diff --git a/builder/builder.go b/builder/builder.go index b9c2a85..962d947 100644 --- a/builder/builder.go +++ b/builder/builder.go @@ -128,7 +128,9 @@ func rawDockerfile( case DockerfileTypeCosmos: if local { - // local builds always use embedded Dockerfile. + if useBuildKit { + return dockerfileEmbeddedOrLocal("cosmos/localcross.Dockerfile", dockerfile.CosmosLocalCross) + } return dockerfile.CosmosLocal } if useBuildKit { diff --git a/dockerfile/cosmos/localcross.Dockerfile b/dockerfile/cosmos/localcross.Dockerfile new file mode 100644 index 0000000..5da76ee --- /dev/null +++ b/dockerfile/cosmos/localcross.Dockerfile @@ -0,0 +1,174 @@ +ARG BASE_VERSION +FROM --platform=$BUILDPLATFORM golang:${BASE_VERSION} AS build-env + +RUN apk add --update --no-cache curl make git libc-dev bash gcc linux-headers eudev-dev + +ARG TARGETARCH +ARG BUILDARCH + +RUN if [ "${TARGETARCH}" = "arm64" ] && [ "${BUILDARCH}" != "arm64" ]; then\ + wget -c https://musl.cc/aarch64-linux-musl-cross.tgz -O - | tar -xzvv --strip-components 1 -C /usr;\ + elif [ "${TARGETARCH}" = "amd64" ] && [ "${BUILDARCH}" != "amd64" ]; then\ + wget -c https://musl.cc/x86_64-linux-musl-cross.tgz -O - | tar -xzvv --strip-components 1 -C /usr;\ + fi + +ARG GITHUB_ORGANIZATION +ARG REPO_HOST + +WORKDIR /go/src/${REPO_HOST}/${GITHUB_ORGANIZATION} + +ARG GITHUB_REPO +ARG VERSION +ARG BUILD_TIMESTAMP + +ADD . . + +WORKDIR /go/src/${REPO_HOST}/${GITHUB_ORGANIZATION}/${GITHUB_REPO} + +ARG BUILD_TARGET +ARG BUILD_ENV +ARG BUILD_TAGS +ARG PRE_BUILD +ARG BUILD_DIR + +RUN set -eux;\ + LIBDIR=/lib;\ + if [ "${TARGETARCH}" = "arm64" ]; then\ + export ARCH=aarch64;\ + if [ "${BUILDARCH}" != "arm64" ]; then\ + LIBDIR=/usr/aarch64-linux-musl/lib;\ + mkdir -p $LIBDIR;\ + export CC=aarch64-linux-musl-gcc CXX=aarch64-linux-musl-g++;\ + fi;\ + elif [ "${TARGETARCH}" = "amd64" ]; then\ + export ARCH=x86_64;\ + if [ "${BUILDARCH}" != "amd64" ]; then\ + LIBDIR=/usr/x86_64-linux-musl/lib;\ + mkdir -p $LIBDIR;\ + export CC=x86_64-linux-musl-gcc CXX=x86_64-linux-musl-g++;\ + fi;\ + fi;\ + WASM_VERSION=$(go list -m all | grep github.com/CosmWasm/wasmvm | awk '{print $NF}');\ + if [ ! -z "${WASM_VERSION}" ]; then\ + wget -O $LIBDIR/libwasmvm_muslc.a https://github.com/CosmWasm/wasmvm/releases/download/${WASM_VERSION}/libwasmvm_muslc.$ARCH.a;\ + fi;\ + export GOOS=linux GOARCH=$TARGETARCH CGO_ENABLED=1 LDFLAGS='-linkmode external -extldflags "-static"';\ + if [ ! -z "$PRE_BUILD" ]; then sh -c "${PRE_BUILD}"; fi;\ + if [ ! -z "$BUILD_TARGET" ]; then\ + if [ ! -z "$BUILD_ENV" ]; then export ${BUILD_ENV}; fi;\ + if [ ! -z "$BUILD_TAGS" ]; then export "${BUILD_TAGS}"; fi;\ + if [ ! -z "$BUILD_DIR" ]; then cd "${BUILD_DIR}"; fi;\ + sh -c "${BUILD_TARGET}";\ + fi + +RUN if [ -d "/go/bin/linux_${TARGETARCH}" ]; then mv /go/bin/linux_${TARGETARCH}/* /go/bin/; fi + +# Copy all binaries to /root/bin, for a single place to copy into final image. +# If a colon (:) delimiter is present, binary will be renamed to the text after the delimiter. +RUN mkdir /root/bin +ARG RACE +ARG BINARIES +ENV BINARIES_ENV ${BINARIES} +RUN bash -c 'set -eux;\ + BINARIES_ARR=();\ + IFS=, read -ra BINARIES_ARR <<< "$BINARIES_ENV";\ + for BINARY in "${BINARIES_ARR[@]}"; do\ + BINSPLIT=();\ + IFS=: read -ra BINSPLIT <<< "$BINARY";\ + BINPATH=${BINSPLIT[1]+"${BINSPLIT[1]}"};\ + BIN="$(eval "echo "${BINSPLIT[0]+"${BINSPLIT[0]}"}"")";\ + if [ ! -z "$RACE" ] && GOVERSIONOUT=$(go version -m $BIN); then\ + if echo $GOVERSIONOUT | grep build | grep "-race=true"; then\ + echo "Race detection is enabled in binary";\ + else\ + echo "Race detection not enabled in binary!";\ + exit 1;\ + fi;\ + fi;\ + if [ ! -z "$BINPATH" ]; then\ + if [[ $BINPATH == *"/"* ]]; then\ + mkdir -p "$(dirname "${BINPATH}")";\ + cp "$BIN" "${BINPATH}";\ + else\ + cp "$BIN" "/root/bin/${BINPATH}";\ + fi;\ + else\ + cp "$BIN" /root/bin/;\ + fi;\ + done' + +RUN mkdir -p /root/lib +ARG LIBRARIES +ENV LIBRARIES_ENV ${LIBRARIES} +RUN bash -c 'set -eux;\ + LIBRARIES_ARR=($LIBRARIES_ENV); for LIBRARY in "${LIBRARIES_ARR[@]}"; do cp $LIBRARY /root/lib/; done' + +# Use minimal busybox from infra-toolkit image for final scratch image +FROM ghcr.io/strangelove-ventures/infra-toolkit:v0.0.7 AS infra-toolkit +RUN addgroup --gid 1025 -S heighliner && adduser --uid 1025 -S heighliner -G heighliner + +# Use ln and rm from full featured busybox for assembling final image +FROM busybox:1.34.1-musl AS busybox-full + +# Build final image from scratch +FROM scratch + +LABEL org.opencontainers.image.source="https://github.com/strangelove-ventures/heighliner" + +WORKDIR /bin + +# Install ln (for making hard links) and rm (for cleanup) from full busybox image (will be deleted, only needed for image assembly) +COPY --from=busybox-full /bin/ln /bin/rm ./ + +# Install minimal busybox image as shell binary (will create hardlinks for the rest of the binaries to this data) +COPY --from=infra-toolkit /busybox/busybox /bin/sh + +# Install jq +COPY --from=infra-toolkit /usr/local/bin/jq /bin/ + +# Add hard links for read-only utils +# Will then only have one copy of the busybox minimal binary file with all utils pointing to the same underlying inode +RUN for b in \ + cat \ + date \ + df \ + du \ + env \ + grep \ + head \ + less \ + ls \ + md5sum \ + pwd \ + sha1sum \ + sha256sum \ + sha3sum \ + sha512sum \ + sleep \ + stty \ + tail \ + tar \ + tee \ + tr \ + watch \ + which \ + ; do ln sh $b; done + +# Remove write utils +RUN rm ln rm + +# Install chain binaries +COPY --from=build-env /root/bin /bin + +# Install libraries +COPY --from=build-env /root/lib /lib + +# Install trusted CA certificates +COPY --from=infra-toolkit /etc/ssl/cert.pem /etc/ssl/cert.pem + +# Install heighliner user +COPY --from=infra-toolkit /etc/passwd /etc/passwd +COPY --from=infra-toolkit --chown=1025:1025 /home/heighliner /home/heighliner + +WORKDIR /home/heighliner +USER heighliner diff --git a/dockerfile/dockerfiles.go b/dockerfile/dockerfiles.go index f78e6e2..128e0e0 100644 --- a/dockerfile/dockerfiles.go +++ b/dockerfile/dockerfiles.go @@ -17,6 +17,9 @@ var CosmosNative []byte //go:embed cosmos/local.Dockerfile var CosmosLocal []byte +//go:embed cosmos/localcross.Dockerfile +var CosmosLocalCross []byte + //go:embed imported/Dockerfile var Imported []byte