Optimise solana dockerfiles (#1334)
* solana/devnet_setup.sh: Build CLI instead of JITing it This makes the registration process a few seconds faster. * solana/Dockerfile: Don't copy devnet_setup.sh at the beginning This is unnecessary, and inefficient, because each time the file changes, a lot of things get rebuilt/reinstalled. * solana/Dockerfile: cache cargo registry this allows skipping rebuilding cargo dependencies. Small contract changes now rebuild in 20s, down from 60s before * Remove unnecessary debian depencies * Rename rust-toolchain.toml to rust-toolchain (rustup in the container didn't recognise it with .toml extension) and use in containers instead of manually specifying rust version * solana/Dockerfile: Use prebuilt docker image * solana: Add docs on docker base images
This commit is contained in:
parent
cbc92a9571
commit
9d74a80aa0
|
@ -33,6 +33,7 @@ ENV BRIDGE_ADDRESS="Bridge1p5gheXUvJ6jGWGeCsgPKgnE3YgdGKRVCMY9o"
|
||||||
|
|
||||||
RUN --mount=type=cache,target=/root/.cache \
|
RUN --mount=type=cache,target=/root/.cache \
|
||||||
--mount=type=cache,target=target \
|
--mount=type=cache,target=target \
|
||||||
|
--mount=type=cache,target=/usr/local/cargo/registry,id=cargo_registry \
|
||||||
set -xe && \
|
set -xe && \
|
||||||
cargo build --manifest-path ./Cargo.toml --package bridge_client --release --locked && \
|
cargo build --manifest-path ./Cargo.toml --package bridge_client --release --locked && \
|
||||||
cargo build --manifest-path ./Cargo.toml --package token_bridge_client --release --locked && \
|
cargo build --manifest-path ./Cargo.toml --package token_bridge_client --release --locked && \
|
||||||
|
|
|
@ -1,2 +1,7 @@
|
||||||
bin
|
bin
|
||||||
**/target
|
**/target
|
||||||
|
**/bundler
|
||||||
|
**/nodejs
|
||||||
|
artifacts-*
|
||||||
|
**/Makefile
|
||||||
|
*.md
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
# Docker images
|
||||||
|
|
||||||
|
To speed up builds and ensure that upstream dependencies remain available, we
|
||||||
|
publish prebuilt docker images to https://github.com/orgs/certusone/packages.
|
||||||
|
|
||||||
|
The base images have names ending in `*.base`, such as `Dockerfile.base` and
|
||||||
|
`Dockerfile.wasm.base`. To push a new image:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
# first build the image
|
||||||
|
DOCKER_BUILDKIT=1 docker build -f Dockerfile.wasm.base -t wasm-pack .
|
||||||
|
# tag the image with the appropriate version
|
||||||
|
docker tag wasm-pack:latest ghcr.io/certusone/wasm-pack:0.9.1
|
||||||
|
# push to ghcr
|
||||||
|
docker push ghcr.io/certusone/wasm-pack:0.9.1
|
||||||
|
```
|
||||||
|
|
||||||
|
Finally, modify the reference in `Dockerfile.wasm` (make sure to update the sha256 hash too).
|
|
@ -1,38 +1,11 @@
|
||||||
#syntax=docker/dockerfile:1.2@sha256:e2a8561e419ab1ba6b2fe6cbdf49fd92b95912df1cf7d313c3e2230a333fdbcc
|
#syntax=docker/dockerfile:1.2@sha256:e2a8561e419ab1ba6b2fe6cbdf49fd92b95912df1cf7d313c3e2230a333fdbcc
|
||||||
FROM docker.io/library/rust:1.49@sha256:a50165ea96983c21832578afb1c8c028674c965bc1ed43b607871b1f362e06a5 AS solana
|
FROM ghcr.io/certusone/solana:1.9.4@sha256:5389eccba0ba59ae119bc1438b61be8904707e26df8f0732116a8dce0f64eb52 AS solana
|
||||||
|
|
||||||
RUN apt-get update && \
|
|
||||||
apt-get install -y \
|
|
||||||
clang \
|
|
||||||
libssl-dev \
|
|
||||||
libudev-dev \
|
|
||||||
llvm \
|
|
||||||
pkg-config \
|
|
||||||
zlib1g-dev \
|
|
||||||
&& \
|
|
||||||
rm -rf /var/lib/apt/lists/* && \
|
|
||||||
rustup component add rustfmt && \
|
|
||||||
rustup default nightly-2021-12-03
|
|
||||||
|
|
||||||
# Support additional root CAs
|
# Support additional root CAs
|
||||||
COPY devnet_setup.sh cert.pem* /certs/
|
COPY cert.pem* /certs/
|
||||||
# Debian
|
# Debian
|
||||||
RUN if [ -e /certs/cert.pem ]; then cp /certs/cert.pem /etc/ssl/certs/ca-certificates.crt; fi
|
RUN if [ -e /certs/cert.pem ]; then cp /certs/cert.pem /etc/ssl/certs/ca-certificates.crt; fi
|
||||||
|
|
||||||
RUN sh -c "$(curl -sSfL https://release.solana.com/v1.9.4/install)"
|
|
||||||
|
|
||||||
ENV PATH="/root/.local/share/solana/install/active_release/bin:$PATH"
|
|
||||||
|
|
||||||
# Solana does a questionable download at the beginning of a *first* build-bpf call. Trigger and layer-cache it explicitly.
|
|
||||||
RUN cargo init --lib /tmp/decoy-crate && \
|
|
||||||
cd /tmp/decoy-crate && cargo build-bpf && \
|
|
||||||
rm -rf /tmp/decoy-crate
|
|
||||||
|
|
||||||
# The strip shell script downloads criterion the first time it runs so cache it here as well.
|
|
||||||
RUN touch /tmp/foo.so && \
|
|
||||||
/root/.local/share/solana/install/active_release/bin/sdk/bpf/scripts/strip.sh /tmp/foo.so /tmp/bar.so || \
|
|
||||||
rm /tmp/foo.so
|
|
||||||
|
|
||||||
# Add bridge contract sources
|
# Add bridge contract sources
|
||||||
WORKDIR /usr/src/bridge
|
WORKDIR /usr/src/bridge
|
||||||
|
|
||||||
|
@ -51,6 +24,7 @@ RUN [ -n "${BRIDGE_ADDRESS}" ]
|
||||||
|
|
||||||
# Build Wormhole Solana programs
|
# Build Wormhole Solana programs
|
||||||
RUN --mount=type=cache,target=target,id=build \
|
RUN --mount=type=cache,target=target,id=build \
|
||||||
|
--mount=type=cache,target=/usr/local/cargo/registry,id=cargo_registry \
|
||||||
cargo build-bpf --manifest-path "bridge/program/Cargo.toml" -- --locked && \
|
cargo build-bpf --manifest-path "bridge/program/Cargo.toml" -- --locked && \
|
||||||
cargo build-bpf --manifest-path "bridge/cpi_poster/Cargo.toml" -- --locked && \
|
cargo build-bpf --manifest-path "bridge/cpi_poster/Cargo.toml" -- --locked && \
|
||||||
cargo build-bpf --manifest-path "modules/token_bridge/program/Cargo.toml" -- --locked && \
|
cargo build-bpf --manifest-path "modules/token_bridge/program/Cargo.toml" -- --locked && \
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
#syntax=docker/dockerfile:1.2@sha256:e2a8561e419ab1ba6b2fe6cbdf49fd92b95912df1cf7d313c3e2230a333fdbcc
|
||||||
|
FROM docker.io/library/rust:1.49@sha256:a50165ea96983c21832578afb1c8c028674c965bc1ed43b607871b1f362e06a5 AS solana
|
||||||
|
|
||||||
|
RUN sh -c "$(curl -sSfL https://release.solana.com/v1.9.4/install)"
|
||||||
|
|
||||||
|
ENV PATH="/root/.local/share/solana/install/active_release/bin:$PATH"
|
||||||
|
|
||||||
|
COPY rust-toolchain .
|
||||||
|
# Solana does a questionable download at the beginning of a *first* build-bpf call. Trigger and layer-cache it explicitly.
|
||||||
|
RUN cargo init --lib /tmp/decoy-crate && \
|
||||||
|
cd /tmp/decoy-crate && cargo build-bpf && \
|
||||||
|
rm -rf /tmp/decoy-crate
|
||||||
|
|
||||||
|
# The strip shell script downloads criterion the first time it runs so cache it here as well.
|
||||||
|
RUN touch /tmp/foo.so && \
|
||||||
|
/root/.local/share/solana/install/active_release/bin/sdk/bpf/scripts/strip.sh /tmp/foo.so /tmp/bar.so || \
|
||||||
|
rm /tmp/foo.so
|
|
@ -8,7 +8,7 @@ RUN rustup default nightly-2022-01-02
|
||||||
WORKDIR /usr/src/bridge
|
WORKDIR /usr/src/bridge
|
||||||
|
|
||||||
# Support additional root CAs
|
# Support additional root CAs
|
||||||
COPY devnet_setup.sh cert.pem* /certs/
|
COPY cert.pem* /certs/
|
||||||
# Debian
|
# Debian
|
||||||
RUN if [ -e /certs/cert.pem ]; then cp /certs/cert.pem /etc/ssl/certs/ca-certificates.crt; fi
|
RUN if [ -e /certs/cert.pem ]; then cp /certs/cert.pem /etc/ssl/certs/ca-certificates.crt; fi
|
||||||
|
|
||||||
|
|
|
@ -94,15 +94,16 @@ retry token-bridge-client create-bridge "$nft_bridge_address" "$bridge_address"
|
||||||
|
|
||||||
# pass the chain registration VAAs sourced from .env to the client's execute-governance command:
|
# pass the chain registration VAAs sourced from .env to the client's execute-governance command:
|
||||||
pushd /usr/src/clients/js
|
pushd /usr/src/clients/js
|
||||||
|
make build
|
||||||
# Register the Token Bridge Endpoint on ETH
|
# Register the Token Bridge Endpoint on ETH
|
||||||
npm start -- submit -c solana -n devnet "$REGISTER_ETH_TOKEN_BRIDGE_VAA"
|
node build/main.js submit -c solana -n devnet "$REGISTER_ETH_TOKEN_BRIDGE_VAA"
|
||||||
npm start -- submit -c solana -n devnet "$REGISTER_TERRA_TOKEN_BRIDGE_VAA"
|
node build/main.js submit -c solana -n devnet "$REGISTER_TERRA_TOKEN_BRIDGE_VAA"
|
||||||
npm start -- submit -c solana -n devnet "$REGISTER_BSC_TOKEN_BRIDGE_VAA"
|
node build/main.js submit -c solana -n devnet "$REGISTER_BSC_TOKEN_BRIDGE_VAA"
|
||||||
npm start -- submit -c solana -n devnet "$REGISTER_ALGO_TOKEN_BRIDGE_VAA"
|
node build/main.js submit -c solana -n devnet "$REGISTER_ALGO_TOKEN_BRIDGE_VAA"
|
||||||
npm start -- submit -c solana -n devnet "$REGISTER_TERRA2_TOKEN_BRIDGE_VAA"
|
node build/main.js submit -c solana -n devnet "$REGISTER_TERRA2_TOKEN_BRIDGE_VAA"
|
||||||
# Register the NFT Bridge Endpoint on ETH
|
# Register the NFT Bridge Endpoint on ETH
|
||||||
npm start -- submit -c solana -n devnet "$REGISTER_ETH_NFT_BRIDGE_VAA"
|
node build/main.js submit -c solana -n devnet "$REGISTER_ETH_NFT_BRIDGE_VAA"
|
||||||
npm start -- submit -c solana -n devnet "$REGISTER_TERRA_NFT_BRIDGE_VAA"
|
node build/main.js submit -c solana -n devnet "$REGISTER_TERRA_NFT_BRIDGE_VAA"
|
||||||
popd
|
popd
|
||||||
|
|
||||||
# Let k8s startup probe succeed
|
# Let k8s startup probe succeed
|
||||||
|
|
Loading…
Reference in New Issue