build: use nomad-builder docker image to build Nomad (#25626)

This introduces a docker image based off of ubuntu:bionic that can be used to
compile Nomad binary against glibc 2.27.

The image cannot build JS assets, which must be created before we compile the
Go binary.

.github/nomad-builder/Dockerfile

@@ -0,0 +1,28 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+FROM ubuntu:bionic
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+ARG GO_VERSION
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+ bash \
+ build-essential \
+ ca-certificates \
+ crossbuild-essential-arm64 \
+ curl \
+ gcc-aarch64-linux-gnu \
+ git \
+ xz-utils \
+ zip
+
+# Get Go and get Going ;)
+RUN curl -L https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz | tar -C /opt -zxv
+
+ENV PATH="/root/go/bin:/opt/go/bin:$PATH"
+
+RUN git config --global --add safe.directory /build
+
+WORKDIR /build

.github/workflows/build.yml

@@ -149,6 +149,11 @@ jobs:
   build-linux:
     needs: [get-go-version, get-product-version]
     runs-on: custom-linux-xxl-nomad-20.04
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
     strategy:
       matrix:
         goos: [linux]
@@ -161,6 +166,9 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.event.inputs.build-ref }}
+
+      # even though we build inside the container, go tooling is still needed
+      # for make prerelease
       - name: Setup go
         uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
@@ -183,20 +191,15 @@ jobs:
         run: make prerelease
         if: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.make-prerelease == 'true' }}
 
-      - name: Install Linux build utilties
+      - name: Build nomad-builder image
-        run: |
+        uses: docker/build-push-action@548776e8d0d44ea63feed0c8a944e6235fc63eee # v6
-          sudo apt-get update
+        with:
-          sudo apt-get install -y software-properties-common
+          platforms: linux/amd64 # we only ever build amd64 images because we always run on amd64 runners and cross-compile inside the container if needed
-          sudo apt-get update
+          context: .github/nomad-builder/
-          sudo apt-get install -y \
+          build-args: |
-            binutils-aarch64-linux-gnu \
+            GO_VERSION=${{ needs.get-go-version.outputs.go-version }}
-            gcc-aarch64-linux-gnu
+          push: true
-
+          tags: localhost:5000/nomad-builder:${{ github.sha }}
-      - name: Set gcc
-        run: |
-          if [ "${{ matrix.goarch }}" == "arm64" ]; then
-            echo "CC=aarch64-linux-gnu-gcc" >> "$GITHUB_ENV"
-          fi
 
       - name: Build
         env:
@@ -206,7 +209,7 @@ jobs:
           CGO_ENABLED: 1
         run: |
           go clean -cache
-          make pkg/${{ matrix.goos }}_${{ matrix.goarch }}.zip
+          docker run --user "$(id --user):$(id --group)" --env HOME=/tmp -v "$(pwd)":/build localhost:5000/nomad-builder:${{ github.sha }} make pkg/${{ matrix.goos }}_${{ matrix.goarch }}.zip
           mv pkg/${{ matrix.goos }}_${{ matrix.goarch }}.zip ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
       - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with: