feat: add building option to build images base on distroless image (#7240)

Signed-off-by: WaterWhisperer <waterwhisperer24@qq.com>

docker/buildx/centos/Dockerfile

@@ -1,10 +1,10 @@
-FROM centos:7 as builder
+FROM centos:7 AS builder
 
 ARG CARGO_PROFILE
 ARG FEATURES
 ARG OUTPUT_DIR
 
-ENV LANG en_US.utf8
+ENV LANG=en_US.utf8
 WORKDIR /greptimedb
 
 # Install dependencies
@@ -22,7 +22,7 @@ RUN unzip protoc-3.15.8-linux-x86_64.zip -d /usr/local/
 # Install Rust
 SHELL ["/bin/bash", "-c"]
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --no-modify-path --default-toolchain none -y
-ENV PATH /usr/local/bin:/root/.cargo/bin/:$PATH
+ENV PATH=/usr/local/bin:/root/.cargo/bin/:$PATH
 
 # Build the project in release mode.
 RUN --mount=target=.,rw \
@@ -33,7 +33,7 @@ RUN --mount=target=.,rw \
     TARGET_DIR=/out/target
 
 # Export the binary to the clean image.
-FROM centos:7 as base
+FROM centos:7 AS base
 
 ARG OUTPUT_DIR
 
@@ -45,7 +45,7 @@ RUN yum install -y epel-release \
 
 WORKDIR /greptime
 COPY --from=builder /out/target/${OUTPUT_DIR}/greptime /greptime/bin/
-ENV PATH /greptime/bin/:$PATH
+ENV PATH=/greptime/bin/:$PATH
 
 ENV MALLOC_CONF="prof:true,prof_active:false"
 

docker/buildx/distroless/Dockerfile

@@ -0,0 +1,65 @@
+FROM ubuntu:22.04 AS builder
+
+ARG CARGO_PROFILE
+ARG FEATURES
+ARG OUTPUT_DIR
+
+ENV LANG=en_US.utf8
+WORKDIR /greptimedb
+
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common
+
+# Install dependencies.
+RUN --mount=type=cache,target=/var/cache/apt \
+    apt-get update && apt-get install -y \
+    libssl-dev \
+    protobuf-compiler \
+    curl \
+    git \
+    build-essential \
+    pkg-config
+
+# Install Rust.
+SHELL ["/bin/bash", "-c"]
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --no-modify-path --default-toolchain none -y
+ENV PATH=/root/.cargo/bin/:$PATH
+
+# Build the project in release mode.
+RUN --mount=target=. \
+    --mount=type=cache,target=/root/.cargo/registry \
+    make build \
+    CARGO_PROFILE=${CARGO_PROFILE} \
+    FEATURES=${FEATURES} \
+    TARGET_DIR=/out/target
+
+FROM ubuntu:22.04 AS libs
+
+ARG TARGETARCH
+
+# Copy required library dependencies based on architecture
+RUN if [ "$TARGETARCH" = "amd64" ]; then \
+        cp /lib/x86_64-linux-gnu/libz.so.1.2.11 /lib/x86_64-linux-gnu/libz.so.1; \
+    elif [ "$TARGETARCH" = "arm64" ]; then \
+        cp /lib/aarch64-linux-gnu/libz.so.1.2.11 /lib/aarch64-linux-gnu/libz.so.1; \
+    else \
+        echo "Unsupported architecture: $TARGETARCH" && exit 1; \
+    fi
+
+# Export the binary to the clean distroless image.
+FROM gcr.io/distroless/cc-debian12:latest AS base
+
+ARG OUTPUT_DIR
+ARG TARGETARCH
+
+# Copy required library dependencies
+COPY --from=libs /lib /lib
+COPY --from=busybox:stable /bin/busybox /bin/busybox
+
+WORKDIR /greptime
+COPY --from=builder /out/target/${OUTPUT_DIR}/greptime /greptime/bin/greptime
+ENV PATH=/greptime/bin/:$PATH
+
+ENV MALLOC_CONF="prof:true,prof_active:false"
+
+ENTRYPOINT ["greptime"]

docker/buildx/ubuntu/Dockerfile

@@ -1,10 +1,10 @@
-FROM ubuntu:22.04 as builder
+FROM ubuntu:22.04 AS builder
 
 ARG CARGO_PROFILE
 ARG FEATURES
 ARG OUTPUT_DIR
 
-ENV LANG en_US.utf8
+ENV LANG=en_US.utf8
 WORKDIR /greptimedb
 
 RUN apt-get update && \
@@ -23,7 +23,7 @@ RUN --mount=type=cache,target=/var/cache/apt \
 # Install Rust.
 SHELL ["/bin/bash", "-c"]
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --no-modify-path --default-toolchain none -y
-ENV PATH /root/.cargo/bin/:$PATH
+ENV PATH=/root/.cargo/bin/:$PATH
 
 # Build the project in release mode.
 RUN --mount=target=. \
@@ -35,7 +35,7 @@ RUN --mount=target=. \
 
 # Export the binary to the clean image.
 # TODO(zyy17): Maybe should use the more secure container image.
-FROM ubuntu:22.04 as base
+FROM ubuntu:22.04 AS base
 
 ARG OUTPUT_DIR
 
@@ -45,7 +45,7 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get \
 
 WORKDIR /greptime
 COPY --from=builder /out/target/${OUTPUT_DIR}/greptime /greptime/bin/
-ENV PATH /greptime/bin/:$PATH
+ENV PATH=/greptime/bin/:$PATH
 
 ENV MALLOC_CONF="prof:true,prof_active:false"
 

docker/ci/centos/Dockerfile

@@ -13,7 +13,7 @@ ARG TARGETARCH
 
 ADD $TARGETARCH/greptime /greptime/bin/
 
-ENV PATH /greptime/bin/:$PATH
+ENV PATH=/greptime/bin/:$PATH
 
 ENV MALLOC_CONF="prof:true,prof_active:false"
 

docker/ci/distroless/Dockerfile

@@ -0,0 +1,40 @@
+FROM ubuntu:22.04 AS libs
+
+ARG TARGETARCH
+
+# Copy required library dependencies based on architecture
+# TARGETARCH values: amd64, arm64
+# Ubuntu library paths: x86_64-linux-gnu, aarch64-linux-gnu
+RUN if [ "$TARGETARCH" = "amd64" ]; then \
+        mkdir -p /output/x86_64-linux-gnu && \
+        cp /lib/x86_64-linux-gnu/libz.so.1.2.11 /output/x86_64-linux-gnu/libz.so.1; \
+    elif [ "$TARGETARCH" = "arm64" ]; then \
+        mkdir -p /output/aarch64-linux-gnu && \
+        cp /lib/aarch64-linux-gnu/libz.so.1.2.11 /output/aarch64-linux-gnu/libz.so.1; \
+    else \
+        echo "Unsupported architecture: $TARGETARCH" && exit 1; \
+    fi
+
+FROM gcr.io/distroless/cc-debian12:latest
+
+# The root path under which contains all the dependencies to build this Dockerfile.
+ARG DOCKER_BUILD_ROOT=.
+# The binary name of GreptimeDB executable.
+# Defaults to "greptime", but sometimes in other projects it might be different.
+ARG TARGET_BIN=greptime
+
+ARG TARGETARCH
+
+# Copy required library dependencies
+COPY --from=libs /output /lib
+COPY --from=busybox:stable /bin/busybox /bin/busybox
+
+ADD $TARGETARCH/$TARGET_BIN /greptime/bin/
+
+ENV PATH=/greptime/bin/:$PATH
+
+ENV TARGET_BIN=$TARGET_BIN
+
+ENV MALLOC_CONF="prof:true,prof_active:false"
+
+ENTRYPOINT ["greptime"]

docker/ci/ubuntu/Dockerfile

@@ -14,7 +14,7 @@ ARG TARGETARCH
 
 ADD $TARGETARCH/$TARGET_BIN /greptime/bin/
 
-ENV PATH /greptime/bin/:$PATH
+ENV PATH=/greptime/bin/:$PATH
 
 ENV TARGET_BIN=$TARGET_BIN