diff --git a/.chloggen/native_cp.yaml b/.chloggen/native_cp.yaml new file mode 100644 index 0000000000..2b122b25fe --- /dev/null +++ b/.chloggen/native_cp.yaml @@ -0,0 +1,16 @@ +# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' +change_type: enhancement + +# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action) +component: autoinstrumentation + +# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). +note: Implement native cp, remove dependency on busybox for all autoinstrumentation images + +# One or more tracking issues related to the change +issues: [1600] + +# (Optional) One or more lines of additional information to render under the primary note. +# These lines will be padded with 2 spaces and then inserted directly into the document. +# Use pipe (|) for multiline entries. +subtext: diff --git a/.github/workflows/publish-autoinstrumentation-apache-httpd.yaml b/.github/workflows/publish-autoinstrumentation-apache-httpd.yaml index 82874bba85..7029771a92 100644 --- a/.github/workflows/publish-autoinstrumentation-apache-httpd.yaml +++ b/.github/workflows/publish-autoinstrumentation-apache-httpd.yaml @@ -12,6 +12,11 @@ on: - 'autoinstrumentation/apache-httpd/**' - '.github/workflows/publish-autoinstrumentation-apache-httpd.yaml' workflow_dispatch: + workflow_run: + workflows: [ "Publish cp Auto-Instrumentation" ] + branches: [ main ] + types: + - completed concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} @@ -19,6 +24,7 @@ concurrency: jobs: publish: + if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }} runs-on: ubuntu-22.04 steps: diff --git a/.github/workflows/publish-autoinstrumentation-cp.yaml b/.github/workflows/publish-autoinstrumentation-cp.yaml new file mode 100644 index 0000000000..2b1236fad3 --- /dev/null +++ b/.github/workflows/publish-autoinstrumentation-cp.yaml @@ -0,0 +1,59 @@ +name: "Publish cp Auto-Instrumentation" + +on: + push: + paths: + - 'autoinstrumentation/cp/**' + - '.github/workflows/publish-autoinstrumentation-cp.yaml' + branches: + - main + pull_request: + paths: + - 'autoinstrumentation/cp/**' + - '.github/workflows/publish-autoinstrumentation-cp.yaml' + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + publish: + runs-on: ubuntu-22.04 + services: + # Start a local registry for pushing the multiarch manifest and images + registry: + image: registry:2 + ports: + - 5000:5000 + + steps: + - uses: actions/checkout@v4 + + - name: Read version + run: echo "VERSION=$(cat autoinstrumentation/cp/version.txt)" >> $GITHUB_ENV + + - uses: docker/setup-buildx-action@v3 + id: multiarch-otelcol-builder + with: + driver: docker-container # Create a builder with the docker-container driver required for multiarch builds + driver-opts: network=host # Required for the builder to push to the local registry service + + - name: Login to GitHub Package Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Create docker image + run: | + cd autoinstrumentation/cp + VERSION=${{ env.VERSION }} REPOSITORY=localhost:5000 make docker + + - name: Push + run: | + docker tag localhost:5000/cp:${{ env.VERSION }} ghcr.io/open-telemetry/opentelemetry-operator/cp:${{ env.VERSION }} + docker tag localhost:5000/cp:${{ env.VERSION }}-fips ghcr.io/open-telemetry/opentelemetry-operator/cp:${{ env.VERSION }}-fips + docker push ghcr.io/open-telemetry/opentelemetry-operator/cp:${{ env.VERSION }} + docker push ghcr.io/open-telemetry/opentelemetry-operator/cp:${{ env.VERSION }}-fips diff --git a/.github/workflows/publish-autoinstrumentation-dotnet.yaml b/.github/workflows/publish-autoinstrumentation-dotnet.yaml index dfe4813068..012170f30e 100644 --- a/.github/workflows/publish-autoinstrumentation-dotnet.yaml +++ b/.github/workflows/publish-autoinstrumentation-dotnet.yaml @@ -12,6 +12,11 @@ on: - 'autoinstrumentation/dotnet/**' - '.github/workflows/publish-autoinstrumentation-dotnet.yaml' workflow_dispatch: + workflow_run: + workflows: [ "Publish cp Auto-Instrumentation" ] + branches: [ main ] + types: + - completed concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} @@ -19,6 +24,7 @@ concurrency: jobs: publish: + if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }} runs-on: ubuntu-22.04 steps: diff --git a/.github/workflows/publish-autoinstrumentation-java.yaml b/.github/workflows/publish-autoinstrumentation-java.yaml index 9d78adf4db..f9b3f4c41b 100644 --- a/.github/workflows/publish-autoinstrumentation-java.yaml +++ b/.github/workflows/publish-autoinstrumentation-java.yaml @@ -12,6 +12,11 @@ on: - 'autoinstrumentation/java/**' - '.github/workflows/publish-autoinstrumentation-java.yaml' workflow_dispatch: + workflow_run: + workflows: [ "Publish cp Auto-Instrumentation" ] + branches: [ main ] + types: + - completed concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} @@ -20,6 +25,7 @@ concurrency: jobs: publish: + if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }} runs-on: ubuntu-22.04 steps: diff --git a/.github/workflows/publish-autoinstrumentation-nodejs.yaml b/.github/workflows/publish-autoinstrumentation-nodejs.yaml index 7115105b2f..251cbfa6ef 100644 --- a/.github/workflows/publish-autoinstrumentation-nodejs.yaml +++ b/.github/workflows/publish-autoinstrumentation-nodejs.yaml @@ -12,6 +12,11 @@ on: - 'autoinstrumentation/nodejs/**' - '.github/workflows/publish-autoinstrumentation-nodejs.yaml' workflow_dispatch: + workflow_run: + workflows: [ "Publish cp Auto-Instrumentation" ] + branches: [ main ] + types: + - completed concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} @@ -20,6 +25,7 @@ concurrency: jobs: publish: + if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }} runs-on: ubuntu-22.04 steps: diff --git a/.github/workflows/publish-autoinstrumentation-python.yaml b/.github/workflows/publish-autoinstrumentation-python.yaml index 1697342e84..2021761613 100644 --- a/.github/workflows/publish-autoinstrumentation-python.yaml +++ b/.github/workflows/publish-autoinstrumentation-python.yaml @@ -12,6 +12,11 @@ on: - 'autoinstrumentation/python/**' - '.github/workflows/publish-autoinstrumentation-python.yaml' workflow_dispatch: + workflow_run: + workflows: [ "Publish cp Auto-Instrumentation" ] + branches: [ main ] + types: + - completed concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} @@ -20,6 +25,7 @@ concurrency: jobs: publish: + if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }} runs-on: ubuntu-22.04 steps: diff --git a/.gitignore b/.gitignore index 52b40a6635..2af6a02d98 100644 --- a/.gitignore +++ b/.gitignore @@ -44,3 +44,4 @@ config/rbac/certmanager-permissions/ build node_modules package-lock.json +autoinstrumentation/cp/bin/ \ No newline at end of file diff --git a/autoinstrumentation/apache-httpd/Dockerfile b/autoinstrumentation/apache-httpd/Dockerfile index 14d70d048d..8f48038909 100644 --- a/autoinstrumentation/apache-httpd/Dockerfile +++ b/autoinstrumentation/apache-httpd/Dockerfile @@ -1,7 +1,3 @@ - -############################ -# STEP 1 download the webserver agent -############################ FROM alpine:latest as agent ARG version @@ -13,14 +9,13 @@ RUN mkdir agent RUN wget -c https://github.com/open-telemetry/opentelemetry-cpp-contrib/releases/download/webserver%2Fv$version/opentelemetry-webserver-sdk-x64-linux.tgz RUN unzip -p opentelemetry-webserver-sdk-x64-linux.tgz | tar -zx -C agent -############################ -# STEP 2 download the webserver agent -############################ -FROM alpine:latest - -COPY --from=agent /opt/opentelemetry/agent/opentelemetry-webserver-sdk /opt/opentelemetry - RUN chmod 775 -R /opt/opentelemetry/ RUN chmod a+w /opt/opentelemetry/logs -CMD ["cat", "Just delivering the Opentelemetry Apache/Nginx agent"] \ No newline at end of file +FROM ghcr.io/open-telemetry/opentelemetry-operator/cp:1.0.0 AS cp + +FROM scratch + +COPY --from=cp /cp /usr/bin/cp + +COPY --from=agent /opt/opentelemetry/agent/opentelemetry-webserver-sdk /opt/opentelemetry diff --git a/autoinstrumentation/cp/Dockerfile b/autoinstrumentation/cp/Dockerfile new file mode 100644 index 0000000000..607b8a1708 --- /dev/null +++ b/autoinstrumentation/cp/Dockerfile @@ -0,0 +1,7 @@ +FROM scratch + +ARG cp + +ADD $cp /cp + +ENTRYPOINT ["/cp"] \ No newline at end of file diff --git a/autoinstrumentation/cp/Dockerfile.fips b/autoinstrumentation/cp/Dockerfile.fips new file mode 100644 index 0000000000..8f840ac873 --- /dev/null +++ b/autoinstrumentation/cp/Dockerfile.fips @@ -0,0 +1,9 @@ +FROM scratch + +LABEL fips=true + +ARG cp + +ADD $cp /cp + +ENTRYPOINT ["/cp"] \ No newline at end of file diff --git a/autoinstrumentation/cp/Dockerfile.windows b/autoinstrumentation/cp/Dockerfile.windows new file mode 100644 index 0000000000..463caca31c --- /dev/null +++ b/autoinstrumentation/cp/Dockerfile.windows @@ -0,0 +1,7 @@ +FROM scratch + +ARG cp + +ADD $cp /cp.exe + +ENTRYPOINT ["/cp.exe"] \ No newline at end of file diff --git a/autoinstrumentation/cp/Makefile b/autoinstrumentation/cp/Makefile new file mode 100644 index 0000000000..3d99759244 --- /dev/null +++ b/autoinstrumentation/cp/Makefile @@ -0,0 +1,97 @@ +VERSION?=latest +REPOSITORY?=ghcr.io/open-telemetry/opentelemetry-operator +GO_BUILD_LDFLAGS ?= '-w -s -extldflags "-static"' + +.PHONY := build +build: + mkdir -p bin + CGO_ENABLED=0 go build -trimpath -o ./bin/cp_$(GOOS)_$(GOARCH)$(EXTRA)$(EXTENSION) -ldflags $(GO_BUILD_LDFLAGS) + +bin/cp_linux_amd64: main.go go.mod + GOOS=linux GOARCH=amd64 EXTENSION="" EXTRA="" make build + +bin/cp_linux_arm64: main.go go.mod + GOOS=linux GOARCH=arm64 EXTENSION="" EXTRA="" make build + +bin/cp_linux_ppc64le: main.go go.mod + GOOS=linux GOARCH=ppc64le EXTENSION="" EXTRA="" make build + +bin/cp_linux_s390x: main.go go.mod + GOOS=linux GOARCH=s390x EXTENSION="" EXTRA="" make build + +bin/cp_windows_arm64.exe: main.go go.mod + GOOS=windows GOARCH=arm64 EXTENSION=".exe" EXTRA="" make build + +bin/cp_windows_amd64.exe: main.go go.mod + GOOS=windows GOARCH=amd64 EXTENSION=".exe" EXTRA="" make build + +bin/cp_linux_amd64_fips: main.go go.mod + GOEXPERIMENT=boringcrypto GOOS=linux GOARCH=amd64 EXTENSION="" EXTRA="_fips" make build + +bin/cp_linux_arm64_fips: main.go go.mod + GOEXPERIMENT=boringcrypto GOOS=linux GOARCH=arm64 EXTENSION="" EXTRA="_fips" make build + +bin/cp_windows_arm64_fips.exe: main.go go.mod + GOEXPERIMENT=boringcrypto GOOS=windows GOARCH=arm64 EXTENSION=".exe" EXTRA="_fips" make build + +bin/cp_windows_amd64_fips.exe: main.go go.mod + GOEXPERIMENT=boringcrypto GOOS=windows GOARCH=amd64 EXTENSION=".exe" EXTRA="_fips" make build + +## Docker build + +.PHONY := docker_linux_amd64 +docker_linux_amd64: bin/cp_linux_amd64 + docker buildx build --platform="linux/amd64" --push -t $(REPOSITORY)/cp_linux_amd64:$(VERSION) --build-arg cp=bin/cp_linux_amd64 . + +.PHONY := docker_linux_arm64 +docker_linux_arm64: bin/cp_linux_arm64 + docker buildx build --platform="linux/arm64" --push -t $(REPOSITORY)/cp_linux_arm64:$(VERSION) --build-arg cp=bin/cp_linux_arm64 . + +.PHONY := docker_linux_ppc64le +docker_linux_ppc64le: bin/cp_linux_ppc64le + docker buildx build --platform="linux/ppc64le" --push -t $(REPOSITORY)/cp_linux_ppc64le:$(VERSION) --build-arg cp=bin/cp_linux_ppc64le . + +.PHONY := docker_linux_s390x +docker_linux_s390x: bin/cp_linux_s390x + docker buildx build --platform="linux/s390x" --push -t $(REPOSITORY)/cp_linux_s390x:$(VERSION) --build-arg cp=bin/cp_linux_s390x . + +.PHONY := docker_windows_arm64 +docker_windows_arm64: bin/cp_windows_arm64.exe + docker buildx build --platform="windows/arm64" --push -f Dockerfile.windows -t $(REPOSITORY)/cp_windows_arm64:$(VERSION) --build-arg cp=bin/cp_windows_arm64.exe . + +.PHONY := docker_windows_amd64 +docker_windows_amd64: bin/cp_windows_amd64.exe + docker buildx build --platform="windows/amd64" --push -f Dockerfile.windows -t $(REPOSITORY)/cp_windows_amd64:$(VERSION) --build-arg cp=bin/cp_windows_amd64.exe . + +.PHONY := docker_linux_amd64_fips +docker_linux_amd64_fips: bin/cp_linux_amd64_fips + docker buildx build --platform="linux/amd64" --push -t $(REPOSITORY)/cp_linux_amd64_fips:$(VERSION) --build-arg cp=bin/cp_linux_amd64_fips . + +.PHONY := docker_linux_arm64_fips +docker_linux_arm64_fips: bin/cp_linux_arm64_fips + docker buildx build --platform="linux/arm64" --push -t $(REPOSITORY)/cp_linux_arm64_fips:$(VERSION) --build-arg cp=bin/cp_linux_arm64_fips . + +.PHONY := docker_windows_amd64_fips +docker_windows_amd64_fips: bin/cp_windows_amd64_fips.exe + docker buildx build --platform="windows/amd64" --push -f Dockerfile.windows -t $(REPOSITORY)/cp_windows_amd64_fips:$(VERSION) --build-arg cp=bin/cp_windows_amd64_fips.exe . + +.PHONY := docker_windows_arm64_fips +docker_windows_arm64_fips: bin/cp_windows_arm64_fips.exe + docker buildx build --platform="windows/arm64" --push -f Dockerfile.windows -t $(REPOSITORY)/cp_windows_arm64_fips:$(VERSION) --build-arg cp=bin/cp_windows_arm64_fips.exe . + +.PHONY := docker +docker: docker_linux_amd64 docker_linux_arm64 docker_linux_ppc64le docker_linux_s390x docker_windows_amd64 docker_windows_arm64 docker_linux_amd64_fips docker_linux_arm64_fips docker_windows_amd64_fips docker_windows_arm64_fips + docker buildx imagetools create -t $(REPOSITORY)/cp:$(VERSION) \ + $(REPOSITORY)/cp_linux_amd64:$(VERSION) \ + $(REPOSITORY)/cp_linux_arm64:$(VERSION) \ + $(REPOSITORY)/cp_linux_ppc64le:$(VERSION) \ + $(REPOSITORY)/cp_linux_s390x:$(VERSION) \ + $(REPOSITORY)/cp_windows_amd64:$(VERSION) \ + $(REPOSITORY)/cp_windows_arm64:$(VERSION) + + docker buildx imagetools create \ + -t $(REPOSITORY)/cp:$(VERSION)-fips \ + $(REPOSITORY)/cp_linux_amd64_fips:$(VERSION) \ + $(REPOSITORY)/cp_linux_arm64_fips:$(VERSION) \ + $(REPOSITORY)/cp_windows_amd64_fips:$(VERSION) \ + $(REPOSITORY)/cp_windows_arm64_fips:$(VERSION) diff --git a/autoinstrumentation/cp/README.md b/autoinstrumentation/cp/README.md new file mode 100644 index 0000000000..95631e108e --- /dev/null +++ b/autoinstrumentation/cp/README.md @@ -0,0 +1,27 @@ +# cp + +This project allows you to take a file and copy to a new location on disk with the 0400 permission mask (read-only). + +# Install + +## As binary + +```bash +go install github.com/otel-warez/cp@latest +``` + +## As a docker image + +``` +docker pull ghcr.io/otel-warez/cp:latest +``` + +This image is built from scratch and will not be useful on its own, but you can use it as a layer. Here is an example: + +``` +FROM ghcr.io/otel-warez/cp:latest AS cp + +FROM scratch AS final +COPY --from=cp /cp /usr/bin/cp +... +``` \ No newline at end of file diff --git a/autoinstrumentation/cp/go.mod b/autoinstrumentation/cp/go.mod new file mode 100644 index 0000000000..8a8f606a6e --- /dev/null +++ b/autoinstrumentation/cp/go.mod @@ -0,0 +1,3 @@ +module github.com/otel-warez/cp + +go 1.23.0 diff --git a/autoinstrumentation/cp/main.go b/autoinstrumentation/cp/main.go new file mode 100644 index 0000000000..5a589f28c2 --- /dev/null +++ b/autoinstrumentation/cp/main.go @@ -0,0 +1,38 @@ +// Copyright The OpenTelemetry Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "fmt" + "log" + "os" +) + +func main() { + if len(os.Args) != 3 { + log.Fatal("[USAGE] cp src dest") + } + + data, err := os.ReadFile(os.Args[1]) + if err != nil { + log.Fatal(fmt.Sprintf("error copying file: %v", err)) + } + + err = os.WriteFile(os.Args[2], data, 0400) + + if err != nil { + log.Fatal(fmt.Sprintf("error copying file: %v", err)) + } +} diff --git a/autoinstrumentation/cp/version.txt b/autoinstrumentation/cp/version.txt new file mode 100644 index 0000000000..afaf360d37 --- /dev/null +++ b/autoinstrumentation/cp/version.txt @@ -0,0 +1 @@ +1.0.0 \ No newline at end of file diff --git a/autoinstrumentation/dotnet/Dockerfile b/autoinstrumentation/dotnet/Dockerfile index 3d4947871f..4022feae62 100644 --- a/autoinstrumentation/dotnet/Dockerfile +++ b/autoinstrumentation/dotnet/Dockerfile @@ -28,6 +28,9 @@ RUN unzip opentelemetry-dotnet-instrumentation-linux-glibc-x64.zip &&\ rm opentelemetry-dotnet-instrumentation-linux-glibc-x64.zip opentelemetry-dotnet-instrumentation-linux-musl-x64.zip &&\ chmod -R go+r . -FROM busybox +FROM ghcr.io/open-telemetry/opentelemetry-operator/cp:1.0.0 AS cp +FROM scratch + +COPY --from=cp /cp /usr/bin/cp COPY --from=downloader /autoinstrumentation /autoinstrumentation diff --git a/autoinstrumentation/java/Dockerfile b/autoinstrumentation/java/Dockerfile index 41941402f7..4c7e14184b 100644 --- a/autoinstrumentation/java/Dockerfile +++ b/autoinstrumentation/java/Dockerfile @@ -4,10 +4,18 @@ # - Grant the necessary access to the jar. `chmod -R go+r /javaagent.jar` # - For auto-instrumentation by container injection, the Linux command cp is # used and must be availabe in the image. -FROM busybox +FROM busybox as downloader ARG version ADD https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v$version/opentelemetry-javaagent.jar /javaagent.jar RUN chmod -R go+r /javaagent.jar + +FROM ghcr.io/open-telemetry/opentelemetry-operator/cp:1.0.0 AS cp + +FROM scratch + +COPY --from=cp /cp /usr/bin/cp + +COPY --from=downloader /javaagent.jar /javaagent.jar diff --git a/autoinstrumentation/nodejs/Dockerfile b/autoinstrumentation/nodejs/Dockerfile index 48f1f9ae75..5bf97d9de5 100644 --- a/autoinstrumentation/nodejs/Dockerfile +++ b/autoinstrumentation/nodejs/Dockerfile @@ -16,8 +16,16 @@ COPY . . RUN npm install -FROM busybox +FROM busybox as downloader COPY --from=build /operator-build/build/workspace /autoinstrumentation RUN chmod -R go+r /autoinstrumentation + +FROM ghcr.io/open-telemetry/opentelemetry-operator/cp:1.0.0 AS cp + +FROM scratch + +COPY --from=cp /cp /usr/bin/cp + +COPY --from=downloader /autoinstrumentation /autoinstrumentation diff --git a/autoinstrumentation/python/Dockerfile b/autoinstrumentation/python/Dockerfile index 2546cf61ac..7bc117c42b 100644 --- a/autoinstrumentation/python/Dockerfile +++ b/autoinstrumentation/python/Dockerfile @@ -16,6 +16,7 @@ WORKDIR /operator-build ADD requirements.txt . RUN mkdir workspace && pip install --target workspace -r requirements.txt +RUN chmod -R go+r /autoinstrumentation FROM python:3.11-alpine AS build-musl @@ -25,11 +26,13 @@ ADD requirements.txt . RUN apk add gcc python3-dev musl-dev linux-headers RUN mkdir workspace && pip install --target workspace -r requirements.txt +RUN chmod -R go+r /autoinstrumentation-musl + +FROM ghcr.io/open-telemetry/opentelemetry-operator/cp:1.0.0 AS cp + +FROM scratch -FROM busybox +COPY --from=cp /cp /usr/bin/cp COPY --from=build /operator-build/workspace /autoinstrumentation COPY --from=build-musl /operator-build/workspace /autoinstrumentation-musl - -RUN chmod -R go+r /autoinstrumentation -RUN chmod -R go+r /autoinstrumentation-musl