From f4dae004efd849e1bbacf00b1e6d443ea88d54b0 Mon Sep 17 00:00:00 2001
From: Ferran Vidal <ferrastas@users.noreply.github.com>
Date: Fri, 2 Jun 2023 18:47:33 +0200
Subject: [PATCH] Download docker-credential-gcr from release artifacts (#2540)

As described in #2539, using `go install` with a pinned hash version it installs `1.5.1` in all cases.
This seems to be an issue on the upstream project https://github.com/GoogleCloudPlatform/docker-credential-gcr and how go proxy deals with versions.

As a temporary solution, we download the compiled version from the release artifacts.

Closes #2539

Signed-off-by: Ferran Vidal <ferran.vidal.p@gmail.com>
---
 deploy/Dockerfile        | 20 +++++++++++++++++++-
 deploy/Dockerfile_debug  | 21 ++++++++++++++++++++-
 deploy/Dockerfile_warmer | 20 +++++++++++++++++++-
 3 files changed, 58 insertions(+), 3 deletions(-)

diff --git a/deploy/Dockerfile b/deploy/Dockerfile
index 475eb1c7f..bdca25e0a 100644
--- a/deploy/Dockerfile
+++ b/deploy/Dockerfile
@@ -17,13 +17,31 @@ WORKDIR /src
 
 # This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.)
 ARG TARGETARCH
+ARG TARGETOS
 
 ENV GOARCH=$TARGETARCH
 ENV CGO_ENABLED=0
 ENV GOBIN=/usr/local/bin
 
 # Get GCR credential helper
-RUN go install github.com/GoogleCloudPlatform/docker-credential-gcr@62afb2723512fd6572c6300024e0c94f734b0ae3 #v2.1.8
+# Until https://github.com/GoogleCloudPlatform/docker-credential-gcr/issues/128 is addressed, we need to use
+# the existing compiled versions distributed in GitHub releases
+ARG GCR_HELPER_VERSION="2.1.8"
+ARG GCR_HELPER_SHA_linux_amd64="0da9a0878d34dc8b38ae76519b7137f3179f573cf9c84fec1b81e973b565e2f9"
+ARG GCR_HELPER_SHA_linux_386="2421d3242beb239eb640daf9dbfa4582416049a92ed93a207a0a3102fde4ea11"
+ARG GCR_HELPER_SHA_linux_s390x="5d18e62c5952d43993b7ee292f87d812ccd161d4e9d932fbc1567eb5d5013632"
+ARG GCR_HELPER_SHA_linux_arm64="9d0e67c18fb3e1e048120d06edb9e54e1c11f88139ec77dbc9830e8a8b31745c"
+
+# There is no linux/ppc64le available for docker-credential-gcr, at least let's install it using go install.
+RUN if [ $TARGETARCH = "ppc64le"]; then \
+      go install github.com/GoogleCloudPlatform/docker-credential-gcr@v${GCR_HELPER_VERSION}; \
+    else \
+      echo https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
+      && curl -fsSL -o /tmp/gcr-helper.tar.gz https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
+      && eval "GCR_HELPER_SHA=\${GCR_HELPER_SHA_${TARGETOS}_${TARGETARCH}}" \
+      && echo "${GCR_HELPER_SHA}  /tmp/gcr-helper.tar.gz" | sha256sum -c - \
+      && tar -xzf /tmp/gcr-helper.tar.gz --directory /usr/local/bin/; \
+    fi
 
 # Get Amazon ECR credential helper
 RUN go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@adf1bafd791ae7d4ff098108b1e91f36a4da5404 # v0.7.1
diff --git a/deploy/Dockerfile_debug b/deploy/Dockerfile_debug
index 9fc164c74..e987b2f4e 100644
--- a/deploy/Dockerfile_debug
+++ b/deploy/Dockerfile_debug
@@ -17,13 +17,32 @@ WORKDIR /src
 
 # This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.)
 ARG TARGETARCH
+ARG TARGETOS
 
 ENV GOARCH=$TARGETARCH
 ENV CGO_ENABLED=0
 ENV GOBIN=/usr/local/bin
 
 # Get GCR credential helper
-RUN go install github.com/GoogleCloudPlatform/docker-credential-gcr@62afb2723512fd6572c6300024e0c94f734b0ae3 #v2.1.8
+# Until https://github.com/GoogleCloudPlatform/docker-credential-gcr/issues/128 is addressed, we need to use
+# the existing compiled versions distributed in GitHub releases
+ARG GCR_HELPER_VERSION="2.1.8"
+ARG GCR_HELPER_SHA_linux_amd64="0da9a0878d34dc8b38ae76519b7137f3179f573cf9c84fec1b81e973b565e2f9"
+ARG GCR_HELPER_SHA_linux_386="2421d3242beb239eb640daf9dbfa4582416049a92ed93a207a0a3102fde4ea11"
+ARG GCR_HELPER_SHA_linux_s390x="5d18e62c5952d43993b7ee292f87d812ccd161d4e9d932fbc1567eb5d5013632"
+ARG GCR_HELPER_SHA_linux_arm64="9d0e67c18fb3e1e048120d06edb9e54e1c11f88139ec77dbc9830e8a8b31745c"
+
+# There is no linux/ppc64le available for docker-credential-gcr, at least let's install it using go install.
+RUN if [ $TARGETARCH = "ppc64le"]; then \
+      go install github.com/GoogleCloudPlatform/docker-credential-gcr@v${GCR_HELPER_VERSION}; \
+    else \
+      echo https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
+      && curl -fsSL -o /tmp/gcr-helper.tar.gz https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
+      && eval "GCR_HELPER_SHA=\${GCR_HELPER_SHA_${TARGETOS}_${TARGETARCH}}" \
+      && echo "${GCR_HELPER_SHA}  /tmp/gcr-helper.tar.gz" | sha256sum -c - \
+      && tar -xzf /tmp/gcr-helper.tar.gz --directory /usr/local/bin/; \
+    fi
+
 
 # Get Amazon ECR credential helper
 RUN go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@adf1bafd791ae7d4ff098108b1e91f36a4da5404 # v0.7.1
diff --git a/deploy/Dockerfile_warmer b/deploy/Dockerfile_warmer
index f29fb36d3..27a1616f6 100644
--- a/deploy/Dockerfile_warmer
+++ b/deploy/Dockerfile_warmer
@@ -17,13 +17,31 @@ WORKDIR /src
 
 # This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.)
 ARG TARGETARCH
+ARG TARGETOS
 
 ENV GOARCH=$TARGETARCH
 ENV CGO_ENABLED=0
 ENV GOBIN=/usr/local/bin
 
 # Get GCR credential helper
-RUN go install github.com/GoogleCloudPlatform/docker-credential-gcr@62afb2723512fd6572c6300024e0c94f734b0ae3 #v2.1.8
+# Until https://github.com/GoogleCloudPlatform/docker-credential-gcr/issues/128 is addressed, we need to use
+# the existing compiled versions distributed in GitHub releases
+ARG GCR_HELPER_VERSION="2.1.8"
+ARG GCR_HELPER_SHA_linux_amd64="0da9a0878d34dc8b38ae76519b7137f3179f573cf9c84fec1b81e973b565e2f9"
+ARG GCR_HELPER_SHA_linux_386="2421d3242beb239eb640daf9dbfa4582416049a92ed93a207a0a3102fde4ea11"
+ARG GCR_HELPER_SHA_linux_s390x="5d18e62c5952d43993b7ee292f87d812ccd161d4e9d932fbc1567eb5d5013632"
+ARG GCR_HELPER_SHA_linux_arm64="9d0e67c18fb3e1e048120d06edb9e54e1c11f88139ec77dbc9830e8a8b31745c"
+
+# There is no linux/ppc64le available for docker-credential-gcr, at least let's install it using go install.
+RUN if [ $TARGETARCH = "ppc64le"]; then \
+      go install github.com/GoogleCloudPlatform/docker-credential-gcr@v${GCR_HELPER_VERSION}; \
+    else \
+      echo https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
+      && curl -fsSL -o /tmp/gcr-helper.tar.gz https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
+      && eval "GCR_HELPER_SHA=\${GCR_HELPER_SHA_${TARGETOS}_${TARGETARCH}}" \
+      && echo "${GCR_HELPER_SHA}  /tmp/gcr-helper.tar.gz" | sha256sum -c - \
+      && tar -xzf /tmp/gcr-helper.tar.gz --directory /usr/local/bin/; \
+    fi
 
 # Get Amazon ECR credential helper
 RUN go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@adf1bafd791ae7d4ff098108b1e91f36a4da5404 # v0.7.1