docker: build CLI in shared image

Co-authored-by: Evan Gray <battledingo@gmail.com>

Dockerfile.cli

@@ -0,0 +1,25 @@
+# syntax=docker.io/docker/dockerfile:1.3@sha256:42399d4635eddd7a9b8a24be879d2f9a930d0ed040a61324cfdf59ef1357b3b2
+FROM node:18-alpine@sha256:44aaf1ccc80eaed6572a0f2ef7d6b5a2982d54481e4255480041ac92221e2f11 as cli-build
+
+# Support additional root CAs
+COPY README.md cert.pem* /certs/
+# Alpine
+RUN if [ -e /certs/cert.pem ]; then cp /certs/cert.pem /etc/ssl/cert.pem; fi
+
+# Copy package.json & package-lock.json by themselves to create a cache layer
+COPY clients/js/package.json clients/js/package-lock.json /clients/js/
+
+WORKDIR /clients/js
+
+RUN npm ci
+
+# Copy the rest of the source files, as a layer on top of the deps
+COPY clients/js /clients/js
+
+# Build CLI
+RUN npm run build
+
+FROM scratch AS cli-export
+
+COPY --from=cli-build clients/js/build/main.js clients/js/build/main.js
+COPY --from=cli-build clients/js/package.json clients/js/package.json

Dockerfile.const

@@ -1,5 +1,6 @@
 # syntax=docker.io/docker/dockerfile:1.3@sha256:42399d4635eddd7a9b8a24be879d2f9a930d0ed040a61324cfdf59ef1357b3b2
-FROM node:16-alpine@sha256:004dbac84fed48e20f9888a23e32fa7cf83c2995e174a78d41d9a9dd1e051a20 as const-build
+FROM cli-gen as cli-export
+FROM node:18-alpine@sha256:44aaf1ccc80eaed6572a0f2ef7d6b5a2982d54481e4255480041ac92221e2f11 as const-build
 
 # fetch scripts/guardian-set-init.sh deps
 RUN apk update && apk add bash g++ make python3 curl jq findutils
@@ -9,22 +10,12 @@ COPY README.md cert.pem* /certs/
 # Alpine
 RUN if [ -e /certs/cert.pem ]; then cp /certs/cert.pem /etc/ssl/cert.pem; fi
 
-# install CLI deps & build
-WORKDIR /clients/js
+# Copy and link CLI
+COPY --from=cli-export clients/js /cli
 
-# copy package.json & package-lock.json by themselves to create a cache layer
-COPY clients/js/package.json clients/js/package-lock.json ./
-# mount the buildkit cache on npm's cache dir, install dependencies
+WORKDIR /cli
 
-# Commenting out npm cache due to heisenbug with github build machines
-# RUN --mount=type=cache,uid=1000,gid=1000,target=/home/node/.npm
-
-RUN npm ci
-
-# copy the rest of the source files, as a layer on top of the deps
-COPY clients/js ./
-# build CLI
-RUN make build
+RUN npm link
 
 WORKDIR /
 
@@ -41,14 +32,6 @@ RUN ./scripts/distribute-devnet-consts.sh
 RUN ./scripts/guardian-set-init.sh $NUM_GUARDIANS
 
 FROM scratch AS const-export
-COPY --from=const-build /scripts/.env.0x ethereum/.env
-COPY --from=const-build /scripts/.env.hex solana/.env
-COPY --from=const-build /scripts/.env.hex terra/tools/.env
-COPY --from=const-build /scripts/.env.hex cosmwasm/deployment/terra2/tools/.env
-COPY --from=const-build /scripts/.env.hex algorand/.env
-COPY --from=const-build /scripts/.env.hex near/.env
-COPY --from=const-build /scripts/.env.hex sui/.env
-COPY --from=const-build /scripts/.env.hex aptos/.env
-COPY --from=const-build /scripts/.env.hex wormchain/contracts/tools/.env
-
-COPY --from=const-build /scripts/devnet-consts.json wormchain/contracts/tools/
+COPY --from=const-build /scripts/.env.0x .env.0x
+COPY --from=const-build /scripts/.env.hex .env
+COPY --from=const-build /scripts/devnet-consts.json devnet-consts.json

Tiltfile

@@ -101,13 +101,17 @@ if not ci:
 def k8s_yaml_with_ns(objects):
     return k8s_yaml(namespace_inject(objects, namespace))
 
-local_resource(
-    name = "const-gen",
-    deps = ["scripts", "clients", "ethereum/.env.test"],
-    cmd = 'tilt docker build -- --target const-export -f Dockerfile.const -o type=local,dest=. --build-arg num_guardians=%s .' % (num_guardians),
-    env = {"DOCKER_BUILDKIT": "1"},
-    allow_parallel = True,
-    trigger_mode = trigger_mode,
+docker_build(
+    ref = "cli-gen",
+    context = ".",
+    dockerfile = "Dockerfile.cli",
+)
+
+docker_build(
+    ref = "const-gen",
+    context = ".",
+    dockerfile = "Dockerfile.const",
+    build_args={"num_guardians": '%s' % (num_guardians)},
 )
 
 # node
@@ -431,7 +435,6 @@ if solana or pythnet:
             port_forward(8899, name = "Solana RPC [:8899]", host = webHost),
             port_forward(8900, name = "Solana WS [:8900]", host = webHost),
         ],
-        resource_deps = ["const-gen"],
         labels = ["solana"],
         trigger_mode = trigger_mode,
     )
@@ -527,7 +530,6 @@ k8s_resource(
     port_forwards = [
         port_forward(8545, name = "Ganache RPC [:8545]", host = webHost),
     ],
-    resource_deps = ["const-gen"],
     labels = ["evm"],
     trigger_mode = trigger_mode,
 )
@@ -540,7 +542,6 @@ if evm2:
         port_forwards = [
             port_forward(8546, name = "Ganache RPC [:8546]", host = webHost),
         ],
-        resource_deps = ["const-gen"],
         labels = ["evm"],
         trigger_mode = trigger_mode,
     )
@@ -587,7 +588,7 @@ if ci_tests:
         "accountant-ci-tests",
         labels = ["ci"],
         trigger_mode = trigger_mode,
-        resource_deps = ["const-gen"], # uses devnet-consts.json, but wormchain/contracts/tools/test_accountant.sh handles waiting for guardian, not having deps gets the build earlier
+        resource_deps = [], # uses devnet-consts.json, but wormchain/contracts/tools/test_accountant.sh handles waiting for guardian, not having deps gets the build earlier
     )
 
 if terra_classic:
@@ -611,7 +612,6 @@ if terra_classic:
             port_forward(26657, name = "Terra RPC [:26657]", host = webHost),
             port_forward(1317, name = "Terra LCD [:1317]", host = webHost),
         ],
-        resource_deps = ["const-gen"],
         labels = ["terra"],
         trigger_mode = trigger_mode,
     )
@@ -659,7 +659,6 @@ if terra2:
             port_forward(26658, container_port = 26657, name = "Terra 2 RPC [:26658]", host = webHost),
             port_forward(1318, container_port = 1317, name = "Terra 2 LCD [:1318]", host = webHost),
         ],
-        resource_deps = ["const-gen"],
         labels = ["terra2"],
         trigger_mode = trigger_mode,
     )
@@ -707,7 +706,6 @@ if algorand:
             port_forward(4002, name = "KMD [:4002]", host = webHost),
             port_forward(8980, name = "Indexer [:8980]", host = webHost),
         ],
-        resource_deps = ["const-gen"],
         labels = ["algorand"],
         trigger_mode = trigger_mode,
     )
@@ -721,7 +719,7 @@ if sui:
         context = ".",
         dockerfile = "sui/Dockerfile",
         ignore = ["./sui/sui.log*", "sui/sui.log*", "sui.log.*"],
-        only = ["./sui", "./clients/js"],
+        only = ["./sui"],
     )
 
     k8s_resource(
@@ -731,12 +729,11 @@ if sui:
             port_forward(5003, name = "Faucet [:5003]", host = webHost),
             port_forward(9184, name = "Prometheus [:9184]", host = webHost),
         ],
-        resource_deps = ["const-gen"],
         labels = ["sui"],
         trigger_mode = trigger_mode,
     )
 
-if near:
+if near: 
     k8s_yaml_with_ns("devnet/near-devnet.yaml")
 
     docker_build(
@@ -759,7 +756,6 @@ if near:
             port_forward(3030, name = "Node [:3030]", host = webHost),
             port_forward(3031, name = "webserver [:3031]", host = webHost),
         ],
-        resource_deps = ["const-gen"],
         labels = ["near"],
         trigger_mode = trigger_mode,
     )
@@ -833,14 +829,13 @@ if wormchain:
             port_forward(9090, container_port = 9090, name = "GRPC", host = webHost),
             port_forward(26659, container_port = 26657, name = "TENDERMINT [:26659]", host = webHost)
         ],
-        resource_deps = ["const-gen"],
         labels = ["wormchain"],
         trigger_mode = trigger_mode,
     )
 
     k8s_resource(
         "wormchain-deploy",
-        resource_deps = ["const-gen", "wormchain"],
+        resource_deps = ["wormchain"],
         labels = ["wormchain"],
         trigger_mode = trigger_mode,
     )
@@ -901,7 +896,6 @@ if aptos:
             port_forward(6181, name = "FullNode [:6181]", host = webHost),
             port_forward(8081, name = "Faucet [:8081]", host = webHost),
         ],
-        resource_deps = ["const-gen"],
         labels = ["aptos"],
         trigger_mode = trigger_mode,
     )

algorand/Dockerfile

@@ -1,4 +1,5 @@
 # syntax=docker.io/docker/dockerfile:1.3@sha256:42399d4635eddd7a9b8a24be879d2f9a930d0ed040a61324cfdf59ef1357b3b2
+FROM const-gen AS const-export
 FROM docker.io/python:3.10@sha256:eeed7cac682f9274d183f8a7533ee1360a26acb3616aa712b2be7896f80d8c5f
 
 # Support additional root CAs
@@ -21,4 +22,4 @@ RUN mkdir teal
 COPY *.py .
 COPY test/*.json .
 COPY deploy.sh deploy.sh 
-COPY .env .env
+COPY --from=const-export .env .env

aptos/Docker.md

@@ -1,6 +1,11 @@
 # first build the image
+
 (cd ..; DOCKER_BUILDKIT=1 docker build -f aptos/Dockerfile.base -t aptos .)
+
 # tag the image with the appropriate version
-docker tag aptos:latest ghcr.io/wormhole-foundation/aptos:1.0.4
+
+docker tag aptos:latest ghcr.io/wormhole-foundation/aptos:1.0.4_1
+
 # push to ghcr
-docker push ghcr.io/wormhole-foundation/aptos:1.0.4
+
+docker push ghcr.io/wormhole-foundation/aptos:1.0.4_1

aptos/Dockerfile

@@ -1,9 +1,15 @@
-FROM ghcr.io/wormhole-foundation/aptos:1.0.4@sha256:0610c97ba32aab7113765b05a0c71d75b3842f7ee11ff8d7f75bd0ea03ad95b2 as aptos
+FROM cli-gen AS cli-export
+FROM const-gen AS const-export
+FROM ghcr.io/wormhole-foundation/aptos:1.0.4_1@sha256:8d61205efab33e03375a146cdcf4838e2de4797ff2618b08a22cf74ec0843779 as aptos
 
 # Support additional root CAs
 COPY cert.pem* /certs/
 RUN if [ -e /certs/cert.pem ]; then cp /certs/cert.pem /etc/ssl/certs/ca-certificates.crt; fi
 
+# Install nodejs 
+# todo(aki): move this into base image?
+RUN curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && apt-get update && apt-get install -y nodejs
+
 WORKDIR /tmp
 
 COPY wormhole/ wormhole
@@ -14,11 +20,16 @@ COPY coin/ coin
 COPY examples/ examples
 COPY Makefile Makefile
 COPY scripts scripts
-# In this step we optionally copy the .env file too
-COPY start_node.sh .env* .
+COPY start_node.sh start_node.sh
+COPY --from=const-export .env .env
+COPY --from=cli-export clients/js /cli
+
+WORKDIR /cli
+
+RUN npm link
 
 FROM aptos AS tests
 
 WORKDIR /tmp
 
-RUN    make test
+RUN make test

aptos/Dockerfile.base

@@ -10,14 +10,3 @@ RUN cargo build -p aptos --profile cli
 
 FROM rust:1.62@sha256:5777f201f507075309c4d2d1c1e8d8219e654ae1de154c844341050016a64a0c as export-stage
 COPY --from=aptos-node /tmp/aptos-core/target/cli/aptos /usr/local/cargo/bin/aptos
-
-RUN apt-get update && apt-get -y install npm
-WORKDIR /tmp
-RUN npm install -g n typescript ts-node
-RUN n stable
-
-COPY clients/js  /tmp/clients/js
-
-WORKDIR /tmp/clients/js
-
-RUN make install

aptos/Makefile

@@ -7,4 +7,6 @@ $(TARGETS):
 	$(foreach dir,$(CONTRACT_DIRS), make -C $(dir) $@ &&) true
 
 test-docker:
+	DOCKER_BUILDKIT=1 docker build --progress plain  -f ../Dockerfile.cli -t cli-gen ..
+	DOCKER_BUILDKIT=1 docker build --build-arg num_guardians=1 --progress plain  -f ../Dockerfile.const -t const-gen ..
 	DOCKER_BUILDKIT=1 docker build --progress plain  -f Dockerfile --target tests .

aptos/scripts/wait_for_devnet

@@ -1,4 +1,6 @@
 #!/bin/bash
 set -e
-while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' 0.0.0.0:8080/v1/-/healthy)" != "200" ]]; do sleep 5; done
-while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' 0.0.0.0:8081/health)" != "200" ]]; do sleep 5; done
+
+# Logic from https://github.com/aptos-labs/aptos-core/blob/95b4388ab0e5fec6971236232b7a179839980989/crates/aptos/e2e/local_testnet.py#L79
+while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' 0.0.0.0:8080/v1)" != "200" ]]; do sleep 5; done
+while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' 0.0.0.0:8081/health)" != "200" && "$(curl -s -o /dev/null -w ''%{http_code}'' 0.0.0.0:8081/)" != "200" ]]; do sleep 5; done

clients/js/src/cmds/aptos.ts

@@ -398,7 +398,7 @@ export const builder = (y: typeof yargs) =>
     .command(
       "faucet",
       "Request money from the faucet for a given account",
-      (_yargs) =>
+      (yargs) =>
         yargs
           .option("rpc", {
             alias: "r",

cosmwasm/Dockerfile.deploy

@@ -1,3 +1,4 @@
+FROM const-gen AS const-export
 # This is a multi-stage docker file:
 #  1. The first stage contains the built contracts (wasm files)
 #  2. The second creates a node.js environment to deploy the contracts to devnet
@@ -26,3 +27,4 @@ COPY ./tools/package.json ./tools/package-lock.json /app/tools/
 RUN --mount=type=cache,uid=1000,gid=1000,target=/home/node/.npm \
     npm ci
 COPY ./tools /app/tools
+COPY --from=const-export .env /app/tools/.env

devnet/solana-devnet.yaml

@@ -97,7 +97,9 @@ spec:
         - name: setup
           image: bridge-client
           command:
-            - /usr/src/solana/devnet_setup.sh
+            - /bin/bash
+            - -c
+            - "cd /usr/src/solana && ./devnet_setup.sh"
           readinessProbe:
             tcpSocket:
               port: 2000

ethereum/Dockerfile

@@ -1,4 +1,5 @@
 # syntax=docker.io/docker/dockerfile:1.3@sha256:42399d4635eddd7a9b8a24be879d2f9a930d0ed040a61324cfdf59ef1357b3b2
+FROM const-gen AS const-export
 FROM node:lts-alpine@sha256:2ae9624a39ce437e7f58931a5747fdc60224c6e40f8980db90728de58e22af7c
 
 # npm wants to clone random Git repositories - lovely.
@@ -26,7 +27,7 @@ RUN if [ -e /certs/cert.pem ]; then git config --global http.sslCAInfo /certs/ce
 # Only invalidate the npm install step if package.json changed
 COPY --chown=node:node package.json .
 COPY --chown=node:node package-lock.json .
-COPY --chown=node:node .env.test .env
+COPY --from=const-export --chown=node:node .env.0x .env
 
 # We want to cache node_modules *and* incorporate it into the final image.
 RUN --mount=type=cache,uid=1000,gid=1000,target=/home/node/.npm \

near/Dockerfile.contracts

@@ -1,3 +1,4 @@
+FROM const-gen AS const-export
 FROM ghcr.io/wormhole-foundation/near:0.2@sha256:c2089c5e93df2396d74f9c07e7cd3d76983fad97bddb202030ca442c2c00c3c2 AS near-contracts
 
 RUN mkdir -p /.npm /home/node/appa /home/node/.npm
@@ -9,7 +10,7 @@ USER 1000
 
 ADD --chown=1000:1000 package.json .
 ADD --chown=1000:1000 package-lock.json .
-ADD --chown=1000:1000 .env .env
+COPY --from=const-export --chown=1000:1000 .env .
 
 RUN npm ci
 

near/Dockerfile.deploy

@@ -1,3 +1,4 @@
+FROM const-gen AS const-export
 FROM ghcr.io/wormhole-foundation/near:0.2@sha256:c2089c5e93df2396d74f9c07e7cd3d76983fad97bddb202030ca442c2c00c3c2 AS build
 
 WORKDIR /app
@@ -11,7 +12,7 @@ FROM node:16-alpine@sha256:004dbac84fed48e20f9888a23e32fa7cf83c2995e174a78d41d9a
 WORKDIR /app
 COPY package.json .
 COPY package-lock.json .
-COPY .env .
+COPY --from=const-export .env .
 COPY devnet_deploy.sh .
 COPY devnet_deploy.ts .
 COPY --from=build /app/contracts/*/target/wasm32-unknown-unknown/release/*.wasm .

scripts/check-docker-pin.sh

@@ -13,7 +13,7 @@
 #   - We ignore cosmwasm_artifacts AS artifacts because it's a local reference only, is built in tilt
 #   - We ignore base AS (ignite-go-build|ignite-vue-build) because the base image is already pinned in wormchain/Dockerfile.proto
 #
-git ls-files -z | grep -z "Dockerfile*" | xargs -r -0 grep -s "FROM" | egrep -v 'sha256|scratch|solana|aptos|sui|base|cosmwasm_artifacts AS (application|base|builder|ci_tests|tests|artifacts|ignite-go-build|ignite-vue-build)'
+git ls-files -z | grep -z "Dockerfile*" | xargs -r -0 grep -s "FROM" | egrep -v 'sha256|scratch|solana|aptos|sui|base|cosmwasm_artifacts|cli-gen|const-gen AS (application|base|builder|ci_tests|tests|artifacts|ignite-go-build|ignite-vue-build|cli-export|const-export)'
 if [ $? -eq 0 ]; then
    echo "[!] Unpinned docker files" >&2
    exit 1

scripts/guardian-set-init.sh

@@ -46,11 +46,6 @@ if ! type -p jq; then
     exit 1
 fi
 
-# Rebuild the CLI binary if needed. If the binary is already up to date, this
-# command finishes in a fraction of a second.
-make build -C ./clients/js
-
-
 # 1) guardian public keys - used as the inital guardian set when initializing contracts.
 echo "generating guardian set addresses"
 # create an array of strings containing the ECDSA public keys of the devnet guardians in the guardianset:
@@ -102,25 +97,25 @@ aptosNFTBridge=$(jq --raw-output '.chains."22".contracts.nftBridgeEmitterAddress
 
 # 4) create token bridge registration VAAs
 # invoke CLI commands to create registration VAAs
-solTokenBridgeVAA=$(node ./clients/js/build/main.js generate registration -m TokenBridge -c solana -a ${solTokenBridge} -g ${guardiansPrivateCSV})
-ethTokenBridgeVAA=$(node ./clients/js/build/main.js generate registration -m TokenBridge -c ethereum -a ${ethTokenBridge} -g ${guardiansPrivateCSV})
-terraTokenBridgeVAA=$(node ./clients/js/build/main.js generate registration -m TokenBridge -c terra -a ${terraTokenBridge} -g ${guardiansPrivateCSV})
-bscTokenBridgeVAA=$(node ./clients/js/build/main.js generate registration -m TokenBridge -c bsc -a ${bscTokenBridge} -g ${guardiansPrivateCSV})
-algoTokenBridgeVAA=$(node ./clients/js/build/main.js generate registration -m TokenBridge -c algorand -a ${algoTokenBridge} -g ${guardiansPrivateCSV})
-nearTokenBridgeVAA=$(node ./clients/js/build/main.js generate registration -m TokenBridge -c near -a ${nearTokenBridge} -g ${guardiansPrivateCSV})
-terra2TokenBridgeVAA=$(node ./clients/js/build/main.js generate registration -m TokenBridge -c terra2 -a ${terra2TokenBridge} -g ${guardiansPrivateCSV})
-suiTokenBridgeVAA=$(node ./clients/js/build/main.js generate registration -m TokenBridge -c sui -a ${suiTokenBridge} -g ${guardiansPrivateCSV})
-aptosTokenBridgeVAA=$(node ./clients/js/build/main.js generate registration -m TokenBridge -c aptos -a ${aptosTokenBridge} -g ${guardiansPrivateCSV})
-wormchainTokenBridgeVAA=$(node ./clients/js/build/main.js generate registration -m TokenBridge -c wormchain -a ${wormchainTokenBridge} -g ${guardiansPrivateCSV})
+solTokenBridgeVAA=$(worm generate registration -m TokenBridge -c solana -a ${solTokenBridge} -g ${guardiansPrivateCSV})
+ethTokenBridgeVAA=$(worm generate registration -m TokenBridge -c ethereum -a ${ethTokenBridge} -g ${guardiansPrivateCSV})
+terraTokenBridgeVAA=$(worm generate registration -m TokenBridge -c terra -a ${terraTokenBridge} -g ${guardiansPrivateCSV})
+bscTokenBridgeVAA=$(worm generate registration -m TokenBridge -c bsc -a ${bscTokenBridge} -g ${guardiansPrivateCSV})
+algoTokenBridgeVAA=$(worm generate registration -m TokenBridge -c algorand -a ${algoTokenBridge} -g ${guardiansPrivateCSV})
+nearTokenBridgeVAA=$(worm generate registration -m TokenBridge -c near -a ${nearTokenBridge} -g ${guardiansPrivateCSV})
+terra2TokenBridgeVAA=$(worm generate registration -m TokenBridge -c terra2 -a ${terra2TokenBridge} -g ${guardiansPrivateCSV})
+suiTokenBridgeVAA=$(worm generate registration -m TokenBridge -c sui -a ${suiTokenBridge} -g ${guardiansPrivateCSV})
+aptosTokenBridgeVAA=$(worm generate registration -m TokenBridge -c aptos -a ${aptosTokenBridge} -g ${guardiansPrivateCSV})
+wormchainTokenBridgeVAA=$(worm generate registration -m TokenBridge -c wormchain -a ${wormchainTokenBridge} -g ${guardiansPrivateCSV})
 
 
 # 5) create nft bridge registration VAAs
 echo "generating contract registration VAAs for nft bridges"
-solNFTBridgeVAA=$(node ./clients/js/build/main.js generate registration -m NFTBridge -c solana -a ${solNFTBridge} -g ${guardiansPrivateCSV})
-ethNFTBridgeVAA=$(node ./clients/js/build/main.js generate registration -m NFTBridge -c ethereum -a ${ethNFTBridge} -g ${guardiansPrivateCSV})
-terraNFTBridgeVAA=$(node ./clients/js/build/main.js generate registration -m NFTBridge -c terra -a ${terraNFTBridge} -g ${guardiansPrivateCSV})
-nearNFTBridgeVAA=$(node ./clients/js/build/main.js generate registration -m NFTBridge -c near -a ${nearNFTBridge} -g ${guardiansPrivateCSV})
-aptosNFTBridgeVAA=$(node ./clients/js/build/main.js generate registration -m NFTBridge -c aptos -a ${aptosNFTBridge} -g ${guardiansPrivateCSV})
+solNFTBridgeVAA=$(worm generate registration -m NFTBridge -c solana -a ${solNFTBridge} -g ${guardiansPrivateCSV})
+ethNFTBridgeVAA=$(worm generate registration -m NFTBridge -c ethereum -a ${ethNFTBridge} -g ${guardiansPrivateCSV})
+terraNFTBridgeVAA=$(worm generate registration -m NFTBridge -c terra -a ${terraNFTBridge} -g ${guardiansPrivateCSV})
+nearNFTBridgeVAA=$(worm generate registration -m NFTBridge -c near -a ${nearNFTBridge} -g ${guardiansPrivateCSV})
+aptosNFTBridgeVAA=$(worm generate registration -m NFTBridge -c aptos -a ${aptosNFTBridge} -g ${guardiansPrivateCSV})
 
 
 # 6) write the registration VAAs to env files
@@ -202,7 +197,7 @@ upsert_env_file $envFile $wormchainTokenBridge $wormchainTokenBridgeVAA
 # chain dirs will not exist if running in docker for Tilt, only if running locally. check before copying.
 # copy ethFile to ethereum
 if [[ -d ./ethereum ]]; then
-    echo "copying $ethFile to /etherum/.env"
+    echo "copying $ethFile to /ethereum/.env"
     cp $ethFile ./ethereum/.env
 fi
 

solana/Dockerfile.client

@@ -1,20 +1,16 @@
 #syntax=docker/dockerfile:1.2@sha256:e2a8561e419ab1ba6b2fe6cbdf49fd92b95912df1cf7d313c3e2230a333fdbcc
+FROM cli-gen AS cli-export
+FROM const-gen AS const-export
 FROM ghcr.io/wormhole-foundation/solana:1.10.31@sha256:d31e8db926a1d3fbaa9d9211d9979023692614b7b64912651aba0383e8c01bad AS solana
 
 # libudev is needed by spl-token-cli, and ncat is needed by the devnet setup
 # script to be able to signal a health status for tilt
 RUN apt-get update && apt-get install -yq libudev-dev ncat
-RUN curl -fsSL https://deb.nodesource.com/setup_16.x | bash - && apt-get install -y nodejs
+RUN curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && apt-get install -y nodejs
 
 RUN --mount=type=cache,target=/root/.cache \
     cargo install --version =2.0.12 --locked spl-token-cli
 
-WORKDIR /usr/src/clients/js
-COPY clients/js/package.json clients/js/package-lock.json ./
-RUN --mount=type=cache,uid=1000,gid=1000,target=/home/node/.npm \
-    npm ci
-COPY clients/js ./
-
 COPY solana /usr/src/solana
 COPY proto /usr/src/proto
 
@@ -29,8 +25,16 @@ ENV BRIDGE_ADDRESS="Bridge1p5gheXUvJ6jGWGeCsgPKgnE3YgdGKRVCMY9o"
 RUN --mount=type=cache,target=/root/.cache \
     --mount=type=cache,target=target \
     --mount=type=cache,target=/usr/local/cargo/registry,id=cargo_registry \
-	set -xe && \
+    set -xe && \
     cargo build --manifest-path ./Cargo.toml --package bridge_client --release --locked && \
     cargo build --manifest-path ./Cargo.toml --package token_bridge_client --release --locked && \
     cp target/release/bridge_client /usr/local/bin/client && \
     cp target/release/token_bridge_client /usr/local/bin/token-bridge-client
+
+# Copy .env and CLI and link `worm`
+COPY --from=const-export .env /usr/src/solana/.env
+COPY --from=cli-export clients/js /usr/src/cli
+
+WORKDIR /usr/src/cli
+
+RUN npm link

solana/devnet_setup.sh

@@ -2,11 +2,6 @@
 # This script configures the devnet for test transfers with hardcoded addresses.
 set -eu
 
-# kick off building worm in the background, and remember the process PID so we
-# can wait on it later
-make -C /usr/src/clients/js install &
-worm_build_pid=$!
-
 # Configure CLI (works the same as upstream Solana CLI)
 mkdir -p ~/.config/solana/cli
 cat <<EOF > ~/.config/solana/cli/config.yml
@@ -120,12 +115,6 @@ retry token-bridge-client create-bridge "$token_bridge_address" "$bridge_address
 # Initialize the NFT bridge
 retry token-bridge-client create-bridge "$nft_bridge_address" "$bridge_address"
 
-echo "Waiting for worm to finish building"
-wait $worm_build_pid
-
-# Trigger wormhole config file before running in parallel
-worm --help
-
 # next we get all the registration VAAs from the environment
 # if a new VAA is added, this will automatically pick it up
 VAAS=$(set | grep "REGISTER_.*_VAA" | grep -v SOL | cut -d '=' -f1)

sui/Docker.md

@@ -4,10 +4,10 @@ cd ..; DOCKER_BUILDKIT=1 docker build --no-cache --progress plain -f sui/Dockerf
 
 # tag the image with the appropriate version
 
-docker tag sui:latest ghcr.io/wormhole-foundation/sui:1.0.0-testnet
+docker tag sui:latest ghcr.io/wormhole-foundation/sui:1.0.0-testnet_1
 
 # push to ghcr
 
-docker push ghcr.io/wormhole-foundation/sui:1.0.0-testnet
+docker push ghcr.io/wormhole-foundation/sui:1.0.0-testnet_1
 
 echo remember to update both Dockerfile and Dockerfile.export

sui/Dockerfile

@@ -1,6 +1,6 @@
-FROM ghcr.io/wormhole-foundation/sui:1.0.0-testnet@sha256:63a8094590ddb90320aa1c86414f17cc73c759ecbdfaf2fe78f135b7c08ec536 as sui
-
-RUN dnf -y install make git npm
+FROM cli-gen AS cli-export
+FROM const-gen AS const-export
+FROM ghcr.io/wormhole-foundation/sui:1.0.0-testnet_1@sha256:806fc83e7bbd59bca0a1960870d27b041d0b99a286d7eccfcec25beb74c2346c as sui
 
 COPY sui/README.md sui/cert.pem* /certs/
 RUN if [ -e /certs/cert.pem ]; then cp /certs/cert.pem /etc/ssl/certs/ca-certificates.crt; fi
@@ -10,13 +10,6 @@ RUN sui genesis -f
 
 COPY sui/devnet/ /root/.sui/sui_config/
 
-# Build CLI, TODO(aki): move this to base image before merging into main
-RUN npm install -g n typescript ts-node
-RUN n stable
-COPY clients/js /tmp/clients/js
-WORKDIR /tmp/clients/js
-RUN make install
-
 WORKDIR /tmp
 
 COPY sui/scripts/ scripts
@@ -24,7 +17,15 @@ COPY sui/wormhole/ wormhole
 COPY sui/token_bridge/ token_bridge
 COPY sui/examples/ examples
 COPY sui/Makefile Makefile
-COPY sui/.env* .
+
+# Copy .env and CLI
+COPY --from=const-export .env .env
+COPY --from=cli-export clients/js /cli
+
+# Link `worm`
+WORKDIR /cli
+
+RUN npm link
 
 FROM sui AS tests
 

sui/Dockerfile.base

@@ -16,7 +16,12 @@ RUN /tmp/node_builder.sh
 FROM docker.io/redhat/ubi8@sha256:56c374376a42da40f3aec753c4eab029b5ea162d70cb5f0cda24758780c31d81 as export-stage
 
 RUN dnf -y update
-RUN dnf -y install jq curl git
+RUN dnf -y install jq curl git make
+
+# Update nodejs version from 10.24.0 to 18.x
+RUN dnf remove -y nodejs npm
+RUN curl -sL https://rpm.nodesource.com/setup_18.x | bash -
+RUN dnf install -y nodejs
 
 COPY --from=sui-node /root/.cargo/bin/sui /bin/sui
 COPY --from=sui-node /root/.cargo/bin/sui-faucet /bin/sui-faucet

sui/Makefile

@@ -10,4 +10,6 @@ test:
 	$(foreach dir,$(TEST_CONTRACT_DIRS), make -C $(dir) $@ &&) true
 
 test-docker:
+	DOCKER_BUILDKIT=1 docker build --progress plain  -f ../Dockerfile.cli -t cli-gen ..
+	DOCKER_BUILDKIT=1 docker build --build-arg num_guardians=1 --progress plain -f ../Dockerfile.const -t const-gen ..
 	DOCKER_BUILDKIT=1 docker build -f Dockerfile ..

terra/Dockerfile

@@ -1,3 +1,4 @@
+FROM const-gen AS const-export
 # This is a multi-stage docker file:
 #  1. The first stage builds the contracts
 #  2. The second is an empty image with only the wasm files (useful for exporting)
@@ -39,3 +40,4 @@ COPY ./tools/package.json ./tools/package-lock.json /app/tools/
 RUN --mount=type=cache,uid=1000,gid=1000,target=/home/node/.npm \
     npm ci
 COPY ./tools /app/tools
+COPY --from=const-export .env /app/tools/.env

testing/Dockerfile.bridge_ui.test

@@ -1,15 +0,0 @@
-FROM node:16-alpine@sha256:004dbac84fed48e20f9888a23e32fa7cf83c2995e174a78d41d9a9dd1e051a20
-
-RUN apk update && apk add g++ make python3 curl
-
-RUN mkdir -p /app
-WORKDIR /app
-
-COPY bridge_ui/package.json bridge_ui/package-lock.json ./bridge_ui/
-RUN --mount=type=cache,uid=1000,gid=1000,target=/home/node/.npm \
-    npm ci --prefix bridge_ui
-COPY bridge_ui ./bridge_ui
-
-COPY testing ./testing
-
-WORKDIR /app/testing

testing/Dockerfile.sdk.test

@@ -1,4 +1,4 @@
-FROM node:16-alpine@sha256:004dbac84fed48e20f9888a23e32fa7cf83c2995e174a78d41d9a9dd1e051a20
+FROM node:18-alpine@sha256:44aaf1ccc80eaed6572a0f2ef7d6b5a2982d54481e4255480041ac92221e2f11
 
 RUN apk update && apk add g++ make python3 curl
 
@@ -7,14 +7,14 @@ WORKDIR /app
 
 COPY ethereum/package.json ethereum/package-lock.json ./ethereum/
 RUN --mount=type=cache,uid=1000,gid=1000,target=/home/node/.npm \
-    npm ci --prefix ethereum
+  npm ci --prefix ethereum
 COPY ethereum ./ethereum
 
 COPY solana/idl ./solana/idl/
 
 COPY sdk/js/package.json sdk/js/package-lock.json  ./sdk/js/
 RUN --mount=type=cache,uid=1000,gid=1000,target=/home/node/.npm \
-    npm ci --prefix sdk/js
+  npm ci --prefix sdk/js
 COPY sdk/js ./sdk/js
 RUN npm run build --prefix sdk/js
 

testing/bridge_ui.sh

@@ -1,3 +0,0 @@
-#!/bin/sh
-set -e
-CI=true npm --prefix ../bridge_ui run test 

wormchain/Dockerfile.deploy

@@ -1,3 +1,4 @@
+FROM const-gen AS const-export
 # This is a multi-stage docker file:
 #  1. The first stage contains the built contracts (wasm files)
 #  2. The second creates a node.js environment to deploy the contracts to devnet
@@ -33,3 +34,5 @@ COPY ./contracts/tools/package.json ./contracts/tools/package-lock.json /app/too
 RUN --mount=type=cache,uid=1000,gid=1000,target=/home/node/.npm \
     npm ci
 COPY ./contracts/tools /app/tools
+COPY --from=const-export .env /app/tools/.env
+COPY --from=const-export devnet-consts.json /app/tools/devnet-consts.json