From a59dd19c2f9ab498a908f6ced78cbb9659296290 Mon Sep 17 00:00:00 2001 From: Javier Cortejoso Date: Tue, 24 Oct 2023 13:01:05 +0200 Subject: [PATCH] Dockerfile: Replace alpine by debian. Use same dockerfile for amd and arm (#2192) * Add wget package * Using same dockerfile for amd and arm * Delete old dockerfiles * Using debian-slim --- .../workflows/build-sign-commit-images.yaml | 63 +--------- Dockerfile | 18 ++- Dockerfile.alltools | 16 ++- Dockerfile.android | 111 ------------------ Dockerfile.arm64 | 31 ----- 5 files changed, 31 insertions(+), 208 deletions(-) delete mode 100644 Dockerfile.android delete mode 100644 Dockerfile.arm64 diff --git a/.github/workflows/build-sign-commit-images.yaml b/.github/workflows/build-sign-commit-images.yaml index 1eaebde9a0..fc6be40f0f 100644 --- a/.github/workflows/build-sign-commit-images.yaml +++ b/.github/workflows/build-sign-commit-images.yaml @@ -7,7 +7,7 @@ on: workflow_dispatch: jobs: - build-container-geth-amd-sha: + build-container-geth-sha: runs-on: [self-hosted, blockchain, 8-cpu] permissions: contents: read @@ -25,7 +25,7 @@ jobs: - name: Build and push container uses: celo-org/reusable-workflows/.github/actions/build-container@9817fca8d235a679e56bdcc72c31dfc548413805 with: - platforms: linux/amd64 + platforms: linux/amd64,linux/arm64 registry: us-west1-docker.pkg.dev/devopsre/dev-images/geth tag: ${{ github.sha }} context: . @@ -33,32 +33,7 @@ jobs: push: ${{ fromJSON(true) }} load: ${{ fromJSON(false) }} - build-container-geth-arm-sha: - runs-on: [self-hosted, blockchain, 8-cpu] - permissions: - contents: read - id-token: write - security-events: write - steps: - - uses: actions/checkout@v3 - - name: Login at GCP Artifact Registry - uses: celo-org/reusable-workflows/.github/actions/auth-gcp-artifact-registry@9817fca8d235a679e56bdcc72c31dfc548413805 - with: - workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain-dev/providers/github-by-repos' - service-account: 'celo-blockchain-dev@devopsre.iam.gserviceaccount.com' - artifact-registry: us-west1-docker.pkg.dev/devopsre/dev-images/geth - - name: Build and push container - uses: celo-org/reusable-workflows/.github/actions/build-container@9817fca8d235a679e56bdcc72c31dfc548413805 - with: - platforms: linux/arm64 - registry: us-west1-docker.pkg.dev/devopsre/dev-images/geth - tag: ${{ github.sha }} - context: . - dockerfile: Dockerfile.arm64 - push: ${{ fromJSON(true) }} - load: ${{ fromJSON(false) }} - - build-container-geth-amd-master: + build-container-geth-master: runs-on: [self-hosted, blockchain, 8-cpu] if: github.ref == 'refs/heads/master' permissions: @@ -76,7 +51,7 @@ jobs: - name: Build and push container uses: celo-org/reusable-workflows/.github/actions/build-container@9817fca8d235a679e56bdcc72c31dfc548413805 with: - platforms: linux/amd64 + platforms: linux/amd64,linux/arm64 registry: us-west1-docker.pkg.dev/devopsre/dev-images/geth tag: master context: . @@ -84,32 +59,6 @@ jobs: push: ${{ fromJSON(true) }} load: ${{ fromJSON(false) }} - build-container-geth-arm-master: - runs-on: [self-hosted, blockchain, 8-cpu] - if: github.ref == 'refs/heads/master' - permissions: - contents: read - id-token: write - security-events: write - steps: - - uses: actions/checkout@v3 - - name: Login at GCP Artifact Registry - uses: celo-org/reusable-workflows/.github/actions/auth-gcp-artifact-registry@9817fca8d235a679e56bdcc72c31dfc548413805 - with: - workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain/providers/github-by-repos' - service-account: 'celo-blockchain@devopsre.iam.gserviceaccount.com' - artifact-registry: us-west1-docker.pkg.dev/devopsre/celo-blockchain-public/geth - - name: Build and push container - uses: celo-org/reusable-workflows/.github/actions/build-container@9817fca8d235a679e56bdcc72c31dfc548413805 - with: - platforms: linux/arm64 - registry: us-west1-docker.pkg.dev/devopsre/dev-images/geth - tag: master - context: . - dockerfile: Dockerfile.arm64 - push: ${{ fromJSON(true) }} - load: ${{ fromJSON(false) }} - build-container-geth-all-master: runs-on: [self-hosted, blockchain, 8-cpu] if: github.ref == 'refs/heads/master' @@ -128,8 +77,8 @@ jobs: - name: Build and push container uses: celo-org/reusable-workflows/.github/actions/build-container@9817fca8d235a679e56bdcc72c31dfc548413805 with: - platforms: linux/amd64 - registry: us-west1-docker.pkg.dev/devopsre/dev-images/geth + platforms: linux/amd64,linux/arm64 + registry: us-west1-docker.pkg.dev/devopsre/dev-images/geth-all tag: master context: . dockerfile: Dockerfile.alltools diff --git a/Dockerfile b/Dockerfile index 0684f63e78..bcbddb570f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ # # Once you are satisfied, build the image using # export COMMIT_SHA=$(git rev-parse HEAD) -# docker build -f Dockerfile --build-arg COMMIT_SHA=$COMMIT_SHA -t gcr.io/celo-testnet/geth:$COMMIT_SHA . +# docker buildx build --platform linux/amd64,linux/arm64 -f Dockerfile --build-arg COMMIT_SHA=$COMMIT_SHA -t gcr.io/celo-testnet/geth:$COMMIT_SHA . # # push the image to the cloud # docker push gcr.io/celo-testnet/geth:$COMMIT_SHA @@ -15,18 +15,25 @@ # To use this image for testing, modify GETH_NODE_DOCKER_IMAGE_TAG in celo-monorepo/.env file # Build Geth in a stock Go builder container -FROM golang:1.19-alpine as builder +FROM golang:1.19-bookworm as builder -RUN apk add --no-cache make gcc musl-dev linux-headers git +RUN headers_package="linux-headers-$(dpkg --print-architecture)" && \ + apt update && \ + apt install -y build-essential git musl-dev $headers_package ADD . /go-ethereum RUN cd /go-ethereum && make geth-musl # Pull Geth into a second stage deploy alpine container -FROM alpine:latest +FROM debian:bookworm-slim ARG COMMIT_SHA -RUN apk add --no-cache ca-certificates +RUN apt update &&\ + apt install -y ca-certificates wget &&\ + rm -rf /var/cache/apt &&\ + rm -rf /var/lib/apt/lists/* &&\ + ln -sf /bin/bash /bin/sh + COPY --from=builder /go-ethereum/build/bin/geth /usr/local/bin/ RUN echo $COMMIT_SHA > /version.txt ADD scripts/run_geth_in_docker.sh / @@ -40,3 +47,4 @@ ARG VERSION="" ARG BUILDNUM="" LABEL commit="$COMMIT" version="$VERSION" buildnum="$BUILDNUM" + diff --git a/Dockerfile.alltools b/Dockerfile.alltools index a219fc2634..e49b022494 100644 --- a/Dockerfile.alltools +++ b/Dockerfile.alltools @@ -1,16 +1,23 @@ # Build Geth in a stock Go builder container -FROM golang:1.19-alpine as builder +FROM golang:1.19-bookworm as builder -RUN apk add --no-cache make gcc musl-dev linux-headers git +RUN headers_package="linux-headers-$(dpkg --print-architecture)" && \ + apt update && \ + apt install -y build-essential git musl-dev $headers_package ADD . /go-ethereum RUN cd /go-ethereum && make all-musl # Pull all binaries into a second stage deploy alpine container -FROM alpine:latest +FROM debian:bookworm ARG COMMIT_SHA -RUN apk add --no-cache ca-certificates +RUN apt update &&\ + apt install -y ca-certificates wget &&\ + rm -rf /var/cache/apt &&\ + rm -rf /var/lib/apt/lists/* &&\ + ln -sf /bin/bash /bin/sh + COPY --from=builder /go-ethereum/build/bin/* /usr/local/bin/ RUN echo $COMMIT_SHA > /version.txt @@ -22,3 +29,4 @@ ARG VERSION="" ARG BUILDNUM="" LABEL commit="$COMMIT" version="$VERSION" buildnum="$BUILDNUM" + diff --git a/Dockerfile.android b/Dockerfile.android deleted file mode 100644 index 3a10e0f3e8..0000000000 --- a/Dockerfile.android +++ /dev/null @@ -1,111 +0,0 @@ -# celohq/circleci:android-v3 -# Note: Please build and push this image this image as -# us.gcr.io/celo-testnet/android:vx after updating the dockerfile. -# It is not automatically built. - -FROM circleci/android:api-28 - -# NDK see also: https://github.com/CircleCI-Public/circleci-dockerfiles/blob/cb8bda793023d3e919ea5553e2f2c04b71f53c49/android/images/api-28-ndk/Dockerfile#L181 - -ARG ndk_version=android-ndk-r19c -ARG android_ndk_home=/opt/android/${ndk_version} - -# Install NDK -RUN curl --silent --show-error --location --fail --retry 3 --output /tmp/${ndk_version}.zip \ - https://dl.google.com/android/repository/${ndk_version}-linux-x86_64.zip && \ - sudo unzip -q /tmp/${ndk_version}.zip -d /opt/android && \ - rm /tmp/${ndk_version}.zip && \ - sudo chown -R circleci:circleci ${android_ndk_home} - -ENV ANDROID_NDK_HOME ${android_ndk_home} -ENV ANDROID_NDK ${android_ndk_home} - -# Install rust - -RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain 1.41.0 -ENV PATH=$PATH:$HOME/.cargo/bin -RUN rustup target add aarch64-linux-android -RUN rustup target add armv7-linux-androideabi -RUN rustup target add i686-linux-android -RUN rustup target add x86_64-linux-android - -# go and node installations command expect to run as root -USER root - -# Install go. See instructions at top when updating the go version. -RUN curl https://dl.google.com/go/go1.16.4.linux-amd64.tar.gz | tar -xz -ENV PATH=/go/bin:$PATH -ENV GOROOT=/go -ENV GOPATH=$HOME/go - -## Using node installation from https://raw.githubusercontent.com/nodejs/docker-node/dc340d0bf2119dee534106ef012e85861cda8b84/12/stretch/Dockerfile - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 12.22.6 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ - # smoke tests - && node --version \ - && npm --version - -ENV YARN_VERSION 1.22.5 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - # smoke test - && yarn --version - - -# Basic smoke test -RUN node --version - -USER circleci diff --git a/Dockerfile.arm64 b/Dockerfile.arm64 deleted file mode 100644 index e6cd0021c9..0000000000 --- a/Dockerfile.arm64 +++ /dev/null @@ -1,31 +0,0 @@ -FROM golang:1.19-bookworm as builder - -RUN apt update && apt install -y build-essential git musl-dev linux-headers-arm64 - -ADD . /go-ethereum -RUN cd /go-ethereum && make geth-musl - -# Pull Geth into a second stage deploy alpine container -FROM debian:bookworm -ARG COMMIT_SHA - -RUN apt update &&\ - apt install -y ca-certificates &&\ - rm -rf /var/cache/apt &&\ - rm -rf /var/lib/apt/lists/* &&\ - ln -sf /bin/bash /bin/sh - -COPY --from=builder /go-ethereum/build/bin/geth /usr/local/bin/ -RUN echo $COMMIT_SHA > /version.txt -ADD scripts/run_geth_in_docker.sh / - -EXPOSE 8545 8546 30303 30303/udp -ENTRYPOINT ["sh", "/run_geth_in_docker.sh"] - -# Add some metadata labels to help programatic image consumption -ARG COMMIT="" -ARG VERSION="" -ARG BUILDNUM="" - -LABEL commit="$COMMIT" version="$VERSION" buildnum="$BUILDNUM" -