From 21008ed5484bc0a8e7b95d35f7bad8eb48bf4ea8 Mon Sep 17 00:00:00 2001
From: Wilfried Kopp <wilfried@parity.io>
Date: Fri, 17 Sep 2021 17:11:28 +0200
Subject: [PATCH 1/9] chore: update `builder` image

fix #9765
---
 .../polkadot/docker-compose-local.yml         |  2 ++
 .../polkadot/polkadot_builder.Dockerfile      | 28 ++++++++++++++-----
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/scripts/dockerfiles/polkadot/docker-compose-local.yml b/scripts/dockerfiles/polkadot/docker-compose-local.yml
index 2c93799259ef..441ba4212f67 100644
--- a/scripts/dockerfiles/polkadot/docker-compose-local.yml
+++ b/scripts/dockerfiles/polkadot/docker-compose-local.yml
@@ -8,6 +8,7 @@ services:
       - "30333:30333"
       - "9933:9933"
       - "9944:9944"
+      - "9615:9615"
     image: chevdor/polkadot:latest
     volumes:
       - "polkadot-data-alice:/data"
@@ -24,6 +25,7 @@ services:
       - "30344:30344"
       - "9935:9935"
       - "9945:9945"
+      - "9615:9615"
     image: chevdor/polkadot:latest
     volumes:
       - "polkadot-data-bob:/data"
diff --git a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
index 2fc5787e6cb0..cef8ea15eb6c 100644
--- a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
+++ b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
@@ -1,27 +1,41 @@
+# This is the build stage for Polkadot. Here we create the binary in a temporary image.
 FROM docker.io/paritytech/ci-linux:production as builder
-LABEL io.parity.image.description="This is the build stage for Polkadot. Here we create the binary."
+
+ARG PROFILE=release
 
 WORKDIR /polkadot
 
 COPY . /polkadot
 
-RUN cargo build --release --locked
+RUN cargo build --locked --$PROFILE
 
-# ===== SECOND STAGE ======
 
+# This is the 2nd stage: a very small image where we copy the Polkadot binary."
 FROM docker.io/library/ubuntu:20.04
-LABEL io.parity.image.description="Polkadot: a platform for web3. This is a self-buit multistage image."
 
-COPY --from=builder /polkadot/target/release/polkadot /usr/local/bin
+LABEL description="Multistage Docker image for Polkadot: a platform for web3" \
+    io.parity.image.type="builder" \
+    io.parity.image.authors="chevdor@gmail.com, devops-team@parity.io" \
+	io.parity.image.vendor="Parity Technologies" \
+	io.parity.image.description="Polkadot: a platform for web3" \
+	io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/docker/Dockerfile" \
+	io.parity.image.documentation="https://github.com/paritytech/polkadot/"
+
+ARG PROFILE=release
+
+COPY --from=builder /polkadot/target/$PROFILE/polkadot /usr/local/bin
 
 RUN useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \
-	mkdir -p /polkadot/.local/share && \
-	mkdir /data && \
+	mkdir -p /data /polkadot/.local/share && \
 	chown -R polkadot:polkadot /data && \
 	ln -s /data /polkadot/.local/share/polkadot && \
 	rm -rf /usr/bin /usr/sbin
 
 USER polkadot
+
+# check if executable works in this container
+RUN /usr/bin/polkadot --version
+
 EXPOSE 30333 9933 9944 9615
 VOLUME ["/data"]
 

From ccc94787e8ef02f3d744461f6ac307da35746dcd Mon Sep 17 00:00:00 2001
From: Wilfried Kopp <wilfried@parity.io>
Date: Fri, 17 Sep 2021 17:48:58 +0200
Subject: [PATCH 2/9] fix: fix binary path

---
 scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
index cef8ea15eb6c..e5c36731f82c 100644
--- a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
+++ b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
@@ -34,7 +34,7 @@ RUN useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \
 USER polkadot
 
 # check if executable works in this container
-RUN /usr/bin/polkadot --version
+RUN /usr/local/bin/polkadot --version
 
 EXPOSE 30333 9933 9944 9615
 VOLUME ["/data"]

From d82486a189192fe436f330a07e49613d5291b2e4 Mon Sep 17 00:00:00 2001
From: Wilfried Kopp <wilfried@parity.io>
Date: Fri, 17 Sep 2021 19:18:02 +0200
Subject: [PATCH 3/9] wip

---
 .../polkadot/polkadot_builder.Dockerfile      | 20 +++++++++----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
index e5c36731f82c..4cb531a64aab 100644
--- a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
+++ b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
@@ -1,14 +1,14 @@
 # This is the build stage for Polkadot. Here we create the binary in a temporary image.
 FROM docker.io/paritytech/ci-linux:production as builder
 
-ARG PROFILE=release
-
 WORKDIR /polkadot
 
 COPY . /polkadot
 
-RUN cargo build --locked --$PROFILE
-
+RUN cargo build --locked --release
+# RUN mkdir -p /polkadot/target/release/ && \
+# 	echo "#!/usr/bin/bash\nprintf 'Hello'\n" > /polkadot/target/release/polkadot && \
+# 	chmod +x /polkadot/target/release/polkadot
 
 # This is the 2nd stage: a very small image where we copy the Polkadot binary."
 FROM docker.io/library/ubuntu:20.04
@@ -21,21 +21,19 @@ LABEL description="Multistage Docker image for Polkadot: a platform for web3" \
 	io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/docker/Dockerfile" \
 	io.parity.image.documentation="https://github.com/paritytech/polkadot/"
 
-ARG PROFILE=release
-
-COPY --from=builder /polkadot/target/$PROFILE/polkadot /usr/local/bin
+COPY --from=builder /polkadot/target/release/polkadot /usr/local/bin
 
 RUN useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \
 	mkdir -p /data /polkadot/.local/share && \
 	chown -R polkadot:polkadot /data && \
-	ln -s /data /polkadot/.local/share/polkadot && \
-	rm -rf /usr/bin /usr/sbin
-
-USER polkadot
+	ln -s /data /polkadot/.local/share/polkadot
 
 # check if executable works in this container
 RUN /usr/local/bin/polkadot --version
 
+RUN	rm -rf /usr/bin /usr/sbin
+USER polkadot
+
 EXPOSE 30333 9933 9944 9615
 VOLUME ["/data"]
 

From 0db9b2297cc0eaa8b1dbac041c2c4be6131ef176 Mon Sep 17 00:00:00 2001
From: Wilfried Kopp <wilfried@parity.io>
Date: Wed, 29 Sep 2021 10:24:59 +0200
Subject: [PATCH 4/9] chore: refresh of the builder image + build script

---
 scripts/dockerfiles/polkadot/build.sh         |  8 ++---
 .../polkadot/docker-compose-local.yml         | 30 ++++++++++---------
 .../dockerfiles/polkadot/docker-compose.yml   | 17 +++++++----
 .../polkadot/polkadot_builder.Dockerfile      |  8 ++---
 4 files changed, 33 insertions(+), 30 deletions(-)

diff --git a/scripts/dockerfiles/polkadot/build.sh b/scripts/dockerfiles/polkadot/build.sh
index ee4d29991a86..a375ac290f65 100755
--- a/scripts/dockerfiles/polkadot/build.sh
+++ b/scripts/dockerfiles/polkadot/build.sh
@@ -8,19 +8,17 @@ PROJECT_ROOT=`git rev-parse --show-toplevel`
 cd $PROJECT_ROOT
 
 # Find the current version from Cargo.toml
-VERSION=`grep "^version" ./Cargo.toml | egrep -o "([0-9\.]+)"`
+VERSION=`grep "^version" ./cli//Cargo.toml | egrep -o "([0-9\.]+)"`
 GITUSER=parity
 GITREPO=polkadot
 
 # Build the image
 echo "Building ${GITUSER}/${GITREPO}:latest docker image, hang on!"
-time docker build -f ./scripts/docker/polkadot/polkadot_builder.Dockerfile --build-arg RUSTC_WRAPPER= --build-arg PROFILE=release -t ${GITUSER}/${GITREPO}:latest .
+time docker build -f ./scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile -t ${GITUSER}/${GITREPO}:latest .
+docker tag ${GITUSER}/${GITREPO}:latest ${GITUSER}/${GITREPO}:v${VERSION}
 
 # Show the list of available images for this repo
 echo "Image is ready"
 docker images | grep ${GITREPO}
 
-echo -e "\nIf you just built version ${VERSION}, you may want to update your tag:"
-echo " $ docker tag ${GITUSER}/${GITREPO}:$VERSION ${GITUSER}/${GITREPO}:${VERSION}"
-
 popd
diff --git a/scripts/dockerfiles/polkadot/docker-compose-local.yml b/scripts/dockerfiles/polkadot/docker-compose-local.yml
index 441ba4212f67..b9b1614daa48 100644
--- a/scripts/dockerfiles/polkadot/docker-compose-local.yml
+++ b/scripts/dockerfiles/polkadot/docker-compose-local.yml
@@ -1,37 +1,39 @@
 version: '3'
 services:
   node_alice:
-    build:
-      context: .
-      dockerfile: polkadot_builder.Dockerfile
     ports:
       - "30333:30333"
       - "9933:9933"
       - "9944:9944"
       - "9615:9615"
-    image: chevdor/polkadot:latest
+    image: parity/polkadot:latest
     volumes:
       - "polkadot-data-alice:/data"
-    command: polkadot --chain=polkadot-local --alice -d /data --node-key 0000000000000000000000000000000000000000000000000000000000000001
+    command: |
+      --chain=polkadot-local
+      --alice
+      -d /data
+      --node-key 0000000000000000000000000000000000000000000000000000000000000001
     networks:
       testing_net:
         ipv4_address: 172.28.1.1
 
   node_bob:
-    build:
-      context: .
-      dockerfile: polkadot_builder.Dockerfile
     ports:
-      - "30344:30344"
-      - "9935:9935"
-      - "9945:9945"
-      - "9615:9615"
-    image: chevdor/polkadot:latest
+      - "30344:30343"
+      - "9935:9933"
+      - "9945:9944"
+      - "29615:9615"
+    image: parity/polkadot:latest
     volumes:
       - "polkadot-data-bob:/data"
     links:
       - "node_alice:alice"
-    command: polkadot --chain=polkadot-local --bob -d /data --port 30344 --rpc-port 9935 --ws-port 9945 --bootnodes '/ip4/172.28.1.1/tcp/30333/p2p/QmRpheLN4JWdAnY7HGJfWFNbfkQCb6tFf4vvA6hgjMZKrR'
+    command: |
+      --chain=polkadot-local
+      --bob
+      -d /data
+      --bootnodes '/ip4/172.28.1.1/tcp/30333/p2p/QmRpheLN4JWdAnY7HGJfWFNbfkQCb6tFf4vvA6hgjMZKrR'
     networks:
       testing_net:
         ipv4_address: 172.28.1.2
diff --git a/scripts/dockerfiles/polkadot/docker-compose.yml b/scripts/dockerfiles/polkadot/docker-compose.yml
index 54fe158735d8..978191af88c1 100644
--- a/scripts/dockerfiles/polkadot/docker-compose.yml
+++ b/scripts/dockerfiles/polkadot/docker-compose.yml
@@ -1,16 +1,23 @@
 version: '3'
 services:
   polkadot:
-    build:
-      context: .
-      dockerfile: polkadot_builder.Dockerfile
     ports:
       - "127.0.0.1:30333:30333/tcp"
       - "127.0.0.1:9933:9933/tcp"
-    image: chevdor/polkadot:latest
+    image: parity/polkadot:latest
     volumes:
       - "polkadot-data:/data"
-    command: polkadot
+    command: |
+      --unsafe-rpc-external
+      --unsafe-ws-external
+      --rpc-cors all
+      --prometheus-external
+
+    ports:
+      - "30333:30333"
+      - "9933:9933"
+      - "9944:9944"
+      - "9615:9615"
 
 volumes:
   polkadot-data:
diff --git a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
index 4cb531a64aab..6c4c984e7f84 100644
--- a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
+++ b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
@@ -2,20 +2,16 @@
 FROM docker.io/paritytech/ci-linux:production as builder
 
 WORKDIR /polkadot
-
 COPY . /polkadot
 
 RUN cargo build --locked --release
-# RUN mkdir -p /polkadot/target/release/ && \
-# 	echo "#!/usr/bin/bash\nprintf 'Hello'\n" > /polkadot/target/release/polkadot && \
-# 	chmod +x /polkadot/target/release/polkadot
 
 # This is the 2nd stage: a very small image where we copy the Polkadot binary."
 FROM docker.io/library/ubuntu:20.04
 
 LABEL description="Multistage Docker image for Polkadot: a platform for web3" \
-    io.parity.image.type="builder" \
-    io.parity.image.authors="chevdor@gmail.com, devops-team@parity.io" \
+	io.parity.image.type="builder" \
+	io.parity.image.authors="chevdor@gmail.com, devops-team@parity.io" \
 	io.parity.image.vendor="Parity Technologies" \
 	io.parity.image.description="Polkadot: a platform for web3" \
 	io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/docker/Dockerfile" \

From 2299d7529e93e848fcd80f76eb86d2aea7ce1f9d Mon Sep 17 00:00:00 2001
From: Wilfried Kopp <wilfried@parity.io>
Date: Wed, 29 Sep 2021 10:29:31 +0200
Subject: [PATCH 5/9] Fix port

---
 scripts/dockerfiles/polkadot/docker-compose-local.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/dockerfiles/polkadot/docker-compose-local.yml b/scripts/dockerfiles/polkadot/docker-compose-local.yml
index b9b1614daa48..1ff3a1ccaac2 100644
--- a/scripts/dockerfiles/polkadot/docker-compose-local.yml
+++ b/scripts/dockerfiles/polkadot/docker-compose-local.yml
@@ -20,7 +20,7 @@ services:
 
   node_bob:
     ports:
-      - "30344:30343"
+      - "30344:30333"
       - "9935:9933"
       - "9945:9944"
       - "29615:9615"

From 610fc71a4969a083bb0772d98530b7ddde55befc Mon Sep 17 00:00:00 2001
From: Wilfried Kopp <wilfried@parity.io>
Date: Wed, 29 Sep 2021 10:31:19 +0200
Subject: [PATCH 6/9] Fix typo

---
 scripts/dockerfiles/polkadot/build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/dockerfiles/polkadot/build.sh b/scripts/dockerfiles/polkadot/build.sh
index a375ac290f65..cf100bedbfaa 100755
--- a/scripts/dockerfiles/polkadot/build.sh
+++ b/scripts/dockerfiles/polkadot/build.sh
@@ -8,7 +8,7 @@ PROJECT_ROOT=`git rev-parse --show-toplevel`
 cd $PROJECT_ROOT
 
 # Find the current version from Cargo.toml
-VERSION=`grep "^version" ./cli//Cargo.toml | egrep -o "([0-9\.]+)"`
+VERSION=`grep "^version" ./cli/Cargo.toml | egrep -o "([0-9\.]+)"`
 GITUSER=parity
 GITREPO=polkadot
 

From be7dbb2c036d0ba6a979ac22f6b4b3f352ad9fb3 Mon Sep 17 00:00:00 2001
From: Wilfried Kopp <wilfried@parity.io>
Date: Wed, 29 Sep 2021 10:35:01 +0200
Subject: [PATCH 7/9] Fix image source

---
 scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
index 6c4c984e7f84..23e2488f8f77 100644
--- a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
+++ b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
@@ -14,7 +14,7 @@ LABEL description="Multistage Docker image for Polkadot: a platform for web3" \
 	io.parity.image.authors="chevdor@gmail.com, devops-team@parity.io" \
 	io.parity.image.vendor="Parity Technologies" \
 	io.parity.image.description="Polkadot: a platform for web3" \
-	io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/docker/Dockerfile" \
+	io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile" \
 	io.parity.image.documentation="https://github.com/paritytech/polkadot/"
 
 COPY --from=builder /polkadot/target/release/polkadot /usr/local/bin

From 6a57116850a40ea13e0898cc987d59fb88d9d225 Mon Sep 17 00:00:00 2001
From: Wilfried Kopp <wilfried@parity.io>
Date: Thu, 30 Sep 2021 10:41:05 +0200
Subject: [PATCH 8/9] tab to space

---
 scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
index 23e2488f8f77..79c97b3e3ac1 100644
--- a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
+++ b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
@@ -27,7 +27,7 @@ RUN useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \
 # check if executable works in this container
 RUN /usr/local/bin/polkadot --version
 
-RUN	rm -rf /usr/bin /usr/sbin
+RUN rm -rf /usr/bin /usr/sbin
 USER polkadot
 
 EXPOSE 30333 9933 9944 9615

From 899f4515c904e1461dc224e4d5a1a796675fac67 Mon Sep 17 00:00:00 2001
From: Chevdor <chevdor@users.noreply.github.com>
Date: Sat, 2 Oct 2021 01:43:46 +0200
Subject: [PATCH 9/9] Update
 scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile

Co-authored-by: Denis Pisarev <denis.pisarev@parity.io>
---
 scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
index 79c97b3e3ac1..6b096244a506 100644
--- a/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
+++ b/scripts/dockerfiles/polkadot/polkadot_builder.Dockerfile
@@ -22,12 +22,12 @@ COPY --from=builder /polkadot/target/release/polkadot /usr/local/bin
 RUN useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \
 	mkdir -p /data /polkadot/.local/share && \
 	chown -R polkadot:polkadot /data && \
-	ln -s /data /polkadot/.local/share/polkadot
-
+	ln -s /data /polkadot/.local/share/polkadot && \
+# unclutter and minimize the attack surface
+	rm -rf /usr/bin /usr/sbin && \
 # check if executable works in this container
-RUN /usr/local/bin/polkadot --version
+	/usr/local/bin/polkadot --version
 
-RUN rm -rf /usr/bin /usr/sbin
 USER polkadot
 
 EXPOSE 30333 9933 9944 9615