Merge pull request #143 from movementlabsxyz/l-monninger/docker-build-with-d-in-d

andygolay · web-flow · commit 66e7e009db5a · 2025-06-10T09:42:38.000-04:00
feat: podman-in-podman
diff --git a/.github/workflows/build-push-containers-all.yml b/.github/workflows/build-push-containers-all.yml
@@ -22,25 +22,31 @@ jobs:
         echo "INFO: github context object content below"
         echo "${GITHUB_CONTEXT}"
 
-#  build-push-checked-containers:
-#    uses: ./.github/workflows/build-push-container.yml
-#    name: Build Push Checked Containers
-#    secrets: inherit
-#    strategy:
-#      matrix:
-#        container_name:
+  build-push-checked-containers:
+    uses: ./.github/workflows/build-push-container.yml
+    name: Build Push Checked Containers
+    secrets: inherit
+    strategy:
+      matrix:
+        container_name:
+          - movement
+          - movement-aptos
+          - mtma
    
-#    with:
-#      container_name: ${{ matrix.container_name }}
+    with:
+      container_name: ${{ matrix.container_name }}
 
-#  build-push-checked-manifest:
-#    uses: ./.github/workflows/build-push-manifest.yml
-#    name: Build Push Checked Manifest
-#    needs: 
-#      - build-push-checked-containers
-#    secrets: inherit
-#    strategy:
-#      matrix:
-#        container_name:
-#    with:
-#      container_name: ${{ matrix.container_name }}
+  build-push-checked-manifest:
+    uses: ./.github/workflows/build-push-manifest.yml
+    name: Build Push Checked Manifest
+    needs: 
+      - build-push-checked-containers
+    secrets: inherit
+    strategy:
+      matrix:
+        container_name:
+          - movement
+          - movement-aptos
+          - mtma
+    with:
+      container_name: ${{ matrix.container_name }}
diff --git a/.gitignore b/.gitignore
@@ -7,3 +7,4 @@ debug
 .direnv
 .DS_Store
 .vendors
+.vendor
diff --git a/docker/build/movement-aptos/Dockerfile b/docker/build/movement-aptos/Dockerfile
@@ -0,0 +1,31 @@
+FROM nixos/nix:2.29.0 AS builder
+
+RUN nix-env -iA nixpkgs.rsync nixpkgs.glibc nixpkgs.gawk
+
+# Copy the source code into the container
+COPY . /tmp/build
+WORKDIR /tmp/build
+
+# Set build to docker to skip the podman initilization while opening the flake
+ENV BUILD=docker
+
+# Build the Rust application
+RUN nix --extra-experimental-features "nix-command flakes" \
+        develop .#docker-build --command bash -c "cargo build --release -p movement-aptos"
+
+RUN rust_binary="./target/release/movement-aptos"; dest_dir="/tmp/runtime"; \
+    mkdir -p "$dest_dir"; ldd "$rust_binary" | awk '{print $3}' | \
+    grep '^/' | xargs -I {} dirname {} | sort | uniq | xargs -I {} \
+    bash -c 'mkdir -p "$0/$1" && rsync -a --copy-links "$1/" "$0/$1/"' "$dest_dir" {}
+
+FROM alpine:3.22.0
+
+# Install dependencies: git
+RUN apk add --no-cache git
+
+# Copy the build artifact from the builder stage
+COPY --from=builder /tmp/build/target/release/movement-aptos /app/movement-aptos
+COPY --from=builder /tmp/runtime/nix/store /nix/store
+
+# Set the binary as the entrypoint
+ENTRYPOINT ["/app/movement-aptos"]
diff --git a/docker/build/movement/Dockerfile b/docker/build/movement/Dockerfile
@@ -0,0 +1,49 @@
+FROM nixos/nix:2.29.0 AS builder
+
+RUN nix-env -iA nixpkgs.rsync nixpkgs.glibc nixpkgs.gawk
+
+# Copy the source code into the container
+COPY . /tmp/build
+WORKDIR /tmp/build
+
+# Set build to docker to skip the podman initilization while opening the flake
+ENV BUILD=docker
+
+# Build the Rust application
+RUN nix --extra-experimental-features "nix-command flakes" \
+        develop .#docker-build --command bash -c "cargo build --release --bin movement"
+
+RUN rust_binary="./target/release/movement"; dest_dir="/tmp/runtime"; \
+    mkdir -p "$dest_dir"; ldd "$rust_binary" | awk '{print $3}' | \
+    grep '^/' | xargs -I {} dirname {} | sort | uniq | xargs -I {} \
+    bash -c 'mkdir -p "$0/$1" && rsync -a --copy-links "$1/" "$0/$1/"' "$dest_dir" {}
+
+
+FROM alpine:3.22.0
+
+# Create non-root user
+RUN adduser -u 1000 -D -s /bin/bash movement
+
+# Copy binary and runtime deps
+COPY --from=builder /tmp/build/target/release/movement /app/movement
+COPY --from=builder /tmp/runtime/nix/store /nix/store
+
+# Environment setup
+ENV PATH="/nix/var/nix/profiles/default/bin:$PATH"
+ENV XDG_RUNTIME_DIR="/run/user/1000"
+ENV TMPDIR="/tmp"
+ENV DOCKER_HOST="unix:///run/user/1000/podman/podman-machine-default-api.sock"
+
+# Create required runtime dirs with proper ownership
+RUN mkdir -p /run/user/1000/podman && \
+    chown -R movement:movement /run/user/1000 /app /nix
+
+# Copy runtime bootstrap script
+COPY docker/build/movement/entry.sh /app/entry.sh
+RUN chmod +x /app/entry.sh
+
+# Switch to non-root user
+USER movement
+
+# Entrypoint to bootstrap podman and launch movement
+ENTRYPOINT ["/app/entry.sh"]
diff --git a/docker/build/movement/entry.sh b/docker/build/movement/entry.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -e
+
+# Start Podman machine if not running
+if ! podman machine inspect podman-machine-default --format '{{.State}}' 2>/dev/null | grep -q 'running'; then
+    echo "Starting podman machine..."
+    podman machine start
+fi
+
+# Wait for podman socket
+timeout=30
+elapsed=0
+while [ ! -S "$DOCKER_HOST" ]; do
+    echo "Waiting for podman socket..."
+    sleep 1
+    elapsed=$((elapsed + 1))
+    if [ "$elapsed" -ge "$timeout" ]; then
+        echo "Timed out waiting for podman socket."
+        exit 1
+    fi
+done
+
+echo "Podman socket ready. Launching application..."
+exec /app/movement "$@"
diff --git a/docker/build/mtma/Dockerfile b/docker/build/mtma/Dockerfile
@@ -0,0 +1,48 @@
+FROM nixos/nix:2.29.0 AS builder
+
+RUN nix-env -iA nixpkgs.rsync nixpkgs.glibc nixpkgs.gawk
+
+# Copy the source code into the container
+COPY . /tmp/build
+WORKDIR /tmp/build
+
+# Set build to docker to skip the podman initilization while opening the flake
+ENV BUILD=docker
+
+# Build the Rust application
+RUN nix --extra-experimental-features "nix-command flakes" \
+        develop .#docker-build --command bash -c "cargo build --release -p mtma"
+
+RUN rust_binary="./target/release/mtma"; dest_dir="/tmp/runtime"; \
+    mkdir -p "$dest_dir"; ldd "$rust_binary" | awk '{print $3}' | \
+    grep '^/' | xargs -I {} dirname {} | sort | uniq | xargs -I {} \
+    bash -c 'mkdir -p "$0/$1" && rsync -a --copy-links "$1/" "$0/$1/"' "$dest_dir" {}
+
+FROM alpine:3.22.0
+
+# Create non-root user
+RUN adduser -u 1000 -D -s /bin/bash mtma
+
+# Copy binary and runtime deps
+COPY --from=builder /tmp/build/target/release/mtma /app/mtma
+COPY --from=builder /tmp/runtime/nix/store /nix/store
+
+# Environment setup
+ENV PATH="/nix/var/nix/profiles/default/bin:$PATH"
+ENV XDG_RUNTIME_DIR="/run/user/1000"
+ENV TMPDIR="/tmp"
+ENV DOCKER_HOST="unix:///run/user/1000/podman/podman-machine-default-api.sock"
+
+# Create required runtime dirs with proper ownership
+RUN mkdir -p /run/user/1000/podman && \
+    chown -R mtma:mtma /run/user/1000 /app /nix
+
+# Copy runtime bootstrap script
+COPY docker/build/mtma/entry.sh /app/entry.sh
+RUN chmod +x /app/entry.sh
+
+# Switch to non-root user
+USER mtma
+
+# Entrypoint to bootstrap podman and launch mtma
+ENTRYPOINT ["/app/entry.sh"]
diff --git a/docker/build/mtma/entry.sh b/docker/build/mtma/entry.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -e
+
+# Start Podman machine if not running
+if ! podman machine inspect podman-machine-default --format '{{.State}}' 2>/dev/null | grep -q 'running'; then
+    echo "Starting podman machine..."
+    podman machine start
+fi
+
+# Wait for podman socket
+timeout=30
+elapsed=0
+while [ ! -S "$DOCKER_HOST" ]; do
+    echo "Waiting for podman socket..."
+    sleep 1
+    elapsed=$((elapsed + 1))
+    if [ "$elapsed" -ge "$timeout" ]; then
+        echo "Timed out waiting for podman socket."
+        exit 1
+    fi
+done
+
+echo "Podman socket ready. Launching application..."
+exec /app/mtma "$@"
diff --git a/flake.nix b/flake.nix
@@ -54,8 +54,13 @@
           zlib
           pandoc
           postgresql
+          qemu_kvm
+          qemu-utils
+          libvirt
         ] ++ lib.optionals stdenv.isDarwin [
           fixDarwinDylibNames
+        ] ++ lib.optionals stdenv.isLinux [
+          virtiofsd
         ];
         
         sysDependencies = with pkgs; [] 
@@ -79,6 +84,7 @@
           process-compose
           jq
           docker
+          podman
           solc
           grpcurl
           grpcui
@@ -120,6 +126,29 @@
                 export CPPFLAGS="-I/opt/homebrew/opt/zlib/include"
               fi
 
+              # Check if podman machine exists and is running
+              if [ "$BUILD" != "docker" ]; then
+                if ! podman machine inspect podman-machine-default &>/dev/null; then
+                  echo "Initializing podman machine..."
+                  podman machine init
+                  podman machine start
+                elif ! podman machine inspect podman-machine-default --format '{{.State}}' | grep -q 'running'; then
+                  echo "Starting podman machine..."
+                  podman machine start
+                fi
+
+                # Find the actual podman socket location
+                PODMAN_SOCKET=$(find /tmp/nix-shell.*/podman -name "podman-machine-default-api.sock" -type s 2>/dev/null | head -n 1)
+                if [ -n "$PODMAN_SOCKET" ]; then
+                  export DOCKER_HOST="unix://$PODMAN_SOCKET"
+                  echo "Set DOCKER_HOST to Podman socket: $DOCKER_HOST"
+                else
+                  echo "Warning: Could not find Podman socket"
+                fi
+              else 
+                echo "Build is docker podman will not be started."
+              fi
+
               # Add ./target/debug/* to PATH
               export PATH="$PATH:$(pwd)/target/debug"
 
diff --git a/scripts/docker/build-push-container.sh b/scripts/docker/build-push-container.sh
diff --git a/scripts/docker/build-push-manifest.sh b/scripts/docker/build-push-manifest.sh
diff --git a/util/movement/core/build.rs b/util/movement/core/build.rs
