Update scratch image to plain apline:3 like a final image

p2p-org · Jul 1, 2024 · e4b18ef · e4b18ef
1 parent 589e1c2
commit e4b18ef
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 194 deletions.
diff --git a/chains.yaml b/chains.yaml
@@ -522,16 +522,16 @@
     - /go/bin/dymd
 
 # Dymension Rollapp evm
-- name: dymension-rollap-evm
+- name: dymension-rollapp-evm
   github-organization: dymensionxyz
   github-repo: rollapp-evm
   dockerfile: cosmos
-  build-target: make install
+  build-target: make build
   build-env:
     - BECH32_PREFIX=cry
-    - BUILD_TAGS=netgo,muslc
+    - BUILD_TAGS=netgo muslc
   binaries:
-    - /go/bin/rollap-evm
+    - build/rollapp-evm
 
 # dydx
 - name: dydx

diff --git a/dockerfile/cosmos/Dockerfile b/dockerfile/cosmos/Dockerfile
@@ -120,74 +120,31 @@ RUN bash -c 'set -eux;\
 
 # Use minimal busybox from infra-toolkit image for final scratch image
 FROM ghcr.io/p2p-org/cosmos-heighliner:infra-toolkit-v0.1.6 AS infra-toolkit
-RUN addgroup --gid 1111 -S p2p && adduser --uid 1111 -S p2p -G p2p
 
 # Use ln and rm from full featured busybox for assembling final image
 FROM busybox:1.34.1-musl AS busybox-full
 
-# Use alpine to source the latest CA certificates
-FROM alpine:3 as alpine-3
-
 # Build final image from scratch
-FROM scratch
+FROM apline:3
 
 LABEL org.opencontainers.image.source="https://github.com/p2p-org/cosmos-heighliner"
 
 WORKDIR /bin
 
-# Install ln (for making hard links) and rm (for cleanup) from full busybox image (will be deleted, only needed for image assembly)
-COPY --from=busybox-full /bin/ln /bin/rm ./
-
-# Install minimal busybox image as shell binary (will create hardlinks for the rest of the binaries to this data)
-COPY --from=infra-toolkit /busybox/busybox /bin/sh
-
 # Install jq
 COPY --from=infra-toolkit /usr/local/bin/jq /bin/
 
-# Add hard links for read-only utils
-# Will then only have one copy of the busybox minimal binary file with all utils pointing to the same underlying inode
-RUN for b in \
-  cat \
-  date \
-  df \
-  du \
-  env \
-  grep \
-  head \
-  less \
-  ls \
-  md5sum \
-  pwd \
-  sha1sum \
-  sha256sum \
-  sha3sum \
-  sha512sum \
-  sleep \
-  stty \
-  tail \
-  tar \
-  tee \
-  tr \
-  watch \
-  which \
-  ; do ln sh $b; done
-
-#  Remove write utils
-RUN rm ln rm
-
 # Install chain binaries
 COPY --from=build-env /root/bin /bin
 
 # Install libraries
 COPY --from=build-env /root/lib /lib
 
-# Install trusted CA certificates
-COPY --from=alpine-3 /etc/ssl/cert.pem /etc/ssl/cert.pem
-
-# Install heighliner user
-COPY --from=infra-toolkit /etc/passwd /etc/passwd
-COPY --from=infra-toolkit --chown=1111:1111 /home/p2p /home/p2p
-COPY --from=infra-toolkit --chown=1111:1111 /tmp /tmp
+# Install p2p user
+RUN addgroup --gid 1111 -S p2p && adduser --uid 1111 -S p2p -G p2p
+RUN chown 1111:1111 -R /home/p2p
+RUN chown 1111:1111 -R /etc/apk
+RUN chown 1111:1111 -R /tmp
 
 WORKDIR /home/p2p
 USER p2p
diff --git a/dockerfile/cosmos/local.Dockerfile b/dockerfile/cosmos/local.Dockerfile
@@ -39,62 +39,20 @@ RUN addgroup --gid 1111 -S p2p && adduser --uid 1111 -S p2p -G p2p
 # Use ln and rm from full featured busybox for assembling final image
 FROM busybox:1.34.1-musl AS busybox-full
 
-# Use alpine to source the latest CA certificates
-FROM alpine:3 as alpine-3
-
 # Build part 1 of the final image
-FROM scratch AS final-part1
+FROM alpine:3 AS final-part1
 
 LABEL org.opencontainers.image.source="https://github.com/p2p-org/cosmos-heighliner"
 
 WORKDIR /bin
 
-# Install ln (for making hard links) and rm (for cleanup) from full busybox image (will be deleted, only needed for image assembly)
-COPY --from=busybox-full /bin/ln /bin/rm ./
-
-# Install minimal busybox image as shell binary (will create hardlinks for the rest of the binaries to this data)
-COPY --from=infra-toolkit /busybox/busybox /bin/sh
-
 # Install jq
 COPY --from=infra-toolkit /usr/local/bin/jq /bin/
 
-# Add hard links for read-only utils
-# Will then only have one copy of the busybox minimal binary file with all utils pointing to the same underlying inode
-RUN for b in \
-  cat \
-  date \
-  df \
-  du \
-  env \
-  grep \
-  head \
-  less \
-  ls \
-  md5sum \
-  pwd \
-  sha1sum \
-  sha256sum \
-  sha3sum \
-  sha512sum \
-  sleep \
-  stty \
-  tail \
-  tar \
-  tee \
-  tr \
-  watch \
-  which \
-  ; do ln sh $b; done
-
-# Remove write utils
-RUN rm ln rm
-
-# Install trusted CA certificates
-COPY --from=alpine-3 /etc/ssl/cert.pem /etc/ssl/cert.pem
-
 # Install p2p user
 COPY --from=infra-toolkit /etc/passwd /etc/passwd
 COPY --from=infra-toolkit --chown=1111:1111 /home/p2p /home/p2p
+COPY --from=infra-toolkit --chown=1111:1111 /etc/apk /etc/apk
 COPY --from=infra-toolkit --chown=1111:1111 /tmp /tmp
 
 # Install chain binary

diff --git a/dockerfile/cosmos/localcross.Dockerfile b/dockerfile/cosmos/localcross.Dockerfile
@@ -112,69 +112,27 @@ RUN addgroup --gid 1111 -S p2p && adduser --uid 1111 -S p2p -G p2p
 # Use ln and rm from full featured busybox for assembling final image
 FROM busybox:1.34.1-musl AS busybox-full
 
-# Use alpine to source the latest CA certificates
-FROM alpine:3 as alpine-3
-
 # Build final image from scratch
-FROM scratch
+FROM alpine:3
 
 LABEL org.opencontainers.image.source="https://github.com/p2p-org/heighliner"
 
 WORKDIR /bin
 
-# Install ln (for making hard links) and rm (for cleanup) from full busybox image (will be deleted, only needed for image assembly)
-COPY --from=busybox-full /bin/ln /bin/rm ./
-
-# Install minimal busybox image as shell binary (will create hardlinks for the rest of the binaries to this data)
-COPY --from=infra-toolkit /busybox/busybox /bin/sh
-
 # Install jq
 COPY --from=infra-toolkit /usr/local/bin/jq /bin/
 
-# Add hard links for read-only utils
-# Will then only have one copy of the busybox minimal binary file with all utils pointing to the same underlying inode
-RUN for b in \
-  cat \
-  date \
-  df \
-  du \
-  env \
-  grep \
-  head \
-  less \
-  ls \
-  md5sum \
-  pwd \
-  sha1sum \
-  sha256sum \
-  sha3sum \
-  sha512sum \
-  sleep \
-  stty \
-  tail \
-  tar \
-  tee \
-  tr \
-  watch \
-  which \
-  ; do ln sh $b; done
-
-#  Remove write utils
-RUN rm ln rm
-
 # Install chain binaries
 COPY --from=build-env /root/bin /bin
 
 # Install libraries
 COPY --from=build-env /root/lib /lib
 
-# Install trusted CA certificates
-COPY --from=alpine-3 /etc/ssl/cert.pem /etc/ssl/cert.pem
-
-# Install heighliner user
-COPY --from=infra-toolkit /etc/passwd /etc/passwd
-COPY --from=infra-toolkit --chown=1111:1111 /home/p2p /home/p2p
-COPY --from=infra-toolkit --chown=1111:1111 /tmp /tmp
+# Install p2p user
+RUN addgroup --gid 1111 -S p2p && adduser --uid 1111 -S p2p -G p2p
+RUN chown 1111:1111 -R /home/p2p
+RUN chown 1111:1111 -R /etc/apk
+RUN chown 1111:1111 -R /tmp
 
 WORKDIR /home/p2p
 USER p2p
diff --git a/dockerfile/cosmos/native.Dockerfile b/dockerfile/cosmos/native.Dockerfile
@@ -94,74 +94,31 @@ RUN bash -c 'set -eux;\
 
 # Use minimal busybox from infra-toolkit image for final scratch image
 FROM ghcr.io/p2p-org/cosmos-heighliner:infra-toolkit-v0.1.6 AS infra-toolkit
-RUN addgroup --gid 1111 -S p2p && adduser --uid 1111 -S p2p -G p2p
 
 # Use ln and rm from full featured busybox for assembling final image
 FROM busybox:1.34.1-musl AS busybox-full
 
-# Use alpine to source the latest CA certificates
-FROM alpine:3 as alpine-3
-
 # Build final image from scratch
-FROM scratch
+FROM alpine:3
 
 LABEL org.opencontainers.image.source="https://github.com/p2p-org/cosmos-heighliner"
 
 WORKDIR /bin
 
-# Install ln (for making hard links) and rm (for cleanup) from full busybox image (will be deleted, only needed for image assembly)
-COPY --from=busybox-full /bin/ln /bin/rm ./
-
-# Install minimal busybox image as shell binary (will create hardlinks for the rest of the binaries to this data)
-COPY --from=infra-toolkit /busybox/busybox /bin/sh
-
 # Install jq
 COPY --from=infra-toolkit /usr/local/bin/jq /bin/
 
-# Add hard links for read-only utils
-# Will then only have one copy of the busybox minimal binary file with all utils pointing to the same underlying inode
-RUN for b in \
-  cat \
-  date \
-  df \
-  du \
-  env \
-  grep \
-  head \
-  less \
-  ls \
-  md5sum \
-  pwd \
-  sha1sum \
-  sha256sum \
-  sha3sum \
-  sha512sum \
-  sleep \
-  stty \
-  tail \
-  tar \
-  tee \
-  tr \
-  watch \
-  which \
-  ; do ln sh $b; done
-
-#  Remove write utils
-RUN rm ln rm
-
 # Install chain binaries
 COPY --from=build-env /root/bin /bin
 
 # Install libraries
 COPY --from=build-env /root/lib /lib
 
-# Install trusted CA certificates
-COPY --from=alpine-3 /etc/ssl/cert.pem /etc/ssl/cert.pem
-
-# Install heighliner user
-COPY --from=infra-toolkit /etc/passwd /etc/passwd
-COPY --from=infra-toolkit --chown=1111:1111 /home/p2p /home/p2p
-COPY --from=infra-toolkit --chown=1111:1111 /tmp /tmp
+# Install p2p user
+RUN addgroup --gid 1111 -S p2p && adduser --uid 1111 -S p2p -G p2p
+RUN chown 1111:1111 -R /home/p2p
+RUN chown 1111:1111 -R /etc/apk
+RUN chown 1111:1111 -R /tmp
 
 WORKDIR /home/p2p
 USER p2p