From 84b470f62864d88045b9ca439c6a607413776402 Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Tue, 28 Apr 2026 15:25:32 -0400
Subject: [PATCH 1/4] Dockerfile: remove rhel8 build stage and use rhel9 as
 base

RHEL 8 is end-of-life. Remove the rhel8 build stage, switch the
windows builder to the rhel-9 image, and use rhel9-built binaries
as the default in /usr/src/plugins/bin/.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
---
 Dockerfile | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d9981db1..c7311ea1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,15 +7,7 @@ RUN ./build_linux.sh && \
     cd /usr/src/plugins/bin
 WORKDIR /
 
-FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.24-openshift-4.21 AS rhel8
-ADD . /usr/src/plugins
-WORKDIR /usr/src/plugins
-ENV CGO_ENABLED=0
-RUN ./build_linux.sh && \
-    cd /usr/src/plugins/bin
-WORKDIR /
-
-FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.24-openshift-4.21 AS windows
+FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.24-openshift-4.21 AS windows
 ADD . /usr/src/plugins
 WORKDIR /usr/src/plugins
 ENV CGO_ENABLED=0
@@ -25,12 +17,9 @@ WORKDIR /
 
 FROM registry.ci.openshift.org/ocp/4.21:base-rhel9
 RUN mkdir -p /usr/src/plugins/bin && \
-    mkdir -p /usr/src/plugins/rhel8/bin && \
     mkdir -p /usr/src/plugins/rhel9/bin && \
     mkdir -p /usr/src/plugins/windows/bin
-COPY --from=rhel8 /usr/src/plugins/bin/* /usr/src/plugins/rhel8/bin/
-# pod container image is RHEL8 based, so use rhel8
-COPY --from=rhel8 /usr/src/plugins/bin/* /usr/src/plugins/bin/
+COPY --from=rhel9 /usr/src/plugins/bin/* /usr/src/plugins/bin/
 COPY --from=rhel9 /usr/src/plugins/bin/* /usr/src/plugins/rhel9/bin/
 COPY --from=windows /usr/src/plugins/bin/* /usr/src/plugins/windows/bin/
 

From a9f8b9d27d59f74bea95575c1ad19ce503308c05 Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Tue, 28 Apr 2026 15:25:53 -0400
Subject: [PATCH 2/4] Dockerfile: use hardlinks for rhel9/bin/ instead of a
 separate COPY

The rhel9/bin/ directory contains the same binaries as bin/. Use
hardlinks to avoid duplicating them in the image layer.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index c7311ea1..2918dec2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,7 +20,7 @@ RUN mkdir -p /usr/src/plugins/bin && \
     mkdir -p /usr/src/plugins/rhel9/bin && \
     mkdir -p /usr/src/plugins/windows/bin
 COPY --from=rhel9 /usr/src/plugins/bin/* /usr/src/plugins/bin/
-COPY --from=rhel9 /usr/src/plugins/bin/* /usr/src/plugins/rhel9/bin/
+RUN ln /usr/src/plugins/bin/* /usr/src/plugins/rhel9/bin/
 COPY --from=windows /usr/src/plugins/bin/* /usr/src/plugins/windows/bin/
 
 LABEL io.k8s.display-name="Container Networking Plugins" \

From c536523a961232349f42cc65d6b0c66f438cc8f0 Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Tue, 28 Apr 2026 15:26:07 -0400
Subject: [PATCH 3/4] Dockerfile: add rhel10/bin/ directory using hardlinks

Add a rhel10/bin/ directory populated with hardlinks to the rhel9
binaries. For now the rhel9 binaries are assumed to be compatible
with rhel10.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
---
 Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 2918dec2..bb5d8a4c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,9 +18,12 @@ WORKDIR /
 FROM registry.ci.openshift.org/ocp/4.21:base-rhel9
 RUN mkdir -p /usr/src/plugins/bin && \
     mkdir -p /usr/src/plugins/rhel9/bin && \
+    mkdir -p /usr/src/plugins/rhel10/bin && \
     mkdir -p /usr/src/plugins/windows/bin
 COPY --from=rhel9 /usr/src/plugins/bin/* /usr/src/plugins/bin/
 RUN ln /usr/src/plugins/bin/* /usr/src/plugins/rhel9/bin/
+# For now assume rhel9 binaries are compatible with rhel10
+RUN ln /usr/src/plugins/bin/* /usr/src/plugins/rhel10/bin/
 COPY --from=windows /usr/src/plugins/bin/* /usr/src/plugins/windows/bin/
 
 LABEL io.k8s.display-name="Container Networking Plugins" \

From 2bde2a8aad34d9067fff1067cab992410c504237 Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Tue, 28 Apr 2026 15:46:44 -0400
Subject: [PATCH 4/4] build_linux.sh: strip symbols and debug info from
 binaries

Pass -ldflags "-s -w" to go build to reduce binary size by
stripping the symbol table and DWARF debug information.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
---
 build_linux.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build_linux.sh b/build_linux.sh
index b6d054e7..ad39faf6 100755
--- a/build_linux.sh
+++ b/build_linux.sh
@@ -17,7 +17,7 @@ for d in $PLUGINS; do
 		plugin="$(basename "$d")"
 		if [ "${plugin}" != "windows" ]; then
 			echo "  $plugin"
-			${GO:-go} build -o "${PWD}/bin/$plugin" "$@" ./"$d"
+			${GO:-go} build -o "${PWD}/bin/$plugin" -ldflags "-s -w" "$@" ./"$d"
 		fi
 	fi
 done