Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor!: docker builds #357

Merged
merged 12 commits into from
Jul 8, 2024
Merged
Show file tree
Hide file tree
Changes from 10 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .cargo/config.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
[build]
# https://github.com/rust-lang/rust/pull/124129
# https://github.com/dtolnay/linkme/pull/88
rustflags = ["-Z", "linker-features=-lld"]
28 changes: 28 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# this is loosely based on `docker init`'s rust template.

**/.DS_Store
**/.classpath
**/.dockerignore
# **/.env
**/.git
**/.gitignore
**/.project
**/.settings
**/.toolstarget
**/.vs
**/.vscode
**/*.*proj.user
**/*.dbmdl
**/*.jfm
**/charts
**/docker-compose*
**/compose*
**/Dockerfile*
**/node_modules
**/npm-debug.log
**/secrets.dev.yaml
**/values.dev.yaml
/bin
/target
LICENSE
README.md
23 changes: 7 additions & 16 deletions .github/workflows/docker_build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,24 +12,15 @@ on:

jobs:
docker:
name: Build and run leader and worker docker images for regression check
name: Regression test docker images
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Build leader docker container
run: |
docker build --progress plain -t leader:${{ github.ref_name }} -f leader.Dockerfile .

- name: Run leader docker container
run: |
docker run --rm leader:${{ github.ref_name }} --help

- name: Build worker docker container
run: |
docker build --progress plain -t worker:${{ github.ref_name }} -f worker.Dockerfile .

- name: Run worker docker container
run: |
docker run --rm worker:${{ github.ref_name }} --help
- run: |
docker build --progress=plain --build-arg=PROFILE=dev --tag scratch .
docker run --rm --init --entrypoint leader scratch --help
docker run --rm --init --entrypoint worker scratch --help
docker run --rm --init --entrypoint rpc scratch --help
docker run --rm --init --entrypoint verifier scratch --help
40 changes: 6 additions & 34 deletions .github/workflows/docker_build_push.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@ on:

env:
REGISTRY: ghcr.io
IMAGE_NAME_LEADER: ${{ github.repository }}-leader
IMAGE_NAME_WORKER: ${{ github.repository }}-worker

jobs:
docker:
Expand All @@ -34,50 +32,24 @@ jobs:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata (tags, labels) for Leader Docker
id: meta_leader
uses: docker/metadata-action@v5
with:
images: |
name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LEADER }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}

- name: Push to GitHub Container Registry - Leader
uses: docker/build-push-action@v3
with:
context: .
file: ./leader.Dockerfile
push: true
# platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta_leader.outputs.tags }}
labels: ${{ steps.meta_leader.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max

- name: Extract metadata (tags, labels) for Worker Docker
id: meta_worker
- name: Extract metadata (tags, labels)
id: meta
uses: docker/metadata-action@v5
with:
images: |
name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME_WORKER }}
name=${{ env.REGISTRY }}/${{ github.repository }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}

- name: Push to GitHub Container Registry - Worker
- name: Push to GitHub Container Registry
uses: docker/build-push-action@v3
with:
context: .
file: ./worker.Dockerfile
push: true
# platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta_worker.outputs.tags }}
labels: ${{ steps.meta_worker.outputs.labels }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
36 changes: 36 additions & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

24 changes: 13 additions & 11 deletions Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,18 +1,20 @@
[workspace]
members = ["mpt_trie",
"smt_trie",
"proof_gen",
"trace_decoder",
members = [
"compat",
"evm_arithmetization",
"mpt_trie",
"proc_macro",
"zero_bin/leader",
"zero_bin/worker",
"proof_gen",
"smt_trie",
"trace_decoder",
"zero_bin/common",
"zero_bin/leader",
"zero_bin/ops",
"zero_bin/verifier",
"zero_bin/prover",
"zero_bin/rpc",
"zero_bin/prover",
"compat"]
"zero_bin/verifier",
"zero_bin/worker",
]
resolver = "2"

[workspace.package]
Expand All @@ -24,7 +26,7 @@ keywords = ["cryptography", "STARK", "plonky2", "ethereum", "zk"]
categories = ["cryptography::cryptocurrencies"]

[workspace.dependencies]
alloy = { git = "https://github.com/alloy-rs/alloy", tag='v0.1.1', default-features = false, features = [
alloy = { git = "https://github.com/alloy-rs/alloy", tag = 'v0.1.1', default-features = false, features = [
"consensus",
"reqwest",
"json-rpc",
Expand All @@ -36,7 +38,7 @@ alloy = { git = "https://github.com/alloy-rs/alloy", tag='v0.1.1', default-featu
"providers",
"transports",
"transport-http",
"rpc-types-debug"
"rpc-types-debug",
] }
anyhow = "1.0.86"
async-stream = "0.3.5"
Expand Down
100 changes: 100 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
# syntax=docker/dockerfile:1
0xaatif marked this conversation as resolved.
Show resolved Hide resolved
# This is loosely based on `docker init`'s rust template.
# For a completely clean build, run something like this:
# ```
# docker build --build-arg=PROFILE=dev --no-cache
# ```

#############
# Build stage
#############
# - `/src` is the repo directory.
# - `/artifacts` is $CARGO_TARGET_DIR.
# - `/output` is where the binaries go.

ARG BUILD_BASE=rustlang/rust:nightly-bullseye-slim
FROM ${BUILD_BASE} AS build

# Install build dependencies.
RUN apt-get update && apt-get install -y \
# for jemalloc
libjemalloc-dev \
libjemalloc2 \
make \
# for openssl
libssl-dev \
pkg-config \
# clean the image
&& rm -rf /var/lib/apt/lists/*

ARG PROFILE=release
# forward the docker argument so that the script below can read it
ENV PROFILE=${PROFILE}

# Build the application.
RUN \
0xaatif marked this conversation as resolved.
Show resolved Hide resolved
# mount the repository so we don't have to COPY it in
--mount=type=bind,source=.,target=/src \
# cache artifacts and the cargo registry to speed up subsequent builds
--mount=type=cache,target=/artifacts \
--mount=type=cache,target=/usr/local/cargo/registry/ \
# run the build
<<EOF
set -eux

# need to change workdir instead of using --manifest-path because we need
# .cargo/config.toml
cd /src

# use the cache mount
# (we will not be able to to write to e.g `/src/target` because it is bind-mounted)
CARGO_TARGET_DIR=/artifacts cargo build --locked "--profile=${PROFILE}" --all
0xaatif marked this conversation as resolved.
Show resolved Hide resolved

# narrow the find call to SUBDIR because if we just copy out all executables
# we will break the cache invariant
if [ "$PROFILE" = "dev" ]; then
0xaatif marked this conversation as resolved.
Show resolved Hide resolved
SUBDIR=debug # edge case
else
SUBDIR=$PROFILE
fi

# maxdepth because binaries are in the root
# - other folders contain build scripts etc.
mkdir /output
find "/artifacts/$SUBDIR" \
0xaatif marked this conversation as resolved.
Show resolved Hide resolved
-maxdepth 1 \
-type f \
-executable \
-not -name '*.so' \
-exec cp '{}' /output \; \
-print

EOF

##################
# Final executable
##################
FROM debian:bullseye-slim AS final

# Install runtime dependencies.
RUN apt-get update && apt-get install -y \
ca-certificates \
libjemalloc2 \
&& rm -rf /var/lib/apt/lists/*

# this keeps this build target agnostic to the build profile
COPY --from=build ["/output/rpc", "/output/leader", "/output/worker", "/output/verifier", "/usr/local/bin/"]

# Create a non-privileged user that the app will run under.
# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
ARG UID=10001
RUN adduser \
0xaatif marked this conversation as resolved.
Show resolved Hide resolved
--disabled-password \
--gecos "" \
--home "/nonexistent" \
--shell "/sbin/nologin" \
--no-create-home \
--uid "${UID}" \
user
USER user

60 changes: 0 additions & 60 deletions leader.Dockerfile

This file was deleted.

Loading
Loading