temporalio · chaptersix · Nov 19, 2025 · Nov 19, 2025 · Nov 20, 2025 · Nov 21, 2025
@@ -0,0 +1 @@
+build/
@@ -0,0 +1,56 @@
+SERVER_VERSION ?= 1.29.1
+CLI_VERSION ?= 1.5.0
+TCTL_VERSION ?= 1.18.4
+IMAGE_REPO ?= temporaliotest
+TAG_LATEST ?= false
+
+TEMPORAL_SHA := $(shell git rev-parse HEAD)
+IMAGE_SHA_TAG := $(shell git rev-parse --short HEAD)
+IMAGE_BRANCH_TAG := $(shell git rev-parse --abbrev-ref HEAD)
+ALPINE_IMAGE ?= alpine:3.22@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412
+
+BAKE_ENV := SERVER_VERSION=$(SERVER_VERSION) \
+	CLI_VERSION=$(CLI_VERSION) \
+	TCTL_VERSION=$(TCTL_VERSION) \
+	IMAGE_REPO=$(IMAGE_REPO) \
+	IMAGE_SHA_TAG=$(IMAGE_SHA_TAG) \
+	IMAGE_BRANCH_TAG=$(IMAGE_BRANCH_TAG) \
+	TEMPORAL_SHA=$(TEMPORAL_SHA) \
+	TAG_LATEST=$(TAG_LATEST) \
+	ALPINE_IMAGE=$(ALPINE_IMAGE)
+
+.PHONY: build-tools
+build-admin-tools:
+	./build-from-source.sh $(CLI_VERSION) amd64 $(TEMPORAL_SHA)
+	./build-from-source.sh $(CLI_VERSION) arm64 $(TEMPORAL_SHA)
+	$(BAKE_ENV) docker buildx bake admin-tools
+
+.PHONY: build-admin-tools-legacy
+build-admin-tools-legacy:
+	./download-binaries.sh $(SERVER_VERSION) $(CLI_VERSION) $(TCTL_VERSION) amd64
+	./download-binaries.sh $(SERVER_VERSION) $(CLI_VERSION) $(TCTL_VERSION) arm64
+	./copy-schema.sh
+	$(BAKE_ENV) docker buildx bake legacy-admin-tools
+
+.PHONY: build-server
+build-server:
+	./build-from-source.sh $(CLI_VERSION) amd64 $(TEMPORAL_SHA)
+	./build-from-source.sh $(CLI_VERSION) arm64 $(TEMPORAL_SHA)
+	$(BAKE_ENV) docker buildx bake server
+
+.PHONY: build-server-legacy
+build-server-legacy:
+	./download-binaries.sh $(SERVER_VERSION) $(CLI_VERSION) $(TCTL_VERSION) amd64
+	./download-binaries.sh $(SERVER_VERSION) $(CLI_VERSION) $(TCTL_VERSION) arm64
+	$(BAKE_ENV) docker buildx bake legacy-server
+
+.PHONY: push
+push:
+	./download-binaries.sh $(SERVER_VERSION) $(CLI_VERSION) $(TCTL_VERSION) amd64
+	./download-binaries.sh $(SERVER_VERSION) $(CLI_VERSION) $(TCTL_VERSION) arm64
+	./copy-schema.sh
+	$(BAKE_ENV) docker buildx bake --push
+
+.PHONY: clean
+clean:
+	rm -rf ./build
@@ -0,0 +1,89 @@
+#!/bin/bash
+
+set -euo pipefail
+
+# Build binaries from source by cloning temporal repo at specific SHA using goreleaser
+# Usage: ./build-from-source.sh <cli-version> <arch> [temporal-sha]
+# Example: ./build-from-source.sh 1.5.0 amd64
+# Example: ./build-from-source.sh 1.5.0 amd64 abc123def456
+
+CLI_VERSION="${1:?CLI version required (e.g., 1.5.0)}"
+ARCH="${2:-amd64}"
+# Default to latest commit on main if not specified
+TEMPORAL_SHA="${3:-$(git ls-remote https://github.com/temporalio/temporal.git HEAD | awk '{print $1}')}"
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+BUILD_DIR="${SCRIPT_DIR}/build/${ARCH}"
+TEMP_DIR="${SCRIPT_DIR}/build/temp"
+TEMPORAL_CLONE_DIR="${SCRIPT_DIR}/build/temporal"
+
+echo "Building binaries from source for ${ARCH}..."
+echo "  Temporal SHA: ${TEMPORAL_SHA}"
+echo "  CLI version: ${CLI_VERSION}"
+
+# Create build directories
+mkdir -p "${BUILD_DIR}"
+mkdir -p "${TEMP_DIR}"
+
+# Clone temporal repo at specific SHA (only once, not per architecture)
+if [ ! -d "${TEMPORAL_CLONE_DIR}/.git" ]; then
+  echo "Cloning temporal repository at SHA ${TEMPORAL_SHA}..."
+  rm -rf "${TEMPORAL_CLONE_DIR}"
+  git clone https://github.com/temporalio/temporal.git "${TEMPORAL_CLONE_DIR}"
+  cd "${TEMPORAL_CLONE_DIR}"
+  git checkout "${TEMPORAL_SHA}"
+else
+  echo "Using existing temporal clone at ${TEMPORAL_CLONE_DIR}"
+  cd "${TEMPORAL_CLONE_DIR}"
+  # Ensure we're at the correct SHA
+  CURRENT_SHA=$(git rev-parse HEAD)
+  if [ "${CURRENT_SHA}" != "${TEMPORAL_SHA}" ]; then
+    echo "Updating temporal clone to SHA ${TEMPORAL_SHA}..."
+    git fetch origin
+    git checkout "${TEMPORAL_SHA}"
+  fi
+fi
+
+# Verify elasticsearch tool exists
+if [ ! -d "./cmd/tools/elasticsearch" ]; then
+  echo "Error: temporal-elasticsearch-tool source not found at ./cmd/tools/elasticsearch"
+  exit 1
+fi
+
+# Build temporal server binaries individually using goreleaser
+echo "Building temporal binaries with goreleaser for linux/${ARCH}..."
+# Use goreleaser v1 if available in /tmp, otherwise use system goreleaser
+GORELEASER_BIN="goreleaser"
+if [ -f "/tmp/goreleaser" ]; then
+  GORELEASER_BIN="/tmp/goreleaser"
+fi
+
+# Build each binary individually with --single-target and --id
+# Set GOOS and GOARCH to ensure we build for Linux
+echo "Building temporal-server..."
+GOOS=linux GOARCH=${ARCH} ${GORELEASER_BIN} build --single-target --id temporal-server --output "${BUILD_DIR}/temporal-server" --snapshot --clean
+
+echo "Building temporal-cassandra-tool..."
+GOOS=linux GOARCH=${ARCH} ${GORELEASER_BIN} build --single-target --id temporal-cassandra-tool --output "${BUILD_DIR}/temporal-cassandra-tool" --snapshot --clean
+
+echo "Building temporal-sql-tool..."
+GOOS=linux GOARCH=${ARCH} ${GORELEASER_BIN} build --single-target --id temporal-sql-tool --output "${BUILD_DIR}/temporal-sql-tool" --snapshot --clean
+
+echo "Building temporal-elasticsearch-tool..."
+GOOS=linux GOARCH=${ARCH} ${GORELEASER_BIN} build --single-target --id temporal-elasticsearch-tool --output "${BUILD_DIR}/temporal-elasticsearch-tool" --snapshot --clean
+
+echo "Building tdbg..."
+GOOS=linux GOARCH=${ARCH} ${GORELEASER_BIN} build --single-target --id tdbg --output "${BUILD_DIR}/tdbg" --snapshot --clean
+
+# Download temporal CLI from releases (separate repository)
+echo "Downloading temporal CLI..."
+curl -fsSL "https://github.com/temporalio/cli/releases/download/v${CLI_VERSION}/temporal_cli_${CLI_VERSION}_linux_${ARCH}.tar.gz" \
+  | tar -xz -C "${BUILD_DIR}" temporal
+
+# Schema is already available in the cloned repo at build/temporal/schema
+# The Dockerfile expects it at ./build/temporal/schema which is where we cloned it
+echo "Schema directory available at ${TEMPORAL_CLONE_DIR}/schema"
+
+
+echo "Done building binaries for ${ARCH}"
+ls -lh "${BUILD_DIR}"
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -euo pipefail
+
+# Copy schema directory from the repo root
+# Usage: ./copy-schema.sh
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+REPO_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)"
+BUILD_DIR="${SCRIPT_DIR}/build"
+
+echo "Copying schema directory..."
+
+# Create build directory if it doesn't exist
+mkdir -p "${BUILD_DIR}/temporal"
+
+# Copy schema directory from repo root
+cp -r "${REPO_ROOT}/schema" "${BUILD_DIR}/temporal/"
+
+echo "Schema directory copied to ${BUILD_DIR}/temporal/schema"
@@ -0,0 +1,143 @@
+variable "SERVER_VERSION" {
+  default = "1.29.1"
+}
+variable "ALPINE_IMAGE" {
+  default = "alpine:3.22@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412"
+}
+
+
+variable "CLI_VERSION" {
+  default = "1.5.0"
+}
+
+variable "TCTL_VERSION" {
+  default = "1.18.4"
+}
+
+variable "IMAGE_REPO" {
+  default = "temporaliotest"
+}
+
+variable "IMAGE_SHA_TAG" {}
+
+variable "IMAGE_BRANCH_TAG" {}
+
+variable "SAFE_IMAGE_BRANCH_TAG" {
+  default = join("-", [for c in regexall("[a-z0-9]+", lower(IMAGE_BRANCH_TAG)) : c])
+}
+
+variable "TEMPORAL_SHA" {
+  default = ""
+}
+
+variable "TAG_LATEST" {
+  default = false
+}
+
+# Legacy targets (legacy-admin-tools, legacy-server) are for building images with server versions
+# older than v1.27.0 (3 minor versions behind v1.30.0). Once support for pre-1.27.0 versions is
+# no longer needed, these legacy targets can be removed and only the standard targets should be used.
+
+target "admin-tools" {
+  dockerfile = "targets/admin-tools.Dockerfile"
+  tags = compact([
+    "${IMAGE_REPO}/admin-tools:${IMAGE_SHA_TAG}",
+    "${IMAGE_REPO}/admin-tools:${SAFE_IMAGE_BRANCH_TAG}",
+    TAG_LATEST ? "${IMAGE_REPO}/admin-tools:latest" : "",
+  ])
+  platforms = ["linux/amd64", "linux/arm64"]
+  args = {
+    ALPINE_IMAGE = "${ALPINE_IMAGE}"
+  }
+  labels = {
+    "org.opencontainers.image.title" = "admin-tools"
+    "org.opencontainers.image.description" = "Temporal admin tools"
+    "org.opencontainers.image.url" = "https://github.com/temporalio/temporal"
+    "org.opencontainers.image.source" = "https://github.com/temporalio/temporal"
+    "org.opencontainers.image.licenses" = "MIT"
+    "org.opencontainers.image.version" = "${SERVER_VERSION}"
+    "org.opencontainers.image.revision" = "${TEMPORAL_SHA}"
+    "org.opencontainers.image.created" = timestamp()
+    "com.temporal.server.version" = "${SERVER_VERSION}"
+    "com.temporal.cli.version" = "${CLI_VERSION}"
+  }
+}
+
+target "legacy-admin-tools" {
+  dockerfile = "targets/legacy-admin-tools.Dockerfile"
+  target = "temporal-admin-tools"
+  tags = compact([
+    "${IMAGE_REPO}/admin-tools:${IMAGE_SHA_TAG}",
+    "${IMAGE_REPO}/admin-tools:${SAFE_IMAGE_BRANCH_TAG}",
+    TAG_LATEST ? "${IMAGE_REPO}/admin-tools:latest" : "",
+  ])
+  platforms = ["linux/amd64", "linux/arm64"]
+  args = {
+    ALPINE_IMAGE = "${ALPINE_IMAGE}"
+  }
+  labels = {
+    "org.opencontainers.image.title" = "admin-tools"
+    "org.opencontainers.image.description" = "Temporal admin tools with database clients"
+    "org.opencontainers.image.url" = "https://github.com/temporalio/temporal"
+    "org.opencontainers.image.source" = "https://github.com/temporalio/temporal"
+    "org.opencontainers.image.licenses" = "MIT"
+    "org.opencontainers.image.version" = "${SERVER_VERSION}"
+    "org.opencontainers.image.revision" = "${TEMPORAL_SHA}"
+    "org.opencontainers.image.created" = timestamp()
+    "com.temporal.server.version" = "${SERVER_VERSION}"
+    "com.temporal.cli.version" = "${CLI_VERSION}"
+    "com.temporal.tctl.version" = "${TCTL_VERSION}"
+  }
+}
+
+target "server" {
+  dockerfile = "targets/server.Dockerfile"
+  tags = compact([
+    "${IMAGE_REPO}/server:${IMAGE_SHA_TAG}",
+    "${IMAGE_REPO}/server:${SAFE_IMAGE_BRANCH_TAG}",
+    TAG_LATEST ? "${IMAGE_REPO}/server:latest" : "",
+  ])
+  platforms = ["linux/amd64", "linux/arm64"]
+  args = {
+    ALPINE_IMAGE = "${ALPINE_IMAGE}"
+  }
+  labels = {
+    "org.opencontainers.image.title" = "server"
+    "org.opencontainers.image.description" = "Temporal Server"
+    "org.opencontainers.image.url" = "https://github.com/temporalio/temporal"
+    "org.opencontainers.image.source" = "https://github.com/temporalio/temporal"
+    "org.opencontainers.image.licenses" = "MIT"
+    "org.opencontainers.image.version" = "${SERVER_VERSION}"
+    "org.opencontainers.image.revision" = "${TEMPORAL_SHA}"
+    "org.opencontainers.image.created" = timestamp()
+    "com.temporal.server.version" = "${SERVER_VERSION}"
+  }
+}
+
+target "legacy-server" {
+  dockerfile = "targets/legacy-server.Dockerfile"
+  tags = compact([
+    "${IMAGE_REPO}/server:${IMAGE_SHA_TAG}",
+    "${IMAGE_REPO}/server:${SAFE_IMAGE_BRANCH_TAG}",
+    TAG_LATEST ? "${IMAGE_REPO}/server:latest" : "",
+  ])
+  platforms = ["linux/amd64", "linux/arm64"]
+  args = {
+    ALPINE_IMAGE = "${ALPINE_IMAGE}"
+    TEMPORAL_VERSION = "${SERVER_VERSION}"
+    TEMPORAL_SHA = "${TEMPORAL_SHA}"
+  }
+  labels = {
+    "org.opencontainers.image.title" = "server"
+    "org.opencontainers.image.description" = "Temporal Server with tctl"
+    "org.opencontainers.image.url" = "https://github.com/temporalio/temporal"
+    "org.opencontainers.image.source" = "https://github.com/temporalio/temporal"
+    "org.opencontainers.image.licenses" = "MIT"
+    "org.opencontainers.image.version" = "${SERVER_VERSION}"
+    "org.opencontainers.image.revision" = "${TEMPORAL_SHA}"
+    "org.opencontainers.image.created" = timestamp()
+    "com.temporal.server.version" = "${SERVER_VERSION}"
+    "com.temporal.cli.version" = "${CLI_VERSION}"
+    "com.temporal.tctl.version" = "${TCTL_VERSION}"
+  }
+}