From ec2de39c23719959f768e2d6c957f6e3de5cbc57 Mon Sep 17 00:00:00 2001
From: Eguzki Astiz Lezaun <eastizle@redhat.com>
Date: Fri, 22 Sep 2023 16:45:32 +0200
Subject: [PATCH] cross compilation for arm64

---
 .github/workflows/build-image.yaml | 45 ++++++++-----------
 Cargo.lock                         | 11 +++++
 Dockerfile.aarch64                 | 71 ++++++++++++++++++++++++++++++
 limitador-server/Cargo.toml        |  1 +
 4 files changed, 102 insertions(+), 26 deletions(-)
 create mode 100644 Dockerfile.aarch64

diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml
index a725ff74..fe50db7f 100644
--- a/.github/workflows/build-image.yaml
+++ b/.github/workflows/build-image.yaml
@@ -27,33 +27,26 @@ jobs:
       - name: Add branch name tag
         if: ${{ github.ref_name != env.MAIN_BRANCH_NAME }}
         run: |
-          echo "IMG_TAGS=${{ env.IMG_TAGS }} ${{ github.ref_name }}" >> $GITHUB_ENV
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-      - name: Build Image
-        id: build-image
-        uses: redhat-actions/buildah-build@v2
+          echo "IMG_TAGS=${{ github.ref_name }}" >> $GITHUB_ENV
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build Docker image on amd64
+        uses: docker/build-push-action@v5
         with:
-          image: limitador
-          tags: ${{ env.IMG_TAGS }}
-          platforms: linux/amd64,linux/arm64
-          dockerfiles: |
-            ./Dockerfile
+          context: .
+          push: false
+          load: true
           build-args: |
             GITHUB_SHA=${{ github.sha }}
-      - name: Smoke Test
-        run: |
-          podman run --rm -t ${{ steps.build-image.outputs.image }}:${{ github.sha }} limitador-server --help
-      - name: Push Image
-        if: ${{ !env.ACT }}
-        id: push-to-quay
-        uses: redhat-actions/push-to-registry@v2
+          tags: ${{ env.IMG_TAGS }}
+          file : ./Dockerfile
+      - name: Build Docker image on arm64
+        uses: docker/build-push-action@v5
         with:
-          image: ${{ steps.build-image.outputs.image }}
-          tags: ${{ steps.build-image.outputs.tags }}
-          registry: ${{ env.IMG_REGISTRY_HOST }}/${{ env.IMG_REGISTRY_ORG }}
-          username: ${{ secrets.IMG_REGISTRY_USERNAME }}
-          password: ${{ secrets.IMG_REGISTRY_TOKEN }}
-      - name: Print Image URL
-        run: |
-          echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
+          context: .
+          push: false
+          load: true
+          build-args: |
+            GITHUB_SHA=${{ github.sha }}
+          tags: ${{ env.IMG_TAGS }}
+          file : ./Dockerfile.aarch64
diff --git a/Cargo.lock b/Cargo.lock
index 32195a19..3d30dde0 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1567,6 +1567,7 @@ dependencies = [
  "limitador",
  "log",
  "notify",
+ "openssl",
  "paperclip",
  "prost",
  "prost-types",
@@ -1865,6 +1866,15 @@ version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
 
+[[package]]
+name = "openssl-src"
+version = "300.1.5+3.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "559068e4c12950d7dcaa1857a61725c0d38d4fc03ff8e070ab31a75d6e316491"
+dependencies = [
+ "cc",
+]
+
 [[package]]
 name = "openssl-sys"
 version = "0.9.93"
@@ -1873,6 +1883,7 @@ checksum = "db4d56a4c0478783083cfafcc42493dd4a981d41669da64b4572a2a089b51b1d"
 dependencies = [
  "cc",
  "libc",
+ "openssl-src",
  "pkg-config",
  "vcpkg",
 ]
diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
new file mode 100644
index 00000000..0d4ec435
--- /dev/null
+++ b/Dockerfile.aarch64
@@ -0,0 +1,71 @@
+# ------------------------------------------------------------------------------
+# Build Stage
+# ------------------------------------------------------------------------------
+
+FROM registry.access.redhat.com/ubi8/ubi:8.7 as limitador-build
+ENV CARGO_NET_GIT_FETCH_WITH_CLI=true
+
+ARG RUSTC_VERSION=1.72.0
+
+# the powertools repo is required for protobuf-c and protobuf-devel
+RUN dnf -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs install \
+      http://mirror.centos.org/centos/8-stream/BaseOS/`arch`/os/Packages/centos-gpg-keys-8-6.el8.noarch.rpm \
+      http://mirror.centos.org/centos/8-stream/BaseOS/`arch`/os/Packages/centos-stream-repos-8-6.el8.noarch.rpm \
+ && dnf -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs install epel-release \
+ && dnf config-manager --set-enabled powertools
+
+RUN yum -y clean all
+RUN dnf install --nodocs --assumeyes gcc-c++-aarch64-linux-gnu binutils-aarch64-linux-gnu
+RUN dnf install --nodocs --assumeyes perl-IPC-Cmd
+
+RUN PKGS="protobuf-c protobuf-devel git clang kernel-headers" \
+    && dnf install --nodocs --assumeyes $PKGS \
+    && rpm --verify --nogroup --nouser $PKGS \
+    && yum -y clean all
+
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --no-modify-path --profile minimal --default-toolchain ${RUSTC_VERSION} -c rustfmt -y
+RUN source $HOME/.cargo/env \
+    && rustup target add aarch64-unknown-linux-gnu
+RUN source $HOME/.cargo/env \
+    && rustup toolchain install stable-aarch64-unknown-linux-gnu
+
+WORKDIR /usr/src/limitador
+
+ARG GITHUB_SHA
+ENV GITHUB_SHA=${GITHUB_SHA:-unknown}
+ENV RUSTFLAGS="-C target-feature=-crt-static"
+
+COPY . .
+
+ENV CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc \
+    CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc \
+    CXX_aarch64_unknown_linux_gnu=aarch64-linux-gnu-g++
+
+RUN source $HOME/.cargo/env \
+    && cargo build --release --target aarch64-unknown-linux-gnu
+
+# ------------------------------------------------------------------------------
+# Run Stage
+# ------------------------------------------------------------------------------
+
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.7
+
+# shadow-utils is required for `useradd`
+RUN PKGS="libgcc libstdc++ shadow-utils" \
+    && microdnf --assumeyes install --nodocs $PKGS \
+    && rpm --verify --nogroup --nouser $PKGS \
+    && microdnf -y clean all
+RUN useradd -u 1000 -s /bin/sh -m -d /home/limitador limitador
+
+WORKDIR /home/limitador/bin/
+ENV PATH="/home/limitador/bin:${PATH}"
+
+COPY --from=limitador-build /usr/src/limitador/limitador-server/examples/limits.yaml ../
+COPY --from=limitador-build /usr/src/limitador/target/aarch64-unknown-linux-gnu/release/limitador-server ./limitador-server
+
+RUN chown -R limitador:root /home/limitador \
+    && chmod -R 750 /home/limitador
+
+USER limitador
+
+CMD ["limitador-server"]
diff --git a/limitador-server/Cargo.toml b/limitador-server/Cargo.toml
index 011a2cd7..fcc59980 100644
--- a/limitador-server/Cargo.toml
+++ b/limitador-server/Cargo.toml
@@ -37,6 +37,7 @@ const_format = "0.2.31"
 lazy_static = "1.4.0"
 clap = "4.3"
 sysinfo = "0.29.7"
+openssl = { version = "0.10.57", features = ["vendored"] }
 
 [build-dependencies]
 tonic-build = "0.10"