diff --git a/.dockerignore b/.dockerignore index e11823c056597..b29decd7abce8 100644 --- a/.dockerignore +++ b/.dockerignore @@ -7,7 +7,7 @@ # explicitly include stuff we actually need via negation !docker/build-rust-all.sh -!docker/experimental/*.sh +!docker/builder/*.sh !docker/tools/boto.cfg diff --git a/.github/workflows/workflow-run-docker-rust-build.yaml b/.github/workflows/workflow-run-docker-rust-build.yaml index fa38ffa14263d..8208263bfe427 100644 --- a/.github/workflows/workflow-run-docker-rust-build.yaml +++ b/.github/workflows/workflow-run-docker-rust-build.yaml @@ -74,7 +74,7 @@ jobs: GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - name: Build and Push Rust images - run: docker/experimental/docker-bake-rust-all.sh + run: docker/builder/docker-bake-rust-all.sh env: PROFILE: ${{ env.PROFILE }} FEATURES: ${{ env.FEATURES }} diff --git a/docker/README.md b/docker/README.md deleted file mode 100644 index 86567f0265d25..0000000000000 --- a/docker/README.md +++ /dev/null @@ -1,25 +0,0 @@ -# Docker - -This directory contains [Docker](https://www.docker.com/) configuration for building Aptos docker images. - -To build these images run this from the repository root: - -``` -docker buildx create --use # creates a buildkit builder and only needs to be run once -docker/docker-bake-rust-all.sh -``` - -For using the images, look in the `compose` directory. - -## Image tagging strategy - -The `builder` target is the one that builds the rust binaries and is the most expensive. Its output is used by all the other targets that follow. - -The `builder` itself takes in a few build arguments. Most are build metadata, such as `GIT_SHA` and `GIT_BRANCH`, but others change the build entirely, such as cargo flags `PROFILE` and `FEATURES`. Arguments like these necessitate a different cache to prevent clobbering. The general strategy is to use image tags and cache keys that use these variables. An example image tag might be: - -- `performance_failpoints_` -- `performance` profile with `failpoints` feature -- `` -- default `release` profile with no additional features - -## Release Images - -Image releasing is done automatically using corresponding github workflow jobs or manually using the `docker/release-images.mjs` script. diff --git a/docker/build-rust-all.sh b/docker/build-rust-all.sh deleted file mode 100755 index af459dfc63cfb..0000000000000 --- a/docker/build-rust-all.sh +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/bash -# Copyright © Aptos Foundation -# SPDX-License-Identifier: Apache-2.0 -set -e - -PROFILE=${PROFILE:-release} -FEATURES=${FEATURES:-""} - -echo "Building all rust-based docker images" -echo "PROFILE: $PROFILE" -echo "FEATURES: $FEATURES" - -# Build all the rust binaries -cargo build --locked --profile=$PROFILE \ - -p aptos \ - -p aptos-backup-cli \ - -p aptos-faucet-service \ - -p aptos-forge-cli \ - -p aptos-fn-check-client \ - -p aptos-node-checker \ - -p aptos-openapi-spec-generator \ - -p aptos-telemetry-service \ - -p aptos-db-bootstrapper \ - -p aptos-db-tool \ - -p aptos-transaction-emitter \ - -p aptos-indexer-grpc-cache-worker \ - -p aptos-indexer-grpc-file-store \ - -p aptos-indexer-grpc-data-service \ - -p aptos-indexer-grpc-parser \ - "$@" - -# Build aptos-node separately -cargo build --locked --profile=$PROFILE \ - -p aptos-node \ - "$@" - -# Build and overwrite the aptos-node binary with features if specified -if [ -n "$FEATURES" ]; then - echo "Building aptos-node with features ${FEATURES}" - (cd aptos-node && cargo build --profile=$PROFILE --features=$FEATURES "$@") -fi - -# After building, copy the binaries we need to `dist` since the `target` directory is used as docker cache mount and only available during the RUN step -BINS=( - aptos - aptos-faucet-service - aptos-node - aptos-node-checker - aptos-openapi-spec-generator - aptos-telemetry-service - aptos-indexer-grpc-cache-worker - aptos-indexer-grpc-file-store - aptos-indexer-grpc-data-service - aptos-indexer-grpc-parser - aptos-fn-check-client - aptos-db-tool - aptos-db-bootstrapper - forge - aptos-transaction-emitter -) - -mkdir dist - -for BIN in "${BINS[@]}"; do - cp target/$PROFILE/$BIN dist/$BIN -done - -# Build the Aptos Move framework and place it in dist. It can be found afterwards in the current directory. -(cd dist && cargo run --package aptos-framework -- release) diff --git a/docker/builder/README.md b/docker/builder/README.md new file mode 100644 index 0000000000000..0478748ce7767 --- /dev/null +++ b/docker/builder/README.md @@ -0,0 +1,80 @@ +# Docker Images Builder + +This directory contains [Docker](https://www.docker.com/) configuration for building Aptos docker images. This builder requires the use of Buildkit which is available by default in most recent Docker installations. + +To build these images run this from the repository root: + +``` +docker buildx create --use # creates a buildkit builder and only needs to be run once +docker/builder/docker-bake-rust-all.sh +``` + +The above command will by default build all the images. To build specific images, refer to `group` and `target` definitions in [docker-bake-rust-all.hcl](docker-bake-rust-all.hcl). + +For using the images, look in the [docker/compose](../docker/compose/) directory. + +## List of Images + +The builder can produce the following Docker images. To build a particular image, run `./docker/builder/docker-bake-rust-all.sh [image-name]`. Also, refer to the `group` definitions in the [docker-bake-rust-all.hcl](docker-bake-rust-all.hcl) file for more information. + +1. `validator-testing` : Image containing the `aptos-node` binary and other linux tools useful for debugging and testing. This image is used in Forge tests. +2. `validator` : Image containing only the `aptos-node` binary. This image is usually used for distribution. +3. `tools`: Image containing all the aptos tools binaries including `aptos-db-bootstrapper`, `aptos-db-tool`, `aptos`, `aptos-transaction-emitter`, `aptos-openapi-spec-generator` and `aptos-fn-check-client`. Also, includes the Aptos Move framework for use with genesis generation. +4. `forge`: Image containing the `forge` binary that orchestrates and runs Forge tests. +5. `node-checker`: Image containing the `node-checker` binary that checks the health of a node. +6. `faucet`: Image containing the `faucet` binary that provides a faucet service for minting coins. +7. `indexer-grpc`: Image containing the `indexer-grpc` binary that indexes the blockchain and provides a gRPC service for querying. +8. `telemetry-service`: Image containing the `telemetry-service` binary that collects telemetry from blockchain nodes. + +## How the builder works + +At a high level, the builder works as follows. By default, the builder builds all images. +1. Either or both the `aptos-node-builder` and `tools-builder` targets are invoked depending on what image is being built. +2. The target image is built by copying the output of either the `aptos-node-builder` or `tools-builder` target into the target image. + +The `aptos-node-builder` is separate from the `tools-builder` because it allows to build different `aptos-node` binary variants with different features and profiles. + +Using a builder step allows us to cache the build artifacts and reuse them across different images. Our binaries have a lot of common dependencies, so this is a significant time saver. Furthermore, most `RUN` instructions use a cache mount that allows us to cache the output of the command leading to significant build time improvements. + +## Building a new Image + +> Note: If building a CLI tool, consider adding it to the `tools` image instead of creating a new image. + +> Note: If your requirements doesn't fit into the instructions below, please reach out to the team for help. + +1. Modify the `cargo build` step in `build-tools.sh` to include the new binary. +2. Create a new Dockerfile by cloning an existing target Dockerfile (e.g. `validator.Dockerfile`). When you use a `RUN` instruction, try to use a mount cache as they can improve build times by caching the output of the command. +3. Add the following `FROM` statements to the new Dockerfile depending on whether you need to copy from the `aptos-node-builder` or the `tools-builder`. This ensures that your image references the required builder images to copy the binaries from. These image references are injected as build contexts at build time. This is defined in the `contexts` field in `_common` target in [docker-bake-rust-all.hcl](docker-bake-rust-all.hcl). + +``` +FROM node-builder + +FROM tools-builder +``` + +4. In your new Dockerfile, use the COPY command to copy the output of the `aptos-node-builder` or `tools-builder` target into the image. For example, to copy the `aptos-node` binary into the `validator` image, use the following command: + ``` + COPY --link --from=node-builder /aptos/dist/aptos-node /usr/local/bin/ + ``` +5. Add a new target defition in [docker-bake-rust-all.hcl](docker-bake-rust-all.hcl) file by copying another target (e.g. `validator`). The target definition should have the following fields: + - `inherits` + - `target`: Name of the target. This should be the same as the name of the Dockerfile. + - `dockerfile`: Path to the Dockerfile. + - `tags`: Create a unique tag for the image using `generate_tags` function. + - `cache-from`: Create a unique cache key using `generate_cache_from` function. + - `cache-to`: Create a unique cache key using `generate_cache_to` function. + +6. Optionally, you can create a `group` definition to build multiple tagets at once. + +## Image tagging strategy + +The `aptos-node-builder` and `tools-builder` targets build the `aptos-node` binary and the remaining rust binaries, respectively, and is the most expensive. Its output is used by all the other targets that follow. + +The `*-builder` itself takes in a few build arguments. Most are build metadata, such as `GIT_SHA` and `GIT_BRANCH`, but others change the build entirely, such as cargo flags `PROFILE` and `FEATURES`. Arguments like these necessitate a different cache to prevent clobbering. The general strategy is to use image tags and cache keys that use these variables. An example image tag might be: + +- `performance_failpoints_` -- `performance` profile with `failpoints` feature +- `` -- default `release` profile with no additional features + +## Release Images + +Image releasing is done automatically using corresponding github workflow jobs or manually using the `docker/release-images.mjs` script. diff --git a/docker/experimental/build-node.sh b/docker/builder/build-node.sh similarity index 100% rename from docker/experimental/build-node.sh rename to docker/builder/build-node.sh diff --git a/docker/experimental/build-tools.sh b/docker/builder/build-tools.sh similarity index 100% rename from docker/experimental/build-tools.sh rename to docker/builder/build-tools.sh diff --git a/docker/experimental/builder.Dockerfile b/docker/builder/builder.Dockerfile similarity index 97% rename from docker/experimental/builder.Dockerfile rename to docker/builder/builder.Dockerfile index c1b2e8fa1dd2d..b36393dfd5c9d 100644 --- a/docker/experimental/builder.Dockerfile +++ b/docker/builder/builder.Dockerfile @@ -52,7 +52,7 @@ RUN --mount=type=secret,id=GIT_CREDENTIALS,target=/root/.git-credentials \ --mount=type=cache,target=/usr/local/cargo/git,id=node-builder-cargo-git-cache \ --mount=type=cache,target=/usr/local/cargo/registry,id=node-builder-cargo-registry-cache \ --mount=type=cache,target=/aptos/target,id=node-builder-target-cache \ - docker/experimental/build-node.sh + docker/builder/build-node.sh FROM builder-base as tools-builder @@ -60,4 +60,4 @@ RUN --mount=type=secret,id=GIT_CREDENTIALS,target=/root/.git-credentials \ --mount=type=cache,target=/usr/local/cargo/git,id=tools-builder-cargo-git-cache \ --mount=type=cache,target=/usr/local/cargo/registry,id=tools-builder-cargo-registry-cache \ --mount=type=cache,target=/aptos/target,id=tools-builder-target-cache \ - docker/experimental/build-tools.sh \ No newline at end of file + docker/builder/build-tools.sh \ No newline at end of file diff --git a/docker/experimental/debian-base.Dockerfile b/docker/builder/debian-base.Dockerfile similarity index 100% rename from docker/experimental/debian-base.Dockerfile rename to docker/builder/debian-base.Dockerfile diff --git a/docker/experimental/docker-bake-rust-all.hcl b/docker/builder/docker-bake-rust-all.hcl similarity index 88% rename from docker/experimental/docker-bake-rust-all.hcl rename to docker/builder/docker-bake-rust-all.hcl index df5681f15208d..faa47cd481eb5 100644 --- a/docker/experimental/docker-bake-rust-all.hcl +++ b/docker/builder/docker-bake-rust-all.hcl @@ -66,14 +66,14 @@ group "forge-images" { } target "debian-base" { - dockerfile = "docker/experimental/debian-base.Dockerfile" + dockerfile = "docker/builder/debian-base.Dockerfile" contexts = { - debian = "docker-image://debian:bullseye-20220912@sha256:3e82b1af33607aebaeb3641b75d6e80fd28d36e17993ef13708e9493e30e8ff9" + debian = "docker-image://debian:bullseye-20230502@sha256:32888a3c745e38e72a5f49161afc7bb52a263b8f5ea1b3b4a6af537678f29491" } } target "builder-base" { - dockerfile = "docker/experimental/builder.Dockerfile" + dockerfile = "docker/builder/builder.Dockerfile" target = "builder-base" context = "." contexts = { @@ -91,7 +91,7 @@ target "builder-base" { } target "aptos-node-builder" { - dockerfile = "docker/experimental/builder.Dockerfile" + dockerfile = "docker/builder/builder.Dockerfile" target = "aptos-node-builder" contexts = { builder-base = "target:builder-base" @@ -102,7 +102,7 @@ target "aptos-node-builder" { } target "tools-builder" { - dockerfile = "docker/experimental/builder.Dockerfile" + dockerfile = "docker/builder/builder.Dockerfile" target = "tools-builder" contexts = { builder-base = "target:builder-base" @@ -135,7 +135,7 @@ target "_common" { target "validator-testing" { inherits = ["_common"] - dockerfile = "docker/experimental/validator-testing.Dockerfile" + dockerfile = "docker/builder/validator-testing.Dockerfile" target = "validator-testing" cache-from = generate_cache_from("validator-testing") cache-to = generate_cache_to("validator-testing") @@ -144,7 +144,7 @@ target "validator-testing" { target "tools" { inherits = ["_common"] - dockerfile = "docker/experimental/tools.Dockerfile" + dockerfile = "docker/builder/tools.Dockerfile" target = "tools" cache-from = generate_cache_from("tools") cache-to = generate_cache_to("tools") @@ -153,7 +153,7 @@ target "tools" { target "forge" { inherits = ["_common"] - dockerfile = "docker/experimental/forge.Dockerfile" + dockerfile = "docker/builder/forge.Dockerfile" target = "forge" cache-from = generate_cache_from("forge") cache-to = generate_cache_to("forge") @@ -162,7 +162,7 @@ target "forge" { target "validator" { inherits = ["_common"] - dockerfile = "docker/experimental/validator.Dockerfile" + dockerfile = "docker/builder/validator.Dockerfile" target = "validator" cache-from = generate_cache_from("validator") cache-to = generate_cache_to("validator") @@ -171,7 +171,7 @@ target "validator" { target "tools" { inherits = ["_common"] - dockerfile = "docker/experimental/tools.Dockerfile" + dockerfile = "docker/builder/tools.Dockerfile" target = "tools" cache-from = generate_cache_from("tools") cache-to = generate_cache_to("tools") @@ -180,7 +180,7 @@ target "tools" { target "node-checker" { inherits = ["_common"] - dockerfile = "docker/experimental/node-checker.Dockerfile" + dockerfile = "docker/builder/node-checker.Dockerfile" target = "node-checker" cache-from = generate_cache_from("node-checker") cache-to = generate_cache_to("node-checker") @@ -189,7 +189,7 @@ target "node-checker" { target "faucet" { inherits = ["_common"] - dockerfile = "docker/experimental/faucet.Dockerfile" + dockerfile = "docker/builder/faucet.Dockerfile" target = "faucet" cache-from = generate_cache_from("faucet") cache-to = generate_cache_to("faucet") @@ -198,7 +198,7 @@ target "faucet" { target "telemetry-service" { inherits = ["_common"] - dockerfile = "docker/experimental/telemetry-service.Dockerfile" + dockerfile = "docker/builder/telemetry-service.Dockerfile" target = "telemetry-service" cache-from = generate_cache_from("telemetry-service") cache-to = generate_cache_to("telemetry-service") @@ -207,7 +207,7 @@ target "telemetry-service" { target "indexer-grpc" { inherits = ["_common"] - dockerfile = "docker/experimental/indexer-grpc.Dockerfile" + dockerfile = "docker/builder/indexer-grpc.Dockerfile" target = "indexer-grpc" cache-to = generate_cache_to("indexer-grpc") tags = generate_tags("indexer-grpc") diff --git a/docker/experimental/docker-bake-rust-all.sh b/docker/builder/docker-bake-rust-all.sh similarity index 84% rename from docker/experimental/docker-bake-rust-all.sh rename to docker/builder/docker-bake-rust-all.sh index 50e7491c1cf35..4589fd1fa20ad 100755 --- a/docker/experimental/docker-bake-rust-all.sh +++ b/docker/builder/docker-bake-rust-all.sh @@ -47,13 +47,13 @@ fi BUILD_TARGET="${1:-all}" echo "Building target: ${BUILD_TARGET}" -echo "To build only a specific target, run: docker/experimental/docker-bake-rust-all.sh " -echo "E.g. docker/experimental/docker-bake-rust-all.sh forge-images" +echo "To build only a specific target, run: docker/builder/docker-bake-rust-all.sh " +echo "E.g. docker/builder/docker-bake-rust-all.sh forge-images" if [ "$CI" == "true" ]; then - TARGET_REGISTRY=remote docker buildx bake --progress=plain --file docker/experimental/docker-bake-rust-all.hcl --push $BUILD_TARGET + TARGET_REGISTRY=remote docker buildx bake --progress=plain --file docker/builder/docker-bake-rust-all.hcl --push $BUILD_TARGET else - TARGET_REGISTRY=local docker buildx bake --file docker/experimental/docker-bake-rust-all.hcl $BUILD_TARGET + TARGET_REGISTRY=local docker buildx bake --file docker/builder/docker-bake-rust-all.hcl $BUILD_TARGET fi echo "Build complete. Docker buildx cache usage:" diff --git a/docker/experimental/faucet.Dockerfile b/docker/builder/faucet.Dockerfile similarity index 100% rename from docker/experimental/faucet.Dockerfile rename to docker/builder/faucet.Dockerfile diff --git a/docker/experimental/forge.Dockerfile b/docker/builder/forge.Dockerfile similarity index 100% rename from docker/experimental/forge.Dockerfile rename to docker/builder/forge.Dockerfile diff --git a/docker/experimental/indexer-grpc.Dockerfile b/docker/builder/indexer-grpc.Dockerfile similarity index 100% rename from docker/experimental/indexer-grpc.Dockerfile rename to docker/builder/indexer-grpc.Dockerfile diff --git a/docker/experimental/node-checker.Dockerfile b/docker/builder/node-checker.Dockerfile similarity index 100% rename from docker/experimental/node-checker.Dockerfile rename to docker/builder/node-checker.Dockerfile diff --git a/docker/experimental/telemetry-service.Dockerfile b/docker/builder/telemetry-service.Dockerfile similarity index 100% rename from docker/experimental/telemetry-service.Dockerfile rename to docker/builder/telemetry-service.Dockerfile diff --git a/docker/experimental/tools.Dockerfile b/docker/builder/tools.Dockerfile similarity index 100% rename from docker/experimental/tools.Dockerfile rename to docker/builder/tools.Dockerfile diff --git a/docker/experimental/validator-testing.Dockerfile b/docker/builder/validator-testing.Dockerfile similarity index 100% rename from docker/experimental/validator-testing.Dockerfile rename to docker/builder/validator-testing.Dockerfile diff --git a/docker/experimental/validator.Dockerfile b/docker/builder/validator.Dockerfile similarity index 100% rename from docker/experimental/validator.Dockerfile rename to docker/builder/validator.Dockerfile diff --git a/docker/docker-bake-rust-all.hcl b/docker/docker-bake-rust-all.hcl deleted file mode 100644 index c6c61f0e9679d..0000000000000 --- a/docker/docker-bake-rust-all.hcl +++ /dev/null @@ -1,187 +0,0 @@ -# This is a docker bake file in HCL syntax. -# It provides a high-level mechenanism to build multiple dockerfiles in one shot. -# Check https://crazymax.dev/docker-allhands2-buildx-bake and https://docs.docker.com/engine/reference/commandline/buildx_bake/#file-definition for an intro. - -variable "CI" { - # whether this build runs in aptos-labs' CI environment which makes certain assumptions about certain registries being available to push to cache layers. - # for local builds we simply default to relying on dockers local caching. - default = "false" -} -variable "TARGET_CACHE_ID" {} -variable "TARGET_CACHE_TYPE" { - // must be "normalized_branch_or_pr" | "git_sha" - default = "normalized_branch_or_pr" -} -variable "BUILD_DATE" {} -// this is the full GIT_SHA - let's use that as primary identifier going forward -variable "GIT_SHA" {} - -variable "GIT_BRANCH" {} - -variable "GIT_CREDENTIALS" {} - -variable "GIT_TAG" {} - -variable "BUILT_VIA_BUILDKIT" {} - -variable "GCP_DOCKER_ARTIFACT_REPO" {} - -variable "GCP_DOCKER_ARTIFACT_REPO_US" {} - -variable "AWS_ECR_ACCOUNT_NUM" {} - -variable "TARGET_REGISTRY" { - // must be "aws" | "gcp" | "local", informs which docker tags are being generated - default = CI == "true" ? "gcp" : "local" -} - -variable "ecr_base" { - default = "${AWS_ECR_ACCOUNT_NUM}.dkr.ecr.us-west-2.amazonaws.com/aptos" -} - -variable "NORMALIZED_GIT_BRANCH_OR_PR" {} -variable "IMAGE_TAG_PREFIX" {} -variable "BUILD_ADDL_TESTING_IMAGES" { - // Whether to build additional testing images - default = "false" -} -variable "PROFILE" { - // Cargo compilation profile - default = "release" -} -variable "FEATURES" { - // Cargo features to enable, as a comma separated string -} - -group "all" { - targets = flatten([ - "validator", - "node-checker", - "tools", - "faucet", - "forge", - "telemetry-service", - "indexer-grpc", - BUILD_ADDL_TESTING_IMAGES == "true" ? [ - "validator-testing" - ] : [] - ]) -} - -target "_common" { - dockerfile = "docker/rust-all.Dockerfile" - context = "." - cache-from = flatten([ - // need to repeat all images here until https://github.com/docker/buildx/issues/934 is resolved - generate_cache_from("validator"), - generate_cache_from("node-checker"), - generate_cache_from("tools"), - generate_cache_from("faucet"), - generate_cache_from("forge"), - generate_cache_from("telemetry-service"), - generate_cache_from("indexer-grpc"), - - // testing targets - generate_cache_from("validator-testing"), - ]) - labels = { - "org.label-schema.schema-version" = "1.0", - "org.label-schema.build-date" = "${BUILD_DATE}" - "org.label-schema.git-sha" = "${GIT_SHA}" - } - args = { - PROFILE = "${PROFILE}" - FEATURES = "${FEATURES}" - GIT_SHA = "${GIT_SHA}" - GIT_BRANCH = "${GIT_BRANCH}" - GIT_TAG = "${GIT_TAG}" - GIT_CREDENTIALS = "${GIT_CREDENTIALS}" - BUILD_DATE = "${BUILD_DATE}" - BUILT_VIA_BUILDKIT = "true" - } -} - -target "validator" { - inherits = ["_common"] - target = "validator" - cache-to = generate_cache_to("validator") - tags = generate_tags("validator") -} - -target "validator-testing" { - inherits = ["_common"] - target = "validator-testing" - cache-to = generate_cache_to("validator-testing") - tags = generate_tags("validator-testing") -} - -target "node-checker" { - inherits = ["_common"] - target = "node-checker" - cache-to = generate_cache_to("node-checker") - tags = generate_tags("node-checker") -} - -target "tools" { - inherits = ["_common"] - target = "tools" - cache-to = generate_cache_to("tools") - tags = generate_tags("tools") -} - -target "faucet" { - inherits = ["_common"] - target = "faucet" - cache-to = generate_cache_to("faucet") - tags = generate_tags("faucet") -} - -target "forge" { - inherits = ["_common"] - target = "forge" - cache-to = generate_cache_to("forge") - tags = generate_tags("forge") -} - -target "telemetry-service" { - inherits = ["_common"] - target = "telemetry-service" - cache-to = generate_cache_to("telemetry-service") - tags = generate_tags("telemetry-service") -} - -target "indexer-grpc" { - inherits = ["_common"] - target = "indexer-grpc" - cache-to = generate_cache_to("indexer-grpc") - tags = generate_tags("indexer-grpc") -} - -function "generate_cache_from" { - params = [target] - result = CI == "true" ? [ - "type=registry,ref=${GCP_DOCKER_ARTIFACT_REPO}/${target}:cache-${IMAGE_TAG_PREFIX}main", - "type=registry,ref=${GCP_DOCKER_ARTIFACT_REPO}/${target}:cache-${IMAGE_TAG_PREFIX}${NORMALIZED_GIT_BRANCH_OR_PR}", - "type=registry,ref=${GCP_DOCKER_ARTIFACT_REPO}/${target}:cache-${IMAGE_TAG_PREFIX}${GIT_SHA}", - ] : [] -} - -## we only cache to GCP because AWS ECR doesn't support cache manifests -function "generate_cache_to" { - params = [target] - result = TARGET_REGISTRY == "remote" ? ["type=registry,mode=max,ref=${GCP_DOCKER_ARTIFACT_REPO}/${target}:cache-${IMAGE_TAG_PREFIX}${NORMALIZED_GIT_BRANCH_OR_PR}"] : [] -} - -function "generate_tags" { - params = [target] - result = TARGET_REGISTRY == "remote" ? [ - "${GCP_DOCKER_ARTIFACT_REPO}/${target}:${IMAGE_TAG_PREFIX}${GIT_SHA}", - "${GCP_DOCKER_ARTIFACT_REPO}/${target}:${IMAGE_TAG_PREFIX}${NORMALIZED_GIT_BRANCH_OR_PR}", - "${GCP_DOCKER_ARTIFACT_REPO_US}/${target}:${IMAGE_TAG_PREFIX}${GIT_SHA}", - "${GCP_DOCKER_ARTIFACT_REPO_US}/${target}:${IMAGE_TAG_PREFIX}${NORMALIZED_GIT_BRANCH_OR_PR}", - "${ecr_base}/${target}:${IMAGE_TAG_PREFIX}${GIT_SHA}", - ] : [ - "aptos-core/${target}:${IMAGE_TAG_PREFIX}${GIT_SHA}-from-local", - "aptos-core/${target}:${IMAGE_TAG_PREFIX}from-local", - ] -} diff --git a/docker/docker-bake-rust-all.sh b/docker/docker-bake-rust-all.sh deleted file mode 100755 index 49e3bfa7a5108..0000000000000 --- a/docker/docker-bake-rust-all.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -# Copyright © Aptos Foundation -# SPDX-License-Identifier: Apache-2.0 - -# This script docker bake to build all the rust-based docker images -# You need to execute this from the repository root as working directory -# E.g. docker/docker-bake-rust-all.sh -# If you want to build a specific target only, run: -# docker/docker-bake-rust-all.sh -# E.g. docker/docker-bake-rust-all.sh indexer - -set -ex - -export GIT_SHA=$(git rev-parse HEAD) -export GIT_BRANCH=$(git symbolic-ref --short HEAD) -export GIT_TAG=$(git tag -l --contains HEAD) -export GIT_CREDENTIALS="${GIT_CREDENTIALS:-}" -export BUILD_DATE="$(date -u +'%Y-%m-%dT%H:%M:%SZ')" -export BUILT_VIA_BUILDKIT="true" -export NORMALIZED_GIT_BRANCH_OR_PR=$(printf "$TARGET_CACHE_ID" | sed -e 's/[^a-zA-Z0-9]/-/g') - -export PROFILE=${PROFILE:-release} -export FEATURES=${FEATURES:-""} -export NORMALIZED_FEATURES_LIST=$(printf "$FEATURES" | sed -e 's/[^a-zA-Z0-9]/_/g') - -if [ "$PROFILE" = "release" ]; then - # Do not prefix image tags if we're building the default profile "release" - profile_prefix="" -else - # Builds for profiles other than "release" should be tagged with their profile name - profile_prefix="${PROFILE}_" -fi - -if [ -n "$FEATURES" ]; then - export IMAGE_TAG_PREFIX="${profile_prefix}${NORMALIZED_FEATURES_LIST}_" -else - export IMAGE_TAG_PREFIX="${profile_prefix}" -fi - -if [ "$CI" == "true" ]; then - TARGET_REGISTRY=remote docker buildx bake --progress=plain --file docker/docker-bake-rust-all.hcl all --push - REGISTRY_BASE="$GCP_DOCKER_ARTIFACT_REPO" SOURCE_TAG="cache-${IMAGE_TAG_PREFIX}${NORMALIZED_GIT_BRANCH_OR_PR}" TARGET_TAG="cache-${IMAGE_TAG_PREFIX}${GIT_SHA}" ./docker/retag-rust-images.sh -else - BUILD_TARGET="${1:-all}" - TARGET_REGISTRY=local docker buildx bake --file docker/docker-bake-rust-all.hcl $BUILD_TARGET --load -fi diff --git a/docker/retag-rust-images.sh b/docker/retag-rust-images.sh deleted file mode 100755 index 0b31681301783..0000000000000 --- a/docker/retag-rust-images.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/env bash - -set -ex - -IMAGES=( - validator - node-checker - tools - faucet - forge - telemetry-service - indexer-grpc -) - -for IMAGE in "${IMAGES[@]}" -do - crane copy "$REGISTRY_BASE/$IMAGE:$SOURCE_TAG" "$REGISTRY_BASE/$IMAGE:$TARGET_TAG" -done diff --git a/docker/rust-all.Dockerfile b/docker/rust-all.Dockerfile deleted file mode 100644 index 8d7fa6e3d47f0..0000000000000 --- a/docker/rust-all.Dockerfile +++ /dev/null @@ -1,407 +0,0 @@ -#syntax=docker/dockerfile:1.4 - -FROM debian:bullseye@sha256:32888a3c745e38e72a5f49161afc7bb52a263b8f5ea1b3b4a6af537678f29491 AS debian-base - -# Add Tini to make sure the binaries receive proper SIGTERM signals when Docker is shut down -ADD https://github.com/krallin/tini/releases/download/v0.19.0/tini /tini -RUN chmod +x /tini -ENTRYPOINT ["/tini", "--"] - -FROM rust:1.66.1-bullseye@sha256:f72949bcf1daf8954c0e0ed8b7e10ac4c641608f6aa5f0ef7c172c49f35bd9b5 AS rust-base -WORKDIR /aptos -RUN apt-get update && apt-get install -y cmake curl clang git pkg-config libssl-dev libpq-dev -RUN apt-get update && apt-get install binutils lld - -### Build Rust code ### -FROM rust-base as builder - -# Confirm that this Dockerfile is being invoked from an appropriate builder. -# See https://github.com/aptos-labs/aptos-core/pull/2471 -# See https://github.com/aptos-labs/aptos-core/pull/2472 -ARG BUILT_VIA_BUILDKIT -ENV BUILT_VIA_BUILDKIT $BUILT_VIA_BUILDKIT - -RUN test -n "$BUILT_VIA_BUILDKIT" || (printf "===\nREAD ME\n===\n\nYou likely just tried run a docker build using this Dockerfile using\nthe standard docker builder (e.g. docker build). The standard docker\nbuild command uses a builder that does not respect our .dockerignore\nfile, which will lead to a build failure. To build, you should instead\nrun a command like one of these:\n\ndocker/docker-bake-rust-all.sh\ndocker/docker-bake-rust-all.sh indexer\n\nIf you are 100 percent sure you know what you're doing, you can add this flag:\n--build-arg BUILT_VIA_BUILDKIT=true\n\nFor more information, see https://github.com/aptos-labs/aptos-core/pull/2472\n\nThanks!" && false) - -COPY --link . /aptos/ - -RUN ARCHITECTURE=$(uname -m | sed -e "s/arm64/arm_64/g" | sed -e "s/aarch64/aarch_64/g") \ - && curl -LOs "https://github.com/protocolbuffers/protobuf/releases/download/v21.5/protoc-21.5-linux-$ARCHITECTURE.zip" \ - && unzip -o "protoc-21.5-linux-$ARCHITECTURE.zip" -d /usr/local bin/protoc \ - && unzip -o "protoc-21.5-linux-$ARCHITECTURE.zip" -d /usr/local 'include/*' \ - && chmod +x "/usr/local/bin/protoc" \ - && rm "protoc-21.5-linux-$ARCHITECTURE.zip" - -# cargo profile and features -ARG PROFILE -ENV PROFILE ${PROFILE} -ARG FEATURES -ENV FEATURES ${FEATURES} -ARG GIT_CREDENTIALS -ENV GIT_CREDENTIALS ${GIT_CREDENTIALS} - -RUN GIT_CREDENTIALS="$GIT_CREDENTIALS" git config --global credential.helper store && echo "${GIT_CREDENTIALS}" > ~/.git-credentials -RUN PROFILE=$PROFILE FEATURES=$FEATURES docker/build-rust-all.sh && rm -rf $CARGO_HOME && rm -rf target -RUN rm -rf ~/.git-credentials - -### Validator Image ### -FROM debian-base AS validator - -RUN apt-get update && apt-get install -y \ - libssl1.1 \ - ca-certificates \ - # Needed to run debugging tools like perf - linux-perf \ - sudo \ - procps \ - gdb \ - curl \ - # postgres client lib required for indexer - libpq-dev \ - && apt-get clean && rm -r /var/lib/apt/lists/* - -### Because build machine perf might not match run machine perf, we have to symlink -### Even if version slightly off, still mostly works -RUN ln -sf /usr/bin/perf_* /usr/bin/perf - -RUN addgroup --system --gid 6180 aptos && adduser --system --ingroup aptos --no-create-home --uid 6180 aptos - -RUN mkdir -p /opt/aptos/etc -COPY --link --from=builder /aptos/dist/aptos-node /usr/local/bin/ -COPY --link --from=builder /aptos/dist/aptos-db-tool /usr/local/bin/ -COPY --link --from=builder /aptos/dist/aptos-db-bootstrapper /usr/local/bin/ - -# Admission control -EXPOSE 8000 -# Validator network -EXPOSE 6180 -# Metrics -EXPOSE 9101 -# Backup -EXPOSE 6186 - -# Capture backtrace on error -ENV RUST_BACKTRACE 1 -ENV RUST_LOG_FORMAT=json - -# add build info -ARG BUILD_DATE -ENV BUILD_DATE ${BUILD_DATE} -ARG GIT_TAG -ENV GIT_TAG ${GIT_TAG} -ARG GIT_BRANCH -ENV GIT_BRANCH ${GIT_BRANCH} -ARG GIT_SHA -ENV GIT_SHA ${GIT_SHA} - -### Node Checker Image ### - -FROM debian-base AS node-checker - -RUN apt-get update && apt-get install -y \ - libssl1.1 \ - ca-certificates \ - net-tools \ - tcpdump \ - iproute2 \ - netcat \ - libpq-dev \ - && apt-get clean && rm -r /var/lib/apt/lists/* - -COPY --link --from=builder /aptos/dist/aptos-node-checker /usr/local/bin/aptos-node-checker - -ENV RUST_LOG_FORMAT=json - -# add build info -ARG BUILD_DATE -ENV BUILD_DATE ${BUILD_DATE} -ARG GIT_TAG -ENV GIT_TAG ${GIT_TAG} -ARG GIT_BRANCH -ENV GIT_BRANCH ${GIT_BRANCH} -ARG GIT_SHA -ENV GIT_SHA ${GIT_SHA} - - -### Tools Image ### -FROM debian-base AS tools - -RUN echo "deb http://deb.debian.org/debian bullseye main" > /etc/apt/sources.list.d/bullseye.list && \ - echo "Package: *\nPin: release n=bullseye\nPin-Priority: 50" > /etc/apt/preferences.d/bullseye - -RUN apt-get update && apt-get --no-install-recommends --allow-downgrades -y \ - install \ - wget \ - curl \ - perl-base=5.32.1-4+deb11u1 \ - libtinfo6=6.2+20201114-2+deb11u1 \ - git \ - libssl1.1 \ - ca-certificates \ - socat \ - python3-botocore/bullseye \ - awscli/bullseye \ - && apt-get clean && rm -r /var/lib/apt/lists/* - -RUN ln -s /usr/bin/python3 /usr/local/bin/python -COPY --link docker/tools/boto.cfg /etc/boto.cfg - -RUN wget https://storage.googleapis.com/pub/gsutil.tar.gz -O- | tar --gzip --directory /opt --extract && ln -s /opt/gsutil/gsutil /usr/local/bin -RUN cd /usr/local/bin && wget "https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kubectl" -O kubectl && chmod +x kubectl - -COPY --link --from=builder /aptos/dist/aptos-db-bootstrapper /usr/local/bin/aptos-db-bootstrapper -COPY --link --from=builder /aptos/dist/aptos-db-tool /usr/local/bin/aptos-db-tool -COPY --link --from=builder /aptos/dist/aptos /usr/local/bin/aptos -COPY --link --from=builder /aptos/dist/aptos-openapi-spec-generator /usr/local/bin/aptos-openapi-spec-generator -COPY --link --from=builder /aptos/dist/aptos-fn-check-client /usr/local/bin/aptos-fn-check-client -COPY --link --from=builder /aptos/dist/aptos-transaction-emitter /usr/local/bin/aptos-transaction-emitter - -### Get Aptos Move releases for genesis ceremony -RUN mkdir -p /aptos-framework/move -COPY --link --from=builder /aptos/dist/head.mrb /aptos-framework/move/head.mrb - -# add build info -ARG BUILD_DATE -ENV BUILD_DATE ${BUILD_DATE} -ARG GIT_TAG -ENV GIT_TAG ${GIT_TAG} -ARG GIT_BRANCH -ENV GIT_BRANCH ${GIT_BRANCH} -ARG GIT_SHA -ENV GIT_SHA ${GIT_SHA} - - -### Faucet Image ### -FROM debian-base AS faucet - -RUN apt-get update && apt-get install -y \ - libssl1.1 \ - ca-certificates \ - nano \ - net-tools \ - tcpdump \ - iproute2 \ - netcat \ - && apt-get clean && rm -r /var/lib/apt/lists/* - -RUN mkdir -p /aptos/client/data/wallet/ - -COPY --link --from=builder /aptos/dist/aptos-faucet-service /usr/local/bin/aptos-faucet-service - -#install needed tools -RUN apt-get update && apt-get install -y procps - -# Mint proxy listening address -EXPOSE 8000 -ENV RUST_LOG_FORMAT=json - -# add build info -ARG BUILD_DATE -ENV BUILD_DATE ${BUILD_DATE} -ARG GIT_TAG -ENV GIT_TAG ${GIT_TAG} -ARG GIT_BRANCH -ENV GIT_BRANCH ${GIT_BRANCH} -ARG GIT_SHA -ENV GIT_SHA ${GIT_SHA} - - -### Forge Image ### - -FROM debian-base as forge - -RUN apt-get update && apt-get install -y libssl1.1 \ - ca-certificates \ - openssh-client \ - wget \ - busybox \ - git \ - unzip \ - awscli \ - && apt-get clean && rm -r /var/lib/apt/lists/* - -RUN mkdir /aptos - -# copy helm charts from source -COPY --link --from=builder /aptos/terraform/helm /aptos/terraform/helm -COPY --link --from=builder /aptos/testsuite/forge/src/backend/k8s/helm-values/aptos-node-default-values.yaml /aptos/terraform/aptos-node-default-values.yaml - -RUN cd /usr/local/bin && wget "https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kubectl" -O kubectl && chmod +x kubectl -RUN cd /usr/local/bin && wget "https://get.helm.sh/helm-v3.8.0-linux-amd64.tar.gz" -O- | busybox tar -zxvf - && mv linux-amd64/helm . && chmod +x helm -ENV PATH "$PATH:/root/bin" - -WORKDIR /aptos -COPY --link --from=builder /aptos/dist/forge /usr/local/bin/forge -### Get Aptos Framework Release for forge framework upgrade testing -COPY --link --from=builder /aptos/aptos-move/framework/ /aptos/aptos-move/framework/ - -ENV RUST_LOG_FORMAT=json - -# add build info -ARG BUILD_DATE -ENV BUILD_DATE ${BUILD_DATE} -ARG GIT_TAG -ENV GIT_TAG ${GIT_TAG} -ARG GIT_BRANCH -ENV GIT_BRANCH ${GIT_BRANCH} -ARG GIT_SHA -ENV GIT_SHA ${GIT_SHA} - -ENTRYPOINT ["/tini", "--", "forge"] - -### Telemetry Service Image ### - -FROM debian-base AS telemetry-service - -RUN apt-get update && apt-get install -y \ - libssl1.1 \ - ca-certificates \ - net-tools \ - tcpdump \ - iproute2 \ - netcat \ - libpq-dev \ - curl \ - && apt-get clean && rm -r /var/lib/apt/lists/* - -COPY --link --from=builder /aptos/dist/aptos-telemetry-service /usr/local/bin/aptos-telemetry-service - -EXPOSE 8000 -ENV RUST_LOG_FORMAT=json - -# add build info -ARG GIT_TAG -ENV GIT_TAG ${GIT_TAG} -ARG GIT_BRANCH -ENV GIT_BRANCH ${GIT_BRANCH} -ARG GIT_SHA -ENV GIT_SHA ${GIT_SHA} - -### Indexer GRPC Image ### - -FROM debian-base AS indexer-grpc - -RUN apt-get update && apt-get install -y \ - libssl1.1 \ - ca-certificates \ - net-tools \ - tcpdump \ - iproute2 \ - netcat \ - libpq-dev \ - curl \ - && apt-get clean && rm -r /var/lib/apt/lists/* - -COPY --link --from=builder /aptos/dist/aptos-indexer-grpc-cache-worker /usr/local/bin/aptos-indexer-grpc-cache-worker -COPY --link --from=builder /aptos/dist/aptos-indexer-grpc-file-store /usr/local/bin/aptos-indexer-grpc-file-store -COPY --link --from=builder /aptos/dist/aptos-indexer-grpc-data-service /usr/local/bin/aptos-indexer-grpc-data-service -COPY --link --from=builder /aptos/dist/aptos-indexer-grpc-parser /usr/local/bin/aptos-indexer-grpc-parser - -# The health check port -EXPOSE 8080 -# The gRPC port -EXPOSE 50501 - -ENV RUST_LOG_FORMAT=json - -# add build info -ARG GIT_TAG -ENV GIT_TAG ${GIT_TAG} -ARG GIT_BRANCH -ENV GIT_BRANCH ${GIT_BRANCH} -ARG GIT_SHA -ENV GIT_SHA ${GIT_SHA} - -### EXPERIMENTAL ### - -FROM debian-base as validator-testing-base - -RUN apt-get update && apt-get install -y \ - libssl1.1 \ - ca-certificates \ - # Needed to run debugging tools like perf - linux-perf \ - sudo \ - procps \ - gdb \ - curl \ - # postgres client lib required for indexer - libpq-dev \ - # Extra goodies for debugging - less \ - git \ - vim \ - nano \ - libjemalloc-dev \ - binutils \ - graphviz \ - ghostscript \ - strace \ - htop \ - sysstat \ - valgrind \ - && apt-get clean && rm -r /var/lib/apt/lists/* - -# Install pyroscope for profiling -RUN curl https://dl.pyroscope.io/release/pyroscope_0.36.0_amd64.deb --output pyroscope_0.36.0_amd64.deb && apt-get install ./pyroscope_0.36.0_amd64.deb - -### Because build machine perf might not match run machine perf, we have to symlink -### Even if version slightly off, still mostly works -RUN ln -sf /usr/bin/perf_* /usr/bin/perf - -RUN echo "deb http://deb.debian.org/debian sid main contrib non-free" >> /etc/apt/sources.list -RUN echo "deb-src http://deb.debian.org/debian sid main contrib non-free" >> /etc/apt/sources.list - -RUN apt-get update && apt-get install -y \ - arping bison clang-format cmake dh-python \ - dpkg-dev pkg-kde-tools ethtool flex inetutils-ping iperf \ - libbpf-dev libclang-11-dev libclang-cpp-dev libedit-dev libelf-dev \ - libfl-dev libzip-dev linux-libc-dev llvm-11-dev libluajit-5.1-dev \ - luajit python3-netaddr python3-pyroute2 python3-distutils python3 \ - && apt-get clean && rm -r /var/lib/apt/lists/* - -RUN git clone https://github.com/aptos-labs/bcc.git -RUN mkdir bcc/build -WORKDIR bcc/ -RUN git checkout 5258d14cb35ba08a8757a68386bebc9ea05f00c9 -WORKDIR build/ -RUN cmake .. -RUN make -RUN make install -WORKDIR .. - -### Validator Image ### -# We will build a base testing image with the necessary packages and -# duplicate steps from validator step. This will, however, reduce -# cache invalidation and reduce build times. -FROM validator-testing-base AS validator-testing - -RUN addgroup --system --gid 6180 aptos && adduser --system --ingroup aptos --no-create-home --uid 6180 aptos - -RUN mkdir -p /opt/aptos/etc -COPY --link --from=builder /aptos/dist/aptos-node /usr/local/bin/ -COPY --link --from=builder /aptos/dist/aptos-db-tool /usr/local/bin/ -COPY --link --from=builder /aptos/dist/aptos-db-bootstrapper /usr/local/bin/ - -# Admission control -EXPOSE 8000 -# Validator network -EXPOSE 6180 -# Metrics -EXPOSE 9101 -# Backup -EXPOSE 6186 - -# add build info -ARG BUILD_DATE -ENV BUILD_DATE ${BUILD_DATE} -ARG GIT_TAG -ENV GIT_TAG ${GIT_TAG} -ARG GIT_BRANCH -ENV GIT_BRANCH ${GIT_BRANCH} -ARG GIT_SHA -ENV GIT_SHA ${GIT_SHA} - -# Capture backtrace on error -ENV RUST_BACKTRACE 1 -ENV RUST_LOG_FORMAT=json