-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: onur-ozkan <[email protected]>
- Loading branch information
1 parent
c72a07b
commit 61d0036
Showing
2 changed files
with
73 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,71 @@ | ||
| FROM --platform=$BUILDPLATFORM golang:1.21-alpine3.17 AS build-env | ||
|
|
||
| RUN apk add --update --no-cache curl make git libc-dev bash gcc linux-headers eudev-dev | ||
|
|
||
| ARG TARGETARCH | ||
| ARG BUILDARCH | ||
|
|
||
| RUN if [ "${TARGETARCH}" = "arm64" ] && [ "${BUILDARCH}" != "arm64" ]; then \ | ||
| wget -c https://musl.cc/aarch64-linux-musl-cross.tgz -O - | tar -xzvv --strip-components 1 -C /usr; \ | ||
| elif [ "${TARGETARCH}" = "amd64" ] && [ "${BUILDARCH}" != "amd64" ]; then \ | ||
| wget -c https://musl.cc/x86_64-linux-musl-cross.tgz -O - | tar -xzvv --strip-components 1 -C /usr; \ | ||
| fi | ||
|
|
||
| ADD . . | ||
|
|
||
| RUN if [ "${TARGETARCH}" = "arm64" ] && [ "${BUILDARCH}" != "arm64" ]; then \ | ||
| export CC=aarch64-linux-musl-gcc CXX=aarch64-linux-musl-g++;\ | ||
| elif [ "${TARGETARCH}" = "amd64" ] && [ "${BUILDARCH}" != "amd64" ]; then \ | ||
| export CC=x86_64-linux-musl-gcc CXX=x86_64-linux-musl-g++; \ | ||
| fi; \ | ||
| GOOS=linux GOARCH=$TARGETARCH CGO_ENABLED=1 LDFLAGS='-linkmode external -extldflags "-static"' make install | ||
|
|
||
| RUN if [ -d "/go/bin/linux_${TARGETARCH}" ]; then mv /go/bin/linux_${TARGETARCH}/* /go/bin/; fi | ||
|
|
||
| # Use minimal busybox from infra-toolkit image for final scratch image | ||
| FROM ghcr.io/strangelove-ventures/infra-toolkit:v0.0.6 AS busybox-min | ||
| RUN addgroup --gid 1000 -S relayer && adduser --uid 100 -S relayer -G relayer | ||
|
|
||
| # Use ln and rm from full featured busybox for assembling final image | ||
| FROM busybox:1.34.1-musl AS busybox-full | ||
|
|
||
| # Build final image from scratch | ||
| FROM scratch | ||
|
|
||
| LABEL org.opencontainers.image.source="https://github.com/cosmos/relayer" | ||
|
|
||
| WORKDIR /bin | ||
|
|
||
| # Install ln (for making hard links) and rm (for cleanup) from full busybox image (will be deleted, only needed for image assembly) | ||
| COPY --from=busybox-full /bin/ln /bin/rm ./ | ||
|
|
||
| # Install minimal busybox image as shell binary (will create hardlinks for the rest of the binaries to this data) | ||
| COPY --from=busybox-min /busybox/busybox /bin/sh | ||
|
|
||
| # Add hard links for read-only utils, then remove ln and rm | ||
| # Will then only have one copy of the busybox minimal binary file with all utils pointing to the same underlying inode | ||
| RUN ln sh pwd && \ | ||
| ln sh ls && \ | ||
| ln sh cat && \ | ||
| ln sh less && \ | ||
| ln sh grep && \ | ||
| ln sh sleep && \ | ||
| ln sh env && \ | ||
| ln sh tar && \ | ||
| ln sh tee && \ | ||
| ln sh du && \ | ||
| rm ln rm | ||
|
|
||
| # Install chain binaries | ||
| COPY --from=build-env /bin/rly /bin | ||
|
|
||
| # Install trusted CA certificates | ||
| COPY --from=busybox-min /etc/ssl/cert.pem /etc/ssl/cert.pem | ||
|
|
||
| # Install relayer user | ||
| COPY --from=busybox-min /etc/passwd /etc/passwd | ||
| COPY --from=busybox-min --chown=100:1000 /home/relayer /home/relayer | ||
|
|
||
| WORKDIR /home/relayer | ||
|
|
||
| ENTRYPOINT ["rly", "start"] |