From bb62dc249104ff98ac71b6447e783b5fc3520075 Mon Sep 17 00:00:00 2001
From: liyang <daviderli614@gmail.com>
Date: Tue, 4 Mar 2025 12:45:55 +0800
Subject: [PATCH] build: use ubuntu-22.04 base image release `dev-build` image
 (#5554)

* build: use ubuntu-22.04 release dev-build image

* ci: use ubuntu-22.04 replace ubuntu-22.04-16-cores
---
 .../workflows/release-dev-builder-images.yaml |  6 +-
 docker/dev-builder/ubuntu/Dockerfile          |  4 +-
 docker/dev-builder/ubuntu/Dockerfile-18.10    | 51 --------------
 docker/dev-builder/ubuntu/Dockerfile-20.04    | 66 +++++++++++++++++++
 4 files changed, 71 insertions(+), 56 deletions(-)
 delete mode 100644 docker/dev-builder/ubuntu/Dockerfile-18.10
 create mode 100644 docker/dev-builder/ubuntu/Dockerfile-20.04

diff --git a/.github/workflows/release-dev-builder-images.yaml b/.github/workflows/release-dev-builder-images.yaml
index 2e60736140..90a3d33f50 100644
--- a/.github/workflows/release-dev-builder-images.yaml
+++ b/.github/workflows/release-dev-builder-images.yaml
@@ -29,7 +29,7 @@ jobs:
   release-dev-builder-images:
     name: Release dev builder images
     if: ${{ inputs.release_dev_builder_ubuntu_image || inputs.release_dev_builder_centos_image || inputs.release_dev_builder_android_image }} # Only manually trigger this job.
-    runs-on: ubuntu-20.04-16-cores
+    runs-on: ubuntu-22.04-16-cores
     outputs:
       version: ${{ steps.set-version.outputs.version }}
     steps:
@@ -63,7 +63,7 @@ jobs:
 
   release-dev-builder-images-ecr:
     name: Release dev builder images to AWS ECR
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     needs: [
       release-dev-builder-images
     ]
@@ -148,7 +148,7 @@ jobs:
 
   release-dev-builder-images-cn: # Note: Be careful issue: https://github.com/containers/skopeo/issues/1874 and we decide to use the latest stable skopeo container.
     name: Release dev builder images to CN region
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     needs: [
       release-dev-builder-images
     ]
diff --git a/docker/dev-builder/ubuntu/Dockerfile b/docker/dev-builder/ubuntu/Dockerfile
index d78046698c..198797b532 100644
--- a/docker/dev-builder/ubuntu/Dockerfile
+++ b/docker/dev-builder/ubuntu/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 
 # The root path under which contains all the dependencies to build this Dockerfile.
 ARG DOCKER_BUILD_ROOT=.
@@ -41,7 +41,7 @@ RUN mv protoc3/include/* /usr/local/include/
 # and the repositories are pulled from trusted sources (still us, of course). Doing so does not violate the intention
 # of the Git's addition to the "safe.directory" at the first place (see the commit message here:
 # https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9).
-# There's also another solution to this, that we add the desired submodules to the safe directory, instead of using 
+# There's also another solution to this, that we add the desired submodules to the safe directory, instead of using
 # wildcard here. However, that requires the git's config files and the submodules all owned by the very same user.
 # It's troublesome to do this since the dev build runs in Docker, which is under user "root"; while outside the Docker,
 # it can be a different user that have prepared the submodules.
diff --git a/docker/dev-builder/ubuntu/Dockerfile-18.10 b/docker/dev-builder/ubuntu/Dockerfile-18.10
deleted file mode 100644
index 07a8cb1103..0000000000
--- a/docker/dev-builder/ubuntu/Dockerfile-18.10
+++ /dev/null
@@ -1,51 +0,0 @@
-# Use the legacy glibc 2.28.
-FROM ubuntu:18.10
-
-ENV LANG en_US.utf8
-WORKDIR /greptimedb
-
-# Use old-releases.ubuntu.com to avoid 404s: https://help.ubuntu.com/community/EOLUpgrades.
-RUN echo "deb http://old-releases.ubuntu.com/ubuntu/ cosmic main restricted universe multiverse\n\
-deb http://old-releases.ubuntu.com/ubuntu/ cosmic-updates main restricted universe multiverse\n\
-deb http://old-releases.ubuntu.com/ubuntu/ cosmic-security main restricted universe multiverse" > /etc/apt/sources.list
-
-# Install dependencies.
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
-    libssl-dev \
-    tzdata \
-    curl \
-    ca-certificates \
-    git \
-    build-essential \
-    unzip \
-    pkg-config
-
-# Install protoc.
-ENV PROTOC_VERSION=29.3
-RUN if [ "$(uname -m)" = "x86_64" ]; then \
-        PROTOC_ZIP=protoc-${PROTOC_VERSION}-linux-x86_64.zip; \
-    elif [ "$(uname -m)" = "aarch64" ]; then \
-        PROTOC_ZIP=protoc-${PROTOC_VERSION}-linux-aarch_64.zip; \
-    else \
-        echo "Unsupported architecture"; exit 1; \
-    fi && \
-    curl -OL https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/${PROTOC_ZIP} && \
-    unzip -o ${PROTOC_ZIP} -d /usr/local bin/protoc && \
-    unzip -o ${PROTOC_ZIP} -d /usr/local 'include/*' && \
-    rm -f ${PROTOC_ZIP}
-
-# Install Rust.
-SHELL ["/bin/bash", "-c"]
-RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --no-modify-path --default-toolchain none -y
-ENV PATH /root/.cargo/bin/:$PATH
-
-# Install Rust toolchains.
-ARG RUST_TOOLCHAIN
-RUN rustup toolchain install ${RUST_TOOLCHAIN}
-
-# Install cargo-binstall with a specific version to adapt the current rust toolchain.
-# Note: if we use the latest version, we may encounter the following `use of unstable library feature 'io_error_downcast'` error.
-RUN cargo install cargo-binstall --version 1.6.6 --locked
-
-# Install nextest.
-RUN cargo binstall cargo-nextest --no-confirm
diff --git a/docker/dev-builder/ubuntu/Dockerfile-20.04 b/docker/dev-builder/ubuntu/Dockerfile-20.04
new file mode 100644
index 0000000000..efa28aca06
--- /dev/null
+++ b/docker/dev-builder/ubuntu/Dockerfile-20.04
@@ -0,0 +1,66 @@
+FROM ubuntu:20.04
+
+# The root path under which contains all the dependencies to build this Dockerfile.
+ARG DOCKER_BUILD_ROOT=.
+
+ENV LANG en_US.utf8
+WORKDIR /greptimedb
+
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common
+# Install dependencies.
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
+    libssl-dev \
+    tzdata \
+    curl \
+    unzip \
+    ca-certificates \
+    git \
+    build-essential \
+    pkg-config
+
+ARG TARGETPLATFORM
+RUN echo "target platform: $TARGETPLATFORM"
+
+ARG PROTOBUF_VERSION=29.3
+
+# Install protobuf, because the one in the apt is too old (v3.12).
+RUN if [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
+    curl -OL https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOBUF_VERSION}/protoc-${PROTOBUF_VERSION}-linux-aarch_64.zip && \
+    unzip protoc-${PROTOBUF_VERSION}-linux-aarch_64.zip -d protoc3; \
+elif [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
+    curl -OL https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOBUF_VERSION}/protoc-${PROTOBUF_VERSION}-linux-x86_64.zip && \
+    unzip protoc-${PROTOBUF_VERSION}-linux-x86_64.zip -d protoc3; \
+fi
+RUN mv protoc3/bin/* /usr/local/bin/
+RUN mv protoc3/include/* /usr/local/include/
+
+# Silence all `safe.directory` warnings, to avoid the "detect dubious repository" error when building with submodules.
+# Disabling the safe directory check here won't pose extra security issues, because in our usage for this dev build
+# image, we use it solely on our own environment (that github action's VM, or ECS created dynamically by ourselves),
+# and the repositories are pulled from trusted sources (still us, of course). Doing so does not violate the intention
+# of the Git's addition to the "safe.directory" at the first place (see the commit message here:
+# https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9).
+# There's also another solution to this, that we add the desired submodules to the safe directory, instead of using
+# wildcard here. However, that requires the git's config files and the submodules all owned by the very same user.
+# It's troublesome to do this since the dev build runs in Docker, which is under user "root"; while outside the Docker,
+# it can be a different user that have prepared the submodules.
+RUN git config --global --add safe.directory '*'
+
+# Install Rust.
+SHELL ["/bin/bash", "-c"]
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --no-modify-path --default-toolchain none -y
+ENV PATH /root/.cargo/bin/:$PATH
+
+# Install Rust toolchains.
+ARG RUST_TOOLCHAIN
+RUN rustup toolchain install ${RUST_TOOLCHAIN}
+
+# Install cargo-binstall with a specific version to adapt the current rust toolchain.
+# Note: if we use the latest version, we may encounter the following `use of unstable library feature 'io_error_downcast'` error.
+# compile from source take too long, so we use the precompiled binary instead
+COPY $DOCKER_BUILD_ROOT/docker/dev-builder/binstall/pull_binstall.sh /usr/local/bin/pull_binstall.sh
+RUN chmod +x /usr/local/bin/pull_binstall.sh && /usr/local/bin/pull_binstall.sh
+
+# Install nextest.
+RUN cargo binstall cargo-nextest --no-confirm