Skip to content

chore: docker fixes #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tac0turtle merged 7 commits into from
Jun 24, 2025
Merged

chore: docker fixes #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
b95a730
docker fixes
tac0turtle Jun 24, 2025
9caa34b
bump rust version in docker
tac0turtle Jun 24, 2025
092a3a6
more fixes
tac0turtle Jun 24, 2025
b7e5af2
more fixes
tac0turtle Jun 24, 2025
1c1f1a1
attempt
tac0turtle Jun 24, 2025
dd77902
ci: fix remote cross compilation (#4)
auricom Jun 24, 2025
ae503cd
only create images on push to main
tac0turtle Jun 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 55 additions & 0 deletions .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
# Rust build artifacts
target/
**/*.rs.bk
*.pdb

# Git
.git/
.gitignore

# IDE
.idea/
.vscode/
*.swp
*.swo
*~

# OS
.DS_Store
Thumbs.db

# Documentation
*.md
!README.md
!LICENSE-*

# Development files
.env
.env.local
.env.*.local

# Test artifacts
tarpaulin-report.html
cobertura.xml

# Temporary files
tmp/
temp/
*.tmp
*.temp

# Docker
.dockerignore
Dockerfile*
docker-compose*.yml

Comment on lines +41 to +45
Copy link

@coderabbitai coderabbitai bot Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Excluding Dockerfile* breaks cross & multi-stage builds

Cross.toml relies on Dockerfile.cross-x86_64 and Dockerfile.cross-aarch64, both of which live inside the build context.
Because .dockerignore filters them out, a cross build (or a plain docker build -f Dockerfile.cross-… .) will fail with:

Cannot locate specified Dockerfile: Dockerfile.cross-x86_64

Remove the blanket ignore or add negative globs for the files you actually need:

 # Docker
-.dockerignore
-Dockerfile*
-docker-compose*.yml
+# Keep cross-compilation Dockerfiles
+!Dockerfile.cross-*
+# Still ignore any other ad-hoc compose files
+.dockerignore
+docker-compose*.yml
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Docker
.dockerignore
Dockerfile*
docker-compose*.yml
# Docker
# Keep cross-compilation Dockerfiles
!Dockerfile.cross-*
# Still ignore any other ad-hoc compose files
.dockerignore
docker-compose*.yml
🤖 Prompt for AI Agents 
In the .dockerignore file around lines 41 to 45, the pattern "Dockerfile*"
excludes all Dockerfiles including those needed for cross and multi-stage builds
like Dockerfile.cross-x86_64 and Dockerfile.cross-aarch64. To fix this, remove
the blanket ignore for "Dockerfile*" or add negative patterns to explicitly
include the required Dockerfiles so they are not filtered out during the build
context preparation.

# CI/CD
.github/
.gitlab-ci.yml
.travis.yml

# Benchmarks and profiling
benches/
perf.data
perf.data.old
flamegraph.svg
26 changes: 25 additions & 1 deletion .github/workflows/docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ name: docker
on:
workflow_dispatch: {}
push:
branches:
- main
tags:
- v*

Expand All @@ -24,6 +26,18 @@ jobs:
contents: read
steps:
- uses: actions/checkout@v4
- name: Install build dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
build-essential \
pkg-config \
libssl-dev \
libclang-dev \
clang \
llvm-dev \
gcc-multilib \
g++-multilib
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
with:
Expand All @@ -37,4 +51,14 @@ jobs:
docker run --privileged --rm tonistiigi/binfmt --install arm64,amd64
docker buildx create --use --name cross-builder
- name: Build and push image
run: make docker-build-push
run: |
export LIBCLANG_PATH=/usr/lib/llvm-18/lib
export BINDGEN_EXTRA_CLANG_ARGS="-I/usr/include"
export CC_x86_64_unknown_linux_gnu=x86_64-linux-gnu-gcc
export CXX_x86_64_unknown_linux_gnu=x86_64-linux-gnu-g++
export AR_x86_64_unknown_linux_gnu=x86_64-linux-gnu-ar
export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc
export CXX_aarch64_unknown_linux_gnu=aarch64-linux-gnu-g++
export AR_aarch64_unknown_linux_gnu=aarch64-linux-gnu-ar
export PKG_CONFIG_ALLOW_CROSS=1
make docker-build-push
Comment on lines +55 to +64
Copy link

@coderabbitai coderabbitai bot Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Hard-coded LIBCLANG_PATH likely wrong on Ubuntu 24.04

You install the un-versioned libclang-dev, but export /usr/lib/llvm-18/lib which exists only when the versioned package libclang-18-dev is installed.
If the default LLVM on the runner drifts (e.g. to 19) this path breaks.

Prefer a version-agnostic approach:

-export LIBCLANG_PATH=/usr/lib/llvm-18/lib
+export LIBCLANG_PATH=$(llvm-config --libdir)

…and drop the fixed major version from the apt-install list, or pin both sides to the same version explicitly.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
export LIBCLANG_PATH=/usr/lib/llvm-18/lib
export BINDGEN_EXTRA_CLANG_ARGS="-I/usr/include"
export CC_x86_64_unknown_linux_gnu=x86_64-linux-gnu-gcc
export CXX_x86_64_unknown_linux_gnu=x86_64-linux-gnu-g++
export AR_x86_64_unknown_linux_gnu=x86_64-linux-gnu-ar
export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc
export CXX_aarch64_unknown_linux_gnu=aarch64-linux-gnu-g++
export AR_aarch64_unknown_linux_gnu=aarch64-linux-gnu-ar
export PKG_CONFIG_ALLOW_CROSS=1
make docker-build-push
export LIBCLANG_PATH=$(llvm-config --libdir)
export BINDGEN_EXTRA_CLANG_ARGS="-I/usr/include"
export CC_x86_64_unknown_linux_gnu=x86_64-linux-gnu-gcc
export CXX_x86_64_unknown_linux_gnu=x86_64-linux-gnu-g++
export AR_x86_64_unknown_linux_gnu=x86_64-linux-gnu-ar
export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc
export CXX_aarch64_unknown_linux_gnu=aarch64-linux-gnu-g++
export AR_aarch64_unknown_linux_gnu=aarch64-linux-gnu-ar
export PKG_CONFIG_ALLOW_CROSS=1
make docker-build-push
🤖 Prompt for AI Agents 
In .github/workflows/docker.yml around lines 56 to 65, the LIBCLANG_PATH is
hard-coded to /usr/lib/llvm-18/lib which only exists if the versioned package
libclang-18-dev is installed, causing breakage if the LLVM version changes. To
fix this, remove the fixed version from the apt install command and instead set
LIBCLANG_PATH dynamically or to a version-agnostic path that matches the
installed libclang-dev package, ensuring consistency between the installed
package and the exported path.

9 changes: 9 additions & 0 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -205,3 +205,12 @@ too_long_first_doc_paragraph = "allow"
opt-level = 3
lto = "thin"
strip = "debuginfo"
codegen-units = 1

# Memory-optimized release profile
[profile.docker]
inherits = "release"
opt-level = 2
lto = false
codegen-units = 1
incremental = false
14 changes: 14 additions & 0 deletions Cross.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
[build]
# Custom Docker images with proper build environment for native dependencies

[target.x86_64-unknown-linux-gnu]
dockerfile = "Dockerfile.cross-x86_64"

[target.aarch64-unknown-linux-gnu]
dockerfile = "Dockerfile.cross-aarch64"

[build.env]
passthrough = [
"RUST_LOG",
"CARGO_TERM_COLOR",
]
81 changes: 61 additions & 20 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,32 +1,73 @@
# syntax=docker/dockerfile:1
FROM lukemathwalker/cargo-chef:latest-rust-1 AS chef
WORKDIR /app

# Build stage
FROM rust:1.81-slim AS builder
LABEL org.opencontainers.image.licenses="MIT OR Apache-2.0"

# Install build dependencies
RUN apt-get update && apt-get install -y \
RUN apt-get update && \
apt-get -y upgrade && \
apt-get install -y \
build-essential \
pkg-config \
libssl-dev \
&& rm -rf /var/lib/apt/lists/*
clang-14 \
libclang-14-dev \
llvm-14-dev \
libc6-dev \
&& ln -sf /usr/lib/llvm-14/lib/libclang.so /usr/lib/libclang.so
Comment on lines +1 to +16
Copy link

@coderabbitai coderabbitai bot Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Base image & package versions are not pinned – breaks reproducible builds

  1. lukemathwalker/cargo-chef:latest-rust-1 floats; tomorrow’s build may use a newer Rust, LLVM, or Debian base.
  2. Mixing un-versioned packages (clang, llvm-dev) with version-locked ones (clang-14, libclang-14-dev) makes the layer inconsistent and may silently pull in duplicate tool-chains.

Recommend:

-FROM lukemathwalker/cargo-chef:latest-rust-1 AS chef
+FROM lukemathwalker/cargo-chef:0.7.8-rust-1.77.2@sha256:<digest> AS chef

and drop the -14 suffixes or pin every LLVM/Clang package to the same major.

Also, apt-get -y upgrade inside containers is usually avoided—upgrading packages you have no control over inflates image size and hurts determinism.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
FROM lukemathwalker/cargo-chef:latest-rust-1 AS chef
WORKDIR /app
# Build stage
FROM rust:1.81-slim AS builder
LABEL org.opencontainers.image.licenses="MIT OR Apache-2.0"
# Install build dependencies
RUN apt-get update && apt-get install -y \
RUN apt-get update && \
apt-get -y upgrade && \
apt-get install -y \
build-essential \
pkg-config \
libssl-dev \
&& rm -rf /var/lib/apt/lists/*
clang-14 \
libclang-14-dev \
llvm-14-dev \
libc6-dev \
&& ln -sf /usr/lib/llvm-14/lib/libclang.so /usr/lib/libclang.so
FROM lukemathwalker/cargo-chef:0.7.8-rust-1.77.2@sha256:<digest> AS chef
WORKDIR /app
LABEL org.opencontainers.image.licenses="MIT OR Apache-2.0"
RUN apt-get update && \
apt-get -y upgrade && \
apt-get install -y \
build-essential \
pkg-config \
libssl-dev \
clang-14 \
libclang-14-dev \
llvm-14-dev \
libc6-dev \
&& ln -sf /usr/lib/llvm-14/lib/libclang.so /usr/lib/libclang.so
🤖 Prompt for AI Agents 
In Dockerfile lines 1 to 16, the base image and package versions are not pinned,
causing non-reproducible builds and inconsistent LLVM/Clang package versions.
Fix this by specifying an exact version tag for the base image instead of using
'latest-rust-1'. Also, either remove the '-14' suffixes from all LLVM/Clang
packages to use default versions consistently or pin all LLVM/Clang packages to
the same major version to avoid mixing versions. Finally, remove the 'apt-get -y
upgrade' command to prevent unnecessary image size increase and maintain build
determinism.


WORKDIR /app
FROM chef AS planner
COPY . .
RUN cargo chef prepare --recipe-path recipe.json

FROM chef AS builder
COPY --from=planner /app/recipe.json recipe.json

# Copy manifests
# Copy workspace Cargo files for better caching
COPY Cargo.toml Cargo.lock ./
COPY bin/ bin/
COPY crates/ crates/
COPY bin/lumen/Cargo.toml bin/lumen/
COPY crates/common/Cargo.toml crates/common/
COPY crates/node/Cargo.toml crates/node/
COPY crates/rollkit/Cargo.toml crates/rollkit/
COPY crates/tests/Cargo.toml crates/tests/

ARG BUILD_PROFILE=docker
ENV BUILD_PROFILE=$BUILD_PROFILE

# Set memory-efficient build flags
ARG RUSTFLAGS="-C codegen-units=1"
ENV RUSTFLAGS="$RUSTFLAGS"
ENV CARGO_BUILD_JOBS=2
ENV CARGO_INCREMENTAL=0

# Cook dependencies first (better layer caching)
RUN cargo chef cook --profile $BUILD_PROFILE --recipe-path recipe.json --manifest-path bin/lumen/Cargo.toml

# Build the application
RUN cargo build --release --bin lumen
# Copy all source code
COPY . .

# Runtime stage
FROM gcr.io/distroless/cc-debian12
# Build the binary with memory-efficient settings
RUN cargo build --profile $BUILD_PROFILE --bin lumen --manifest-path bin/lumen/Cargo.toml -j 2

# Copy binary from correct location
RUN ls -la /app/target/$BUILD_PROFILE/lumen
RUN cp /app/target/$BUILD_PROFILE/lumen /lumen

FROM ubuntu:22.04 AS runtime

RUN apt-get update && \
apt-get install -y ca-certificates libssl-dev pkg-config strace && \
rm -rf /var/lib/apt/lists/*

WORKDIR /app
COPY --from=builder /lumen /usr/local/bin/
RUN chmod +x /usr/local/bin/lumen
COPY LICENSE-* ./

# Copy the binary from builder
COPY --from=builder /app/target/release/lumen /usr/local/bin/lumen
# Expose ports: P2P, Discovery, Metrics, JSON-RPC, WebSocket, GraphQL, Engine API
EXPOSE 30303 30303/udp 9001 8545 8546 7545 8551

# Expose default ports
EXPOSE 8545 8546 30303 6060 9001
# Add health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=40s --retries=3 \
CMD /usr/local/bin/lumen --version || exit 1

# Set the entrypoint
ENTRYPOINT ["/usr/local/bin/lumen"]
ENTRYPOINT ["/usr/local/bin/lumen"]
27 changes: 27 additions & 0 deletions Dockerfile.cross-aarch64
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
FROM ghcr.io/cross-rs/cross:main

# Install ARM64 cross-compilation toolchain
RUN apt-get update && \
apt-get install -y \
gcc-aarch64-linux-gnu \
g++-aarch64-linux-gnu \
libc6-dev-arm64-cross \
pkg-config-aarch64-linux-gnu \
build-essential \
clang \
libclang-dev && \
rm -rf /var/lib/apt/lists/*

# Set up environment variables for ARM64 cross-compilation
# Keep host compiler for build scripts, only set target-specific variables
ENV CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc
ENV CXX_aarch64_unknown_linux_gnu=aarch64-linux-gnu-g++
ENV AR_aarch64_unknown_linux_gnu=aarch64-linux-gnu-ar
ENV STRIP_aarch64_unknown_linux_gnu=aarch64-linux-gnu-strip
ENV PKG_CONFIG_aarch64_unknown_linux_gnu=aarch64-linux-gnu-pkg-config
ENV CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc
ENV BINDGEN_EXTRA_CLANG_ARGS="-I/usr/aarch64-linux-gnu/include -I/usr/include"
ENV CFLAGS_aarch64_unknown_linux_gnu="-I/usr/aarch64-linux-gnu/include -I/usr/include"
ENV CPPFLAGS_aarch64_unknown_linux_gnu="-I/usr/aarch64-linux-gnu/include -I/usr/include"
ENV JEMALLOC_SYS_WITH_LG_PAGE=16
ENV PKG_CONFIG_ALLOW_CROSS=1
19 changes: 19 additions & 0 deletions Dockerfile.cross-x86_64
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
FROM ghcr.io/cross-rs/cross:main

# Install additional build tools and headers
RUN apt-get update && \
apt-get install -y \
build-essential \
pkg-config \
libclang-dev \
clang && \
rm -rf /var/lib/apt/lists/*

# Set up environment variables for x86_64 cross-compilation
ENV CC_x86_64_unknown_linux_gnu=x86_64-linux-gnu-gcc
ENV CXX_x86_64_unknown_linux_gnu=x86_64-linux-gnu-g++
ENV AR_x86_64_unknown_linux_gnu=x86_64-linux-gnu-ar
ENV STRIP_x86_64_unknown_linux_gnu=x86_64-linux-gnu-strip
ENV BINDGEN_EXTRA_CLANG_ARGS_x86_64_unknown_linux_gnu="-I/usr/include -I/usr/include/x86_64-linux-gnu"
ENV CFLAGS_x86_64_unknown_linux_gnu="-I/usr/include -I/usr/include/x86_64-linux-gnu"
ENV CPPFLAGS_x86_64_unknown_linux_gnu="-I/usr/include -I/usr/include/x86_64-linux-gnu"