From df1c2782f17231b4e6b806ffff9daaf21a783db2 Mon Sep 17 00:00:00 2001 From: riordanp Date: Fri, 4 Nov 2022 14:30:31 +0000 Subject: [PATCH] Use cargo-chef for dependency caching in docker build (#278) * Try cargo chef for caching build deps in docker * Run docker build on pan/cargo-chef * Replace before cheffing * Fix serum_dex conflict * Only build what's needed and only once * Fix typo * Force liquidator rebuild * Upgrade vulnerable package lz4-sys * Revert "Force liquidator rebuild" This reverts commit c169779542d178418ce124a0ff815afb06b86e26. * Revert "Temporarily run docker build on branch" This reverts commit 63ee27eb1e0f9336072343cddccdd9201530f744. --- .github/workflows/ci-docker-publish.yml | 4 ++-- Cargo.lock | 4 ++-- Dockerfile | 28 +++++++++++++++---------- 3 files changed, 21 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ci-docker-publish.yml b/.github/workflows/ci-docker-publish.yml index 8a606530c..75dc9a690 100644 --- a/.github/workflows/ci-docker-publish.yml +++ b/.github/workflows/ci-docker-publish.yml @@ -56,8 +56,8 @@ jobs: tags: | us-docker.pkg.dev/${{ env.PROJECT_ID }}/gcr.io/${{ env.IMAGE }}:${{ github.sha }} us-docker.pkg.dev/${{ env.PROJECT_ID }}/gcr.io/${{ env.IMAGE }}:latest - cache-from: type=registry,ref=us-docker.pkg.dev/${{ env.PROJECT_ID }}/gcr.io/${{ env.IMAGE }}:buildcache - cache-to: type=registry,ref=us-docker.pkg.dev/${{ env.PROJECT_ID }}/gcr.io/${{ env.IMAGE }}:buildcache,mode=max + cache-from: type=gha + cache-to: type=gha,mode=max # Build and push the liquidator runtime image - name: Build and Push Liquidator uses: docker/build-push-action@v2 diff --git a/Cargo.lock b/Cargo.lock index 3ba3ccb36..754c3de9c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3174,9 +3174,9 @@ dependencies = [ [[package]] name = "lz4-sys" -version = "1.9.3" +version = "1.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7be8908e2ed6f31c02db8a9fa962f03e36c53fbfde437363eae3306b85d7e17" +checksum = "57d27b317e207b10f69f5e75494119e391a96f48861ae870d1da6edac98ca900" dependencies = [ "cc", "libc", diff --git a/Dockerfile b/Dockerfile index 20c477dda..8e4834f06 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,23 +1,29 @@ +# syntax = docker/dockerfile:1.2 # Base image containing all binaries, deployed to gcr.io/mango-markets/mango-v4:latest -FROM rust:1.60 as build +FROM rust:1.60 as base +RUN cargo install cargo-chef --locked +RUN rustup component add rustfmt RUN apt-get update && apt-get -y install clang cmake - WORKDIR /app -COPY ./ . +FROM base as plan +COPY . . # Hack to prevent a ghost member lib/init RUN sed -i 's|lib/\*|lib/checked_math|' Cargo.toml +# Hack to prevent local serum_dex manifests conflicting with cargo dependency +RUN rm -rf anchor/tests +RUN cargo chef prepare --bin keeper --recipe-path recipe-keeper.json +RUN cargo chef prepare --bin liquidator --recipe-path recipe-liquidator.json -# Mount cache for downloaded and compiled dependencies -RUN --mount=type=cache,mode=0777,target=/usr/local/cargo,from=rust,source=/usr/local/cargo \ - --mount=type=cache,mode=0777,target=target \ - cargo build --release --bins - -# Copy bins out of cache -RUN --mount=type=cache,mode=0777,target=target mkdir .bin && cp target/release/keeper target/release/liquidator .bin/ +FROM base as build +COPY --from=plan /app/recipe-*.json . +RUN cargo chef cook --release --recipe-path recipe-keeper.json --bin keeper +RUN cargo chef cook --release --recipe-path recipe-liquidator.json --bin liquidator +COPY . . FROM debian:bullseye-slim as run RUN apt-get update && apt-get -y install ca-certificates libc6 -COPY --from=build /app/.bin/* /usr/local/bin/ +COPY --from=build /app/target/release/keeper /usr/local/bin/ +COPY --from=build /app/target/release/liquidator /usr/local/bin/ RUN adduser --system --group --no-create-home mangouser USER mangouser