-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathDockerfile
More file actions
131 lines (101 loc) · 3.97 KB
/
Dockerfile
File metadata and controls
131 lines (101 loc) · 3.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# Unified Multi-stage Dockerfile for RBFT Node
# OPTIMIZED VERSION with improved caching strategy
# Build arguments for configuration
ARG RUST_VERSION=1.88
ARG DEBIAN_VERSION=bookworm-slim
ARG STRIP_BINARY=true
ARG INSTALL_DEVELOPMENT_TOOLS=false
# ============================================================
# Stage 1: Base builder with system dependencies (cached)
# ============================================================
FROM rust:${RUST_VERSION}-slim-bookworm AS base-builder
WORKDIR /app
# Install system dependencies - this layer rarely changes
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
curl \
build-essential \
pkg-config \
libssl-dev \
clang \
cmake \
protobuf-compiler \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Set cargo environment for optimal builds
ENV CARGO_HOME=/usr/local/cargo \
CARGO_INCREMENTAL=0 \
CARGO_NET_RETRY=10 \
CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse \
RUSTFLAGS="-C link-arg=-fuse-ld=lld" \
RUST_BACKTRACE=1
# Install lld for faster linking (10-30% faster)
RUN apt-get update && apt-get install -y --no-install-recommends lld && \
rm -rf /var/lib/apt/lists/*
# ============================================================
# Stage 2: Dependency planner using cargo-chef
# ============================================================
FROM lukemathwalker/cargo-chef:latest-rust-${RUST_VERSION} AS planner
WORKDIR /app
# Copy only files needed for dependency resolution
COPY Cargo.toml Cargo.lock ./
COPY crates/ crates/
# Generate recipe.json for dependency caching
RUN cargo chef prepare --recipe-path recipe.json
# ============================================================
# Stage 3: Dependency builder (heavily cached)
# ============================================================
FROM base-builder AS dependencies
# Install cargo-chef
RUN cargo install cargo-chef --locked
# Copy recipe from planner
COPY --from=planner /app/recipe.json recipe.json
# Build ONLY dependencies - this is the key caching layer
# Dependencies rarely change, so this layer stays cached
RUN cargo chef cook --release --recipe-path recipe.json
# ============================================================
# Stage 4: Application builder
# ============================================================
FROM dependencies AS builder
# Copy source code (this invalidates cache on code changes)
COPY . .
# Build arguments
ARG STRIP_BINARY
# Build only the application binary (dependencies already compiled)
# Using --offline since all deps are already cached
RUN cargo build --release --bin rbft-node && \
cp target/release/rbft-node ./rbft-node && \
if [ "$STRIP_BINARY" = "true" ]; then \
echo "Stripping binary symbols..."; \
strip ./rbft-node; \
fi
# ============================================================
# Stage 5: Minimal runtime image
# ============================================================
FROM debian:${DEBIAN_VERSION} AS runtime
ARG INSTALL_DEVELOPMENT_TOOLS
# Install minimal runtime dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
libssl3 \
$(if [ "$INSTALL_DEVELOPMENT_TOOLS" = "true" ]; then echo "curl procps htop"; fi) \
&& rm -rf /var/lib/apt/lists/* \
&& groupadd --gid 1000 rbft \
&& useradd --uid 1000 --gid rbft --shell /bin/bash --create-home rbft
WORKDIR /app
# Copy binary from builder
COPY --from=builder /app/rbft-node ./rbft-node
# Set permissions
RUN chown rbft:rbft rbft-node && chmod +x rbft-node && \
mkdir -p /data && chown rbft:rbft /data
USER rbft
# Metadata
LABEL maintainer="RBFT Team" \
description="RBFT Consensus Node - Optimized Build" \
version="1.0"
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD ./rbft-node --version > /dev/null || exit 1
EXPOSE 8545 8551 30303 9000 8080 9090
ENV RUST_LOG=info RUST_BACKTRACE=1
VOLUME ["/data"]
CMD ["./rbft-node", "node", "--datadir", "/data"]