrumentation-dotnet.yaml b/.github/workflows/publish-autoinstrumentation-dotnet.yaml
@@ -12,13 +12,19 @@ on:
       - 'autoinstrumentation/dotnet/**'
       - '.github/workflows/publish-autoinstrumentation-dotnet.yaml'
   workflow_dispatch:
+  workflow_run:
+    workflows: [ "Publish cp Auto-Instrumentation" ]
+    branches: [ main ]
+    types:
+      - completed
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
 jobs:
   publish:
+    if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }}
     runs-on: ubuntu-22.04
 
     steps:

diff --git a/.github/workflows/publish-autoinstrumentation-java.yaml b/.github/workflows/publish-autoinstrumentation-java.yaml
@@ -12,6 +12,11 @@ on:
       - 'autoinstrumentation/java/**'
       - '.github/workflows/publish-autoinstrumentation-java.yaml'
   workflow_dispatch:
+  workflow_run:
+    workflows: [ "Publish cp Auto-Instrumentation" ]
+    branches: [ main ]
+    types:
+      - completed
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
@@ -20,6 +25,7 @@ concurrency:
 
 jobs:
   publish:
+    if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }}
     runs-on: ubuntu-22.04
 
     steps:

diff --git a/.github/workflows/publish-autoinstrumentation-nodejs.yaml b/.github/workflows/publish-autoinstrumentation-nodejs.yaml
@@ -12,6 +12,11 @@ on:
       - 'autoinstrumentation/nodejs/**'
       - '.github/workflows/publish-autoinstrumentation-nodejs.yaml'
   workflow_dispatch:
+  workflow_run:
+    workflows: [ "Publish cp Auto-Instrumentation" ]
+    branches: [ main ]
+    types:
+      - completed
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
@@ -20,6 +25,7 @@ concurrency:
 
 jobs:
   publish:
+    if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }}
     runs-on: ubuntu-22.04
 
     steps:

diff --git a/.github/workflows/publish-autoinstrumentation-python.yaml b/.github/workflows/publish-autoinstrumentation-python.yaml
@@ -12,6 +12,11 @@ on:
       - 'autoinstrumentation/python/**'
       - '.github/workflows/publish-autoinstrumentation-python.yaml'
   workflow_dispatch:
+  workflow_run:
+    workflows: [ "Publish cp Auto-Instrumentation" ]
+    branches: [ main ]
+    types:
+      - completed
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
@@ -20,6 +25,7 @@ concurrency:
 
 jobs:
   publish:
+    if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }}
     runs-on: ubuntu-22.04
 
     steps:

diff --git a/.gitignore b/.gitignore
@@ -44,3 +44,4 @@ config/rbac/certmanager-permissions/
 build
 node_modules
 package-lock.json
+autoinstrumentation/cp/bin/
diff --git a/autoinstrumentation/apache-httpd/Dockerfile b/autoinstrumentation/apache-httpd/Dockerfile
@@ -1,7 +1,3 @@
-
-############################
-# STEP 1 download the webserver agent 
-############################
 FROM alpine:latest as agent
 
 ARG version
@@ -13,14 +9,13 @@ RUN mkdir agent
 RUN wget -c https://github.com/open-telemetry/opentelemetry-cpp-contrib/releases/download/webserver%2Fv$version/opentelemetry-webserver-sdk-x64-linux.tgz
 RUN unzip -p opentelemetry-webserver-sdk-x64-linux.tgz | tar -zx -C agent
 
-############################
-# STEP 2 download the webserver agent 
-############################
-FROM alpine:latest
-
-COPY --from=agent /opt/opentelemetry/agent/opentelemetry-webserver-sdk /opt/opentelemetry
-
 RUN chmod 775 -R /opt/opentelemetry/
 RUN chmod a+w /opt/opentelemetry/logs
 
-CMD ["cat", "Just delivering the Opentelemetry Apache/Nginx agent"]
+FROM ghcr.io/open-telemetry/opentelemetry-operator/cp:1.0.0 AS cp
+
+FROM scratch
+
+COPY --from=cp /cp /usr/bin/cp
+
+COPY --from=agent /opt/opentelemetry/agent/opentelemetry-webserver-sdk /opt/opentelemetry
diff --git a/autoinstrumentation/cp/Dockerfile b/autoinstrumentation/cp/Dockerfile
@@ -0,0 +1,7 @@
+FROM scratch
+
+ARG cp
+
+ADD $cp /cp
+
+ENTRYPOINT ["/cp"]
diff --git a/autoinstrumentation/cp/Dockerfile.fips b/autoinstrumentation/cp/Dockerfile.fips
@@ -0,0 +1,9 @@
+FROM scratch
+
+LABEL fips=true
+
+ARG cp
+
+ADD $cp /cp
+
+ENTRYPOINT ["/cp"]
diff --git a/autoinstrumentation/cp/Dockerfile.windows b/autoinstrumentation/cp/Dockerfile.windows
@@ -0,0 +1,7 @@
+FROM scratch
+
+ARG cp
+
+ADD $cp /cp.exe
+
+ENTRYPOINT ["/cp.exe"]
diff --git a/autoinstrumentation/cp/Makefile b/autoinstrumentation/cp/Makefile
@@ -0,0 +1,97 @@
+VERSION?=latest
+REPOSITORY?=ghcr.io/open-telemetry/opentelemetry-operator
+GO_BUILD_LDFLAGS ?= '-w -s -extldflags "-static"'
+
+.PHONY := build
+build:
+	mkdir -p bin
+	CGO_ENABLED=0 go build -trimpath -o ./bin/cp_$(GOOS)_$(GOARCH)$(EXTRA)$(EXTENSION) -ldflags $(GO_BUILD_LDFLAGS)
+
+bin/cp_linux_amd64: main.go go.mod
+	GOOS=linux GOARCH=amd64 EXTENSION="" EXTRA="" make build
+
+bin/cp_linux_arm64: main.go go.mod
+	GOOS=linux GOARCH=arm64 EXTENSION="" EXTRA="" make build
+
+bin/cp_linux_ppc64le: main.go go.mod
+	GOOS=linux GOARCH=ppc64le EXTENSION="" EXTRA="" make build
+
+bin/cp_linux_s390x: main.go go.mod
+	GOOS=linux GOARCH=s390x EXTENSION="" EXTRA="" make build
+
+bin/cp_windows_arm64.exe: main.go go.mod
+	GOOS=windows GOARCH=arm64 EXTENSION=".exe" EXTRA="" make build
+
+bin/cp_windows_amd64.exe: main.go go.mod
+	GOOS=windows GOARCH=amd64 EXTENSION=".exe" EXTRA="" make build
+
+bin/cp_linux_amd64_fips: main.go go.mod
+	GOEXPERIMENT=boringcrypto GOOS=linux GOARCH=amd64 EXTENSION="" EXTRA="_fips" make build
+
+bin/cp_linux_arm64_fips: main.go go.mod
+	GOEXPERIMENT=boringcrypto GOOS=linux GOARCH=arm64 EXTENSION="" EXTRA="_fips" make build
+
+bin/cp_windows_arm64_fips.exe: main.go go.mod
+	GOEXPERIMENT=boringcrypto GOOS=windows GOARCH=arm64 EXTENSION=".exe" EXTRA="_fips" make build
+
+bin/cp_windows_amd64_fips.exe: main.go go.mod
+	GOEXPERIMENT=boringcrypto GOOS=windows GOARCH=amd64 EXTENSION=".exe" EXTRA="_fips" make build
+
+## Docker build
+
+.PHONY := docker_linux_amd64
+docker_linux_amd64: bin/cp_linux_amd64
+	docker buildx build --platform="linux/amd64" --push -t $(REPOSITORY)/cp_linux_amd64:$(VERSION) --build-arg cp=bin/cp_linux_amd64 .
+
+.PHONY := docker_linux_arm64
+docker_linux_arm64: bin/cp_linux_arm64
+	docker buildx build --platform="linux/arm64" --push -t $(REPOSITORY)/cp_linux_arm64:$(VERSION) --build-arg cp=bin/cp_linux_arm64 .
+
+.PHONY := docker_linux_ppc64le
+docker_linux_ppc64le: bin/cp_linux_ppc64le
+	docker buildx build --platform="linux/ppc64le" --push -t $(REPOSITORY)/cp_linux_ppc64le:$(VERSION) --build-arg cp=bin/cp_linux_ppc64le .
+
+.PHONY := docker_linux_s390x
+docker_linux_s390x: bin/cp_linux_s390x
+	docker buildx build --platform="linux/s390x" --push -t $(REPOSITORY)/cp_linux_s390x:$(VERSION) --build-arg cp=bin/cp_linux_s390x .
+
+.PHONY := docker_windows_arm64
+docker_windows_arm64: bin/cp_windows_arm64.exe
+	docker buildx build --platform="windows/arm64" --push -f Dockerfile.windows -t $(REPOSITORY)/cp_windows_arm64:$(VERSION) --build-arg cp=bin/cp_windows_arm64.exe .
+
+.PHONY := docker_windows_amd64
+docker_windows_amd64: bin/cp_windows_amd64.exe
+	docker buildx build --platform="windows/amd64" --push -f Dockerfile.windows -t $(REPOSITORY)/cp_windows_amd64:$(VERSION) --build-arg cp=bin/cp_windows_amd64.exe .
+
+.PHONY := docker_linux_amd64_fips
+docker_linux_amd64_fips: bin/cp_linux_amd64_fips
+	docker buildx build --platform="linux/amd64" --push -t $(REPOSITORY)/cp_linux_amd64_fips:$(VERSION) --build-arg cp=bin/cp_linux_amd64_fips .
+
+.PHONY := docker_linux_arm64_fips
+docker_linux_arm64_fips: bin/cp_linux_arm64_fips
+	docker buildx build --platform="linux/arm64" --push -t $(REPOSITORY)/cp_linux_arm64_fips:$(VERSION) --build-arg cp=bin/cp_linux_arm64_fips .
+
+.PHONY := docker_windows_amd64_fips
+docker_windows_amd64_fips: bin/cp_windows_amd64_fips.exe
+	docker buildx build --platform="windows/amd64" --push -f Dockerfile.windows -t $(REPOSITORY)/cp_windows_amd64_fips:$(VERSION) --build-arg cp=bin/cp_windows_amd64_fips.exe .
+
+.PHONY := docker_windows_arm64_fips
+docker_windows_arm64_fips: bin/cp_windows_arm64_fips.exe
+	docker buildx build --platform="windows/arm64" --push -f Dockerfile.windows -t $(REPOSITORY)/cp_windows_arm64_fips:$(VERSION) --build-arg cp=bin/cp_windows_arm64_fips.exe .
+
+.PHONY := docker
+docker: docker_linux_amd64 docker_linux_arm64 docker_linux_ppc64le docker_linux_s390x docker_windows_amd64 docker_windows_arm64 docker_linux_amd64_fips docker_linux_arm64_fips docker_windows_amd64_fips docker_windows_arm64_fips
+	docker buildx imagetools create -t $(REPOSITORY)/cp:$(VERSION) \
+		$(REPOSITORY)/cp_linux_amd64:$(VERSION) \
+		$(REPOSITORY)/cp_linux_arm64:$(VERSION) \
+		$(REPOSITORY)/cp_linux_ppc64le:$(VERSION) \
+		$(REPOSITORY)/cp_linux_s390x:$(VERSION) \
+		$(REPOSITORY)/cp_windows_amd64:$(VERSION) \
+		$(REPOSITORY)/cp_windows_arm64:$(VERSION)
+
+	docker buildx imagetools create \
+	    -t $(REPOSITORY)/cp:$(VERSION)-fips \
+		$(REPOSITORY)/cp_linux_amd64_fips:$(VERSION) \
+		$(REPOSITORY)/cp_linux_arm64_fips:$(VERSION) \
+		$(REPOSITORY)/cp_windows_amd64_fips:$(VERSION) \
+		$(REPOSITORY)/cp_windows_arm64_fips:$(VERSION)
diff --git a/autoinstrumentation/cp/README.md b/autoinstrumentation/cp/README.md
@@ -0,0 +1,27 @@
+# cp
+
+This project allows you to take a file and copy to a new location on disk with the 0400 permission mask (read-only).
+
+# Install
+
+## As binary
+
+```bash
+go install github.com/otel-warez/cp@latest
+```
+
+## As a docker image
+
+```
+docker pull ghcr.io/otel-warez/cp:latest
+```
+
+This image is built from scratch and will not be useful on its own, but you can use it as a layer. Here is an example:
+
+```
+FROM ghcr.io/otel-warez/cp:latest AS cp
+
+FROM scratch AS final
+COPY --from=cp /cp /usr/bin/cp
+...
+```
diff --git a/autoinstrumentation/cp/go.mod b/autoinstrumentation/cp/go.mod
@@ -0,0 +1,3 @@
+module github.com/otel-warez/cp
+
+go 1.23.0