name: gvisor
variant: scratch
shell: /toolchain/bin/bash
dependencies:
  - stage: base
steps:
  - sources:
      # gvisor repo 'master' branch is Bazel-bazed, so we need to find matching commit in the "go" branch
      # find the go-branch specific merge commit ("Merge release-... (automated)") which has the release-tagged commit as a parent
      - url: https://github.com/google/gvisor/archive/2dc1338275fd1bffa03493b2a86b72fffe887577.tar.gz
        destination: gvisor.tar.gz
        sha256: e04eacad538e7f50b30697d6d107da2b9b1a9d0ff5c5586a14dedc800c7777ea
        sha512: 7e57c366171d1e780ebedc5d0d7a758aa965ba8612864da017daa647ca7a9814b9c2189f673db04feca19484f7a876af317e9555453632099d2d0ef1d3d14b5a
    env:
      GOPATH: /go
    prepare:
      - |
        sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
      - |
        mkdir -p ${GOPATH}/src/github.com/google/gvisor

        tar -xzf gvisor.tar.gz --strip-components=1 -C ${GOPATH}/src/github.com/google/gvisor
    build:
      - |
        export PATH=${PATH}:${TOOLCHAIN}/go/bin
        cd ${GOPATH}/src/github.com/google/gvisor

        mkdir ./bin

        CGO_ENABLED=0 go build -o ./bin/runsc ./runsc

        CGO_ENABLED=0 go build -o ./bin/containerd-shim-runsc-v1 ./shim
    install:
      - |
        mkdir -p /rootfs/usr/local/bin

        cd ${GOPATH}/src/github.com/google/gvisor

        cp ./bin/runsc /rootfs/usr/local/bin/runsc
        chmod +x /rootfs/usr/local/bin/runsc

        cp ./bin/containerd-shim-runsc-v1 /rootfs/usr/local/bin/containerd-shim-runsc-v1
        chmod +x /rootfs/usr/local/bin/containerd-shim-runsc-v1
finalize:
  - from: /rootfs
    to: /rootfs
  - from: /pkg/manifest.yaml
    to: /
  - from: /pkg/gvisor.part
    to: /rootfs/etc/cri/conf.d/gvisor.part
  - from: /pkg/runsc.toml
    to: /rootfs/etc/cri/conf.d/runsc.toml