gossamer icon indicating copy to clipboard operation
gossamer copied to clipboard
verified publisher icon ChainSafe

chore(ci): Dockerfile improvements and final image based on Alpine

Open qdm12 opened this issue 4 years ago • 3 comments

Changes

~⚠️ To be rebased on development once #1934 is merged.~

  • Final image is running on Alpine 3.14 (with glibc and needed C libraries), reducing image size to 122MB (uncompressed amd64). I'd say it's also better in terms of CVEs to run with Alpine VS debian/ubuntu.
  • ⚠️ Broken with a commit which happened between October 4, 2021 and October 27, 2021:
/gossamer # /gossamer/docker-entrypoint.sh /gossamer/bin/gossamer
+ '[' '!' -f /root/gossamer-dev/genesis_created ]
+ /gossamer/bin/gossamer init '--genesis=/gossamer/chain/gssmr/genesis.json'
runtime/cgo: pthread_create failed: Operation not permitted
SIGABRT: abort
PC=0x7f79e80580c6 m=0 sigcode=18446744073709551610

goroutine 0 [idle]:
runtime: unknown pc 0x7f79e80580c6
stack: frame={sp:0x7ffc116c9500, fp:0x0} stack=[0x7ffc10eca9a8,0x7ffc116c99e0)
00007ffc116c9400:  00000000030d86a8  000000c000098000
00007ffc116c9410:  0000000000000004  0000000000000101
00007ffc116c9420:  20636f6c6c616d00  203a64656c696166
00007ffc116c9430:  0000000000000000  0000000000000000
00007ffc116c9440:  0000000000000000  0000000000000000
00007ffc116c9450:  0000000000000000  0000000000000000
00007ffc116c9460:  0000000000000000  0000000000000000
00007ffc116c9470:  0000000000000000  0000000000000000
00007ffc116c9480:  0000000000000000  0000000000000000
00007ffc116c9490:  0000000000000000  0000000000000000
00007ffc116c94a0:  000000000000004c  0000000000000004
00007ffc116c94b0:  00007ffc116c96d8  00000000005b4a2b <runtime.(*pageAlloc).allocRange+747>
00007ffc116c94c0:  00000000030d86a8  000000c000098000
00007ffc116c94d0:  0000000000000004  0000000000000101
00007ffc116c94e0:  0000000200000000  0000000000000000
00007ffc116c94f0:  0000000000000000  00007f79e80580b8
00007ffc116c9500: <0000000000000002  0000000000000006
00007ffc116c9510:  0000000003c323a0  00007f79e800b276
00007ffc116c9520:  0000000002468cce  00007f79e7ff57b7
00007ffc116c9530:  0000000000000020  0000000000000000
00007ffc116c9540:  0000000000000000  0000000000000000
00007ffc116c9550:  0000000000000000  0000000000000000
00007ffc116c9560:  00007ffc116c9760  00007f79e804e0ad
00007ffc116c9570:  00007f79c1295640  00007f79e81c3680
00007ffc116c9580:  0000000002468cc0  00007f79e804e0ad
00007ffc116c9590:  0000000000000d68  00007f79e81c3680
00007ffc116c95a0:  00007f79e81c3703  00007f79e81c4560
00007ffc116c95b0:  0000000000000d68  00007f79e804d416
00007ffc116c95c0:  00007f79e81c4560  0000000000000001
00007ffc116c95d0:  00007f79e81c3680  00007f79e7f28480
00007ffc116c95e0:  0000000000000000  000000000225d3ec
00007ffc116c95f0:  0000000000000000  00007f79e804f159
runtime: unknown pc 0x7f79e80580c6
stack: frame={sp:0x7ffc116c9500, fp:0x0} stack=[0x7ffc10eca9a8,0x7ffc116c99e0)
00007ffc116c9400:  00000000030d86a8  000000c000098000
00007ffc116c9410:  0000000000000004  0000000000000101
00007ffc116c9420:  20636f6c6c616d00  203a64656c696166
00007ffc116c9430:  0000000000000000  0000000000000000
00007ffc116c9440:  0000000000000000  0000000000000000
00007ffc116c9450:  0000000000000000  0000000000000000
00007ffc116c9460:  0000000000000000  0000000000000000
00007ffc116c9470:  0000000000000000  0000000000000000
00007ffc116c9480:  0000000000000000  0000000000000000
00007ffc116c9490:  0000000000000000  0000000000000000
00007ffc116c94a0:  000000000000004c  0000000000000004
00007ffc116c94b0:  00007ffc116c96d8  00000000005b4a2b <runtime.(*pageAlloc).allocRange+747>
00007ffc116c94c0:  00000000030d86a8  000000c000098000
00007ffc116c94d0:  0000000000000004  0000000000000101
00007ffc116c94e0:  0000000200000000  0000000000000000
00007ffc116c94f0:  0000000000000000  00007f79e80580b8
00007ffc116c9500: <0000000000000002  0000000000000006
00007ffc116c9510:  0000000003c323a0  00007f79e800b276
00007ffc116c9520:  0000000002468cce  00007f79e7ff57b7
00007ffc116c9530:  0000000000000020  0000000000000000
00007ffc116c9540:  0000000000000000  0000000000000000
00007ffc116c9550:  0000000000000000  0000000000000000
00007ffc116c9560:  00007ffc116c9760  00007f79e804e0ad
00007ffc116c9570:  00007f79c1295640  00007f79e81c3680
00007ffc116c9580:  0000000002468cc0  00007f79e804e0ad
00007ffc116c9590:  0000000000000d68  00007f79e81c3680
00007ffc116c95a0:  00007f79e81c3703  00007f79e81c4560
00007ffc116c95b0:  0000000000000d68  00007f79e804d416
00007ffc116c95c0:  00007f79e81c4560  0000000000000001
00007ffc116c95d0:  00007f79e81c3680  00007f79e7f28480
00007ffc116c95e0:  0000000000000000  000000000225d3ec
00007ffc116c95f0:  0000000000000000  00007f79e804f159

goroutine 1 [running]:
runtime.systemstack_switch()
        /usr/local/go/src/runtime/asm_amd64.s:330 fp=0xc000084788 sp=0xc000084780 pc=0x5f6540
runtime.main()
        /usr/local/go/src/runtime/proc.go:134 +0x70 fp=0xc0000847e0 sp=0xc000084788 pc=0x5c38f0
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:1374 +0x1 fp=0xc0000847e8 sp=0xc0000847e0 pc=0x5f8321

rax    0x0
rbx    0x7f79e7f28480
rcx    0x7f79e80580c6
rdx    0x6
rdi    0x9
rsi    0x9
rbp    0x9
rsp    0x7ffc116c9500
r8     0x7ffc116c9530
r9     0x7f79e817e0c0
r10    0x8
r11    0x206
r12    0x6
r13    0x0
r14    0x225d3ec
r15    0x0
rip    0x7f79e80580c6
rflags 0x206
cs     0x33
fs     0x0
gs     0x0

Questions for reviewers

I haven't toyed around with it too much, so you might want to ensure it's fully functional (or I will with indications on what to test 😉). But for now I get the same logs as with the current chainsafe/gossamer image. Maybe we could add integration tests against the final Docker container 🤔 (e.g. Go code communicating over the network with the container)?

Tests

CI jobs passing and:

docker build -t chainsafe/gossamer .
docker run -it --rm chainsafe/gossamer
# ... failing since a recent commit, see above.

Issues

  • Initially started to address #424
  • The build is still required to be on a glibc based OS (Debian here), but ~the runtime seems possible with Alpine + Glibc~

Primary Reviewer

  • Nobody

qdm12 avatar Sep 28 '21 17:09 qdm12

Codecov Report

Merging #1813 (ef2c6f3) into development (0bc4bf1) will increase coverage by 0.12%. The diff coverage is 65.60%.

Impacted file tree graph

@@               Coverage Diff               @@
##           development    #1813      +/-   ##
===============================================
+ Coverage        59.94%   60.06%   +0.12%     
===============================================
  Files              185      192       +7     
  Lines            26343    26510     +167     
===============================================
+ Hits             15790    15923     +133     
- Misses            8677     8703      +26     
- Partials          1876     1884       +8
Flag Coverage Δ
unit-tests 60.06% <65.60%> (+0.12%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
cmd/gossamer/profile.go 0.00% <0.00%> (ø)
cmd/gossamer/toml_config.go 27.27% <0.00%> (ø)
dot/config.go 26.76% <0.00%> (-1.46%) :arrow_down:
dot/network/message.go 69.26% <0.00%> (-2.49%) :arrow_down:
dot/network/sync.go 5.26% <0.00%> (ø)
dot/network/utils.go 57.89% <0.00%> (ø)
dot/rpc/subscription/listeners.go 71.92% <0.00%> (ø)
dot/state/block.go 43.52% <0.00%> (-0.11%) :arrow_down:
dot/state/bloom.go 0.00% <0.00%> (ø)
dot/state/offline_pruner.go 0.00% <0.00%> (ø)
... and 90 more

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 756d42e...ef2c6f3. Read the comment docs.

codecov[bot] avatar Sep 28 '21 19:09 codecov[bot]

@qdm12 could we resume this PR as PR #1934 was merged?

EclesioMeloJunior avatar Nov 11 '21 13:11 EclesioMeloJunior

@EclesioMeloJunior unfortunately, the container no longer works due to some C/Rust-linking-ish problem again, as mentioned in the description. I'll toy around with it again in the coming days see if I can fix it.

qdm12 avatar Nov 11 '21 15:11 qdm12