forked from ChainSafe/forest
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile-alpine
69 lines (56 loc) · 2.26 KB
/
Dockerfile-alpine
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# This Dockerfile is for the main forest binary
#
# Build and run locally:
# ```
# docker build -t forest:alpine -f ./Dockerfile-alpine .
# docker run --init -it forest:alpine
# ```
#
# Build and manually push to Github Container Registry (see https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry)
# ```
# docker build -t ghcr.io/chainsafe/forest:alpine .
# docker push ghcr.io/chainsafe/forest:alpine
# ```
##
# Build stage
# Use github action runner cached images to avoid being rate limited
# https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2004-Readme.md#cached-docker-images
##
FROM alpine:3 AS build-env
# Install dependencies
RUN apk update && \
apk add --no-cache git git-lfs curl make gcc clang clang-dev musl-dev
SHELL ["/bin/ash", "-o", "pipefail", "-c"]
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
ENV PATH="/root/.cargo/bin:${PATH}"
WORKDIR /forest
COPY . .
# Install Forest. Move it out of the cache for the prod image.
RUN --mount=type=cache,sharing=private,target=/root/.cargo/registry \
--mount=type=cache,sharing=private,target=/root/.rustup \
--mount=type=cache,sharing=private,target=/forest/target \
make install-with-mimalloc && \
mkdir /forest_out && \
cp /root/.cargo/bin/forest* /forest_out
##
# Prod image for forest binary
# Use github action runner cached images to avoid being rate limited
# https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2004-Readme.md#cached-docker-images
##
FROM alpine:3
ARG SERVICE_USER=forest
ARG SERVICE_GROUP=forest
# Install binary dependencies
RUN apk update && \
apk add --no-cache ca-certificates
RUN update-ca-certificates
# Create user and group and assign appropriate rights to the forest binaries
RUN addgroup --gid 1000 ${SERVICE_GROUP} && \
adduser --uid 1000 --ingroup ${SERVICE_GROUP} --disabled-password --gecos "" ${SERVICE_USER}
# Copy forest daemon and cli binaries from the build-env
COPY --from=build-env --chown=${SERVICE_USER}:${SERVICE_GROUP} /forest_out/* /usr/local/bin/
USER ${SERVICE_USER}
WORKDIR /home/${SERVICE_USER}
# Basic verification of dynamically linked dependencies
RUN forest -V && forest-cli -V && forest-tool -V
ENTRYPOINT ["forest"]