From a4c08009a96b2bdedd16e61dd720af75409c5c7b Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Thu, 5 Sep 2024 11:17:43 +0200 Subject: [PATCH 01/10] Build the collector binary directly in the docker image build Historically, we've always built the collector binary inside a running container and then copied it from the host to the final image. This change makes it so the builder image is used as a first step to compile the collector binary, then the binary is copied over to the final image in a second stage. Development workflow should not change too much, make image will still compile collector, run the unit tests and generate a final image. Multiple successive compilations are sped up by using a cache mount for the build directory. Main benefit of the change is getting rid of the make targets that run cmake while exec'ed into the builder image, these don't really make much sense and are quite a bit more complex than they need to be IMO. Of note, execing into a builder image and running the cmake commands directly in there will still work, if that is the workflow of choice. Second benefit is making image builds a bit closer to what konflux and downstream do, but not overly so, maybe one day we'll be able to have all image builds come from a single source of truth. --- .dockerignore | 2 ++ Makefile | 18 +++++++++++--- Makefile-constants.mk | 2 +- collector/Makefile | 30 ------------------------ collector/container/Dockerfile | 43 ++++++++++++++++++++++++++++++---- 5 files changed, 56 insertions(+), 39 deletions(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000000..265ff3f106 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,2 @@ +.git/ +cmake-build/ diff --git a/Makefile b/Makefile index d2e3c6a0d2..ad768eaea3 100644 --- a/Makefile +++ b/Makefile @@ -41,19 +41,31 @@ connscrape: unittest: make -C collector unittest -image: collector unittest +image: make -C collector txt-files docker buildx build --load --platform ${PLATFORM} \ + --build-arg CMAKE_BUILD_TYPE="$(CMAKE_BUILD_TYPE)" \ + --build-arg USE_VALGRIND="$(USE_VALGRIND)" \ + --build-arg ADDRESS_SANITIZER="$(ADDRESS_SANITIZER)" \ + --build-arg TRACE_SINSP_EVENTS="$(TRACE_SINSP_EVENTS)" \ + --build-arg BPF_DEBUG_MODE="$(BPF_DEBUG_MODE)" \ --build-arg COLLECTOR_VERSION="$(COLLECTOR_TAG)" \ + --build-arg BUILDER_TAG="$(COLLECTOR_BUILDER_TAG)" \ -f collector/container/Dockerfile \ -t quay.io/stackrox-io/collector:$(COLLECTOR_TAG) \ $(COLLECTOR_BUILD_CONTEXT) -image-dev: collector unittest container-dockerfile-dev +image-dev: container-dockerfile-dev make -C collector txt-files docker buildx build --load --platform ${PLATFORM} \ - --build-arg COLLECTOR_VERSION="$(COLLECTOR_TAG)" \ --build-arg BUILD_TYPE=devel \ + --build-arg CMAKE_BUILD_TYPE="$(CMAKE_BUILD_TYPE)" \ + --build-arg USE_VALGRIND="$(USE_VALGRIND)" \ + --build-arg ADDRESS_SANITIZER="$(ADDRESS_SANITIZER)" \ + --build-arg TRACE_SINSP_EVENTS="$(TRACE_SINSP_EVENTS)" \ + --build-arg BPF_DEBUG_MODE="$(BPF_DEBUG_MODE)" \ + --build-arg COLLECTOR_VERSION="$(COLLECTOR_TAG)" \ + --build-arg BUILDER_TAG="$(COLLECTOR_BUILDER_TAG)" \ -f collector/container/Dockerfile.dev \ -t quay.io/stackrox-io/collector:$(COLLECTOR_TAG) \ $(COLLECTOR_BUILD_CONTEXT) diff --git a/Makefile-constants.mk b/Makefile-constants.mk index b4b4ebd83a..7cd2446f6c 100644 --- a/Makefile-constants.mk +++ b/Makefile-constants.mk @@ -17,5 +17,5 @@ TRACE_SINSP_EVENTS ?= false DISABLE_PROFILING ?= false BPF_DEBUG_MODE ?= false -COLLECTOR_BUILD_CONTEXT = collector/ +COLLECTOR_BUILD_CONTEXT = . COLLECTOR_BUILDER_NAME ?= collector_builder_$(HOST_ARCH) diff --git a/collector/Makefile b/collector/Makefile index 0295a8d26d..0bf7f43512 100644 --- a/collector/Makefile +++ b/collector/Makefile @@ -5,40 +5,10 @@ NPROCS ?= $(shell nproc) CMAKE_BASE_DIR = cmake-build CMAKE_DIR= $(BASE_PATH)/$(CMAKE_BASE_DIR) -COLLECTOR_BIN_DIR = $(CMAKE_DIR)/collector -LIBSINSP_BIN_DIR = $(CMAKE_DIR)/collector/EXCLUDE_FROM_DEFAULT_BUILD/libsinsp SRC_MOUNT_DIR = /tmp/collector -HDRS := $(wildcard lib/*.h) $(shell find $(BASE_PATH)/falcosecurity-libs/userspace -name '*.h') - -SRCS := $(wildcard lib/*.cpp) collector.cpp - -COLLECTOR_BUILD_DEPS := $(HDRS) $(SRCS) $(shell find $(BASE_PATH)/falcosecurity-libs -name '*.h' -o -name '*.cpp' -o -name '*.c') - .SUFFIXES: -cmake-configure/collector: - docker exec $(COLLECTOR_BUILDER_NAME) \ - cmake -S $(BASE_PATH) -B $(CMAKE_DIR) \ - -DCMAKE_BUILD_TYPE=$(CMAKE_BUILD_TYPE) \ - -DDISABLE_PROFILING=$(DISABLE_PROFILING) \ - -DUSE_VALGRIND=$(USE_VALGRIND) \ - -DADDRESS_SANITIZER=$(ADDRESS_SANITIZER) \ - -DTRACE_SINSP_EVENTS=$(TRACE_SINSP_EVENTS) \ - -DBPF_DEBUG_MODE=$(BPF_DEBUG_MODE) \ - -DCOLLECTOR_VERSION=$(COLLECTOR_VERSION) - -cmake-build/collector: cmake-configure/collector $(COLLECTOR_BUILD_DEPS) - docker exec $(COLLECTOR_BUILDER_NAME) \ - cmake --build $(CMAKE_DIR) -- -j $(NPROCS) - docker exec $(COLLECTOR_BUILDER_NAME) \ - bash -c "[ $(CMAKE_BUILD_TYPE) == Release ] && strip --strip-unneeded $(COLLECTOR_BIN_DIR)/collector || exit 0" - -container/bin/collector: cmake-build/collector - mkdir -p container/bin - cp "$(COLLECTOR_BIN_DIR)/collector" container/bin/collector - cp "$(COLLECTOR_BIN_DIR)/self-checks" container/bin/self-checks - .PHONY: collector collector: container/bin/collector txt-files mkdir -p container/libs diff --git a/collector/container/Dockerfile b/collector/container/Dockerfile index e133ef0d22..b6f07776da 100644 --- a/collector/container/Dockerfile +++ b/collector/container/Dockerfile @@ -1,3 +1,36 @@ +ARG BUILDER_TAG=master +FROM quay.io/stackrox-io/collector-builder:${BUILDER_TAG} AS builder + +ARG CMAKE_BUILD_TYPE=Release +ARG USE_VALGRIND=false +ARG ADDRESS_SANITIZER=false +ARG TRACE_SINSP_EVENTS=false +ARG COLLECTOR_VERSION=0.0.0 +ARG BPF_DEBUG_MODE=false + +COPY . /collector-src +WORKDIR /collector-src + +RUN --mount=type=cache,target=/collector-src/build \ + if [[ "$(uname -m)" == "x86_64" ]]; \ + then DISABLE_PROFILING="OFF"; \ + else DISABLE_PROFILING="ON"; \ + fi ; \ + cmake -S . -B build/ \ + -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} \ + -DDISABLE_PROFILING=${DISABLE_PROFILING} \ + -DUSE_VALGRIND=${USE_VALGRIND} \ + -DADDRESS_SANITIZER=${ADDRESS_SANITIZER} \ + -DCOLLECTOR_VERSION=${COLLECTOR_VERSION} \ + -DBPF_DEBUG_MODE=${BPF_DEBUG_MODE} \ + -DTRACE_SINSP_EVENTS=${TRACE_SINSP_EVENTS} && \ + cmake --build build/ -- -j$(nproc) && \ + ctest --test-dir build -V && \ + # podman does not bake cache mounts into the final image, so + # we need to move the required binaries out of it. + cp build/collector/collector /tmp/ && \ + cp build/collector/self-checks /tmp/ + FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG BUILD_TYPE=rhel @@ -16,17 +49,17 @@ LABEL name="collector" \ WORKDIR / -COPY container/${BUILD_TYPE}/install.sh / +COPY collector/container/${BUILD_TYPE}/install.sh / RUN ./install.sh && rm -f install.sh # Uncomment this line to enable generation of core for collector # RUN echo '/core/core.%e.%p.%t' > /proc/sys/kernel/core_pattern -COPY container/THIRD_PARTY_NOTICES/ /THIRD_PARTY_NOTICES/ +COPY --from=builder /THIRD_PARTY_NOTICES/ /THIRD_PARTY_NOTICES/ COPY kernel-modules /kernel-modules -COPY container/bin/collector /usr/local/bin/ -COPY container/bin/self-checks /usr/local/bin/self-checks -COPY container/status-check.sh /usr/local/bin/status-check.sh +COPY --from=builder /tmp/collector /usr/local/bin/ +COPY --from=builder /tmp/self-checks /usr/local/bin/self-checks +COPY collector/container/status-check.sh /usr/local/bin/status-check.sh EXPOSE 8080 9090 From 85ab2f0d89af03e533be27a5413f0fd75109fd96 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Thu, 5 Sep 2024 16:45:42 +0200 Subject: [PATCH 02/10] Strip collector binary --- collector/container/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/collector/container/Dockerfile b/collector/container/Dockerfile index b6f07776da..24434891a4 100644 --- a/collector/container/Dockerfile +++ b/collector/container/Dockerfile @@ -25,7 +25,8 @@ RUN --mount=type=cache,target=/collector-src/build \ -DBPF_DEBUG_MODE=${BPF_DEBUG_MODE} \ -DTRACE_SINSP_EVENTS=${TRACE_SINSP_EVENTS} && \ cmake --build build/ -- -j$(nproc) && \ - ctest --test-dir build -V && \ + ctest -V --test-dir build && \ + strip -v --remove-unneeded build/collector/collector && \ # podman does not bake cache mounts into the final image, so # we need to move the required binaries out of it. cp build/collector/collector /tmp/ && \ From 8d9b3a7cc42a3abac8fc4a1fe74d2c2eb3212fa3 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Thu, 5 Sep 2024 16:46:26 +0200 Subject: [PATCH 03/10] Debug ansible --- .github/workflows/collector.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/collector.yml b/.github/workflows/collector.yml index 1b6a46f0db..9ccf767f4e 100644 --- a/.github/workflows/collector.yml +++ b/.github/workflows/collector.yml @@ -76,7 +76,7 @@ jobs: contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') timeout-minutes: 480 run: | - ansible-playbook \ + ansible-playbook -vvvv \ --connection local \ -i localhost, \ --limit localhost \ From 96817ead5f6e732ea9e79cf5c10bfaac51eb7db0 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Thu, 5 Sep 2024 16:52:46 +0200 Subject: [PATCH 04/10] Remove broken collector target --- collector/Makefile | 7 +------ collector/container/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/collector/Makefile b/collector/Makefile index 0bf7f43512..dc3daec568 100644 --- a/collector/Makefile +++ b/collector/Makefile @@ -9,11 +9,6 @@ SRC_MOUNT_DIR = /tmp/collector .SUFFIXES: -.PHONY: collector -collector: container/bin/collector txt-files - mkdir -p container/libs - docker cp $(COLLECTOR_BUILDER_NAME):/THIRD_PARTY_NOTICES/ container/ - .PHONY: build-connscrape-test build-connscrape-test: docker build -f $(CURDIR)/connscrape-test/Dockerfile -t connscrape-test $(CURDIR)/connscrape-test @@ -24,7 +19,7 @@ connscrape: build-connscrape-test -v "$(BASE_PATH):$(SRC_MOUNT_DIR)" \ connscrape-test "$(SRC_MOUNT_DIR)/collector/connscrape-test/connscrape-test.sh" -unittest: collector +unittest: docker exec $(COLLECTOR_BUILDER_NAME) \ ctest -V --test-dir $(CMAKE_DIR) diff --git a/collector/container/Dockerfile b/collector/container/Dockerfile index 24434891a4..af31bdea67 100644 --- a/collector/container/Dockerfile +++ b/collector/container/Dockerfile @@ -26,7 +26,7 @@ RUN --mount=type=cache,target=/collector-src/build \ -DTRACE_SINSP_EVENTS=${TRACE_SINSP_EVENTS} && \ cmake --build build/ -- -j$(nproc) && \ ctest -V --test-dir build && \ - strip -v --remove-unneeded build/collector/collector && \ + strip -v --strip-unneeded build/collector/collector && \ # podman does not bake cache mounts into the final image, so # we need to move the required binaries out of it. cp build/collector/collector /tmp/ && \ From 0d76dedf7ae2ebe1547cfae97d945f324f4f4731 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Fri, 6 Sep 2024 10:34:50 +0200 Subject: [PATCH 05/10] Unify image and image-dev targets --- Makefile | 25 +++++++++---------------- 1 file changed, 9 insertions(+), 16 deletions(-) diff --git a/Makefile b/Makefile index ad768eaea3..ecea0cee7a 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,9 @@ NPROCS ?= $(shell nproc) DEV_SSH_SERVER_KEY ?= $(CURDIR)/.collector_dev_ssh_host_ed25519_key BUILD_BUILDER_IMAGE ?= false +DOCKERFILE = collector/container/Dockerfile +BUILD_TYPE = rhel + export COLLECTOR_VERSION := $(COLLECTOR_TAG) .PHONY: tag @@ -18,7 +21,7 @@ builder-tag: .PHONY: container-dockerfile-dev container-dockerfile-dev: - sed '1s/ubi-minimal/ubi/' $(CURDIR)/collector/container/Dockerfile > \ + sed 's/ubi-minimal/ubi/' $(CURDIR)/collector/container/Dockerfile > \ $(CURDIR)/collector/container/Dockerfile.dev .PHONY: builder @@ -44,6 +47,7 @@ unittest: image: make -C collector txt-files docker buildx build --load --platform ${PLATFORM} \ + --build-arg BUILD_TYPE="$(BUILD_TYPE)" \ --build-arg CMAKE_BUILD_TYPE="$(CMAKE_BUILD_TYPE)" \ --build-arg USE_VALGRIND="$(USE_VALGRIND)" \ --build-arg ADDRESS_SANITIZER="$(ADDRESS_SANITIZER)" \ @@ -51,24 +55,13 @@ image: --build-arg BPF_DEBUG_MODE="$(BPF_DEBUG_MODE)" \ --build-arg COLLECTOR_VERSION="$(COLLECTOR_TAG)" \ --build-arg BUILDER_TAG="$(COLLECTOR_BUILDER_TAG)" \ - -f collector/container/Dockerfile \ + -f "$(DOCKERFILE)" \ -t quay.io/stackrox-io/collector:$(COLLECTOR_TAG) \ $(COLLECTOR_BUILD_CONTEXT) -image-dev: container-dockerfile-dev - make -C collector txt-files - docker buildx build --load --platform ${PLATFORM} \ - --build-arg BUILD_TYPE=devel \ - --build-arg CMAKE_BUILD_TYPE="$(CMAKE_BUILD_TYPE)" \ - --build-arg USE_VALGRIND="$(USE_VALGRIND)" \ - --build-arg ADDRESS_SANITIZER="$(ADDRESS_SANITIZER)" \ - --build-arg TRACE_SINSP_EVENTS="$(TRACE_SINSP_EVENTS)" \ - --build-arg BPF_DEBUG_MODE="$(BPF_DEBUG_MODE)" \ - --build-arg COLLECTOR_VERSION="$(COLLECTOR_TAG)" \ - --build-arg BUILDER_TAG="$(COLLECTOR_BUILDER_TAG)" \ - -f collector/container/Dockerfile.dev \ - -t quay.io/stackrox-io/collector:$(COLLECTOR_TAG) \ - $(COLLECTOR_BUILD_CONTEXT) +image-dev: DOCKERFILE = collector/container/Dockerfile.dev +image-dev: BUILD_TYPE = devel +image-dev: container-dockerfile-dev image .PHONY: integration-tests-report integration-tests-report: From a8281402c248e0d79b9fd85a00b477625b23f50c Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Fri, 6 Sep 2024 10:35:07 +0200 Subject: [PATCH 06/10] Copy the correct kernel-modules directory --- collector/container/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/collector/container/Dockerfile b/collector/container/Dockerfile index af31bdea67..1159dad3a1 100644 --- a/collector/container/Dockerfile +++ b/collector/container/Dockerfile @@ -57,7 +57,7 @@ RUN ./install.sh && rm -f install.sh # RUN echo '/core/core.%e.%p.%t' > /proc/sys/kernel/core_pattern COPY --from=builder /THIRD_PARTY_NOTICES/ /THIRD_PARTY_NOTICES/ -COPY kernel-modules /kernel-modules +COPY collector/kernel-modules /kernel-modules COPY --from=builder /tmp/collector /usr/local/bin/ COPY --from=builder /tmp/self-checks /usr/local/bin/self-checks COPY collector/container/status-check.sh /usr/local/bin/status-check.sh From 39a0b7cd37657d1ebc37ef4fb3302dc4e0576e0c Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Fri, 6 Sep 2024 10:35:21 +0200 Subject: [PATCH 07/10] Ignore as much stuff as possible from the repo --- .dockerignore | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/.dockerignore b/.dockerignore index 265ff3f106..3f11cb8610 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,2 +1,27 @@ +.adr/ .git/ +.github/ +.konflux/ +.tekton/ +ansible/ +builder/ cmake-build/ +docs/ +githooks/ +integration-tests/ +kernel-modules/ +utilities/ +.clang-format +.clangd +.editorconfig +.flake8 +.gitignore +.gitmodules +.pre-commit-config.yaml +CODE_OF_CONDUCT.md +LICENSE +Makefile +Makefile-constants.mk +README.md +RELEASED_VERSIONS +RELEASED_VERSIONS.unsupported From c5193039d72fce3ff485e4df7efe8b4daf75cc87 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Fri, 6 Sep 2024 10:37:55 +0200 Subject: [PATCH 08/10] Don't run the builder during image builds --- ansible/ci-build-builder.yml | 2 +- ansible/ci-build-collector.yml | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/ansible/ci-build-builder.yml b/ansible/ci-build-builder.yml index d91284aaee..5c720039f5 100644 --- a/ansible/ci-build-builder.yml +++ b/ansible/ci-build-builder.yml @@ -1,5 +1,5 @@ --- -- name: Build and push collector image +- name: Build and push collector-builder image hosts: "{{ build_hosts | default('all') }}" environment: diff --git a/ansible/ci-build-collector.yml b/ansible/ci-build-collector.yml index 960eb4d8f2..34b9d64e5f 100644 --- a/ansible/ci-build-collector.yml +++ b/ansible/ci-build-collector.yml @@ -27,11 +27,6 @@ recursive: true when: arch == "s390x" - - name: Run the builder image - community.general.make: - chdir: "{{ ansible_env.GITHUB_WORKSPACE | default(collector_root) }}" - target: start-builder - - name: Build the collector image community.general.make: chdir: "{{ ansible_env.GITHUB_WORKSPACE | default(collector_root) }}" From a5b9bf30b7413eb6ec937f0213c07f07b1577327 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Fri, 6 Sep 2024 11:30:46 +0200 Subject: [PATCH 09/10] Minor cleanup --- .dockerignore | 32 +++++--------------------------- .github/workflows/collector.yml | 2 +- Makefile-constants.mk | 2 +- 3 files changed, 7 insertions(+), 29 deletions(-) diff --git a/.dockerignore b/.dockerignore index 3f11cb8610..0719d1ef40 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,27 +1,5 @@ -.adr/ -.git/ -.github/ -.konflux/ -.tekton/ -ansible/ -builder/ -cmake-build/ -docs/ -githooks/ -integration-tests/ -kernel-modules/ -utilities/ -.clang-format -.clangd -.editorconfig -.flake8 -.gitignore -.gitmodules -.pre-commit-config.yaml -CODE_OF_CONDUCT.md -LICENSE -Makefile -Makefile-constants.mk -README.md -RELEASED_VERSIONS -RELEASED_VERSIONS.unsupported +* +** +!collector/ +!falcosecurity-libs/ +!CMakeLists.txt diff --git a/.github/workflows/collector.yml b/.github/workflows/collector.yml index 9ccf767f4e..1b6a46f0db 100644 --- a/.github/workflows/collector.yml +++ b/.github/workflows/collector.yml @@ -76,7 +76,7 @@ jobs: contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') timeout-minutes: 480 run: | - ansible-playbook -vvvv \ + ansible-playbook \ --connection local \ -i localhost, \ --limit localhost \ diff --git a/Makefile-constants.mk b/Makefile-constants.mk index 7cd2446f6c..057ef50b98 100644 --- a/Makefile-constants.mk +++ b/Makefile-constants.mk @@ -17,5 +17,5 @@ TRACE_SINSP_EVENTS ?= false DISABLE_PROFILING ?= false BPF_DEBUG_MODE ?= false -COLLECTOR_BUILD_CONTEXT = . +COLLECTOR_BUILD_CONTEXT = $(CURDIR) COLLECTOR_BUILDER_NAME ?= collector_builder_$(HOST_ARCH) From 04a8fbe6c4fe485974de0b0f4eb79d2bb05aa28a Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Tue, 10 Sep 2024 15:09:53 +0200 Subject: [PATCH 10/10] Only strip collector image on release builds --- collector/container/Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/collector/container/Dockerfile b/collector/container/Dockerfile index 1159dad3a1..70cbb91a5e 100644 --- a/collector/container/Dockerfile +++ b/collector/container/Dockerfile @@ -26,10 +26,12 @@ RUN --mount=type=cache,target=/collector-src/build \ -DTRACE_SINSP_EVENTS=${TRACE_SINSP_EVENTS} && \ cmake --build build/ -- -j$(nproc) && \ ctest -V --test-dir build && \ - strip -v --strip-unneeded build/collector/collector && \ # podman does not bake cache mounts into the final image, so # we need to move the required binaries out of it. - cp build/collector/collector /tmp/ && \ + if [[ "${CMAKE_BUILD_TYPE}" == "Release" ]]; \ + then strip -v --strip-unneeded -o /tmp/collector build/collector/collector; \ + else cp build/collector/collector /tmp/; \ + fi ; \ cp build/collector/self-checks /tmp/ FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3