From afaf4dca582681eb58c57b28d349f05ce11dad99 Mon Sep 17 00:00:00 2001
From: Davanum Srinivas <davanum@gmail.com>
Date: Mon, 8 Sep 2025 18:43:32 -0400
Subject: [PATCH 1/2] Switch to building golang outselves

---
 images/build/go-runner/Dockerfile      | 43 ++++++++++++++++++++++++--
 images/build/go-runner/Makefile        |  7 +++--
 images/build/go-runner/cloudbuild.yaml |  4 +--
 3 files changed, 46 insertions(+), 8 deletions(-)

diff --git a/images/build/go-runner/Dockerfile b/images/build/go-runner/Dockerfile
index 0ac4c3ed83d..05308e29834 100644
--- a/images/build/go-runner/Dockerfile
+++ b/images/build/go-runner/Dockerfile
@@ -18,7 +18,46 @@ ARG BUILDER_IMAGE
 FROM ${BUILDER_IMAGE} as builder
 WORKDIR /workspace
 
+# Install dependencies for building Go from source
+RUN apt-get update && apt-get install -y \
+    build-essential \
+    curl \
+    git \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+# Download and build Go from source
+ARG GO_VERSION
+
+ARG TARGETARCH
+RUN echo "Determining bootstrap Go version for ${GO_VERSION}" && \
+    BOOTSTRAP_GO_VERSION=$(curl -fsSL "https://raw.githubusercontent.com/golang/go/go${GO_VERSION}/src/make.bash" | grep "^bootgo=" | cut -d= -f2) && \
+    echo "Installing bootstrap Go version: ${BOOTSTRAP_GO_VERSION} (${TARGETARCH})" && \
+    GO_ARCH="${TARGETARCH}"; \
+    if [ "${TARGETARCH}" = "arm" ]; then GO_ARCH="armv6l"; fi && \
+    curl -fsSL "https://go.dev/dl/go${BOOTSTRAP_GO_VERSION}.linux-${GO_ARCH}.tar.gz" -o /tmp/go-bootstrap.tar.gz && \
+    tar -xzf /tmp/go-bootstrap.tar.gz -C /usr/local && \
+    mv /usr/local/go /usr/local/go-bootstrap && \
+    rm /tmp/go-bootstrap.tar.gz
+
+# Download Go source
+RUN echo "Downloading Go source version: ${GO_VERSION}" && \
+    curl -fsSL "https://go.dev/dl/go${GO_VERSION}.src.tar.gz" -o /tmp/go.src.tar.gz && \
+    tar -xzf /tmp/go.src.tar.gz -C /usr/local && \
+    rm /tmp/go.src.tar.gz
+
+# Build Go from source with bootstrap
+WORKDIR /usr/local/go/src
+ENV GOROOT_BOOTSTRAP=/usr/local/go-bootstrap
+RUN ./make.bash
+
+# Set up Go environment
+ENV PATH=/usr/local/go/bin:$PATH
+ENV GOROOT=/usr/local/go
+ENV GOPATH=/workspace/gopath
+
 # Copy the sources
+WORKDIR /workspace
 COPY ./go-runner.go ./
 COPY ./go.* ./
 
@@ -38,11 +77,8 @@ ENV GOPROXY="https://proxy.golang.org|direct"
 
 # Build
 ARG package=.
-ARG ARCH
 
 ENV CGO_ENABLED=0
-ENV GOOS=linux
-ENV GOARCH=${ARCH}
 
 RUN go env
 
@@ -54,5 +90,6 @@ FROM ${DISTROLESS_IMAGE}
 LABEL maintainers="Kubernetes Authors"
 LABEL description="go based runner for distroless scenarios"
 WORKDIR /
+COPY --from=builder /usr/local/go /usr/local/go
 COPY --from=builder /workspace/go-runner .
 ENTRYPOINT ["/go-runner"]
diff --git a/images/build/go-runner/Makefile b/images/build/go-runner/Makefile
index 69987a44bd2..33cb8b7ece6 100644
--- a/images/build/go-runner/Makefile
+++ b/images/build/go-runner/Makefile
@@ -20,12 +20,12 @@ APP_VERSION = $(shell cat VERSION)
 GO_MAJOR_VERSION ?= 1.24
 REVISION ?= 0
 GO_VERSION ?= 1.24.6
-OS_CODENAME ?= bookworm
+OS_CODENAME ?= bookworm-slim
 
 # Build args
 DISTROLESS_REGISTRY ?= gcr.io/distroless
 DISTROLESS_IMAGE ?= static-debian12
-BUILDER_IMAGE ?= golang:$(GO_VERSION)-$(OS_CODENAME)
+BUILDER_IMAGE ?= debian:$(OS_CODENAME)
 
 # Configuration
 CONFIG = go$(GO_MAJOR_VERSION)-$(OS_CODENAME)
@@ -53,4 +53,5 @@ clean:
 	rm go-runner
 
 BUILD_ARGS = --build-arg=BUILDER_IMAGE=$(BUILDER_IMAGE) \
-             --build-arg=DISTROLESS_IMAGE=$(DISTROLESS_REGISTRY)/$(DISTROLESS_IMAGE)
+             --build-arg=DISTROLESS_IMAGE=$(DISTROLESS_REGISTRY)/$(DISTROLESS_IMAGE) \
+             --build-arg=GO_VERSION=$(GO_VERSION)
diff --git a/images/build/go-runner/cloudbuild.yaml b/images/build/go-runner/cloudbuild.yaml
index aceb654a8ba..d96ab53fc78 100644
--- a/images/build/go-runner/cloudbuild.yaml
+++ b/images/build/go-runner/cloudbuild.yaml
@@ -1,13 +1,13 @@
 # See https://github.com/kubernetes/test-infra/blob/master/config/jobs/image-pushing/README.md for more details on image pushing process
 
 # this must be specified in seconds. If omitted, defaults to 600s (10 mins)
-timeout: 3600s
+timeout: 28800s
 
 # this prevents errors if you don't use both _GIT_TAG and _PULL_BASE_REF,
 # or any new substitutions added in the future.
 options:
   substitutionOption: ALLOW_LOOSE
-  machineType: 'N1_HIGHCPU_8'
+  machineType: E2_HIGHCPU_32
 
 steps:
   - name: 'ghcr.io/sigstore/cosign/cosign:v2.5.3-dev@sha256:fe84ab87222b60d2d87f5efcb8ef3cfd895897c088fbeb973280689c81aedff1'

From 0913ee785832856d8f0e4a45dcdbf9f755b2056f Mon Sep 17 00:00:00 2001
From: Davanum Srinivas <davanum@gmail.com>
Date: Wed, 10 Sep 2025 21:40:34 -0400
Subject: [PATCH 2/2] Simplify stuff

---
 images/build/go-runner/Dockerfile | 46 +++++++------------------------
 1 file changed, 10 insertions(+), 36 deletions(-)

diff --git a/images/build/go-runner/Dockerfile b/images/build/go-runner/Dockerfile
index 05308e29834..b228e083d53 100644
--- a/images/build/go-runner/Dockerfile
+++ b/images/build/go-runner/Dockerfile
@@ -12,49 +12,24 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# Build the manager binary
-ARG DISTROLESS_IMAGE
-ARG BUILDER_IMAGE
-FROM ${BUILDER_IMAGE} as builder
-WORKDIR /workspace
-
-# Install dependencies for building Go from source
-RUN apt-get update && apt-get install -y \
-    build-essential \
-    curl \
-    git \
-    ca-certificates \
-    && rm -rf /var/lib/apt/lists/*
-
-# Download and build Go from source
+# Build args that need to be available for FROM statements
 ARG GO_VERSION
+ARG BUILDER_IMAGE
+ARG DISTROLESS_IMAGE
 
-ARG TARGETARCH
-RUN echo "Determining bootstrap Go version for ${GO_VERSION}" && \
-    BOOTSTRAP_GO_VERSION=$(curl -fsSL "https://raw.githubusercontent.com/golang/go/go${GO_VERSION}/src/make.bash" | grep "^bootgo=" | cut -d= -f2) && \
-    echo "Installing bootstrap Go version: ${BOOTSTRAP_GO_VERSION} (${TARGETARCH})" && \
-    GO_ARCH="${TARGETARCH}"; \
-    if [ "${TARGETARCH}" = "arm" ]; then GO_ARCH="armv6l"; fi && \
-    curl -fsSL "https://go.dev/dl/go${BOOTSTRAP_GO_VERSION}.linux-${GO_ARCH}.tar.gz" -o /tmp/go-bootstrap.tar.gz && \
-    tar -xzf /tmp/go-bootstrap.tar.gz -C /usr/local && \
-    mv /usr/local/go /usr/local/go-bootstrap && \
-    rm /tmp/go-bootstrap.tar.gz
+# Get Go from official Alpine image
+FROM golang:${GO_VERSION}-alpine as go-source
 
-# Download Go source
-RUN echo "Downloading Go source version: ${GO_VERSION}" && \
-    curl -fsSL "https://go.dev/dl/go${GO_VERSION}.src.tar.gz" -o /tmp/go.src.tar.gz && \
-    tar -xzf /tmp/go.src.tar.gz -C /usr/local && \
-    rm /tmp/go.src.tar.gz
+# Build the manager binary
+FROM ${BUILDER_IMAGE} as builder
+WORKDIR /workspace
 
-# Build Go from source with bootstrap
-WORKDIR /usr/local/go/src
-ENV GOROOT_BOOTSTRAP=/usr/local/go-bootstrap
-RUN ./make.bash
+# Copy Go installation from official image
+COPY --from=go-source /usr/local/go /usr/local/go
 
 # Set up Go environment
 ENV PATH=/usr/local/go/bin:$PATH
 ENV GOROOT=/usr/local/go
-ENV GOPATH=/workspace/gopath
 
 # Copy the sources
 WORKDIR /workspace
@@ -90,6 +65,5 @@ FROM ${DISTROLESS_IMAGE}
 LABEL maintainers="Kubernetes Authors"
 LABEL description="go based runner for distroless scenarios"
 WORKDIR /
-COPY --from=builder /usr/local/go /usr/local/go
 COPY --from=builder /workspace/go-runner .
 ENTRYPOINT ["/go-runner"]