From 07bc1dea2f2193222a50cf42c961508a2dffe1f3 Mon Sep 17 00:00:00 2001 From: Dustin Brickwood Date: Wed, 1 Mar 2023 22:41:08 -0600 Subject: [PATCH] chore: updates and fixes Dockerfile and build (#294) --- .dockerignore | 1 - .github/workflows/check.yml | 77 +++++++++++++++++++++++++++--------- Cargo.lock | 2 +- docker/Standalone.Dockerfile | 61 ++++++++++++++++++---------- primitives/Cargo.toml | 2 +- 5 files changed, 101 insertions(+), 42 deletions(-) diff --git a/.dockerignore b/.dockerignore index fd94bd819..d4f833640 100644 --- a/.dockerignore +++ b/.dockerignore @@ -17,7 +17,6 @@ local-test # NodeJS **/node_modules/ -scripts/ docker/ .github/ doc/ diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 6bf949fde..df8dc1db2 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -2,7 +2,7 @@ name: check # Controls when the action will run. on: - # Triggers the workflow on push or pull request events but only for the master branch + # Triggers the workflow on push or pull request events but only for the main branch push: branches: [main] pull_request: @@ -13,39 +13,64 @@ on: env: CARGO_REGISTRIES_CRATES_IO_PROTOCOL: git - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel + jobs: - ci: - # The type of runner that the job will run on + # Format job + check-format: runs-on: ubuntu-20.04 - - # Steps represent a sequence of tasks that will be executed as part of the job + strategy: + matrix: + step: ["check-format"] steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - uses: actions/checkout@v2 - - name: Set-Up run: sudo apt install -y cmake pkg-config libssl-dev git build-essential clang libclang-dev curl protobuf-compiler + - name: Check Format + run: | + SKIP_WASM_BUILD=1 cargo fmt --all -- --check + # Build job + check-build: + runs-on: ubuntu-20.04 + strategy: + matrix: + step: ["check-build"] + steps: + - uses: actions/checkout@v2 + - name: Set-Up + run: sudo apt install -y cmake pkg-config libssl-dev git build-essential clang libclang-dev curl protobuf-compiler - name: Setup DVC uses: iterative/setup-dvc@v1 - - name: Fetch Fixtures run: ./scripts/fetch-fixtures.sh + - name: Check Build + run: | + SKIP_WASM_BUILD=1 cargo check --release -Z sparse-registry + # Test job + test: + runs-on: ubuntu-20.04 + strategy: + matrix: + step: ["test"] + steps: + - uses: actions/checkout@v2 + - name: Set-Up + run: sudo apt install -y cmake pkg-config libssl-dev git build-essential clang libclang-dev curl protobuf-compiler + - name: Setup DVC + uses: iterative/setup-dvc@v1 + - name: Fetch Fixtures + run: ./scripts/fetch-fixtures.sh - name: Install toolchain uses: dtolnay/rust-toolchain@stable with: toolchain: nightly - - name: Install cargo-nextest uses: baptiste0928/cargo-install@v1 with: crate: cargo-nextest version: latest args: "-Z sparse-registry" - - name: Cache Cargo uses: actions/cache@v2 with: @@ -57,13 +82,27 @@ jobs: target/debug target/release key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} - - - name: Check Format - run: | - SKIP_WASM_BUILD=1 cargo fmt --all -- --check - - name: Check Build - run: | - SKIP_WASM_BUILD=1 cargo check --release -Z sparse-registry - name: Test run: | SKIP_WASM_BUILD=1 cargo nextest run --release -Z sparse-registry --workspace --exclude webb-client + + # Main job, runs all parallel jobs + ci: + needs: [check-format, check-build, test] + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v2 + - name: Set-Up + run: sudo apt install -y cmake pkg-config libssl-dev git build-essential clang libclang-dev curl protobuf-compiler + - name: Setup DVC + uses: iterative/setup-dvc@v1 + - name: Fetch Fixtures + run: ./scripts/fetch-fixtures.sh + - name: Install toolchain + uses: dtolnay/rust-toolchain@stable + with: + toolchain: nightly + - name: Install cargo-nextest + uses: baptiste0928/cargo-install@v1 + with: + crate: cargo-nextest diff --git a/Cargo.lock b/Cargo.lock index 19b39a345..05ef243d6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -11477,7 +11477,7 @@ dependencies = [ "ark-crypto-primitives", "ark-ec", "ark-ff", - "ark-groth16 0.3.0 (git+https://github.com/arkworks-rs/groth16?rev=765817f)", + "ark-groth16 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)", "ark-relations", "ark-serialize", "ark-std", diff --git a/docker/Standalone.Dockerfile b/docker/Standalone.Dockerfile index 488fb9bb8..a033da730 100644 --- a/docker/Standalone.Dockerfile +++ b/docker/Standalone.Dockerfile @@ -1,35 +1,56 @@ -FROM rust:1 as builder +# Use a specific version tag for the alpine base image +FROM alpine:3.14.2 AS base + +# Install required packages +RUN apk add --no-cache clang libssl1.1 llvm pkgconfig eudev-dev gmp libc6-compat + +# Create a non-root user to run +RUN adduser -u 1000 -G users -D -h /webb webb \ + && mkdir -p /data /webb/.local/share/webb \ + && chown -R webb:users /data /webb/.local/share/webb \ + && ln -s /data /webb/.local/share/webb + +# Set the user and working directory +USER webb WORKDIR /webb -# Install Required Packages -RUN apt-get update && \ - apt-get install -y git python3 python3-pip pkg-config clang curl libssl-dev llvm libudev-dev libgmp3-dev protobuf-compiler libc6 && \ +# Use a multi-stage build to reduce the size of the final image +FROM rust:1 AS builder + +# Install required packages +RUN apt-get update && apt-get install -y git python3 python3-pip pkg-config clang curl libssl-dev llvm libudev-dev libgmp3-dev protobuf-compiler libc6 && \ rm -rf /var/lib/apt/lists/* RUN pip3 install dvc +# Copy the source code into the container +WORKDIR /webb COPY . . -# Build Standalone Node. -RUN dvc pull -f -RUN cargo build --release -p webb-standalone-node +# Use "RUN" instructions to combine multiple commands into a single layer +RUN git submodule update --init --recursive \ + && sh ./scripts/fetch-fixtures.sh \ + && RUST_BACKTRACE=1 cargo build --release -p webb-standalone-node --verbose -# This is the 2nd stage: a very small image where we copy the Node binary." +# Use the final stage to reduce the size of the final image +FROM base -FROM ubuntu:20.04 +# Create the /data directory and set permissions +USER root +RUN mkdir -p /data \ + && chown webb:users /data +USER webb +# Copy the binary into the final image COPY --from=builder /webb/target/release/webb-standalone-node /usr/local/bin -RUN apt-get update && apt-get install -y clang libssl-dev llvm libudev-dev libgmp3-dev libc6 && rm -rf /var/lib/apt/lists/* - -RUN useradd -m -u 1000 -U -s /bin/sh -d /webb webb && \ - mkdir -p /data /webb/.local/share/webb && \ - chown -R webb:webb /data && \ - ln -s /data /webb/.local/share/webb && \ - # Sanity checks - ldd /usr/local/bin/webb-standalone-node && \ - /usr/local/bin/webb-standalone-node --version - -USER webb +# Expose ports and volume EXPOSE 30333 9933 9944 9615 33334 VOLUME ["/data"] + +# Set the user and working directory +USER webb +WORKDIR /webb + +# Sanity check +CMD ["/usr/local/bin/webb-standalone-node", "--version"] diff --git a/primitives/Cargo.toml b/primitives/Cargo.toml index f456e3034..508502de3 100644 --- a/primitives/Cargo.toml +++ b/primitives/Cargo.toml @@ -23,7 +23,7 @@ ark-bls12-381 = { version = "^0.3.0", default-features = false, features = ["cur ark-bn254 = { version = "^0.3.0", default-features = false, features = ["curve"], optional = true } ark-ec = { version = "^0.3.0", default-features = false } ark-ff = { version = "^0.3.0", default-features = false } -ark-groth16 = { git = "https://github.com/arkworks-rs/groth16", rev = "765817f", default-features = false, features = ["parallel"] } +ark-groth16 = { version = "^0.3.0", default-features = false } ark-relations = { version = "^0.3.0", default-features = false } ark-serialize = { version = "^0.3.0", default-features = false, features = ["derive"] } ark-std = { version = "^0.3.0", default-features = false }