fix(darwin): remove the need for cgo when building a darwin binary on linux (#23507)

Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>
2026-02-20 01:28:45 +01:00 · 2025-06-23 12:05:29 -04:00
parent d518f13b2a
commit e0f4b00126
6 changed files with 89 additions and 40 deletions
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -21,7 +21,7 @@ builds:
      - -X github.com/argoproj/argo-cd/v3/common.gitCommit={{ .FullCommit }}
      - -X github.com/argoproj/argo-cd/v3/common.gitTreeState={{ .Env.GIT_TREE_STATE }}
      - -X github.com/argoproj/argo-cd/v3/common.kubectlVersion={{ .Env.KUBECTL_VERSION }}
-      - '{{ if or (eq .Runtime.Goos "linux") (eq .Runtime.Goos "windows") }}-extldflags="-static"{{ end }}'
+      - -extldflags="-static"
    goos:
      - linux
      - windows
@@ -42,15 +42,6 @@ builds:
        goarch: ppc64le
      - goos: windows
        goarch: arm64
-    overrides:
-      - goos: darwin
-        goarch: amd64
-        env:
-          - CGO_ENABLED=1
-      - goos: darwin
-        goarch: arm64
-        env:
-          - CGO_ENABLED=1

 archives:
  - id: argocd-archive
--- a/cmd/argocd-k8s-auth/commands/azure_cgo.go
+++ b/cmd/argocd-k8s-auth/commands/azure_cgo.go
@@ -1,3 +1,5 @@
+//go:build !darwin || (cgo && darwin)
+
 package commands

 import (
--- a/cmd/argocd-k8s-auth/commands/azure_no_cgo.go
+++ b/cmd/argocd-k8s-auth/commands/azure_no_cgo.go
@@ -0,0 +1,25 @@
+//go:build darwin && !cgo
+
+// Package commands
+// This file is used when the GOOS is darwin and CGO is not enabled.
+// It provides a no-op implementation of newAzureCommand to allow goreleaser to build
+// a darwin binary on a linux machine.
+package commands
+
+import (
+	"log"
+
+	"github.com/spf13/cobra"
+
+	"github.com/argoproj/argo-cd/v3/util/workloadidentity"
+)
+
+func newAzureCommand() *cobra.Command {
+	command := &cobra.Command{
+		Use: "azure",
+		Run: func(c *cobra.Command, _ []string) {
+			log.Fatalf(workloadidentity.CGOError)
+		},
+	}
+	return command
+}
--- a/util/workloadidentity/workloadidentity.go
+++ b/util/workloadidentity/workloadidentity.go
@@ -1,12 +1,7 @@
 package workloadidentity

 import (
-	"context"
 	"time"
-
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
-	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 )

 const (
@@ -22,34 +17,9 @@ type TokenProvider interface {
 	GetToken(scope string) (*Token, error)
 }

-type WorkloadIdentityTokenProvider struct {
-	tokenCredential azcore.TokenCredential
-}
-
 // Used to propagate initialization error if any
 var initError error

-func NewWorkloadIdentityTokenProvider() TokenProvider {
-	cred, err := azidentity.NewDefaultAzureCredential(&azidentity.DefaultAzureCredentialOptions{})
-	initError = err
-	return WorkloadIdentityTokenProvider{tokenCredential: cred}
-}
-
-func (c WorkloadIdentityTokenProvider) GetToken(scope string) (*Token, error) {
-	if initError != nil {
-		return nil, initError
-	}
-
-	token, err := c.tokenCredential.GetToken(context.Background(), policy.TokenRequestOptions{
-		Scopes: []string{scope},
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	return &Token{AccessToken: token.Token, ExpiresOn: token.ExpiresOn}, nil
-}
-
 func CalculateCacheExpiryBasedOnTokenExpiry(tokenExpiry time.Time) time.Duration {
 	// Calculate the cache expiry as 5 minutes before the token expires
 	cacheExpiry := time.Until(tokenExpiry) - time.Minute*5
--- a/util/workloadidentity/workloadidentity_cgo.go
+++ b/util/workloadidentity/workloadidentity_cgo.go
@@ -0,0 +1,36 @@
+//go:build !darwin || (cgo && darwin)
+
+package workloadidentity
+
+import (
+	"context"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+)
+
+type WorkloadIdentityTokenProvider struct {
+	tokenCredential azcore.TokenCredential
+}
+
+func NewWorkloadIdentityTokenProvider() TokenProvider {
+	cred, err := azidentity.NewDefaultAzureCredential(&azidentity.DefaultAzureCredentialOptions{})
+	initError = err
+	return WorkloadIdentityTokenProvider{tokenCredential: cred}
+}
+
+func (c WorkloadIdentityTokenProvider) GetToken(scope string) (*Token, error) {
+	if initError != nil {
+		return nil, initError
+	}
+
+	token, err := c.tokenCredential.GetToken(context.Background(), policy.TokenRequestOptions{
+		Scopes: []string{scope},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return &Token{AccessToken: token.Token, ExpiresOn: token.ExpiresOn}, nil
+}
--- a/util/workloadidentity/workloadidentity_no_cgo.go
+++ b/util/workloadidentity/workloadidentity_no_cgo.go
@@ -0,0 +1,25 @@
+//go:build darwin && !cgo
+
+// Package workloadidentity
+// This file is used when the GOOS is darwin and CGO is not enabled.
+// It provides a no-op implementation of the WorkloadIdentityTokenProvider to allow goreleaser to build
+// a darwin binary on a linux machine.
+package workloadidentity
+
+import (
+	"errors"
+)
+
+type WorkloadIdentityTokenProvider struct {
+}
+
+const CGOError = "CGO is not enabled, cannot use workload identity token provider"
+
+// Code that does not require CGO
+func NewWorkloadIdentityTokenProvider() TokenProvider {
+	panic(CGOError)
+}
+
+func (c WorkloadIdentityTokenProvider) GetToken(scope string) (*Token, error) {
+	return nil, errors.New(CGOError)
+}