ci: build agent without sudo

Build agent without sudo docker this is not needed. This is part 3 of N

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>

tools/packaging/static-build/agent/Dockerfile

@@ -9,7 +9,20 @@ COPY install_libseccomp.sh /usr/bin/install_libseccomp.sh
 
 ENV DEBIAN_FRONTEND=noninteractive
 
+ENV RUSTUP_HOME="/opt/rustup"
+ENV CARGO_HOME="/opt/cargo"
+ENV PATH="/opt/cargo/bin/:${PATH}"
+ENV OPT_LIB="/opt/lib"
+
+ENV LIBSECCOMP_LINK_TYPE=static
+ENV LIBSECCOMP_LIB_PATH=${OPT_LIB}
+
+ENV PKG_CONFIG_PATH=${OPT_LIB}/pkgconfig:$PKG_CONFIG_PATH
+
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+RUN mkdir ${RUSTUP_HOME} ${CARGO_HOME} && chmod -R a+rwX /opt
+
 RUN apt-get update && \
 	apt-get --no-install-recommends -y install \
 		ca-certificates \
@@ -24,7 +37,19 @@ RUN apt-get update && \
 		protobuf-compiler \
 		clang && \
 	apt-get clean && rm -rf /var/lib/apt/lists/ && \
-    	curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN}
+	curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN}
+
+RUN ARCH=$(uname -m); \
+	rust_arch=""; \
+	libc=""; \
+    	case "${ARCH}" in \
+	        "aarch64") rust_arch="${ARCH}"; libc="musl" ;; \
+	        "ppc64le") rust_arch="powerpc64le"; libc="gnu" ;; \
+	        "x86_64") rust_arch="${ARCH}"; libc="musl" ;; \
+	        "s390x") rust_arch="${ARCH}"; libc="gnu" ;; \
+	        *) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; \
+    	esac; \
+	rustup target add "${rust_arch}-unknown-linux-${libc}"
 
 # aarch64 requires this name -- link for all
 RUN ln -s /usr/bin/musl-gcc "/usr/bin/$(uname -m)-linux-musl-gcc"

tools/packaging/static-build/agent/build-static-agent.sh

@@ -12,45 +12,14 @@ script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
 source "${script_dir}/../../scripts/lib.sh"
 
-init_env() {
-	source "$HOME/.cargo/env"
-
-	ARCH=$(uname -m)
-	rust_arch=""
-	case ${ARCH} in
-		"aarch64")
-			export LIBC=musl
-			rust_arch=${ARCH}
-			;;
-		"ppc64le")
-			export LIBC=gnu
-			rust_arch="powerpc64le"
-			;;
-		"x86_64")
-			export LIBC=musl
-			rust_arch=${ARCH}
-			;;
-		"s390x")
-			export LIBC=gnu
-			rust_arch=${ARCH}
-			;;
-	esac
-	rustup target add ${rust_arch}-unknown-linux-${LIBC}
-
-	export LIBSECCOMP_LINK_TYPE=static
-	export LIBSECCOMP_LIB_PATH=/usr/lib
-}
-
 build_agent_from_source() {
 	echo "build agent from source"
 
-	init_env
+	/usr/bin/install_libseccomp.sh /opt /opt
-
-	/usr/bin/install_libseccomp.sh /usr /usr
 
 	cd src/agent
 	DESTDIR=${DESTDIR} AGENT_POLICY=${AGENT_POLICY} PULL_TYPE=${PULL_TYPE} make
 	DESTDIR=${DESTDIR} AGENT_POLICY=${AGENT_POLICY} PULL_TYPE=${PULL_TYPE} make install
 }
 
-build_agent_from_source $@
+build_agent_from_source "$@"

tools/packaging/static-build/agent/build.sh

@@ -16,14 +16,14 @@ source "${script_dir}/../../scripts/lib.sh"
 container_image="${AGENT_CONTAINER_BUILDER:-$(get_agent_image_name)}"
 [ "${CROSS_BUILD}" == "true" ] && container_image="${container_image}-cross-build"
 
-sudo docker pull ${container_image} || \
+docker pull ${container_image} || \
-	(sudo docker $BUILDX build $PLATFORM \
+	(docker $BUILDX build $PLATFORM \
 	    	--build-arg RUST_TOOLCHAIN="$(get_from_kata_deps "languages.rust.meta.newest-version")" \
 		-t "${container_image}" "${script_dir}" && \
 	 # No-op unless PUSH_TO_REGISTRY is exported as "yes"
 	 push_to_registry "${container_image}")
 
-sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
+docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
 	--env DESTDIR=${DESTDIR} \
 	--env AGENT_POLICY=${AGENT_POLICY:-no} \
 	--env PULL_TYPE=${PULL_TYPE:-default} \
@@ -32,5 +32,6 @@ sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
 	--env GPERF_VERSION=${GPERF_VERSION} \
 	--env GPERF_URL=${GPERF_URL} \
 	-w "${repo_root_dir}" \
+	--user "$(id -u)":"$(id -g)" \
 	"${container_image}" \
 	bash -c "${agent_builder}"