feat: Add docker reproducible builds

Cargo.toml

@@ -298,5 +298,12 @@ lto = "fat"
 codegen-units = 1
 incremental = false
 
+[profile.reproducible]
+inherits = "release"
+debug = false
+panic = "abort"
+codegen-units = 1
+overflow-checks = true
+
 [patch.crates-io]
 quick-protobuf = { git = "https://github.com/sigp/quick-protobuf.git", rev = "681f413312404ab6e51f0b46f39b0075c6f4ebfd" }

Dockerfile.reproducible

@@ -0,0 +1,38 @@
+# Use the Rust 1.82 image based on Debian Bullseye
+FROM rust:1.82-bullseye@sha256:c42c8ca762560c182ba30edda0e0d71a8604040af2672370559d7e854653c66d AS builder
+
+# Install specific version of libclang-dev
+RUN apt-get update && apt-get install -y libclang-dev=1:11.0-51+nmu5 cmake=3.18.4-2+deb11u1
+
+# Clone the repository at the specific branch
+COPY . /app
+WORKDIR /app
+
+# Get the latest commit timestamp and set SOURCE_DATE_EPOCH
+RUN SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) && \
+    echo "SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH" >> /etc/environment
+
+# Set environment variables for reproducibility
+ARG RUSTFLAGS="-C target-feature=+crt-static -C link-arg=-Wl,--build-id=none -Clink-arg=-static-libgcc -C metadata='' --remap-path-prefix $(pwd)=."
+ENV SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH \
+    CARGO_INCREMENTAL=0 \
+    LC_ALL=C \
+    TZ=UTC \
+    RUSTFLAGS="${RUSTFLAGS}"
+
+# Set the default features if not provided
+ARG FEATURES="gnosis,slasher-lmdb,slasher-mdbx,slasher-redb,jemalloc"
+
+# Set the default profile if not provided
+ARG PROFILE="reproducible"
+
+# Build the project with the reproducible settings
+RUN . /etc/environment && \
+    cargo build --bin lighthouse --features "${FEATURES}" --profile "${PROFILE}" --locked --target x86_64-unknown-linux-gnu
+
+RUN . /etc/environment && mv /app/target/x86_64-unknown-linux-gnu/reproducible/lighthouse /lighthouse
+
+# Create a minimal final image with just the binary
+FROM gcr.io/distroless/cc-debian12:nonroot-6755e21ccd99ddead6edc8106ba03888cbeed41a
+COPY --from=builder /lighthouse /lighthouse
+ENTRYPOINT [ "/lighthouse" ]