-
Notifications
You must be signed in to change notification settings - Fork 115
/
Dockerfile
200 lines (169 loc) · 7.28 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
# syntax=docker/dockerfile:1
# The following Dockerfile includes multiple targets.
# Each target is a separate image that can be built specifying the --target
# flag when using `docker build`.
FROM golang:1.22-bookworm AS build-env
WORKDIR /build
RUN apt-get update && apt-get install -y \
git \
&& rm -rf /var/lib/apt/lists/*
# install just
RUN curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | bash -s -- --to /usr/bin
## wardend
FROM build-env AS wardend-build
WORKDIR /warden
RUN --mount=type=bind,source=.,target=.,readonly\
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
OUTPUT_DIR=/build just wardend build
RUN --mount=type=bind,source=.,target=.,readonly\
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
OUTPUT_DIR=/build just wardend build faucet
FROM debian:bookworm-slim AS wardend
RUN apt update && \
apt install ca-certificates curl -y && \
rm -rf /var/lib/apt/lists/* && \
useradd -M -u 1000 -U -s /bin/sh -d /data warden && \
install -o 1000 -g 1000 -d /data
COPY --from=wardend-build --chown=warden:warden /build/wardend /usr/bin/wardend
ADD --chmod=444 --checksum=sha256:015bdae5e70304f1e487981f90e3956754718fe7bdac4446aab0838fcb8b33e0 --chown=warden:warden https://github.com/CosmWasm/wasmvm/releases/download/v2.1.2/libwasmvm.x86_64.so /lib/libwasmvm.x86_64.so
USER warden
CMD ["wardend", "start"]
## wardend-debug
FROM wardend-build AS wardend-debug
CMD just localnet
## faucet
FROM debian:bookworm-slim AS faucet
RUN apt-get update && apt-get install -y \
ca-certificates \
&& rm -rf /var/lib/apt/lists/* && \
useradd -M -u 1000 -U -s /bin/sh -d /data warden && \
install -o 1000 -g 1000 -d /data
COPY --from=wardend-build --chown=warden:warden /build/wardend /usr/bin/wardend
COPY --from=wardend-build --chown=warden:warden /build/faucet /usr/bin/faucet
ADD --chmod=444 --checksum=sha256:015bdae5e70304f1e487981f90e3956754718fe7bdac4446aab0838fcb8b33e0 https://github.com/CosmWasm/wasmvm/releases/download/v2.1.2/libwasmvm.x86_64.so /lib/libwasmvm.x86_64.so
USER warden
COPY cmd/faucet/assets/ /assets
COPY cmd/faucet/css/ /css
COPY cmd/faucet/js/ /js
COPY cmd/faucet/templates/ /templates
EXPOSE 8081
CMD ["/usr/bin/faucet"]
## wardenkms
FROM build-env AS wardenkms-build
WORKDIR /warden
RUN --mount=type=bind,source=.,target=.,readonly\
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
OUTPUT_DIR=/build just wardend build wardenkms
FROM debian:bookworm-slim AS wardenkms
COPY --chown=nobody:nogroup --from=wardenkms-build /build/wardenkms /
ADD --chmod=444 --chown=nobody:nogroup --checksum=sha256:015bdae5e70304f1e487981f90e3956754718fe7bdac4446aab0838fcb8b33e0 https://github.com/CosmWasm/wasmvm/releases/download/v2.1.2/libwasmvm.x86_64.so /lib/libwasmvm.x86_64.so
USER nobody
ENTRYPOINT ["/wardenkms"]
## node-builder
FROM node:lts-alpine AS node-build-env
RUN apk add --no-cache python3 build-base
RUN npm install -g pnpm@9
## automated-orders libs
FROM node-build-env AS automated-orders-libs
USER node
WORKDIR /app
COPY --chown=node:node automated-orders/yarn.lock yarn.lock
COPY --chown=node:node automated-orders/package.json package.json
COPY --chown=node:node automated-orders/tsconfig.json tsconfig.json
COPY --chown=node:node automated-orders/packages/utils-library packages/utils-library
COPY --chown=node:node automated-orders/packages/aws-kms-signer packages/aws-kms-signer
COPY --chown=node:node automated-orders/packages/blockchain-library packages/blockchain-library
RUN yarn install --frozen-lockfile && \
yarn build:libs && \
rm -rf packages/*/src packages/*/node_modules packages/*/tsconfig*
## snap
FROM node-build-env AS snap-builder
WORKDIR /snap
COPY snap/package*.json ./
RUN npm ci
COPY snap/ .
RUN npm run build
## wardenjs
FROM node-build-env AS wardenjs-builder
WORKDIR /wardenjs
COPY wardenjs/package*.json wardenjs/pnpm-lock.yaml ./
RUN pnpm install --frozen-lockfile
COPY wardenjs/ .
RUN pnpm run build
## spaceward
FROM node-build-env AS spaceward-builder
WORKDIR /wardenprotocol
COPY --from=wardenjs-builder /wardenjs ./wardenjs
RUN mkdir spaceward
COPY spaceward/package*.json spaceward/pnpm-lock.yaml spaceward/.npmrc spaceward/
RUN cd spaceward && pnpm install
COPY . .
ENV VITE_FAUCET_URL=%FAUCET_URL%
ENV VITE_WARDEN_RPC_URL=%WARDEN_RPC_URL%
ENV VITE_WARDEN_REST_URL=%WARDEN_REST_URL%
ENV VITE_WARDEN_EVM_URL=%WARDEN_EVM_URL%
ENV VITE_WARDEN_CHAIN_NAME=%WARDEN_CHAIN_NAME%
ENV VITE_WARDEN_COSMOSKIT_CHAIN_NAME=%WARDEN_COSMOSKIT_CHAIN_NAME%
ENV VITE_WARDEN_CHAIN_ID=%WARDEN_CHAIN_ID%
ENV VITE_WARDEN_EVM_CHAIN_ID=%WARDEN_EVM_CHAIN_ID%
ENV VITE_WARDEN_MAINTENANCE=%WARDEN_MAINTENANCE%
ENV VITE_WARDEN_SNAP_ORIGIN=%WARDEN_SNAP_ORIGIN%
ENV VITE_WARDEN_SNAP_VERSION=%WARDEN_SNAP_VERSION%
ENV VITE_WARDEN_ENVIRONMENT=%WARDEN_ENVIRONMENT%
ENV VITE_WARDEN_STORYBLOK_TOKEN=%WARDEN_STORYBLOK_TOKEN%
ENV VITE_WARDEN_ETHEREUM_ANALYZER_CONTRACT=%WARDEN_ETHEREUM_ANALYZER_CONTRACT%
ENV VITE_WARDEN_AMINO_ANALYZER_CONTRACT=%WARDEN_AMINO_ANALYZER_CONTRACT%
RUN cd spaceward && pnpm run build
COPY --from=snap-builder /snap/snap.manifest.json /wardenprotocol/spaceward/dist
COPY --from=snap-builder /snap/images /wardenprotocol/spaceward/dist/images
COPY --from=snap-builder /snap/dist /wardenprotocol/spaceward/dist/dist
FROM nginx:stable-alpine AS spaceward
WORKDIR /var/www/app
EXPOSE 8080
COPY ./spaceward/entrypoint.sh /opt/entrypoint.sh
COPY ./spaceward/nginx.conf /etc/nginx/nginx.conf
COPY --from=spaceward-builder /wardenprotocol/spaceward/dist .
RUN touch /var/run/nginx.pid && \
chown -R 1000 /var/run/nginx.pid && \
chown -R 1000 /var/cache/nginx && \
chown -R 1000 /var/www/app && \
chown -R 1000 /etc/nginx/conf.d/ && \
install -o 1000 -g 1000 -d /var/log/nginx -d /var/run/nginx
USER 1000
ENTRYPOINT ["sh", "/opt/entrypoint.sh"]
CMD ["nginx-fe"]
## spaceward-relay
FROM node-build-env AS spaceward-relay
WORKDIR /wardenprotocol/spaceward
COPY --chown=nobody:nogroup spaceward/ ./
COPY --chown=nobody:nogroup --from=wardenjs-builder /wardenjs /wardenprotocol/wardenjs
RUN pnpm install
USER nobody
ENTRYPOINT ["pnpm", "relay"]
FROM node-build-env AS automated-orders-scheduler
USER node
WORKDIR /app
COPY --chown=node:node automated-orders/yarn.lock yarn.lock
COPY --chown=node:node automated-orders/package.json package.json
COPY --chown=node:node automated-orders/tsconfig.json tsconfig.json
COPY --chown=node:node automated-orders/packages/scheduler packages/scheduler
COPY --chown=node:node --from=automated-orders-libs ["/app/packages", "./packages"]
RUN yarn install --frozen-lockfile && \
yarn build:scheduler && \
rm -rf packages/*/src packages/*/node_modules packages/*/tsconfig*
CMD ["yarn", "scheduler"]
FROM node-build-env AS automated-orders-relayer
USER node
WORKDIR /app
COPY --chown=node:node automated-orders/yarn.lock yarn.lock
COPY --chown=node:node automated-orders/package.json package.json
COPY --chown=node:node automated-orders/tsconfig.json tsconfig.json
COPY --chown=node:node automated-orders/packages/relayer packages/relayer
COPY --chown=node:node --from=automated-orders-libs ["/app/packages", "./packages"]
RUN yarn install --frozen-lockfile && \
yarn build:relayer && \
rm -rf packages/*/src packages/*/node_modules packages/*/tsconfig*
CMD ["yarn", "relayer"]