diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 673a8d94..37a419b3 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -66,3 +66,11 @@ jobs: - name: Run rustfmt run: cargo +${{ steps.nightly.outputs.version }} fmt -- --check + + dockerfiles: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac + - name: Verify Dockerfiles are up to date + # Runs the file which generates them and checks the diff has no lines + run: cd orchestration && ./dockerfiles.sh && git diff | wc -l | grep -x "0" diff --git a/docs/Getting Started.md b/docs/Getting Started.md index dae481e3..3726392a 100644 --- a/docs/Getting Started.md +++ b/docs/Getting Started.md @@ -5,7 +5,7 @@ ##### Ubuntu ``` -sudo apt-get install -y build-essential cmake clang-11 git curl python3-pip protobuf-compiler libssl-dev pkg-config +sudo apt-get install -y build-essential clang-11 pkg-config cmake git curl protobuf-compiler ``` ### Install rustup diff --git a/orchestration/Dockerfile.parts/Dockerfile.alpine.start b/orchestration/Dockerfile.parts/Dockerfile.alpine.start new file mode 100644 index 00000000..0a51fc6a --- /dev/null +++ b/orchestration/Dockerfile.parts/Dockerfile.alpine.start @@ -0,0 +1,6 @@ +FROM alpine:latest as image + +COPY --from=mimalloc libmimalloc.so /usr/lib +ENV LD_PRELOAD=libmimalloc.so + +RUN apk update && apk upgrade diff --git a/orchestration/Dockerfile.parts/Dockerfile.debian.start b/orchestration/Dockerfile.parts/Dockerfile.debian.start new file mode 100644 index 00000000..c2266468 --- /dev/null +++ b/orchestration/Dockerfile.parts/Dockerfile.debian.start @@ -0,0 +1,6 @@ +FROM debian:bookworm-slim as image + +COPY --from=mimalloc libmimalloc.so /usr/lib +RUN echo "/usr/lib/libmimalloc.so" >> /etc/ld.so.preload + +RUN apt update && apt upgrade -y && apt autoremove -y && apt clean diff --git a/orchestration/Dockerfile.parts/Dockerfile.serai.build b/orchestration/Dockerfile.parts/Dockerfile.serai.build new file mode 100644 index 00000000..e6ece7a7 --- /dev/null +++ b/orchestration/Dockerfile.parts/Dockerfile.serai.build @@ -0,0 +1,38 @@ +FROM rust:1.73-slim-bookworm as builder + +COPY --from=mimalloc libmimalloc.so /usr/lib +RUN echo "/usr/lib/libmimalloc.so" >> /etc/ld.so.preload + +RUN apt update && apt upgrade -y && apt autoremove -y && apt clean + +# Add dev dependencies +RUN apt install -y pkg-config clang + +# Dependencies for the Serai node +RUN apt install -y make protobuf-compiler + +# Add files for build +ADD common /serai/common +ADD crypto /serai/crypto +ADD coins /serai/coins +ADD message-queue /serai/message-queue +ADD processor /serai/processor +ADD coordinator /serai/coordinator +ADD substrate /serai/substrate +ADD mini /serai/mini +ADD tests /serai/tests +ADD Cargo.toml /serai +ADD Cargo.lock /serai +ADD AGPL-3.0 /serai + +WORKDIR /serai + +# Add the wasm toolchain +RUN rustup target add wasm32-unknown-unknown + +# Mount the caches and build +RUN --mount=type=cache,target=/root/.cargo \ + --mount=type=cache,target=/usr/local/cargo/registry \ + --mount=type=cache,target=/usr/local/cargo/git \ + --mount=type=cache,target=/serai/target \ + mkdir /serai/bin && \ diff --git a/orchestration/Dockerfile.parts/mimalloc/Dockerfile.alpine b/orchestration/Dockerfile.parts/mimalloc/Dockerfile.alpine new file mode 100644 index 00000000..35770ac8 --- /dev/null +++ b/orchestration/Dockerfile.parts/mimalloc/Dockerfile.alpine @@ -0,0 +1,10 @@ +FROM alpine:latest as mimalloc + +RUN apk update && apk upgrade && apk --no-cache add gcc g++ libc-dev make cmake git +RUN git clone https://github.com/microsoft/mimalloc && \ + cd mimalloc && \ + mkdir -p out/secure && \ + cd out/secure && \ + cmake -DMI_SECURE=ON ../.. && \ + make && \ + cp ./libmimalloc-secure.so ../../../libmimalloc.so diff --git a/orchestration/Dockerfile.parts/mimalloc/Dockerfile.debian b/orchestration/Dockerfile.parts/mimalloc/Dockerfile.debian new file mode 100644 index 00000000..a61be70f --- /dev/null +++ b/orchestration/Dockerfile.parts/mimalloc/Dockerfile.debian @@ -0,0 +1,10 @@ +FROM debian:bookworm-slim as mimalloc + +RUN apt update && apt upgrade -y && apt install -y gcc g++ make cmake git +RUN git clone https://github.com/microsoft/mimalloc && \ + cd mimalloc && \ + mkdir -p out/secure && \ + cd out/secure && \ + cmake -DMI_SECURE=ON ../.. && \ + make && \ + cp ./libmimalloc-secure.so ../../../libmimalloc.so diff --git a/orchestration/README.md b/orchestration/README.md index 59a3bd1d..fb307a2e 100644 --- a/orchestration/README.md +++ b/orchestration/README.md @@ -20,6 +20,7 @@ All commands are assumed to be ran from `/deploy`, not the root folder. * `message-queue` - The message queue service. * `processor` - Serai processor for one external network. +* `coordinator` - Serai coordinator for the entire Serai stack. * `serai` - Serai node * `cluster-sm` - "Alice", "Bob", "Charlie", and "Dave" Serai nodes, all as diff --git a/orchestration/coins/bitcoin/Dockerfile b/orchestration/coins/bitcoin/Dockerfile index 6e24ba41..4cdb89b9 100644 --- a/orchestration/coins/bitcoin/Dockerfile +++ b/orchestration/coins/bitcoin/Dockerfile @@ -1,10 +1,17 @@ -# Configure Environment -FROM alpine:latest as builder +FROM debian:bookworm-slim as mimalloc + +RUN apt update && apt upgrade -y && apt install -y gcc g++ make cmake git +RUN git clone https://github.com/microsoft/mimalloc && \ + cd mimalloc && \ + mkdir -p out/secure && \ + cd out/secure && \ + cmake -DMI_SECURE=ON ../.. && \ + make && \ + cp ./libmimalloc-secure.so ../../../libmimalloc.so +FROM alpine:latest as bitcoin ENV BITCOIN_VERSION=25.1 -WORKDIR /home/bitcoin - RUN apk --no-cache add git gnupg # Download Bitcoin @@ -23,34 +30,18 @@ RUN grep bitcoin-${BITCOIN_VERSION}-x86_64-linux-gnu.tar.gz SHA256SUMS | sha256s # Prepare Image RUN tar xzvf bitcoin-${BITCOIN_VERSION}-x86_64-linux-gnu.tar.gz RUN mv bitcoin-${BITCOIN_VERSION}/bin/bitcoind . - -# Also build mimalloc -FROM debian:bookworm-slim as mimalloc - -RUN apt update && apt upgrade -y && apt install -y gcc g++ make cmake git -RUN git clone https://github.com/microsoft/mimalloc && \ - cd mimalloc && \ - mkdir -p out/secure && \ - cd out/secure && \ - cmake -DMI_SECURE=ON ../.. && \ - make && \ - cp ./libmimalloc-secure.so ../../../libmimalloc.so - -# Build the actual image FROM debian:bookworm-slim as image COPY --from=mimalloc libmimalloc.so /usr/lib RUN echo "/usr/lib/libmimalloc.so" >> /etc/ld.so.preload -# Upgrade packages RUN apt update && apt upgrade -y && apt autoremove -y && apt clean - # Switch to a non-root user RUN useradd --system --create-home --shell /sbin/nologin bitcoin USER bitcoin WORKDIR /home/bitcoin -COPY --from=builder --chown=bitcoin /home/bitcoin/bitcoind /bin +COPY --from=bitcoin --chown=bitcoin bitcoind /bin COPY ./scripts /scripts EXPOSE 8332 8333 18332 18333 18443 18444 diff --git a/orchestration/coins/bitcoin/Dockerfile.bitcoin b/orchestration/coins/bitcoin/Dockerfile.bitcoin new file mode 100644 index 00000000..f9ca845e --- /dev/null +++ b/orchestration/coins/bitcoin/Dockerfile.bitcoin @@ -0,0 +1,22 @@ +FROM alpine:latest as bitcoin + +ENV BITCOIN_VERSION=25.1 + +RUN apk --no-cache add git gnupg + +# Download Bitcoin +RUN wget https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION}/bitcoin-${BITCOIN_VERSION}-x86_64-linux-gnu.tar.gz \ + && wget https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION}/SHA256SUMS \ + && wget https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION}/SHA256SUMS.asc + +# Verify all sigs and check for a valid signature from laanwj -- 71A3 +RUN git clone https://github.com/bitcoin-core/guix.sigs && \ + cd guix.sigs/builder-keys && \ + find . -iname '*.gpg' -exec gpg --import {} \; && \ + gpg --verify --status-fd 1 --verify ../../SHA256SUMS.asc ../../SHA256SUMS | grep "^\[GNUPG:\] VALIDSIG.*71A3B16735405025D447E8F274810B012346C9A6" + +RUN grep bitcoin-${BITCOIN_VERSION}-x86_64-linux-gnu.tar.gz SHA256SUMS | sha256sum -c + +# Prepare Image +RUN tar xzvf bitcoin-${BITCOIN_VERSION}-x86_64-linux-gnu.tar.gz +RUN mv bitcoin-${BITCOIN_VERSION}/bin/bitcoind . diff --git a/orchestration/coins/bitcoin/Dockerfile.bitcoin.end b/orchestration/coins/bitcoin/Dockerfile.bitcoin.end new file mode 100644 index 00000000..8c6a77fc --- /dev/null +++ b/orchestration/coins/bitcoin/Dockerfile.bitcoin.end @@ -0,0 +1,10 @@ +# Switch to a non-root user +RUN useradd --system --create-home --shell /sbin/nologin bitcoin +USER bitcoin +WORKDIR /home/bitcoin + +COPY --from=bitcoin --chown=bitcoin bitcoind /bin +COPY ./scripts /scripts + +EXPOSE 8332 8333 18332 18333 18443 18444 +# VOLUME ["/home/bitcoin/.bitcoin"] diff --git a/orchestration/coins/monero/Dockerfile b/orchestration/coins/monero/Dockerfile index 517e7b57..1bb9b471 100644 --- a/orchestration/coins/monero/Dockerfile +++ b/orchestration/coins/monero/Dockerfile @@ -1,4 +1,14 @@ -FROM alpine:latest as builder +FROM alpine:latest as mimalloc + +RUN apk update && apk upgrade && apk --no-cache add gcc g++ libc-dev make cmake git +RUN git clone https://github.com/microsoft/mimalloc && \ + cd mimalloc && \ + mkdir -p out/secure && \ + cd out/secure && \ + cmake -DMI_SECURE=ON ../.. && \ + make && \ + cp ./libmimalloc-secure.so ../../../libmimalloc.so +FROM alpine:latest as monero # https://downloads.getmonero.org/cli/monero-linux-x64-v0.18.3.1.tar.bz2 # Verification will fail if MONERO_VERSION doesn't match the latest @@ -8,17 +18,6 @@ FROM alpine:latest as builder # Most publish a asc file for each release / build architecture ¯\_(ツ)_/¯ ENV MONERO_VERSION=0.18.3.1 -WORKDIR /home/monero - -RUN apk update && apk --no-cache add gcc g++ libc-dev make cmake git -RUN git clone https://github.com/microsoft/mimalloc && \ - cd mimalloc && \ - mkdir -p out/secure && \ - cd out/secure && \ - cmake -DMI_SECURE=ON ../.. && \ - make && \ - cp ./libmimalloc-secure.so ../../../libmimalloc.so - RUN apk --no-cache add gnupg # Download Monero @@ -30,17 +29,15 @@ RUN gpg --keyserver hkp://keyserver.ubuntu.com:80 --keyserver-options no-self-si gpg --verify hashes-v${MONERO_VERSION}.txt && \ grep "$(sha256sum monero-linux-x64-v${MONERO_VERSION}.tar.bz2 | cut -c 1-64)" hashes-v${MONERO_VERSION}.txt -# Cleanup +# Extract it RUN tar -xvjf monero-linux-x64-v${MONERO_VERSION}.tar.bz2 --strip-components=1 - -# Build the actual image FROM alpine:latest as image -COPY --from=builder /home/monero/libmimalloc.so /usr/lib +COPY --from=mimalloc libmimalloc.so /usr/lib ENV LD_PRELOAD=libmimalloc.so -# Upgrade packages -RUN apk update && apk upgrade && apk --no-cache add gcompat +RUN apk update && apk upgrade +RUN apk --no-cache add gcompat # Switch to a non-root user # System user (not a human), shell of nologin, no password assigned @@ -48,7 +45,7 @@ RUN adduser -S -s /sbin/nologin -D monero USER monero WORKDIR /home/monero -COPY --from=builder --chown=monero /home/monero/monerod /bin +COPY --from=monero --chown=monero monerod /bin ADD scripts /scripts EXPOSE 18080 18081 diff --git a/orchestration/coins/monero/Dockerfile.monero b/orchestration/coins/monero/Dockerfile.monero new file mode 100644 index 00000000..5e23a801 --- /dev/null +++ b/orchestration/coins/monero/Dockerfile.monero @@ -0,0 +1,23 @@ +FROM alpine:latest as monero + +# https://downloads.getmonero.org/cli/monero-linux-x64-v0.18.3.1.tar.bz2 +# Verification will fail if MONERO_VERSION doesn't match the latest +# due to the way monero publishes releases. They overwrite a single hashes.txt +# file with each release, meaning we can only grab the SHA256 of the latest +# release. +# Most publish a asc file for each release / build architecture ¯\_(ツ)_/¯ +ENV MONERO_VERSION=0.18.3.1 + +RUN apk --no-cache add gnupg + +# Download Monero +RUN wget https://downloads.getmonero.org/cli/monero-linux-x64-v${MONERO_VERSION}.tar.bz2 + +# Verify Binary -- fingerprint from https://github.com/monero-project/monero-site/issues/1949 +ADD ./temp/hashes-v${MONERO_VERSION}.txt . +RUN gpg --keyserver hkp://keyserver.ubuntu.com:80 --keyserver-options no-self-sigs-only --receive-keys 81AC591FE9C4B65C5806AFC3F0AF4D462A0BDF92 && \ + gpg --verify hashes-v${MONERO_VERSION}.txt && \ + grep "$(sha256sum monero-linux-x64-v${MONERO_VERSION}.tar.bz2 | cut -c 1-64)" hashes-v${MONERO_VERSION}.txt + +# Extract it +RUN tar -xvjf monero-linux-x64-v${MONERO_VERSION}.tar.bz2 --strip-components=1 diff --git a/orchestration/coins/monero/Dockerfile.monero.end b/orchestration/coins/monero/Dockerfile.monero.end new file mode 100644 index 00000000..2101dbe0 --- /dev/null +++ b/orchestration/coins/monero/Dockerfile.monero.end @@ -0,0 +1,13 @@ +RUN apk --no-cache add gcompat + +# Switch to a non-root user +# System user (not a human), shell of nologin, no password assigned +RUN adduser -S -s /sbin/nologin -D monero +USER monero + +WORKDIR /home/monero +COPY --from=monero --chown=monero monerod /bin +ADD scripts /scripts + +EXPOSE 18080 18081 +# VOLUME /home/monero/.bitmonero diff --git a/orchestration/coordinator/Dockerfile b/orchestration/coordinator/Dockerfile index effe6514..4284a4e1 100644 --- a/orchestration/coordinator/Dockerfile +++ b/orchestration/coordinator/Dockerfile @@ -1,11 +1,25 @@ +FROM debian:bookworm-slim as mimalloc + +RUN apt update && apt upgrade -y && apt install -y gcc g++ make cmake git +RUN git clone https://github.com/microsoft/mimalloc && \ + cd mimalloc && \ + mkdir -p out/secure && \ + cd out/secure && \ + cmake -DMI_SECURE=ON ../.. && \ + make && \ + cp ./libmimalloc-secure.so ../../../libmimalloc.so FROM rust:1.73-slim-bookworm as builder -LABEL description="STAGE 1: Build" -# Upgrade and add dev dependencies -RUN apt update && apt upgrade -y && apt install -y pkg-config clang && apt autoremove -y && apt clean +COPY --from=mimalloc libmimalloc.so /usr/lib +RUN echo "/usr/lib/libmimalloc.so" >> /etc/ld.so.preload -# Add the wasm toolchain -RUN rustup target add wasm32-unknown-unknown +RUN apt update && apt upgrade -y && apt autoremove -y && apt clean + +# Add dev dependencies +RUN apt install -y pkg-config clang + +# Dependencies for the Serai node +RUN apt install -y make protobuf-compiler # Add files for build ADD common /serai/common @@ -23,36 +37,25 @@ ADD AGPL-3.0 /serai WORKDIR /serai +# Add the wasm toolchain +RUN rustup target add wasm32-unknown-unknown + # Mount the caches and build RUN --mount=type=cache,target=/root/.cargo \ --mount=type=cache,target=/usr/local/cargo/registry \ --mount=type=cache,target=/usr/local/cargo/git \ --mount=type=cache,target=/serai/target \ - cd coordinator && \ - cargo build --release --all-features && \ mkdir /serai/bin && \ + cargo build -p serai-coordinator --release --all-features && \ mv /serai/target/release/serai-coordinator /serai/bin - -# Also build mimalloc -FROM debian:bookworm-slim as mimalloc - -RUN apt update && apt upgrade -y && apt install -y gcc g++ make cmake git -RUN git clone https://github.com/microsoft/mimalloc && \ - cd mimalloc && \ - mkdir -p out/secure && \ - cd out/secure && \ - cmake -DMI_SECURE=ON ../.. && \ - make && \ - cp ./libmimalloc-secure.so ../../../libmimalloc.so - -# Build the actual image FROM debian:bookworm-slim as image COPY --from=mimalloc libmimalloc.so /usr/lib RUN echo "/usr/lib/libmimalloc.so" >> /etc/ld.so.preload -# Upgrade packages and install ca-certificates -RUN apt update && apt upgrade -y && apt install -y ca-certificates && apt autoremove && apt clean +RUN apt update && apt upgrade -y && apt autoremove -y && apt clean +# Install ca-certificates +RUN apt install -y ca-certificates # Switch to a non-root user RUN useradd --system --create-home --shell /sbin/nologin coordinator @@ -60,7 +63,7 @@ USER coordinator WORKDIR /home/coordinator -# Copy necessary files to run node +# Copy the Coordinator binary and relevant license COPY --from=builder --chown=processsor /serai/bin/serai-coordinator /bin/ COPY --from=builder --chown=processsor /serai/AGPL-3.0 . diff --git a/orchestration/coordinator/Dockerfile.coordinator b/orchestration/coordinator/Dockerfile.coordinator new file mode 100644 index 00000000..a41506c8 --- /dev/null +++ b/orchestration/coordinator/Dockerfile.coordinator @@ -0,0 +1,2 @@ + cargo build -p serai-coordinator --release --all-features && \ + mv /serai/target/release/serai-coordinator /serai/bin diff --git a/orchestration/coordinator/Dockerfile.coordinator.end b/orchestration/coordinator/Dockerfile.coordinator.end new file mode 100644 index 00000000..c96e49f2 --- /dev/null +++ b/orchestration/coordinator/Dockerfile.coordinator.end @@ -0,0 +1,15 @@ +# Install ca-certificates +RUN apt install -y ca-certificates + +# Switch to a non-root user +RUN useradd --system --create-home --shell /sbin/nologin coordinator +USER coordinator + +WORKDIR /home/coordinator + +# Copy the Coordinator binary and relevant license +COPY --from=builder --chown=processsor /serai/bin/serai-coordinator /bin/ +COPY --from=builder --chown=processsor /serai/AGPL-3.0 . + +# Run coordinator +CMD ["serai-coordinator"] diff --git a/orchestration/docker-compose.yml b/orchestration/docker-compose.yml index ce3fb0d1..c77db8cb 100644 --- a/orchestration/docker-compose.yml +++ b/orchestration/docker-compose.yml @@ -67,12 +67,23 @@ services: expose: - "2287" - processor: + bitcoin-processor: profiles: - - processor + - bitcoin-processor build: context: ../ - dockerfile: ./orchestration/processor/Dockerfile + dockerfile: ./orchestration/processor/bitcoin/Dockerfile + restart: unless-stopped + volumes: + - "./processor/scripts:/scripts" + entrypoint: /scripts/entry-dev.sh + + monero-processor: + profiles: + - monero-processor + build: + context: ../ + dockerfile: ./orchestration/processor/monero/Dockerfile restart: unless-stopped volumes: - "./processor/scripts:/scripts" diff --git a/orchestration/dockerfiles.sh b/orchestration/dockerfiles.sh new file mode 100755 index 00000000..38f940e3 --- /dev/null +++ b/orchestration/dockerfiles.sh @@ -0,0 +1,60 @@ +# Bitcoin +rm ./coins/bitcoin/Dockerfile +cat \ + ./Dockerfile.parts/mimalloc/Dockerfile.debian \ + ./coins/bitcoin/Dockerfile.bitcoin \ + ./Dockerfile.parts/Dockerfile.debian.start \ + ./coins/bitcoin/Dockerfile.bitcoin.end >> ./coins/bitcoin/Dockerfile + +# Monero +rm ./coins/monero/Dockerfile +cat \ + ./Dockerfile.parts/mimalloc/Dockerfile.alpine \ + ./coins/monero/Dockerfile.monero \ + ./Dockerfile.parts/Dockerfile.alpine.start \ + ./coins/monero/Dockerfile.monero.end >> ./coins/monero/Dockerfile + +# Message Queue +rm ./message-queue/Dockerfile +cat \ + ./Dockerfile.parts/mimalloc/Dockerfile.debian \ + ./Dockerfile.parts/Dockerfile.serai.build \ + ./message-queue/Dockerfile.message-queue \ + ./Dockerfile.parts/Dockerfile.debian.start \ + ./message-queue/Dockerfile.message-queue.end >> ./message-queue/Dockerfile + +# Bitcoin Processor +rm ./processor/bitcoin/Dockerfile +cat \ + ./Dockerfile.parts/mimalloc/Dockerfile.debian \ + ./Dockerfile.parts/Dockerfile.serai.build \ + ./processor/bitcoin/Dockerfile.processor.bitcoin \ + ./Dockerfile.parts/Dockerfile.debian.start \ + ./processor/Dockerfile.processor.end >> ./processor/bitcoin/Dockerfile + +# Monero Processor +rm ./processor/monero/Dockerfile +cat \ + ./Dockerfile.parts/mimalloc/Dockerfile.debian \ + ./Dockerfile.parts/Dockerfile.serai.build \ + ./processor/monero/Dockerfile.processor.monero \ + ./Dockerfile.parts/Dockerfile.debian.start \ + ./processor/Dockerfile.processor.end >> ./processor/monero/Dockerfile + +# Coordinator +rm ./coordinator/Dockerfile +cat \ + ./Dockerfile.parts/mimalloc/Dockerfile.debian \ + ./Dockerfile.parts/Dockerfile.serai.build \ + ./coordinator/Dockerfile.coordinator \ + ./Dockerfile.parts/Dockerfile.debian.start \ + ./coordinator/Dockerfile.coordinator.end >> ./coordinator/Dockerfile + +# Node +rm ./serai/Dockerfile +cat \ + ./Dockerfile.parts/mimalloc/Dockerfile.debian \ + ./Dockerfile.parts/Dockerfile.serai.build \ + ./serai/Dockerfile.serai \ + ./Dockerfile.parts/Dockerfile.debian.start \ + ./serai/Dockerfile.serai.end >> ./serai/Dockerfile diff --git a/orchestration/message-queue/Dockerfile b/orchestration/message-queue/Dockerfile index 1250ef4b..39b0af7a 100644 --- a/orchestration/message-queue/Dockerfile +++ b/orchestration/message-queue/Dockerfile @@ -1,8 +1,25 @@ -FROM rust:1.73-slim-bookworm as builder -LABEL description="STAGE 1: Build" +FROM debian:bookworm-slim as mimalloc -# Upgrade and add dev dependencies -RUN apt update && apt upgrade -y && apt install -y pkg-config clang libssl-dev && apt autoremove -y && apt clean +RUN apt update && apt upgrade -y && apt install -y gcc g++ make cmake git +RUN git clone https://github.com/microsoft/mimalloc && \ + cd mimalloc && \ + mkdir -p out/secure && \ + cd out/secure && \ + cmake -DMI_SECURE=ON ../.. && \ + make && \ + cp ./libmimalloc-secure.so ../../../libmimalloc.so +FROM rust:1.73-slim-bookworm as builder + +COPY --from=mimalloc libmimalloc.so /usr/lib +RUN echo "/usr/lib/libmimalloc.so" >> /etc/ld.so.preload + +RUN apt update && apt upgrade -y && apt autoremove -y && apt clean + +# Add dev dependencies +RUN apt install -y pkg-config clang + +# Dependencies for the Serai node +RUN apt install -y make protobuf-compiler # Add files for build ADD common /serai/common @@ -20,37 +37,23 @@ ADD AGPL-3.0 /serai WORKDIR /serai +# Add the wasm toolchain +RUN rustup target add wasm32-unknown-unknown + # Mount the caches and build RUN --mount=type=cache,target=/root/.cargo \ --mount=type=cache,target=/usr/local/cargo/registry \ --mount=type=cache,target=/usr/local/cargo/git \ --mount=type=cache,target=/serai/target \ - cd message-queue && \ - cargo build --release --all-features && \ mkdir /serai/bin && \ + cargo build --release --all-features -p serai-message-queue && \ mv /serai/target/release/serai-message-queue /serai/bin - -# Also build mimalloc -FROM debian:bookworm-slim as mimalloc - -RUN apt update && apt upgrade -y && apt install -y gcc g++ make cmake git -RUN git clone https://github.com/microsoft/mimalloc && \ - cd mimalloc && \ - mkdir -p out/secure && \ - cd out/secure && \ - cmake -DMI_SECURE=ON ../.. && \ - make && \ - cp ./libmimalloc-secure.so ../../../libmimalloc.so - -# Build the actual image FROM debian:bookworm-slim as image COPY --from=mimalloc libmimalloc.so /usr/lib RUN echo "/usr/lib/libmimalloc.so" >> /etc/ld.so.preload -# Upgrade packages -RUN apt update && apt upgrade -y - +RUN apt update && apt upgrade -y && apt autoremove -y && apt clean # Switch to a non-root user RUN useradd --system --home /home/message-queue --create-home --shell /sbin/nologin messagequeue USER messagequeue diff --git a/orchestration/message-queue/Dockerfile.message-queue b/orchestration/message-queue/Dockerfile.message-queue new file mode 100644 index 00000000..320a1cea --- /dev/null +++ b/orchestration/message-queue/Dockerfile.message-queue @@ -0,0 +1,2 @@ + cargo build --release --all-features -p serai-message-queue && \ + mv /serai/target/release/serai-message-queue /serai/bin diff --git a/orchestration/message-queue/Dockerfile.message-queue.end b/orchestration/message-queue/Dockerfile.message-queue.end new file mode 100644 index 00000000..2b3a3971 --- /dev/null +++ b/orchestration/message-queue/Dockerfile.message-queue.end @@ -0,0 +1,13 @@ +# Switch to a non-root user +RUN useradd --system --home /home/message-queue --create-home --shell /sbin/nologin messagequeue +USER messagequeue + +WORKDIR /home/message-queue + +# Copy the Message Queue binary and relevant license +COPY --from=builder --chown=messagequeue /serai/bin/serai-message-queue /bin +COPY --from=builder --chown=messagequeue /serai/AGPL-3.0 . + +# Run message-queue +EXPOSE 2287 +CMD ["serai-message-queue"] diff --git a/orchestration/processor/Dockerfile.processor.end b/orchestration/processor/Dockerfile.processor.end new file mode 100644 index 00000000..cd0e6e97 --- /dev/null +++ b/orchestration/processor/Dockerfile.processor.end @@ -0,0 +1,15 @@ +# Install ca-certificates +RUN apt install -y ca-certificates + +# Switch to a non-root user +RUN useradd --system --create-home --shell /sbin/nologin processor +USER processor + +WORKDIR /home/processor + +# Copy the Processor binary and relevant license +COPY --from=builder --chown=processsor /serai/bin/serai-processor /bin/ +COPY --from=builder --chown=processsor /serai/AGPL-3.0 . + +# Run processor +CMD ["serai-processor"] diff --git a/orchestration/processor/bitcoin/Dockerfile b/orchestration/processor/bitcoin/Dockerfile new file mode 100644 index 00000000..00c87ba6 --- /dev/null +++ b/orchestration/processor/bitcoin/Dockerfile @@ -0,0 +1,71 @@ +FROM debian:bookworm-slim as mimalloc + +RUN apt update && apt upgrade -y && apt install -y gcc g++ make cmake git +RUN git clone https://github.com/microsoft/mimalloc && \ + cd mimalloc && \ + mkdir -p out/secure && \ + cd out/secure && \ + cmake -DMI_SECURE=ON ../.. && \ + make && \ + cp ./libmimalloc-secure.so ../../../libmimalloc.so +FROM rust:1.73-slim-bookworm as builder + +COPY --from=mimalloc libmimalloc.so /usr/lib +RUN echo "/usr/lib/libmimalloc.so" >> /etc/ld.so.preload + +RUN apt update && apt upgrade -y && apt autoremove -y && apt clean + +# Add dev dependencies +RUN apt install -y pkg-config clang + +# Dependencies for the Serai node +RUN apt install -y make protobuf-compiler + +# Add files for build +ADD common /serai/common +ADD crypto /serai/crypto +ADD coins /serai/coins +ADD message-queue /serai/message-queue +ADD processor /serai/processor +ADD coordinator /serai/coordinator +ADD substrate /serai/substrate +ADD mini /serai/mini +ADD tests /serai/tests +ADD Cargo.toml /serai +ADD Cargo.lock /serai +ADD AGPL-3.0 /serai + +WORKDIR /serai + +# Add the wasm toolchain +RUN rustup target add wasm32-unknown-unknown + +# Mount the caches and build +RUN --mount=type=cache,target=/root/.cargo \ + --mount=type=cache,target=/usr/local/cargo/registry \ + --mount=type=cache,target=/usr/local/cargo/git \ + --mount=type=cache,target=/serai/target \ + mkdir /serai/bin && \ + cargo build --release --features bitcoin -p serai-processor && \ + mv /serai/target/release/serai-processor /serai/bin +FROM debian:bookworm-slim as image + +COPY --from=mimalloc libmimalloc.so /usr/lib +RUN echo "/usr/lib/libmimalloc.so" >> /etc/ld.so.preload + +RUN apt update && apt upgrade -y && apt autoremove -y && apt clean +# Install ca-certificates +RUN apt install -y ca-certificates + +# Switch to a non-root user +RUN useradd --system --create-home --shell /sbin/nologin processor +USER processor + +WORKDIR /home/processor + +# Copy the Processor binary and relevant license +COPY --from=builder --chown=processsor /serai/bin/serai-processor /bin/ +COPY --from=builder --chown=processsor /serai/AGPL-3.0 . + +# Run processor +CMD ["serai-processor"] diff --git a/orchestration/processor/bitcoin/Dockerfile.processor.bitcoin b/orchestration/processor/bitcoin/Dockerfile.processor.bitcoin new file mode 100644 index 00000000..a3156aa4 --- /dev/null +++ b/orchestration/processor/bitcoin/Dockerfile.processor.bitcoin @@ -0,0 +1,2 @@ + cargo build --release --features bitcoin -p serai-processor && \ + mv /serai/target/release/serai-processor /serai/bin diff --git a/orchestration/processor/Dockerfile b/orchestration/processor/monero/Dockerfile similarity index 73% rename from orchestration/processor/Dockerfile rename to orchestration/processor/monero/Dockerfile index dea719d4..985b4d43 100644 --- a/orchestration/processor/Dockerfile +++ b/orchestration/processor/monero/Dockerfile @@ -1,8 +1,25 @@ -FROM rust:1.73-slim-bookworm as builder -LABEL description="STAGE 1: Build" +FROM debian:bookworm-slim as mimalloc -# Upgrade and add dev dependencies -RUN apt update && apt upgrade -y && apt install -y pkg-config clang && apt autoremove -y && apt clean +RUN apt update && apt upgrade -y && apt install -y gcc g++ make cmake git +RUN git clone https://github.com/microsoft/mimalloc && \ + cd mimalloc && \ + mkdir -p out/secure && \ + cd out/secure && \ + cmake -DMI_SECURE=ON ../.. && \ + make && \ + cp ./libmimalloc-secure.so ../../../libmimalloc.so +FROM rust:1.73-slim-bookworm as builder + +COPY --from=mimalloc libmimalloc.so /usr/lib +RUN echo "/usr/lib/libmimalloc.so" >> /etc/ld.so.preload + +RUN apt update && apt upgrade -y && apt autoremove -y && apt clean + +# Add dev dependencies +RUN apt install -y pkg-config clang + +# Dependencies for the Serai node +RUN apt install -y make protobuf-compiler # Add files for build ADD common /serai/common @@ -28,31 +45,17 @@ RUN --mount=type=cache,target=/root/.cargo \ --mount=type=cache,target=/usr/local/cargo/registry \ --mount=type=cache,target=/usr/local/cargo/git \ --mount=type=cache,target=/serai/target \ - cd processor && \ - cargo build --release --all-features && \ mkdir /serai/bin && \ + cargo build --release --features monero -p serai-processor && \ mv /serai/target/release/serai-processor /serai/bin - -# Also build mimalloc -FROM debian:bookworm-slim as mimalloc - -RUN apt update && apt upgrade -y && apt install -y gcc g++ make cmake git -RUN git clone https://github.com/microsoft/mimalloc && \ - cd mimalloc && \ - mkdir -p out/secure && \ - cd out/secure && \ - cmake -DMI_SECURE=ON ../.. && \ - make && \ - cp ./libmimalloc-secure.so ../../../libmimalloc.so - -# Build the actual image FROM debian:bookworm-slim as image COPY --from=mimalloc libmimalloc.so /usr/lib RUN echo "/usr/lib/libmimalloc.so" >> /etc/ld.so.preload -# Upgrade packages and install ca-certificates -RUN apt update && apt upgrade -y && apt install -y ca-certificates +RUN apt update && apt upgrade -y && apt autoremove -y && apt clean +# Install ca-certificates +RUN apt install -y ca-certificates # Switch to a non-root user RUN useradd --system --create-home --shell /sbin/nologin processor @@ -60,7 +63,7 @@ USER processor WORKDIR /home/processor -# Copy necessary files to run node +# Copy the Processor binary and relevant license COPY --from=builder --chown=processsor /serai/bin/serai-processor /bin/ COPY --from=builder --chown=processsor /serai/AGPL-3.0 . diff --git a/orchestration/processor/monero/Dockerfile.processor.monero b/orchestration/processor/monero/Dockerfile.processor.monero new file mode 100644 index 00000000..233726a9 --- /dev/null +++ b/orchestration/processor/monero/Dockerfile.processor.monero @@ -0,0 +1,2 @@ + cargo build --release --features monero -p serai-processor && \ + mv /serai/target/release/serai-processor /serai/bin diff --git a/orchestration/serai/Dockerfile b/orchestration/serai/Dockerfile index aeaa5349..37caa8a5 100644 --- a/orchestration/serai/Dockerfile +++ b/orchestration/serai/Dockerfile @@ -1,11 +1,25 @@ +FROM debian:bookworm-slim as mimalloc + +RUN apt update && apt upgrade -y && apt install -y gcc g++ make cmake git +RUN git clone https://github.com/microsoft/mimalloc && \ + cd mimalloc && \ + mkdir -p out/secure && \ + cd out/secure && \ + cmake -DMI_SECURE=ON ../.. && \ + make && \ + cp ./libmimalloc-secure.so ../../../libmimalloc.so FROM rust:1.73-slim-bookworm as builder -LABEL description="STAGE 1: Build" -# Upgrade and add dev dependencies -RUN apt update && apt upgrade -y && apt install -y git pkg-config make clang libssl-dev protobuf-compiler && apt autoremove -y && apt clean +COPY --from=mimalloc libmimalloc.so /usr/lib +RUN echo "/usr/lib/libmimalloc.so" >> /etc/ld.so.preload -# Add the wasm toolchain -RUN rustup target add wasm32-unknown-unknown +RUN apt update && apt upgrade -y && apt autoremove -y && apt clean + +# Add dev dependencies +RUN apt install -y pkg-config clang + +# Dependencies for the Serai node +RUN apt install -y make protobuf-compiler # Add files for build ADD common /serai/common @@ -23,44 +37,30 @@ ADD AGPL-3.0 /serai WORKDIR /serai +# Add the wasm toolchain +RUN rustup target add wasm32-unknown-unknown + # Mount the caches and build RUN --mount=type=cache,target=/root/.cargo \ --mount=type=cache,target=/usr/local/cargo/registry \ --mount=type=cache,target=/usr/local/cargo/git \ --mount=type=cache,target=/serai/target \ - cd substrate/node && \ - cargo build --release && \ mkdir /serai/bin && \ + cargo build --release -p serai-node && \ mv /serai/target/release/serai-node /serai/bin - -# Also build mimalloc -FROM debian:bookworm-slim as mimalloc - -RUN apt update && apt upgrade -y && apt install -y gcc g++ make cmake git -RUN git clone https://github.com/microsoft/mimalloc && \ - cd mimalloc && \ - mkdir -p out/secure && \ - cd out/secure && \ - cmake -DMI_SECURE=ON ../.. && \ - make && \ - cp ./libmimalloc-secure.so ../../../libmimalloc.so - -# Build the actual image FROM debian:bookworm-slim as image COPY --from=mimalloc libmimalloc.so /usr/lib RUN echo "/usr/lib/libmimalloc.so" >> /etc/ld.so.preload -# Upgrade packages -RUN apt update && apt upgrade -y - +RUN apt update && apt upgrade -y && apt autoremove -y && apt clean # Switch to a non-root user RUN useradd --system --home /home/serai --shell /sbin/nologin serai USER serai WORKDIR /home/serai -# Copy necessary files to run node +# Copy the Serai binary and relevant license COPY --from=builder --chown=serai /serai/bin/serai-node /bin/ COPY --from=builder --chown=serai /serai/AGPL-3.0 . diff --git a/orchestration/serai/Dockerfile.serai b/orchestration/serai/Dockerfile.serai new file mode 100644 index 00000000..839ec923 --- /dev/null +++ b/orchestration/serai/Dockerfile.serai @@ -0,0 +1,2 @@ + cargo build --release -p serai-node && \ + mv /serai/target/release/serai-node /serai/bin diff --git a/orchestration/serai/Dockerfile.serai.end b/orchestration/serai/Dockerfile.serai.end new file mode 100644 index 00000000..52c16ad3 --- /dev/null +++ b/orchestration/serai/Dockerfile.serai.end @@ -0,0 +1,13 @@ +# Switch to a non-root user +RUN useradd --system --home /home/serai --shell /sbin/nologin serai +USER serai + +WORKDIR /home/serai + +# Copy the Serai binary and relevant license +COPY --from=builder --chown=serai /serai/bin/serai-node /bin/ +COPY --from=builder --chown=serai /serai/AGPL-3.0 . + +# Run node +EXPOSE 30333 9615 9933 9944 +CMD ["serai-node"] diff --git a/tests/docker/src/lib.rs b/tests/docker/src/lib.rs index 0f42f59d..572df456 100644 --- a/tests/docker/src/lib.rs +++ b/tests/docker/src/lib.rs @@ -54,7 +54,14 @@ pub fn build(name: String) { if HashSet::from(["bitcoin", "ethereum", "monero"]).contains(name.as_str()) { dockerfile_path = dockerfile_path.join("coins"); } - dockerfile_path = dockerfile_path.join(&name).join("Dockerfile"); + if name.contains("-processor") { + dockerfile_path = dockerfile_path + .join("processor") + .join(name.split('-').next().unwrap()) + .join("Dockerfile"); + } else { + dockerfile_path = dockerfile_path.join(&name).join("Dockerfile"); + } // For all services, if the Dockerfile was edited after the image was built we should rebuild let mut last_modified = @@ -71,7 +78,7 @@ pub fn build(name: String) { meta(repo_path.join("substrate").join("primitives")), meta(repo_path.join("message-queue")), ], - "processor" => vec![ + "bitcoin-processor" | "ethereum-processor" | "monero-processor" => vec![ meta(repo_path.join("common")), meta(repo_path.join("crypto")), meta(repo_path.join("coins")), diff --git a/tests/processor/src/lib.rs b/tests/processor/src/lib.rs index 40c3c3ae..c801d334 100644 --- a/tests/processor/src/lib.rs +++ b/tests/processor/src/lib.rs @@ -29,28 +29,26 @@ pub fn processor_instance( port: u32, message_queue_key: ::F, ) -> TestBodySpecification { - serai_docker_tests::build("processor".to_string()); - let mut entropy = [0; 32]; OsRng.fill_bytes(&mut entropy); + let network_str = match network { + NetworkId::Serai => panic!("starting a processor for Serai"), + NetworkId::Bitcoin => "bitcoin", + NetworkId::Ethereum => "ethereum", + NetworkId::Monero => "monero", + }; + let image = format!("{network_str}-processor"); + serai_docker_tests::build(image.clone()); + TestBodySpecification::with_image( - Image::with_repository("serai-dev-processor").pull_policy(PullPolicy::Never), + Image::with_repository(format!("serai-dev-{image}")).pull_policy(PullPolicy::Never), ) .replace_env( [ ("MESSAGE_QUEUE_KEY".to_string(), hex::encode(message_queue_key.to_repr())), ("ENTROPY".to_string(), hex::encode(entropy)), - ( - "NETWORK".to_string(), - (match network { - NetworkId::Serai => panic!("starting a processor for Serai"), - NetworkId::Bitcoin => "bitcoin", - NetworkId::Ethereum => "ethereum", - NetworkId::Monero => "monero", - }) - .to_string(), - ), + ("NETWORK".to_string(), network_str.to_string()), ("NETWORK_RPC_LOGIN".to_string(), format!("{RPC_USER}:{RPC_PASS}")), ("NETWORK_RPC_PORT".to_string(), port.to_string()), ("DB_PATH".to_string(), "./processor-db".to_string()),