Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(dockerfile): optimized Dockerfile #3281

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix(dockerfile): optimized Dockerfile #3281

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c9accc6
fix(dockerfile): optimized dockerfile, removed additional docker layers
No0key Sep 12, 2024
dedc93e
fix(dockerfile): fix pr comments
No0key Sep 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 24 additions & 8 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,22 @@
# Container for building Go binary.
FROM golang:1.23.1-bookworm AS builder

# Install dependencies
RUN apt-get update && apt-get install -y build-essential git
RUN apt-get update && apt-get install -y --no-install-recommends build-essential git \
&& rm -rf /var/lib/apt/lists/*
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not necessary, as this is multi-stage build and the image from the first stage is not used in the final image.


# Prep and copy source
WORKDIR /app/charon
COPY go.mod go.sum ./
RUN go mod download
Comment on lines +10 to +11
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not necessary as go build will download the dependencies.


COPY . .

# Populate GO_BUILD_FLAG with a build arg to provide an optional go build flag.
ARG GO_BUILD_FLAG
ENV GO_BUILD_FLAG=${GO_BUILD_FLAG}
RUN echo "Building with GO_BUILD_FLAG='${GO_BUILD_FLAG}'"

# Build with Go module and Go build caches.
RUN \
--mount=type=cache,target=/go/pkg \
Expand All @@ -18,33 +26,41 @@

# Copy final binary into light stage.
FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y ca-certificates wget fio
RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates wget fio \

Check notice

Code scanning / SonarCloud

Arguments in long RUN instructions should be sorted Low

Sort these package names alphanumerically. See more on SonarCloud
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
ARG GITHUB_SHA=local
ENV GITHUB_SHA=${GITHUB_SHA}

COPY --from=builder /app/charon/charon /usr/local/bin/

# Don't run container as root
ENV USER=charon
ENV UID=1000
ENV GID=1000
RUN addgroup --gid "$GID" "$USER"
RUN adduser \
RUN addgroup --gid "$GID" "$USER" \
&& adduser \
--disabled-password \
--gecos "charon" \
--home "/opt/$USER" \
--ingroup "$USER" \
--no-create-home \
--uid "$UID" \
"$USER"
RUN chown charon /usr/local/bin/charon
RUN chmod u+x /usr/local/bin/charon
"$USER" \
&& chown $USER /usr/local/bin/charon \
&& chmod u+x /usr/local/bin/charon \
&& mkdir -p "/opt/$USER" \
&& chown $USER "/opt/$USER"

WORKDIR "/opt/$USER"
RUN chown charon "/opt/$USER"
USER charon

ENTRYPOINT ["/usr/local/bin/charon"]
CMD ["run"]

# Used by GitHub to associate container with repo.
LABEL org.opencontainers.image.source="https://github.com/obolnetwork/charon"
LABEL org.opencontainers.image.title="charon"
LABEL org.opencontainers.image.description="Proof of Stake Ethereum Distributed Validator Client"
LABEL org.opencontainers.image.licenses="GPL v3"
LABEL org.opencontainers.image.documentation="https://github.com/ObolNetwork/charon/tree/main/docs"