Move Connect build to a new Docker container (#27175)

* Move Connect build to a new Docker container

* Update comments

* Update comments
Remove unused packages and unused arguments

* Always use UID=1000 for building teleterm.

build.assets/Dockerfile

@@ -1,14 +1,10 @@
 # This Dockerfile makes the "build box" the container used to:
-# * build Teleport Connect
 # * run test and linters in CI
 # * building other Docker images
 #
 # For Teleport releases we're using CentOS 7 box to keep the binaries compatible
 # with older Linux distributions (glibc 2.17+).
 #
-# This image uses Ubuntu 20.04 as a base as Connect links against glibc and
-# we want to keep the required version as low as possible.
-#
 # Check the README to learn how to safely introduce changes to Dockerfiles.
 
 ## LIBFIDO2 ###################################################################

build.assets/Dockerfile-connect

@@ -0,0 +1,46 @@
+# This Dockerfile makes the "build box connect" the container used
+# to build the Teleport Connect.
+#
+# This image is base on the node image, which is based on Debian Buster.
+# Using it as a image allows us to link agains the same version of
+# glibc as Node.js.
+#
+# Check the README to learn how to safely introduce changes to Dockerfiles.
+
+## BUILDBOX-CONNECT ###################################################################
+
+# Pin the tag to Debian Buster to make sure the Glibc compatibility.
+ARG NODE_VERSION
+FROM node:${NODE_VERSION}-buster AS buildbox
+
+COPY locale.gen /etc/locale.gen
+COPY profile /etc/profile
+ENV LANGUAGE="en_US.UTF-8" \
+    LANG="en_US.UTF-8" \
+    LC_ALL="en_US.UTF-8" \
+    LC_CTYPE="en_US.UTF-8" \
+    DEBIAN_FRONTEND="noninteractive"
+
+# Install packages.
+RUN apt-get -y update && \
+    apt-get install -q -y --no-install-recommends \
+        build-essential \
+        ca-certificates \
+        git \
+        libc6-dev \
+        libssl-dev \
+        locales \
+        openssh-client \
+        pkg-config \
+        python3-pip \
+        python3-setuptools \
+        python3-wheel \
+        # Used during tag builds to build the RPM package of Connect.
+        rpm \
+        && \
+    dpkg-reconfigure locales && \
+    apt-get -y clean && \
+    rm -rf /var/lib/apt/lists/*
+
+# Do not create the ci user as we do on other images, as node image
+# already has node user with UID:GID 1000:1000 user.

build.assets/Makefile

@@ -233,12 +233,24 @@ ifeq ($(CONNECT_VERSION),)
 CONNECT_VERSION := $(BUILDBOX_VERSION)-dev
 endif
 
+#
+# Builds a Docker buildbox for Linux Connect builds
+#
+.PHONY:buildbox-connect
+buildbox-connect:
+	if [[ $${DRONE} == "true" ]] && ! docker inspect --type=image $(BUILDBOX_CONNECT) 2>&1 >/dev/null; then docker pull $(BUILDBOX_CONNECT) || true; fi; \
+	DOCKER_BUILDKIT=1 docker build \
+		--build-arg NODE_VERSION=$(NODE_VERSION) \
+		--cache-from $(BUILDBOX_CONNECT) \
+		--tag $(BUILDBOX_CONNECT) -f Dockerfile-connect . ;
+
 #
 # Builds Teleport Connect inside the buildbox container.
 #
 .PHONY:teleterm
-teleterm: buildbox
-	docker run $(DOCKERFLAGS) $(NOROOT) $(BUILDBOX) \
+teleterm: buildbox-connect
+	# Always run this image as user 1000, as the Node base image assumes that.
+	docker run $(DOCKERFLAGS) -u 1000:1000 $(BUILDBOX_CONNECT) \
 		bash -c "cd $(SRCDIR) && export CONNECT_TSH_BIN_PATH=\$$PWD/../teleport/build/tsh && yarn install --frozen-lockfile && yarn build-term && yarn package-term -c.extraMetadata.version=$(CONNECT_VERSION)"
 
 # Builds webassets inside Docker.

build.assets/images.mk

@@ -12,6 +12,7 @@ BUILDBOX_CENTOS7_FIPS=$(BUILDBOX_BASE_NAME)-centos7-fips:$(BUILDBOX_VERSION)
 BUILDBOX_ARM=$(BUILDBOX_BASE_NAME)-arm:$(BUILDBOX_VERSION)
 BUILDBOX_ARM_FIPS=$(BUILDBOX_BASE_NAME)-arm-fips:$(BUILDBOX_VERSION)
 BUILDBOX_UI=$(BUILDBOX_BASE_NAME)-ui:$(BUILDBOX_VERSION)
+BUILDBOX_CONNECT=$(BUILDBOX_BASE_NAME)-connect:$(BUILDBOX_VERSION)
 BUILDBOX_CENTOS7_ASSETS=$(BUILDBOX_BASE_NAME)-centos7-assets:$(BUILDBOX_VERSION)
 
 .PHONY:show-buildbox-base-image