diff --git a/.dockerignore b/.dockerignore index 45051abf40fe..95873d5c2031 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,2 +1,3 @@ doc **/target +executables diff --git a/.gitignore b/.gitignore index 61ef9e91a55e..1c37392f6d0c 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ polkadot.* artifacts release-artifacts release.json +executables diff --git a/doc/docker.md b/doc/docker.md index f20c2d001edd..e50e4b9fc48c 100644 --- a/doc/docker.md +++ b/doc/docker.md @@ -133,6 +133,17 @@ To get up and running with the smallest footprint on your system, you may use an You may also build a polkadot container image yourself (it takes a while...) using the container specs `scripts/ci/dockerfiles/polkadot/polkadot_builder.Dockerfile`. +For a one-time build, you may simply run: +``` +$ENGINE build --pull -t polkadot-builder -f scripts/ci/dockerfiles/polkadot/polkadot_builder.Dockerfile . +``` + +The build can be slow depending on the resources you allocated to your container engine. +Here are some recommendations to get started and ensure a successful build: +- allocate enough memory: 32GB is good, less is untested +- allocate enough disk: 150GB works, 100GB is not enough +- allocate all the CPUs you can, this will speed up the build + ### Debian injected The Debian injected image is how the official polkadot container image is produced. It relies on the Debian package that is published upon each release. The Debian injected image is usually available a few minutes after a new release is published. diff --git a/scripts/ci/dockerfiles/build-injected.sh b/scripts/ci/dockerfiles/build-injected.sh index d0e7fee3646e..625188e06b71 100755 --- a/scripts/ci/dockerfiles/build-injected.sh +++ b/scripts/ci/dockerfiles/build-injected.sh @@ -68,7 +68,7 @@ done echo "$TAG_ARGS" # time \ -$ENGINE build \ +$ENGINE build --pull \ ${PODMAN_FLAGS} \ --build-arg VCS_REF="${VCS_REF}" \ --build-arg BUILD_DATE=$(date -u '+%Y-%m-%dT%H:%M:%SZ') \ diff --git a/scripts/ci/dockerfiles/polkadot/polkadot_builder.Dockerfile b/scripts/ci/dockerfiles/polkadot/polkadot_builder.Dockerfile index f263c836bbfe..ab47c6f156d1 100644 --- a/scripts/ci/dockerfiles/polkadot/polkadot_builder.Dockerfile +++ b/scripts/ci/dockerfiles/polkadot/polkadot_builder.Dockerfile @@ -1,14 +1,19 @@ # This is the build stage for Polkadot. Here we create the binary in a temporary image. FROM docker.io/paritytech/ci-linux:production as builder +ARG PROFILE=production + WORKDIR /polkadot COPY . /polkadot -RUN cargo build --locked --release +RUN cargo build --locked --profile ${PROFILE} # This is the 2nd stage: a very small image where we copy the Polkadot binary." FROM docker.io/parity/base-bin:latest +USER root +ARG PROFILE=production + LABEL description="Multistage Docker image for Polkadot: a platform for web3" \ io.parity.image.type="builder" \ io.parity.image.authors="chevdor@gmail.com, devops-team@parity.io" \ @@ -17,20 +22,21 @@ LABEL description="Multistage Docker image for Polkadot: a platform for web3" \ io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/scripts/ci/dockerfiles/polkadot/polkadot_builder.Dockerfile" \ io.parity.image.documentation="https://github.com/paritytech/polkadot/" -COPY --from=builder /polkadot/target/release/polkadot /usr/local/bin +RUN mkdir -p /usr/local/bin -RUN useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \ - mkdir -p /data /polkadot/.local/share && \ - chown -R polkadot:polkadot /data && \ - ln -s /data /polkadot/.local/share/polkadot && \ -# unclutter and minimize the attack surface - rm -rf /usr/bin /usr/sbin && \ -# check if executable works in this container - /usr/local/bin/polkadot --version +COPY --from=builder /polkadot/target/${PROFILE}/polkadot-prepare-worker /usr/local/bin +COPY --from=builder /polkadot/target/${PROFILE}/polkadot-execute-worker /usr/local/bin +COPY --from=builder /polkadot/target/${PROFILE}/polkadot /usr/local/bin -USER polkadot +USER parity + +# check if executable works in this container +RUN /usr/local/bin/polkadot --version EXPOSE 30333 9933 9944 9615 VOLUME ["/data"] ENTRYPOINT ["/usr/local/bin/polkadot"] + +# We only show the version by default +CMD ["--version"] diff --git a/scripts/ci/dockerfiles/staking-miner/build.sh b/scripts/ci/dockerfiles/staking-miner/build.sh index 67c82afcd2ce..d8dc7ef4928c 100755 --- a/scripts/ci/dockerfiles/staking-miner/build.sh +++ b/scripts/ci/dockerfiles/staking-miner/build.sh @@ -10,4 +10,4 @@ ENGINE=podman echo "Building the staking-miner using the Builder image" echo "PROJECT_ROOT=$PROJECT_ROOT" -$ENGINE build -t staking-miner -f staking-miner_builder.Dockerfile "$PROJECT_ROOT" +$ENGINE build --pull -t staking-miner -f staking-miner_builder.Dockerfile "$PROJECT_ROOT" diff --git a/utils/staking-miner/README.md b/utils/staking-miner/README.md index b7f70de573b0..b40de6f35355 100644 --- a/utils/staking-miner/README.md +++ b/utils/staking-miner/README.md @@ -31,7 +31,7 @@ First build the binary as documented [above](#building). You may then inject the binary into a Docker base image: `parity/base-bin` (running the command from the root of the Polkadot repository): ``` TODO: UPDATE THAT -docker build -t staking-miner -f scripts/ci/dockerfiles/staking-miner/staking-miner_injected.Dockerfile target/release +$ENGINE build --pull -t staking-miner -f scripts/ci/dockerfiles/staking-miner/staking-miner_injected.Dockerfile target/release ``` ### Building the multi-stage image @@ -41,7 +41,7 @@ The trade-off however is that it takes a little longer to build and this option You may build the multi-stage image the root of the Polkadot repository with: ``` TODO: UPDATE THAT -docker build -t staking-miner -f scripts/ci/dockerfiles/staking-miner/staking-miner_builder.Dockerfile . +$ENGINE build --pull -t staking-miner -f scripts/ci/dockerfiles/staking-miner/staking-miner_builder.Dockerfile . ``` ### Running