From 21008ed5484bc0a8e7b95d35f7bad8eb48bf4ea8 Mon Sep 17 00:00:00 2001 From: Wilfried Kopp <wilfried@parity.io> Date: Fri, 17 Sep 2021 17:11:28 +0200 Subject: [PATCH 1/9] chore: update `builder` image fix #9765 --- .../polkadot/docker-compose-local.yml | 2 ++ .../polkadot/polkadot_builder.Dockerfile | 28 ++++++++++++++----- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/scripts/dockerfiles/polkadot/docker-compose-local.yml b/scripts/dockerfiles/polkadot/docker-compose-local.yml index 2c93799259ef..441ba4212f67 100644 --- a/scripts/dockerfiles/polkadot/docker-compose-local.yml +++ b/scripts/dockerfiles/polkadot/docker-compose-local.yml @@ -8,6 +8,7 @@ services: - "30333:30333" - "9933:9933" - "9944:9944" + - "9615:9615" image: chevdor/polkadot:latest volumes: - "polkadot-data-alice:/data" @@ -24,6 +25,7 @@ services: - "30344:30344" - "9935:9935" - "9945:9945" + - "9615:9615" image: chevdor/polkadot:latest volumes: - "polkadot-data-bob:/data" diff --git a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile index 2fc5787e6cb0..cef8ea15eb6c 100644 --- a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile +++ b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile @@ -1,27 +1,41 @@ +# This is the build stage for Polkadot. Here we create the binary in a temporary image. FROM docker.io/paritytech/ci-linux:production as builder -LABEL io.parity.image.description="This is the build stage for Polkadot. Here we create the binary." + +ARG PROFILE=release WORKDIR /polkadot COPY . /polkadot -RUN cargo build --release --locked +RUN cargo build --locked --$PROFILE -# ===== SECOND STAGE ====== +# This is the 2nd stage: a very small image where we copy the Polkadot binary." FROM docker.io/library/ubuntu:20.04 -LABEL io.parity.image.description="Polkadot: a platform for web3. This is a self-buit multistage image." -COPY --from=builder /polkadot/target/release/polkadot /usr/local/bin +LABEL description="Multistage Docker image for Polkadot: a platform for web3" \ + io.parity.image.type="builder" \ + io.parity.image.authors="chevdor@gmail.com, devops-team@parity.io" \ + io.parity.image.vendor="Parity Technologies" \ + io.parity.image.description="Polkadot: a platform for web3" \ + io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/docker/Dockerfile" \ + io.parity.image.documentation="https://github.com/paritytech/polkadot/" + +ARG PROFILE=release + +COPY --from=builder /polkadot/target/$PROFILE/polkadot /usr/local/bin RUN useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \ - mkdir -p /polkadot/.local/share && \ - mkdir /data && \ + mkdir -p /data /polkadot/.local/share && \ chown -R polkadot:polkadot /data && \ ln -s /data /polkadot/.local/share/polkadot && \ rm -rf /usr/bin /usr/sbin USER polkadot + +# check if executable works in this container +RUN /usr/bin/polkadot --version + EXPOSE 30333 9933 9944 9615 VOLUME ["/data"] From ccc94787e8ef02f3d744461f6ac307da35746dcd Mon Sep 17 00:00:00 2001 From: Wilfried Kopp <wilfried@parity.io> Date: Fri, 17 Sep 2021 17:48:58 +0200 Subject: [PATCH 2/9] fix: fix binary path --- scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile index cef8ea15eb6c..e5c36731f82c 100644 --- a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile +++ b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile @@ -34,7 +34,7 @@ RUN useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \ USER polkadot # check if executable works in this container -RUN /usr/bin/polkadot --version +RUN /usr/local/bin/polkadot --version EXPOSE 30333 9933 9944 9615 VOLUME ["/data"] From d82486a189192fe436f330a07e49613d5291b2e4 Mon Sep 17 00:00:00 2001 From: Wilfried Kopp <wilfried@parity.io> Date: Fri, 17 Sep 2021 19:18:02 +0200 Subject: [PATCH 3/9] wip --- .../polkadot/polkadot_builder.Dockerfile | 20 +++++++++---------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile index e5c36731f82c..4cb531a64aab 100644 --- a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile +++ b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile @@ -1,14 +1,14 @@ # This is the build stage for Polkadot. Here we create the binary in a temporary image. FROM docker.io/paritytech/ci-linux:production as builder -ARG PROFILE=release - WORKDIR /polkadot COPY . /polkadot -RUN cargo build --locked --$PROFILE - +RUN cargo build --locked --release +# RUN mkdir -p /polkadot/target/release/ && \ +# echo "#!/usr/bin/bash\nprintf 'Hello'\n" > /polkadot/target/release/polkadot && \ +# chmod +x /polkadot/target/release/polkadot # This is the 2nd stage: a very small image where we copy the Polkadot binary." FROM docker.io/library/ubuntu:20.04 @@ -21,21 +21,19 @@ LABEL description="Multistage Docker image for Polkadot: a platform for web3" \ io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/docker/Dockerfile" \ io.parity.image.documentation="https://github.com/paritytech/polkadot/" -ARG PROFILE=release - -COPY --from=builder /polkadot/target/$PROFILE/polkadot /usr/local/bin +COPY --from=builder /polkadot/target/release/polkadot /usr/local/bin RUN useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \ mkdir -p /data /polkadot/.local/share && \ chown -R polkadot:polkadot /data && \ - ln -s /data /polkadot/.local/share/polkadot && \ - rm -rf /usr/bin /usr/sbin - -USER polkadot + ln -s /data /polkadot/.local/share/polkadot # check if executable works in this container RUN /usr/local/bin/polkadot --version +RUN rm -rf /usr/bin /usr/sbin +USER polkadot + EXPOSE 30333 9933 9944 9615 VOLUME ["/data"] From 0db9b2297cc0eaa8b1dbac041c2c4be6131ef176 Mon Sep 17 00:00:00 2001 From: Wilfried Kopp <wilfried@parity.io> Date: Wed, 29 Sep 2021 10:24:59 +0200 Subject: [PATCH 4/9] chore: refresh of the builder image + build script --- scripts/dockerfiles/polkadot/build.sh | 8 ++--- .../polkadot/docker-compose-local.yml | 30 ++++++++++--------- .../dockerfiles/polkadot/docker-compose.yml | 17 +++++++---- .../polkadot/polkadot_builder.Dockerfile | 8 ++--- 4 files changed, 33 insertions(+), 30 deletions(-) diff --git a/scripts/dockerfiles/polkadot/build.sh b/scripts/dockerfiles/polkadot/build.sh index ee4d29991a86..a375ac290f65 100755 --- a/scripts/dockerfiles/polkadot/build.sh +++ b/scripts/dockerfiles/polkadot/build.sh @@ -8,19 +8,17 @@ PROJECT_ROOT=`git rev-parse --show-toplevel` cd $PROJECT_ROOT # Find the current version from Cargo.toml -VERSION=`grep "^version" ./Cargo.toml | egrep -o "([0-9\.]+)"` +VERSION=`grep "^version" ./cli//Cargo.toml | egrep -o "([0-9\.]+)"` GITUSER=parity GITREPO=polkadot # Build the image echo "Building ${GITUSER}/${GITREPO}:latest docker image, hang on!" -time docker build -f ./scripts/docker/polkadot/polkadot_builder.Dockerfile --build-arg RUSTC_WRAPPER= --build-arg PROFILE=release -t ${GITUSER}/${GITREPO}:latest . +time docker build -f ./scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile -t ${GITUSER}/${GITREPO}:latest . +docker tag ${GITUSER}/${GITREPO}:latest ${GITUSER}/${GITREPO}:v${VERSION} # Show the list of available images for this repo echo "Image is ready" docker images | grep ${GITREPO} -echo -e "\nIf you just built version ${VERSION}, you may want to update your tag:" -echo " $ docker tag ${GITUSER}/${GITREPO}:$VERSION ${GITUSER}/${GITREPO}:${VERSION}" - popd diff --git a/scripts/dockerfiles/polkadot/docker-compose-local.yml b/scripts/dockerfiles/polkadot/docker-compose-local.yml index 441ba4212f67..b9b1614daa48 100644 --- a/scripts/dockerfiles/polkadot/docker-compose-local.yml +++ b/scripts/dockerfiles/polkadot/docker-compose-local.yml @@ -1,37 +1,39 @@ version: '3' services: node_alice: - build: - context: . - dockerfile: polkadot_builder.Dockerfile ports: - "30333:30333" - "9933:9933" - "9944:9944" - "9615:9615" - image: chevdor/polkadot:latest + image: parity/polkadot:latest volumes: - "polkadot-data-alice:/data" - command: polkadot --chain=polkadot-local --alice -d /data --node-key 0000000000000000000000000000000000000000000000000000000000000001 + command: | + --chain=polkadot-local + --alice + -d /data + --node-key 0000000000000000000000000000000000000000000000000000000000000001 networks: testing_net: ipv4_address: 172.28.1.1 node_bob: - build: - context: . - dockerfile: polkadot_builder.Dockerfile ports: - - "30344:30344" - - "9935:9935" - - "9945:9945" - - "9615:9615" - image: chevdor/polkadot:latest + - "30344:30343" + - "9935:9933" + - "9945:9944" + - "29615:9615" + image: parity/polkadot:latest volumes: - "polkadot-data-bob:/data" links: - "node_alice:alice" - command: polkadot --chain=polkadot-local --bob -d /data --port 30344 --rpc-port 9935 --ws-port 9945 --bootnodes '/ip4/172.28.1.1/tcp/30333/p2p/QmRpheLN4JWdAnY7HGJfWFNbfkQCb6tFf4vvA6hgjMZKrR' + command: | + --chain=polkadot-local + --bob + -d /data + --bootnodes '/ip4/172.28.1.1/tcp/30333/p2p/QmRpheLN4JWdAnY7HGJfWFNbfkQCb6tFf4vvA6hgjMZKrR' networks: testing_net: ipv4_address: 172.28.1.2 diff --git a/scripts/dockerfiles/polkadot/docker-compose.yml b/scripts/dockerfiles/polkadot/docker-compose.yml index 54fe158735d8..978191af88c1 100644 --- a/scripts/dockerfiles/polkadot/docker-compose.yml +++ b/scripts/dockerfiles/polkadot/docker-compose.yml @@ -1,16 +1,23 @@ version: '3' services: polkadot: - build: - context: . - dockerfile: polkadot_builder.Dockerfile ports: - "127.0.0.1:30333:30333/tcp" - "127.0.0.1:9933:9933/tcp" - image: chevdor/polkadot:latest + image: parity/polkadot:latest volumes: - "polkadot-data:/data" - command: polkadot + command: | + --unsafe-rpc-external + --unsafe-ws-external + --rpc-cors all + --prometheus-external + + ports: + - "30333:30333" + - "9933:9933" + - "9944:9944" + - "9615:9615" volumes: polkadot-data: diff --git a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile index 4cb531a64aab..6c4c984e7f84 100644 --- a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile +++ b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile @@ -2,20 +2,16 @@ FROM docker.io/paritytech/ci-linux:production as builder WORKDIR /polkadot - COPY . /polkadot RUN cargo build --locked --release -# RUN mkdir -p /polkadot/target/release/ && \ -# echo "#!/usr/bin/bash\nprintf 'Hello'\n" > /polkadot/target/release/polkadot && \ -# chmod +x /polkadot/target/release/polkadot # This is the 2nd stage: a very small image where we copy the Polkadot binary." FROM docker.io/library/ubuntu:20.04 LABEL description="Multistage Docker image for Polkadot: a platform for web3" \ - io.parity.image.type="builder" \ - io.parity.image.authors="chevdor@gmail.com, devops-team@parity.io" \ + io.parity.image.type="builder" \ + io.parity.image.authors="chevdor@gmail.com, devops-team@parity.io" \ io.parity.image.vendor="Parity Technologies" \ io.parity.image.description="Polkadot: a platform for web3" \ io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/docker/Dockerfile" \ From 2299d7529e93e848fcd80f76eb86d2aea7ce1f9d Mon Sep 17 00:00:00 2001 From: Wilfried Kopp <wilfried@parity.io> Date: Wed, 29 Sep 2021 10:29:31 +0200 Subject: [PATCH 5/9] Fix port --- scripts/dockerfiles/polkadot/docker-compose-local.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/dockerfiles/polkadot/docker-compose-local.yml b/scripts/dockerfiles/polkadot/docker-compose-local.yml index b9b1614daa48..1ff3a1ccaac2 100644 --- a/scripts/dockerfiles/polkadot/docker-compose-local.yml +++ b/scripts/dockerfiles/polkadot/docker-compose-local.yml @@ -20,7 +20,7 @@ services: node_bob: ports: - - "30344:30343" + - "30344:30333" - "9935:9933" - "9945:9944" - "29615:9615" From 610fc71a4969a083bb0772d98530b7ddde55befc Mon Sep 17 00:00:00 2001 From: Wilfried Kopp <wilfried@parity.io> Date: Wed, 29 Sep 2021 10:31:19 +0200 Subject: [PATCH 6/9] Fix typo --- scripts/dockerfiles/polkadot/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/dockerfiles/polkadot/build.sh b/scripts/dockerfiles/polkadot/build.sh index a375ac290f65..cf100bedbfaa 100755 --- a/scripts/dockerfiles/polkadot/build.sh +++ b/scripts/dockerfiles/polkadot/build.sh @@ -8,7 +8,7 @@ PROJECT_ROOT=`git rev-parse --show-toplevel` cd $PROJECT_ROOT # Find the current version from Cargo.toml -VERSION=`grep "^version" ./cli//Cargo.toml | egrep -o "([0-9\.]+)"` +VERSION=`grep "^version" ./cli/Cargo.toml | egrep -o "([0-9\.]+)"` GITUSER=parity GITREPO=polkadot From be7dbb2c036d0ba6a979ac22f6b4b3f352ad9fb3 Mon Sep 17 00:00:00 2001 From: Wilfried Kopp <wilfried@parity.io> Date: Wed, 29 Sep 2021 10:35:01 +0200 Subject: [PATCH 7/9] Fix image source --- scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile index 6c4c984e7f84..23e2488f8f77 100644 --- a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile +++ b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile @@ -14,7 +14,7 @@ LABEL description="Multistage Docker image for Polkadot: a platform for web3" \ io.parity.image.authors="chevdor@gmail.com, devops-team@parity.io" \ io.parity.image.vendor="Parity Technologies" \ io.parity.image.description="Polkadot: a platform for web3" \ - io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/docker/Dockerfile" \ + io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile" \ io.parity.image.documentation="https://github.com/paritytech/polkadot/" COPY --from=builder /polkadot/target/release/polkadot /usr/local/bin From 6a57116850a40ea13e0898cc987d59fb88d9d225 Mon Sep 17 00:00:00 2001 From: Wilfried Kopp <wilfried@parity.io> Date: Thu, 30 Sep 2021 10:41:05 +0200 Subject: [PATCH 8/9] tab to space --- scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile index 23e2488f8f77..79c97b3e3ac1 100644 --- a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile +++ b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile @@ -27,7 +27,7 @@ RUN useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \ # check if executable works in this container RUN /usr/local/bin/polkadot --version -RUN rm -rf /usr/bin /usr/sbin +RUN rm -rf /usr/bin /usr/sbin USER polkadot EXPOSE 30333 9933 9944 9615 From 899f4515c904e1461dc224e4d5a1a796675fac67 Mon Sep 17 00:00:00 2001 From: Chevdor <chevdor@users.noreply.github.com> Date: Sat, 2 Oct 2021 01:43:46 +0200 Subject: [PATCH 9/9] Update scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile Co-authored-by: Denis Pisarev <denis.pisarev@parity.io> --- scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile index 79c97b3e3ac1..6b096244a506 100644 --- a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile +++ b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile @@ -22,12 +22,12 @@ COPY --from=builder /polkadot/target/release/polkadot /usr/local/bin RUN useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \ mkdir -p /data /polkadot/.local/share && \ chown -R polkadot:polkadot /data && \ - ln -s /data /polkadot/.local/share/polkadot - + ln -s /data /polkadot/.local/share/polkadot && \ +# unclutter and minimize the attack surface + rm -rf /usr/bin /usr/sbin && \ # check if executable works in this container -RUN /usr/local/bin/polkadot --version + /usr/local/bin/polkadot --version -RUN rm -rf /usr/bin /usr/sbin USER polkadot EXPOSE 30333 9933 9944 9615