more improvements to Dockerfile and docker action

2021-12-22 09:55:00 +02:00 · 2021-12-22 09:55:00 +02:00 · 3162d40110
parent 42169666c2
commit 3162d40110
2 changed files with 55 additions and 66 deletions
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@ -13,6 +13,10 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v2

+      - name: Set outputs
+        id: vars
+        run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
+
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1

@ -23,26 +27,21 @@ jobs:
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Build and push p2w-attest
-        id: docker_build_p2w-attest
        uses: docker/build-push-action@v2
        with:
          platforms: linux/amd64
          push: true
-          tags: ${{ secrets.DOCKERHUB_USERNAME }}/pyth2wormhole:p2w-attest1
+          tags: ${{ secrets.DOCKERHUB_USERNAME }}/p2w-attest:${{ steps.vars.outputs.sha_short }}
          target: p2w-attest
-          cache-from: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/pyth2wormhole:p2w-attest
-          cache-to: type=inline
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

      - name: Build and push p2w-relay
-        id: docker_build_p2w-relay
        uses: docker/build-push-action@v2
        with:
          platforms: linux/amd64
          push: true
-          tags: ${{ secrets.DOCKERHUB_USERNAME }}/pyth2wormhole:p2w-relay1
+          tags: ${{ secrets.DOCKERHUB_USERNAME }}/p2w-relay:${{ steps.vars.outputs.sha_short }}
          target: p2w-relay
-          cache-from: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/pyth2wormhole:p2w-relay
-          cache-to: type=inline
-
-      - name: Image digest
-        run: echo ${{ steps.docker_build.outputs.digest }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
--- a/100
+++ b/100
@ -1,31 +1,29 @@
 #syntax=docker/dockerfile:1.2
 # Target name conventions
 # base-* - targets for caching setup of dependencies
-# Wormhole Go tools add their pinned version

 # Cache a build of Wormhole's Go utilities
 FROM docker.io/golang:1.17.0 as base-go
 ARG WH_ROOT=/usr/src/wormhole
-ENV WH_ROOT=$WH_ROOT
-COPY tools/build.sh tools/go.* $WH_ROOT/tools/
-WORKDIR $WH_ROOT/tools
-ENV  CGO_ENABLED=0
+ENV WH_ROOT=${WH_ROOT}
+COPY tools/build.sh tools/go.* ${WH_ROOT}/tools/
+WORKDIR ${WH_ROOT}/tools
+ENV CGO_ENABLED=0
 RUN ./build.sh

 # Cache a build of TypeScript gRPC bindings
 FROM node:16-alpine@sha256:004dbac84fed48e20f9888a23e32fa7cf83c2995e174a78d41d9a9dd1e051a20 AS base-node
 ARG WH_ROOT=/usr/src/wormhole
 # Copy go build artifacts
-COPY --from=base-go $WH_ROOT/tools $WH_ROOT/tools
-COPY buf.* $WH_ROOT/
-COPY proto $WH_ROOT/proto
-COPY tools/package.json $WH_ROOT/tools/
-COPY tools/package-lock.json $WH_ROOT/tools/
-WORKDIR $WH_ROOT/tools
+COPY --from=base-go ${WH_ROOT}/tools ${WH_ROOT}/tools
+COPY buf.* ${WH_ROOT}/
+COPY proto ${WH_ROOT}/proto
+COPY tools/package.json tools/package-lock.json ${WH_ROOT}/tools/
+WORKDIR ${WH_ROOT}/tools
 RUN npm ci
-WORKDIR $WH_ROOT
+WORKDIR ${WH_ROOT}
 RUN tools/bin/buf generate --template buf.gen.web.yaml
-WORKDIR $WH_ROOT/ethereum
+WORKDIR ${WH_ROOT}/ethereum
 COPY ethereum .
 RUN npm ci && npm run build

@ -38,7 +36,7 @@ ENV EMITTER_ADDRESS=$WH_EMITTER
 ENV BRIDGE_ADDRESS=$WH_BRIDGE
 ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && \
-  apt-get install -y \
+  apt-get install --no-install-recommends -y \
  build-essential \
  clang \
  curl \
@ -60,90 +58,82 @@ RUN cargo init --lib /tmp/decoy-crate && \
  rm -rf /tmp/decoy-crate
 RUN cargo install wasm-pack --version 0.9.1
 # Base with tools for Rust WebAssembly builds
-COPY solana $WH_ROOT/solana
-WORKDIR $WH_ROOT/solana/pyth2wormhole/program
+COPY solana ${WH_ROOT}/solana
+WORKDIR ${WH_ROOT}/solana/pyth2wormhole/program
 RUN cargo build-bpf
-WORKDIR $WH_ROOT/solana/pyth2wormhole
+WORKDIR ${WH_ROOT}/solana/pyth2wormhole
 RUN cargo build -p pyth2wormhole-client
-ENV PATH "$PATH:$WH_ROOT/solana/pyth2wormhole/target/debug/"
-WORKDIR $WH_ROOT/solana
+ENV PATH "$PATH:${WH_ROOT}/solana/pyth2wormhole/target/debug/"
+WORKDIR ${WH_ROOT}/solana
 COPY solana .
 # Build wasm binaries for wormhole-sdk
-WORKDIR $WH_ROOT/solana/bridge/program
+WORKDIR ${WH_ROOT}/solana/bridge/program
 RUN wasm-pack build --target bundler -d bundler -- --features wasm && \
  wasm-pack build --target nodejs -d nodejs -- --features wasm
 # Build wasm binaries for Wormhole migration
-WORKDIR $WH_ROOT/solana/migration
+WORKDIR ${WH_ROOT}/solana/migration
 RUN wasm-pack build --target bundler -d bundler -- --features wasm && \
  wasm-pack build --target nodejs -d nodejs -- --features wasm
 # Build wasm binaries for NFT bridge
-WORKDIR $WH_ROOT/solana/modules/nft_bridge/program
+WORKDIR ${WH_ROOT}/solana/modules/nft_bridge/program
 RUN wasm-pack build --target bundler -d bundler -- --features wasm && \
  wasm-pack build --target nodejs -d nodejs -- --features wasm
 # Build wasm binaries for token bridge
-WORKDIR $WH_ROOT/solana/modules/token_bridge/program
+WORKDIR ${WH_ROOT}/solana/modules/token_bridge/program
 RUN wasm-pack build --target bundler -d bundler -- --features wasm && \
  wasm-pack build --target nodejs -d nodejs -- --features wasm
 # Build wasm-binaries for p2w-sdk
-WORKDIR $WH_ROOT/solana/pyth2wormhole/program
+WORKDIR ${WH_ROOT}/solana/pyth2wormhole/program
 RUN wasm-pack build --target bundler -d bundler -- --features wasm && \
  wasm-pack build --target nodejs -d nodejs -- --features wasm

 # Final p2w-attest target
-FROM python:3.8-alpine as p2w-attest
+# can't use alpine here due to missing shared libraries
+FROM python:3.8-slim as p2w-attest
 ARG WH_ROOT=/usr/src/wormhole
-WORKDIR $WH_ROOT/third_party/pyth
-
+WORKDIR ${WH_ROOT}/third_party/pyth
 RUN pip install --no-cache-dir pyyaml==6.0
 COPY third_party/pyth/p2w_autoattest.py third_party/pyth/pyth_utils.py ./
 COPY --from=base-rust /root/.local/share/solana/install/active_release/bin/solana /usr/bin/solana
 COPY --from=base-rust /usr/src/wormhole/solana/pyth2wormhole/target/debug/pyth2wormhole-client /usr/bin/pyth2wormhole-client
-RUN addgroup -S pyth && adduser -S pyth -G pyth
+RUN groupadd -g 10001 pyth && useradd -u 10001 -g 10001 pyth
 RUN chown -R pyth:pyth .
 USER pyth
-RUN echo "\n\
-export PATH=\"\${PATH}:\${HOME}/pyth-client/build\"\n\
-export PYTHONPATH=\"\${PYTHONPATH:+\$PYTHONPATH:}\${HOME}/pyth-client\"\n\
-" >> ~/profile

 # Solidity contracts for Pyth2Wormhole
 FROM base-node as eth-base
-WORKDIR $WH_ROOT/ethereum
+WORKDIR ${WH_ROOT}/ethereum
 COPY ethereum .
 RUN npm ci && npm run build
-WORKDIR $WH_ROOT/sdk/js
+WORKDIR ${WH_ROOT}/sdk/js
 COPY sdk/js .
 # Copy proto bindings for Wormhole SDK
-COPY --from=base-node $WH_ROOT/sdk/js/src/proto src/proto
+COPY --from=base-node ${WH_ROOT}/sdk/js/src/proto src/proto
 # Copy wasm artifacts for Wormhole SDK
-COPY --from=base-rust $WH_ROOT/solana/bridge/program/bundler src/solana/core
-COPY --from=base-rust $WH_ROOT/solana/migration/bundler src/solana/migration
-COPY --from=base-rust $WH_ROOT/solana/modules/nft_bridge/program/bundler src/solana/nft
-COPY --from=base-rust $WH_ROOT/solana/modules/token_bridge/program/bundler src/solana/token
-COPY --from=base-rust $WH_ROOT/solana/bridge/program/nodejs src/solana/core-node
-COPY --from=base-rust $WH_ROOT/solana/migration/nodejs src/solana/migration-node
-COPY --from=base-rust $WH_ROOT/solana/modules/nft_bridge/program/nodejs src/solana/nft-node
-COPY --from=base-rust $WH_ROOT/solana/modules/token_bridge/program/nodejs src/solana/token-node
+COPY --from=base-rust ${WH_ROOT}/solana/bridge/program/bundler src/solana/core
+COPY --from=base-rust ${WH_ROOT}/solana/migration/bundler src/solana/migration
+COPY --from=base-rust ${WH_ROOT}/solana/modules/nft_bridge/program/bundler src/solana/nft
+COPY --from=base-rust ${WH_ROOT}/solana/modules/token_bridge/program/bundler src/solana/token
+COPY --from=base-rust ${WH_ROOT}/solana/bridge/program/nodejs src/solana/core-node
+COPY --from=base-rust ${WH_ROOT}/solana/migration/nodejs src/solana/migration-node
+COPY --from=base-rust ${WH_ROOT}/solana/modules/nft_bridge/program/nodejs src/solana/nft-node
+COPY --from=base-rust ${WH_ROOT}/solana/modules/token_bridge/program/nodejs src/solana/token-node
 RUN npm ci
-WORKDIR $WH_ROOT/third_party/pyth/p2w-sdk
+WORKDIR ${WH_ROOT}/third_party/pyth/p2w-sdk
 # Copy wasm artifacts for Pyth2Wormhole SDK
-COPY --from=base-rust $WH_ROOT/solana/pyth2wormhole/program/bundler src/solana/p2w-core
-COPY --from=base-rust $WH_ROOT/solana/bridge/program/bundler src/solana/wormhole-core
+COPY --from=base-rust ${WH_ROOT}/solana/pyth2wormhole/program/bundler src/solana/p2w-core
+COPY --from=base-rust ${WH_ROOT}/solana/bridge/program/bundler src/solana/wormhole-core
 COPY third_party/pyth/p2w-sdk .
 RUN npm ci && npm run build
-WORKDIR $WH_ROOT/third_party/pyth/p2w-relay
+WORKDIR ${WH_ROOT}/third_party/pyth/p2w-relay
 COPY third_party/pyth/p2w-relay .
 RUN npm ci && npm run build

 FROM node:16-alpine as p2w-relay
 ARG WH_ROOT=/usr/src/wormhole
-ENV WH_ROOT=$WH_ROOT
-COPY --from=eth-base $WH_ROOT $WH_ROOT
-WORKDIR $WH_ROOT/third_party/pyth/p2w-relay
-RUN addgroup -S pyth && adduser -S pyth -G pyth
+ENV WH_ROOT=${WH_ROOT}
+COPY --from=eth-base ${WH_ROOT} ${WH_ROOT}
+WORKDIR ${WH_ROOT}/third_party/pyth/p2w-relay
+RUN addgroup -S pyth -g 10001 && adduser -S pyth -G pyth -u 10001
 RUN chown -R pyth:pyth .
 USER pyth
-RUN echo "\n\
-export PATH=\"\${PATH}:\${HOME}/pyth-client/build\"\n\
-export PYTHONPATH=\"\${PYTHONPATH:+\$PYTHONPATH:}\${HOME}/pyth-client\"\n\
-" >> ~/profile