diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 4f38356f0f..228ed8abdd 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -47,3 +47,19 @@ jobs: components: clippy, rustfmt - name: Run transaction Fuzzing check run: make check-tx-fuzzing + + hadolint: + name: Hadolint - ${{ matrix.os }} + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-latest] + steps: + - uses: actions/checkout@v4 + - name: Install hadolint + run: | + wget -O /tmp/hadolint https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 + chmod +x /tmp/hadolint + sudo mv /tmp/hadolint /usr/local/bin/hadolint + - name: Run hadolint + run: make lint-dockerfiles diff --git a/Dockerfile b/Dockerfile index 58a13deafd..984165b045 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,8 @@ FROM rust:bullseye AS build -RUN apt-get update && apt-get install -y protobuf-compiler && apt-get clean +# hadolint ignore=DL3008 +RUN apt-get update && \ + apt-get install -y --no-install-recommends protobuf-compiler && \ + apt-get clean RUN rustup default 1.84 && rustup component add rustfmt WORKDIR /openmina COPY . . @@ -11,21 +14,30 @@ RUN --mount=type=cache,target=/usr/local/cargo/registry \ RUN --mount=type=cache,target=/usr/local/cargo/registry \ --mount=type=cache,target=/openmina/target,id=rust-target \ - cargo build --release --features scenario-generators --bin openmina-node-testing && \ + cargo build --release --features scenario-generators \ + --bin openmina-node-testing && \ cp -r /openmina/target/release /openmina/testing-release-bin/ # necessary for proof generation when running a block producer. -RUN git clone --depth 1 https://github.com/openmina/circuit-blobs.git \ - && rm -rf circuit-blobs/berkeley_rc1 circuit-blobs/*/tests +RUN git clone --depth 1 \ + https://github.com/openmina/circuit-blobs.git && \ + rm -rf circuit-blobs/berkeley_rc1 circuit-blobs/*/tests FROM debian:bullseye -RUN apt-get update && apt-get install -y libjemalloc2 libssl1.1 libpq5 curl jq procps && apt-get clean +# hadolint ignore=DL3008 +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + libjemalloc2 libssl1.1 libpq5 curl jq procps && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* COPY --from=build /openmina/release-bin/openmina /usr/local/bin/ -COPY --from=build /openmina/testing-release-bin/openmina-node-testing /usr/local/bin/ +COPY --from=build /openmina/testing-release-bin/openmina-node-testing \ + /usr/local/bin/ RUN mkdir -p /usr/local/lib/openmina/circuit-blobs -COPY --from=build /openmina/circuit-blobs/ /usr/local/lib/openmina/circuit-blobs/ +COPY --from=build /openmina/circuit-blobs/ \ + /usr/local/lib/openmina/circuit-blobs/ EXPOSE 3000 EXPOSE 8302 diff --git a/Makefile b/Makefile index 63c6096ed6..30b23cbb38 100644 --- a/Makefile +++ b/Makefile @@ -95,6 +95,22 @@ format-md: ## Format all markdown files to wrap at 80 characters lint: ## Run linter (clippy) cargo clippy --all-targets -- -D warnings --allow clippy::mutable_key_type +.PHONY: lint-dockerfiles +lint-dockerfiles: ## Check all Dockerfiles using hadolint + @if [ "$$GITHUB_ACTIONS" = "true" ]; then \ + OUTPUT=$$(find . -name "Dockerfile*" -type f -exec hadolint {} \;); \ + if [ -n "$$OUTPUT" ]; then \ + echo "$$OUTPUT"; \ + exit 1; \ + fi; \ + else \ + OUTPUT=$$(find . -name "Dockerfile*" -type f -exec sh -c 'docker run --rm -i hadolint/hadolint < "$$1"' _ {} \;); \ + if [ -n "$$OUTPUT" ]; then \ + echo "$$OUTPUT"; \ + exit 1; \ + fi; \ + fi + .PHONY: setup-wasm-toolchain setup-wasm-toolchain: ## Setup the WebAssembly toolchain, using nightly @ARCH=$$(uname -m); \ @@ -133,3 +149,66 @@ test-release: ## Run tests in release mode .PHONY: test-vrf test-vrf: ## Run VRF tests, requires nightly Rust @cd vrf && cargo +nightly test --release -- -Z unstable-options --report-time + +# Docker build targets +DOCKER_ORG ?= openmina +GIT_COMMIT := $(shell git rev-parse --short=8 HEAD) + +.PHONY: docker-build-all +docker-build-all: docker-build-bootstrap-sandbox docker-build-debugger \ + docker-build-frontend docker-build-fuzzing docker-build-heartbeats-processor \ + docker-build-light docker-build-light-focal docker-build-openmina \ + docker-build-openmina-testing docker-build-producer-dashboard \ + docker-build-test ## Build all Docker images + +.PHONY: docker-build-bootstrap-sandbox +docker-build-bootstrap-sandbox: ## Build bootstrap sandbox Docker image + docker build -t $(DOCKER_ORG)/openmina-bootstrap-sandbox:$(GIT_COMMIT) \ + tools/bootstrap-sandbox/ + +.PHONY: docker-build-debugger +docker-build-debugger: ## Build debugger Docker image + docker build -t $(DOCKER_ORG)/openmina-debugger:$(GIT_COMMIT) \ + -f node/testing/docker/Dockerfile.debugger node/testing/docker/ + +.PHONY: docker-build-frontend +docker-build-frontend: ## Build frontend Docker image + docker build -t $(DOCKER_ORG)/openmina-frontend:$(GIT_COMMIT) frontend/ + +.PHONY: docker-build-fuzzing +docker-build-fuzzing: ## Build fuzzing Docker image + docker build -t $(DOCKER_ORG)/openmina-fuzzing:$(GIT_COMMIT) tools/fuzzing/ + +.PHONY: docker-build-heartbeats-processor +docker-build-heartbeats-processor: ## Build heartbeats processor Docker image + docker build -t $(DOCKER_ORG)/openmina-heartbeats-processor:$(GIT_COMMIT) \ + tools/heartbeats-processor/ + +.PHONY: docker-build-light +docker-build-light: ## Build light Docker image + docker build -t $(DOCKER_ORG)/openmina-light:$(GIT_COMMIT) \ + -f node/testing/docker/Dockerfile.light node/testing/docker/ + +.PHONY: docker-build-light-focal +docker-build-light-focal: ## Build light focal Docker image + docker build -t $(DOCKER_ORG)/openmina-light-focal:$(GIT_COMMIT) \ + -f node/testing/docker/Dockerfile.light.focal node/testing/docker/ + +.PHONY: docker-build-openmina +docker-build-openmina: ## Build main OpenMina Docker image + docker build -t $(DOCKER_ORG)/openmina:$(GIT_COMMIT) . + +.PHONY: docker-build-openmina-testing +docker-build-openmina-testing: ## Build OpenMina testing Docker image + docker build -t $(DOCKER_ORG)/openmina-testing:$(GIT_COMMIT) \ + -f node/testing/docker/Dockerfile.openmina node/testing/docker/ + +.PHONY: docker-build-producer-dashboard +docker-build-producer-dashboard: ## Build producer dashboard Docker image + docker build -t $(DOCKER_ORG)/openmina-producer-dashboard:$(GIT_COMMIT) \ + -f docker/producer-dashboard/Dockerfile . + +.PHONY: docker-build-test +docker-build-test: ## Build test Docker image + docker build -t $(DOCKER_ORG)/openmina-test:$(GIT_COMMIT) \ + -f node/testing/docker/Dockerfile.test node/testing/docker/ diff --git a/docker/producer-dashboard/Dockerfile b/docker/producer-dashboard/Dockerfile index 0db06f8521..c7dcbb5329 100644 --- a/docker/producer-dashboard/Dockerfile +++ b/docker/producer-dashboard/Dockerfile @@ -4,13 +4,17 @@ WORKDIR /usr/src/openmina-producer-dashboard COPY ../ . -RUN cd producer-dashboard && SQLX_OFFLINE=true cargo install --path . +WORKDIR /usr/src/openmina-producer-dashboard/producer-dashboard +RUN SQLX_OFFLINE=true cargo install --path . FROM ubuntu:noble AS mina-builder -RUN apt-get update && apt-get install -y openssl ca-certificates +# hadolint ignore=DL3008 +RUN apt-get update && \ + apt-get install -y --no-install-recommends openssl ca-certificates # Build mina from source +# hadolint ignore=DL3008 RUN apt-get update && \ apt-get -y --no-install-recommends install \ libboost-dev \ @@ -37,8 +41,9 @@ RUN apt-get update && \ unzip \ rsync - -RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y +SHELL ["/bin/bash", "-o", "pipefail", "-c"] +RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \ + sh -s -- -y WORKDIR /go RUN git clone https://github.com/MinaProtocol/mina.git @@ -46,7 +51,8 @@ RUN git clone https://github.com/MinaProtocol/mina.git ENV DUNE_PROFILE=devnet WORKDIR /go/mina -COPY ../docker/producer-dashboard/output_binprot_breadcrumbs.patch . +COPY ../docker/producer-dashboard/output_binprot_breadcrumbs.patch \ + . RUN git checkout 3.0.1 && \ git submodule update --init --recursive && \ git config --local --add submodule.recurse true @@ -55,34 +61,49 @@ RUN git apply ./output_binprot_breadcrumbs.patch # RUN make libp2p_helper -RUN curl -s -L https://github.com/ocaml/opam/releases/download/2.1.2/opam-2.1.2-x86_64-linux -o /usr/local/bin/opam && chmod +x /usr/local/bin/opam +RUN curl -s -L \ + https://github.com/ocaml/opam/releases/download/2.1.2/opam-2.1.2-x86_64-linux \ + -o /usr/local/bin/opam && \ + chmod +x /usr/local/bin/opam +# hadolint ignore=DL3008 RUN apt-get -y --no-install-recommends install m4 pkg-config -RUN opam init --disable-sandboxing -RUN opam switch create . -RUN eval $(opam config env) -RUN opam switch import -y opam.export -RUN ./scripts/pin-external-packages.sh +RUN opam init --disable-sandboxing && \ + opam switch create . && \ + eval "$(opam config env)" && \ + opam switch import -y opam.export && \ + ./scripts/pin-external-packages.sh -RUN curl -L https://go.dev/dl/go1.19.linux-amd64.tar.gz -o go1.19.tar.gz \ - && tar -C /usr/local -xzf go1.19.tar.gz \ - && rm go1.19.tar.gz +RUN curl -L https://go.dev/dl/go1.19.linux-amd64.tar.gz \ + -o go1.19.tar.gz && \ + tar -C /usr/local -xzf go1.19.tar.gz && \ + rm go1.19.tar.gz ENV PATH="/usr/local/go/bin:${PATH}" RUN make libp2p_helper ENV PATH="/root/.cargo/bin:${PATH}" +# hadolint ignore=DL3008 RUN apt-get -y --no-install-recommends install zlib1g-dev -RUN eval $(opam config env) && make build_all_sigs -# RUN /bin/bash -c "source ~/.cargo/env && eval $(opam config env) && make build_all_sigs" +RUN eval "$(opam config env)" && make build_all_sigs +# RUN /bin/bash -c "source ~/.cargo/env && eval $(opam config env) && \ +# make build_all_sigs" FROM ubuntu:noble -RUN apt-get update && apt-get install -y libpq5 libjemalloc2 - -COPY --from=app-builder /usr/local/cargo/bin/openmina-producer-dashboard /usr/local/bin/openmina-producer-dashboard -COPY --from=mina-builder /go/mina/src/app/libp2p_helper/result/bin/libp2p_helper /usr/local/bin/coda-libp2p_helper -COPY --from=mina-builder /go/mina/_build/default/src/app/cli/src/mina_testnet_signatures.exe /usr/local/bin/mina +# hadolint ignore=DL3008 +RUN apt-get update && \ + apt-get install -y --no-install-recommends libpq5 libjemalloc2 && \ + rm -rf /var/lib/apt/lists/* + +COPY --from=app-builder /usr/local/cargo/bin/openmina-producer-dashboard \ + /usr/local/bin/openmina-producer-dashboard +COPY --from=mina-builder \ + /go/mina/src/app/libp2p_helper/result/bin/libp2p_helper \ + /usr/local/bin/coda-libp2p_helper +COPY --from=mina-builder \ + /go/mina/_build/default/src/app/cli/src/mina_testnet_signatures.exe \ + /usr/local/bin/mina # TODO: replace ENTRYPOINT [ "openmina-producer-dashboard" ] diff --git a/frontend/Dockerfile b/frontend/Dockerfile index ad489347c7..3ac9d182a3 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -1,23 +1,27 @@ FROM node:18 AS BUILD_IMAGE -# Doesn't matter what we put here - it get's overwritten by the docker build command +# Doesn't matter what we put here - it get's overwritten by the docker \ +# build command ARG BUILD_CONFIGURATION=production WORKDIR /app COPY . . -RUN npm install -RUN node_modules/.bin/ng build --configuration ${BUILD_CONFIGURATION} -RUN npm prune --production - -RUN echo "---------- USING APACHE ----------" +RUN npm install && \ + node_modules/.bin/ng build --configuration \ + ${BUILD_CONFIGURATION} && \ + npm prune --production && \ + echo "---------- USING APACHE ----------" FROM httpd:2.4 +# hadolint ignore=DL3008 RUN apt-get update && \ - apt-get install -y curl && \ + apt-get install -y --no-install-recommends curl && \ rm -rf /var/lib/apt/lists/* -COPY --from=BUILD_IMAGE /app/dist/frontend/browser /usr/local/apache2/htdocs/ -COPY --from=BUILD_IMAGE /app/httpd.conf /usr/local/apache2/conf/httpd.conf +COPY --from=BUILD_IMAGE /app/dist/frontend/browser \ + /usr/local/apache2/htdocs/ +COPY --from=BUILD_IMAGE /app/httpd.conf \ + /usr/local/apache2/conf/httpd.conf COPY docker/startup.sh /usr/local/bin/startup.sh RUN chmod +x /usr/local/bin/startup.sh diff --git a/node/testing/docker/Dockerfile.debugger b/node/testing/docker/Dockerfile.debugger index 6bce30aaf0..5c9650ac57 100644 --- a/node/testing/docker/Dockerfile.debugger +++ b/node/testing/docker/Dockerfile.debugger @@ -5,4 +5,7 @@ FROM minaprotocol/mina-daemon:2.0.0rampup4-14047c5-focal-berkeley COPY --from=debugger /usr/bin/bpf-recorder /usr/bin/bpf-recorder -RUN apt-get update && apt-get -y install libelf-dev +# hadolint ignore=DL3008 +RUN apt-get update && \ + apt-get -y install --no-install-recommends libelf-dev && \ + rm -rf /var/lib/apt/lists/* diff --git a/node/testing/docker/Dockerfile.light b/node/testing/docker/Dockerfile.light index 59643bde29..f4514d7e13 100644 --- a/node/testing/docker/Dockerfile.light +++ b/node/testing/docker/Dockerfile.light @@ -1,7 +1,8 @@ FROM golang:1.18.10-buster AS builder +# hadolint ignore=DL3008 RUN apt-get update && \ - apt-get -y install \ + apt-get -y install --no-install-recommends \ apt-transport-https \ ca-certificates \ pkg-config \ @@ -35,7 +36,9 @@ RUN apt-get update && \ rsync \ liblmdb-dev -RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y +SHELL ["/bin/bash", "-o", "pipefail", "-c"] +RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \ + sh -s -- -y WORKDIR /go RUN git clone https://github.com/MinaProtocol/mina.git @@ -49,11 +52,14 @@ RUN git checkout -b 2.0.0rampup4 2.0.0rampup4 && \ RUN make libp2p_helper -RUN curl -s -L https://github.com/ocaml/opam/releases/download/2.1.2/opam-2.1.2-x86_64-linux -o /usr/local/bin/opam && chmod +x /usr/local/bin/opam +RUN curl -s -L \ + https://github.com/ocaml/opam/releases/download/2.1.2/opam-2.1.2-x86_64-linux \ + -o /usr/local/bin/opam && \ + chmod +x /usr/local/bin/opam RUN opam init --disable-sandboxing \ && opam switch create . \ - && eval $(opam config env) \ + && eval "$(opam config env)" \ && opam switch import -y opam.export \ && ./scripts/pin-external-packages.sh @@ -61,11 +67,16 @@ COPY patch patch RUN git apply patch -RUN rm /bin/sh && ln -s /bin/bash /bin/sh +SHELL ["/bin/bash", "-c"] -RUN source ~/.cargo/env && eval $(opam config env) && make build_all_sigs +RUN source ~/.cargo/env && eval "$(opam config env)" && \ + make build_all_sigs FROM minaprotocol/mina-daemon:2.0.0rampup4-14047c5-buster-berkeley -COPY --from=builder /go/mina/src/app/libp2p_helper/result/bin/libp2p_helper /usr/local/bin/coda-libp2p_helper -COPY --from=builder /go/mina/_build/default/src/app/cli/src/mina_testnet_signatures.exe /usr/local/bin/mina +COPY --from=builder \ + /go/mina/src/app/libp2p_helper/result/bin/libp2p_helper \ + /usr/local/bin/coda-libp2p_helper +COPY --from=builder \ + /go/mina/_build/default/src/app/cli/src/mina_testnet_signatures.exe \ + /usr/local/bin/mina diff --git a/node/testing/docker/Dockerfile.light.focal b/node/testing/docker/Dockerfile.light.focal index 5384c61312..8468b8a497 100644 --- a/node/testing/docker/Dockerfile.light.focal +++ b/node/testing/docker/Dockerfile.light.focal @@ -1,7 +1,8 @@ FROM golang:1.18.10-focal AS builder +# hadolint ignore=DL3008 RUN apt-get update && \ - apt-get -y install \ + apt-get -y install --no-install-recommends \ apt-transport-https \ ca-certificates \ pkg-config \ @@ -35,7 +36,9 @@ RUN apt-get update && \ rsync \ liblmdb-dev -RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y +SHELL ["/bin/bash", "-o", "pipefail", "-c"] +RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \ + sh -s -- -y WORKDIR /go RUN git clone https://github.com/MinaProtocol/mina.git @@ -49,11 +52,14 @@ RUN git checkout -b 2.0.0rampup4 2.0.0rampup4 && \ RUN make libp2p_helper -RUN curl -s -L https://github.com/ocaml/opam/releases/download/2.1.2/opam-2.1.2-x86_64-linux -o /usr/local/bin/opam && chmod +x /usr/local/bin/opam +RUN curl -s -L \ + https://github.com/ocaml/opam/releases/download/2.1.2/opam-2.1.2-x86_64-linux \ + -o /usr/local/bin/opam && \ + chmod +x /usr/local/bin/opam RUN opam init --disable-sandboxing \ && opam switch create . \ - && eval $(opam config env) \ + && eval "$(opam config env)" \ && opam switch import -y opam.export \ && ./scripts/pin-external-packages.sh @@ -61,11 +67,16 @@ COPY patch patch RUN git apply patch -RUN rm /bin/sh && ln -s /bin/bash /bin/sh +SHELL ["/bin/bash", "-c"] -RUN source ~/.cargo/env && eval $(opam config env) && make build_all_sigs +RUN source ~/.cargo/env && eval "$(opam config env)" && \ + make build_all_sigs FROM minaprotocol/mina-daemon:2.0.0rampup4-14047c5-focal-berkeley -COPY --from=builder /go/mina/src/app/libp2p_helper/result/bin/libp2p_helper /usr/local/bin/coda-libp2p_helper -COPY --from=builder /go/mina/_build/default/src/app/cli/src/mina_testnet_signatures.exe /usr/local/bin/mina +COPY --from=builder \ + /go/mina/src/app/libp2p_helper/result/bin/libp2p_helper \ + /usr/local/bin/coda-libp2p_helper +COPY --from=builder \ + /go/mina/_build/default/src/app/cli/src/mina_testnet_signatures.exe \ + /usr/local/bin/mina diff --git a/node/testing/docker/Dockerfile.openmina b/node/testing/docker/Dockerfile.openmina index acf620b5e3..83f18210b7 100644 --- a/node/testing/docker/Dockerfile.openmina +++ b/node/testing/docker/Dockerfile.openmina @@ -1,13 +1,17 @@ FROM ubuntu:20.04 AS builder ENV TZ=UTC -RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone +RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && \ + echo $TZ > /etc/timezone +# hadolint ignore=DL3008 RUN DEBIAN_FRONTEND=noninteractive apt-get update && \ - apt-get -y install git curl gcc libssl-dev pkg-config + apt-get -y install --no-install-recommends git curl gcc libssl-dev \ + pkg-config && \ + rm -rf /var/lib/apt/lists/* -RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y - -RUN rm /bin/sh && ln -s /bin/bash /bin/sh +SHELL ["/bin/bash", "-o", "pipefail", "-c"] +RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \ + sh -s -- -y RUN source ~/.cargo/env && rustup update 1.84 diff --git a/node/testing/docker/Dockerfile.test b/node/testing/docker/Dockerfile.test index 9ecf3095f5..c3aac9a3a3 100644 --- a/node/testing/docker/Dockerfile.test +++ b/node/testing/docker/Dockerfile.test @@ -1,12 +1,16 @@ +# hadolint ignore=DL3008 FROM vladsimplestakingcom/mina-openmina-builder:focal AS builder RUN git fetch && git checkout feat/tests-with-debugger -RUN source ~/.cargo/env && cargo +1.84 build --release -p openmina-node-testing --bin runner --bin openmina-node-testing +RUN . ~/.cargo/env && cargo +1.84 build --release \ + -p openmina-node-testing --bin runner --bin openmina-node-testing FROM vladsimplestakingcom/mina-debugger:2.0.0rampup4-focal -COPY --from=builder /openmina/target/release/runner /usr/local/bin/runner -COPY --from=builder /openmina/target/release/openmina-node-testing /usr/local/bin/openmina-node-testing +COPY --from=builder /openmina/target/release/runner \ + /usr/local/bin/runner +COPY --from=builder /openmina/target/release/openmina-node-testing \ + /usr/local/bin/openmina-node-testing ENV BPF_ALIAS="3c41383994b87449625df91769dff7b507825c064287d30fada9286f3f1cb15e-0.0.0.0" diff --git a/tools/bootstrap-sandbox/Dockerfile b/tools/bootstrap-sandbox/Dockerfile index 2fffd3462d..144169e7e6 100644 --- a/tools/bootstrap-sandbox/Dockerfile +++ b/tools/bootstrap-sandbox/Dockerfile @@ -1,14 +1,22 @@ FROM rust:1.84.0-bullseye AS builder -RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts +RUN mkdir -p ~/.ssh && \ + chmod 0700 ~/.ssh && \ + ssh-keyscan github.com >> ~/.ssh/known_hosts ENV CARGO_NET_GIT_FETCH_WITH_CLI=true -RUN cargo install --git https://github.com/openmina/openmina.git --branch fix/bootstrap-replay openmina-bootstrap-sandbox --locked +RUN cargo install \ + --git https://github.com/openmina/openmina.git \ + --branch fix/bootstrap-replay \ + openmina-bootstrap-sandbox --locked FROM debian:bullseye -RUN apt-get update && apt-get install -y libssl-dev +# hadolint ignore=DL3008 +RUN apt-get update && \ + apt-get install -y --no-install-recommends libssl-dev && \ + rm -rf /var/lib/apt/lists/* COPY --from=builder /usr/local/cargo/bin/openmina-bootstrap-sandbox \ /usr/local/bin/openmina-bootstrap-sandbox diff --git a/tools/fuzzing/Dockerfile b/tools/fuzzing/Dockerfile index 301471ac4b..995c49ac92 100644 --- a/tools/fuzzing/Dockerfile +++ b/tools/fuzzing/Dockerfile @@ -1,9 +1,10 @@ # FIXME: not working :( FROM debian:bullseye -RUN apt -y update && \ - apt -y upgrade && \ - apt -y install \ +# hadolint ignore=DL3008 +RUN apt-get -y update && \ + apt-get -y upgrade && \ + apt-get -y install --no-install-recommends \ apt-transport-https \ ca-certificates \ pkg-config \ @@ -33,12 +34,15 @@ RUN apt -y update && \ python3 \ tzdata \ liblmdb-dev \ - rsync + rsync && \ + rm -rf /var/lib/apt/lists/* -SHELL ["/bin/bash", "-c"] +SHELL ["/bin/bash", "-o", "pipefail", "-c"] -RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y -RUN yes "" | sh <(curl -fsSL https://raw.githubusercontent.com/ocaml/opam/master/shell/install.sh) +RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \ + sh -s -- -y +RUN yes "" | \ + sh <(curl -fsSL https://raw.githubusercontent.com/ocaml/opam/master/shell/install.sh) RUN ARCH=$(uname -m) && \ if [ "$ARCH" = "aarch64" ]; then \ ARCH="arm64"; \ @@ -48,31 +52,34 @@ RUN ARCH=$(uname -m) && \ echo "Unsupported architecture: $ARCH" && exit 1; \ fi && \ rm -rf /usr/local/go && \ - curl -sSL https://go.dev/dl/go1.19.5.linux-$ARCH.tar.gz | tar -C /usr/local -xzf - + curl -sSL https://go.dev/dl/go1.19.5.linux-"$ARCH".tar.gz | \ + tar -C /usr/local -xzf - RUN export PATH=$PATH:/usr/local/go/bin -RUN curl -sSL https://capnproto.org/capnproto-c++-0.10.2.tar.gz | tar -zxf - \ - && cd capnproto-c++-0.10.2 \ - && ./configure \ - && make -j6 check \ - && make install \ - && cd .. \ - && rm -rf capnproto-c++-0.10.2 - -RUN git clone https://github.com/openmina/mina.git +RUN curl -sSL https://capnproto.org/capnproto-c++-0.10.2.tar.gz | \ + tar -zxf - +WORKDIR /capnproto-c++-0.10.2 +RUN ./configure && \ + make -j6 check && \ + make install +WORKDIR / +RUN rm -rf capnproto-c++-0.10.2 && \ + git clone https://github.com/openmina/mina.git WORKDIR /mina RUN git submodule update --init --recursive && \ git config --local --add submodule.recurse true && \ git checkout openmina/fuzzer RUN opam init --disable-sandboxing && \ opam switch create .&& \ - eval $(opam config env) && \ + eval "$(opam config env)" && \ opam switch import -y opam.export && \ ./scripts/pin-external-packages.sh RUN source ~/.cargo/env && \ - eval $(opam config env) && \ + eval "$(opam config env)" && \ export PATH=$PATH:/usr/local/go/bin && \ export DUNE_PROFILE=devnet && \ make libp2p_helper && \ - dune build src/app/transaction_fuzzer/transaction_fuzzer.exe --profile=devnet -CMD ["/mina/_build/default/src/app/transaction_fuzzer/transaction_fuzzer.exe", "execute"] + dune build src/app/transaction_fuzzer/transaction_fuzzer.exe \ + --profile=devnet +CMD ["/mina/_build/default/src/app/transaction_fuzzer/transaction_fuzzer.exe", \ + "execute"] diff --git a/tools/heartbeats-processor/Dockerfile b/tools/heartbeats-processor/Dockerfile index f13a04b697..716f0bba03 100644 --- a/tools/heartbeats-processor/Dockerfile +++ b/tools/heartbeats-processor/Dockerfile @@ -2,16 +2,23 @@ FROM rust:1.84-slim-bookworm AS builder WORKDIR /usr/src/app -RUN apt-get update && apt-get install -y pkg-config libssl-dev && rm -rf /var/lib/apt/lists/* +# hadolint ignore=DL3008 +RUN apt-get update && \ + apt-get install -y --no-install-recommends pkg-config libssl-dev && \ + rm -rf /var/lib/apt/lists/* COPY . . -RUN ls -la tools/heartbeats-processor -RUN cargo build --release -p heartbeats-processor +RUN ls -la tools/heartbeats-processor && \ + cargo build --release -p heartbeats-processor # Runtime stage FROM debian:bookworm-slim -RUN apt-get update && apt-get install -y libsqlite3-0 ca-certificates && rm -rf /var/lib/apt/lists/* +# hadolint ignore=DL3008 +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + libsqlite3-0 ca-certificates && \ + rm -rf /var/lib/apt/lists/* WORKDIR /app