From 9885965a22dd17763ae04a5f68f2ca9c8d7e43b7 Mon Sep 17 00:00:00 2001 From: Andrew Gouin Date: Thu, 3 Oct 2024 12:40:19 -0600 Subject: [PATCH] Support directory copying to final images for cosmos chains (#285) --- dockerfile/cosmos/Dockerfile | 30 +++++- dockerfile/cosmos/local.Dockerfile | 136 ++++++++++++++---------- dockerfile/cosmos/localcross.Dockerfile | 30 +++++- dockerfile/cosmos/native.Dockerfile | 30 +++++- 4 files changed, 163 insertions(+), 63 deletions(-) diff --git a/dockerfile/cosmos/Dockerfile b/dockerfile/cosmos/Dockerfile index d25b353..fc053e5 100644 --- a/dockerfile/cosmos/Dockerfile +++ b/dockerfile/cosmos/Dockerfile @@ -120,6 +120,19 @@ ENV LIBRARIES_ENV ${LIBRARIES} RUN bash -c 'set -eux;\ LIBRARIES_ARR=($LIBRARIES_ENV); for LIBRARY in "${LIBRARIES_ARR[@]}"; do cp $LIBRARY /root/lib/; done' +# Copy over directories +RUN mkdir -p /root/dir_abs && touch /root/dir_abs.list +ARG DIRECTORIES +ENV DIRECTORIES_ENV ${DIRECTORIES} +RUN bash -c 'set -eux;\ + DIRECTORIES_ARR=($DIRECTORIES_ENV);\ + i=0;\ + for DIRECTORY in "${DIRECTORIES_ARR[@]}"; do \ + cp -R $DIRECTORY /root/dir_abs/$i;\ + echo $DIRECTORY >> /root/dir_abs.list;\ + ((i = i + 1));\ + done' + # Use minimal busybox from infra-toolkit image for final scratch image FROM ghcr.io/strangelove-ventures/infra-toolkit:v0.1.4 AS infra-toolkit RUN addgroup --gid 1025 -S heighliner && adduser --uid 1025 -S heighliner -G heighliner @@ -138,7 +151,7 @@ LABEL org.opencontainers.image.source="https://github.com/strangelove-ventures/h WORKDIR /bin # Install ln (for making hard links) and rm (for cleanup) from full busybox image (will be deleted, only needed for image assembly) -COPY --from=busybox-full /bin/ln /bin/rm ./ +COPY --from=busybox-full /bin/ln /bin/mv /bin/rm ./ # Install minimal busybox image as shell binary (will create hardlinks for the rest of the binaries to this data) COPY --from=infra-toolkit /busybox/busybox /bin/sh @@ -174,8 +187,21 @@ RUN for b in \ which \ ; do ln sh $b; done +# Copy over absolute path directories +COPY --from=build-env /root/dir_abs /root/dir_abs +COPY --from=build-env /root/dir_abs.list /root/dir_abs.list + +# Move absolute path directories to their absolute locations. +RUN sh -c 'i=0; while read DIR; do\ + echo "$i: $DIR";\ + PLACEDIR="$(dirname "$DIR")";\ + mkdir -p "$PLACEDIR";\ + mv /root/dir_abs/$i $DIR;\ + i=$((i+1));\ + done < /root/dir_abs.list' + # Remove write utils -RUN rm ln rm +RUN rm ln rm mv # Install chain binaries COPY --from=build-env /root/bin /bin diff --git a/dockerfile/cosmos/local.Dockerfile b/dockerfile/cosmos/local.Dockerfile index 577258f..a5c3931 100644 --- a/dockerfile/cosmos/local.Dockerfile +++ b/dockerfile/cosmos/local.Dockerfile @@ -53,61 +53,6 @@ FROM busybox:1.34.1-musl AS busybox-full # Use alpine to source the latest CA certificates FROM alpine:3 as alpine-3 -# Build part 1 of the final image -FROM scratch AS final-part1 - -LABEL org.opencontainers.image.source="https://github.com/strangelove-ventures/heighliner" - -WORKDIR /bin - -# Install ln (for making hard links) and rm (for cleanup) from full busybox image (will be deleted, only needed for image assembly) -COPY --from=busybox-full /bin/ln /bin/rm ./ - -# Install minimal busybox image as shell binary (will create hardlinks for the rest of the binaries to this data) -COPY --from=infra-toolkit /busybox/busybox /bin/sh - -# Install jq -COPY --from=infra-toolkit /usr/local/bin/jq /bin/ - -# Add hard links for read-only utils -# Will then only have one copy of the busybox minimal binary file with all utils pointing to the same underlying inode -RUN for b in \ - cat \ - date \ - df \ - du \ - env \ - grep \ - head \ - less \ - ls \ - md5sum \ - pwd \ - sha1sum \ - sha256sum \ - sha3sum \ - sha512sum \ - sleep \ - stty \ - tail \ - tar \ - tee \ - tr \ - watch \ - which \ - ; do ln sh $b; done - -# Remove write utils -RUN rm ln rm - -# Install trusted CA certificates -COPY --from=alpine-3 /etc/ssl/cert.pem /etc/ssl/cert.pem - -# Install heighliner user -COPY --from=infra-toolkit /etc/passwd /etc/passwd -COPY --from=infra-toolkit --chown=1025:1025 /home/heighliner /home/heighliner -COPY --from=infra-toolkit --chown=1025:1025 /tmp /tmp - # Install chain binary FROM init-env AS build-env @@ -171,10 +116,87 @@ ENV LIBRARIES_ENV ${LIBRARIES} RUN bash -c 'set -eux;\ LIBRARIES_ARR=($LIBRARIES_ENV); for LIBRARY in "${LIBRARIES_ARR[@]}"; do cp $LIBRARY /root/lib/; done' -# Move final binary to the final image -FROM final-part1 as final +# Copy over directories +RUN mkdir -p /root/dir_abs && touch /root/dir_abs.list +ARG DIRECTORIES +ENV DIRECTORIES_ENV ${DIRECTORIES} +RUN bash -c 'set -eux;\ + DIRECTORIES_ARR=($DIRECTORIES_ENV);\ + i=0;\ + for DIRECTORY in "${DIRECTORIES_ARR[@]}"; do \ + cp -R $DIRECTORY /root/dir_abs/$i;\ + echo $DIRECTORY >> /root/dir_abs.list;\ + ((i = i + 1));\ + done' + +# Build final image +FROM scratch + +LABEL org.opencontainers.image.source="https://github.com/strangelove-ventures/heighliner" + WORKDIR /bin +# Install ln (for making hard links) and rm (for cleanup) from full busybox image (will be deleted, only needed for image assembly) +COPY --from=busybox-full /bin/ln /bin/mv /bin/rm ./ + +# Install minimal busybox image as shell binary (will create hardlinks for the rest of the binaries to this data) +COPY --from=infra-toolkit /busybox/busybox /bin/sh + +# Install jq +COPY --from=infra-toolkit /usr/local/bin/jq /bin/ + +# Add hard links for read-only utils +# Will then only have one copy of the busybox minimal binary file with all utils pointing to the same underlying inode +RUN for b in \ + cat \ + date \ + df \ + du \ + env \ + grep \ + head \ + less \ + ls \ + md5sum \ + pwd \ + sha1sum \ + sha256sum \ + sha3sum \ + sha512sum \ + sleep \ + stty \ + tail \ + tar \ + tee \ + tr \ + watch \ + which \ + ; do ln sh $b; done + +# Copy over absolute path directories +COPY --from=build-env /root/dir_abs /root/dir_abs +COPY --from=build-env /root/dir_abs.list /root/dir_abs.list + +# Move absolute path directories to their absolute locations. +RUN sh -c 'i=0; while read DIR; do\ + echo "$i: $DIR";\ + PLACEDIR="$(dirname "$DIR")";\ + mkdir -p "$PLACEDIR";\ + mv /root/dir_abs/$i $DIR;\ + i=$((i+1));\ + done < /root/dir_abs.list' + +# Remove write utils +RUN rm ln rm mv + +# Install trusted CA certificates +COPY --from=alpine-3 /etc/ssl/cert.pem /etc/ssl/cert.pem + +# Install heighliner user +COPY --from=infra-toolkit /etc/passwd /etc/passwd +COPY --from=infra-toolkit --chown=1025:1025 /home/heighliner /home/heighliner +COPY --from=infra-toolkit --chown=1025:1025 /tmp /tmp + # Install chain binaries COPY --from=build-env /root/bin /bin diff --git a/dockerfile/cosmos/localcross.Dockerfile b/dockerfile/cosmos/localcross.Dockerfile index 2556937..2fd5869 100644 --- a/dockerfile/cosmos/localcross.Dockerfile +++ b/dockerfile/cosmos/localcross.Dockerfile @@ -114,6 +114,19 @@ ENV LIBRARIES_ENV ${LIBRARIES} RUN bash -c 'set -eux;\ LIBRARIES_ARR=($LIBRARIES_ENV); for LIBRARY in "${LIBRARIES_ARR[@]}"; do cp $LIBRARY /root/lib/; done' +# Copy over directories +RUN mkdir -p /root/dir_abs && touch /root/dir_abs.list +ARG DIRECTORIES +ENV DIRECTORIES_ENV ${DIRECTORIES} +RUN bash -c 'set -eux;\ + DIRECTORIES_ARR=($DIRECTORIES_ENV);\ + i=0;\ + for DIRECTORY in "${DIRECTORIES_ARR[@]}"; do \ + cp -R $DIRECTORY /root/dir_abs/$i;\ + echo $DIRECTORY >> /root/dir_abs.list;\ + ((i = i + 1));\ + done' + # Use minimal busybox from infra-toolkit image for final scratch image FROM ghcr.io/strangelove-ventures/infra-toolkit:v0.1.4 AS infra-toolkit RUN addgroup --gid 1025 -S heighliner && adduser --uid 1025 -S heighliner -G heighliner @@ -132,7 +145,7 @@ LABEL org.opencontainers.image.source="https://github.com/strangelove-ventures/h WORKDIR /bin # Install ln (for making hard links) and rm (for cleanup) from full busybox image (will be deleted, only needed for image assembly) -COPY --from=busybox-full /bin/ln /bin/rm ./ +COPY --from=busybox-full /bin/ln /bin/mv /bin/rm ./ # Install minimal busybox image as shell binary (will create hardlinks for the rest of the binaries to this data) COPY --from=infra-toolkit /busybox/busybox /bin/sh @@ -168,8 +181,21 @@ RUN for b in \ which \ ; do ln sh $b; done +# Copy over absolute path directories +COPY --from=build-env /root/dir_abs /root/dir_abs +COPY --from=build-env /root/dir_abs.list /root/dir_abs.list + +# Move absolute path directories to their absolute locations. +RUN sh -c 'i=0; while read DIR; do\ + echo "$i: $DIR";\ + PLACEDIR="$(dirname "$DIR")";\ + mkdir -p "$PLACEDIR";\ + mv /root/dir_abs/$i $DIR;\ + i=$((i+1));\ + done < /root/dir_abs.list' + # Remove write utils -RUN rm ln rm +RUN rm ln rm mv # Install chain binaries COPY --from=build-env /root/bin /bin diff --git a/dockerfile/cosmos/native.Dockerfile b/dockerfile/cosmos/native.Dockerfile index 96c1f26..5b21121 100644 --- a/dockerfile/cosmos/native.Dockerfile +++ b/dockerfile/cosmos/native.Dockerfile @@ -92,6 +92,19 @@ ENV LIBRARIES_ENV ${LIBRARIES} RUN bash -c 'set -eux;\ LIBRARIES_ARR=($LIBRARIES_ENV); for LIBRARY in "${LIBRARIES_ARR[@]}"; do cp $LIBRARY /root/lib/; done' +# Copy over directories +RUN mkdir -p /root/dir_abs && touch /root/dir_abs.list +ARG DIRECTORIES +ENV DIRECTORIES_ENV ${DIRECTORIES} +RUN bash -c 'set -eux;\ + DIRECTORIES_ARR=($DIRECTORIES_ENV);\ + i=0;\ + for DIRECTORY in "${DIRECTORIES_ARR[@]}"; do \ + cp -R $DIRECTORY /root/dir_abs/$i;\ + echo $DIRECTORY >> /root/dir_abs.list;\ + ((i = i + 1));\ + done' + # Use minimal busybox from infra-toolkit image for final scratch image FROM ghcr.io/strangelove-ventures/infra-toolkit:v0.1.4 AS infra-toolkit RUN addgroup --gid 1025 -S heighliner && adduser --uid 1025 -S heighliner -G heighliner @@ -110,7 +123,7 @@ LABEL org.opencontainers.image.source="https://github.com/strangelove-ventures/h WORKDIR /bin # Install ln (for making hard links) and rm (for cleanup) from full busybox image (will be deleted, only needed for image assembly) -COPY --from=busybox-full /bin/ln /bin/rm ./ +COPY --from=busybox-full /bin/ln /bin/mv /bin/rm ./ # Install minimal busybox image as shell binary (will create hardlinks for the rest of the binaries to this data) COPY --from=infra-toolkit /busybox/busybox /bin/sh @@ -146,8 +159,21 @@ RUN for b in \ which \ ; do ln sh $b; done +# Copy over absolute path directories +COPY --from=build-env /root/dir_abs /root/dir_abs +COPY --from=build-env /root/dir_abs.list /root/dir_abs.list + +# Move absolute path directories to their absolute locations. +RUN sh -c 'i=0; while read DIR; do\ + echo "$i: $DIR";\ + PLACEDIR="$(dirname "$DIR")";\ + mkdir -p "$PLACEDIR";\ + mv /root/dir_abs/$i $DIR;\ + i=$((i+1));\ + done < /root/dir_abs.list' + # Remove write utils -RUN rm ln rm +RUN rm ln rm mv # Install chain binaries COPY --from=build-env /root/bin /bin