feat(sdk): prepare Dockerfile for additional container releases

endersonmaia · endersonmaia · commit 2255128dfafd · 2025-03-24T14:39:22.000-03:00
diff --git a/.changeset/angry-rats-mate.md b/.changeset/angry-rats-mate.md
@@ -0,0 +1,5 @@
+---
+"@cartesi/sdk": patch
+---
+
+refactor Dockerfile for additional runtime and database targets
diff --git a/packages/sdk/Dockerfile b/packages/sdk/Dockerfile
@@ -1,25 +1,15 @@
 # syntax=docker.io/docker/dockerfile:1
-ARG BASE_IMAGE
-ARG CARTESI_ESPRESSO_READER_VERSION
-ARG CARTESI_IMAGE_KERNEL_VERSION
-ARG CARTESI_MACHINE_EMULATOR_VERSION
-ARG CARTESI_ROLLUPS_GRAPHQL_VERSION
-ARG CRANE_VERSION
-ARG ESPRESSO_DEV_NODE_TAG
-ARG FOUNDRY_VERSION
-ARG LINUX_KERNEL_VERSION
-ARG NODEJS_VERSION
-ARG POSTGRES_VERSION
-ARG SU_EXEC_VERSION
-ARG XGENEXT2_VERSION
+ARG CARTESI_BASE_IMAGE
+ARG ESPRESSO_DEV_NODE_BASE_IMAGE
+ARG POSTGRES_BASE_IMAGE
 
 ################################################################################
 # https://github.com/EspressoSystems/espresso-sequencer/pkgs/container/espresso-sequencer%2Fespresso-dev-node
-FROM ghcr.io/espressosystems/espresso-sequencer/espresso-dev-node:${ESPRESSO_DEV_NODE_TAG} AS espresso-dev-node
+FROM ${ESPRESSO_DEV_NODE_BASE_IMAGE} AS espresso-dev-node
 
 ################################################################################
 # base image
-FROM ${BASE_IMAGE} AS base
+FROM ${CARTESI_BASE_IMAGE} AS base
 SHELL ["/bin/bash", "-euo", "pipefail", "-c"]
 ARG DEBIAN_FRONTEND=noninteractive
 RUN <<EOF
@@ -130,28 +120,136 @@ curl -fsSL "https://github.com/cartesi/rollups-espresso-reader/archive/refs/tags
     | tar --wildcards -xz -C ${ESPRESSO_DEST_FOLDER} --strip-components=6 '*/migrations/*.sql'
 EOF
 
+################################################################################
+# cartesi runtime target
+FROM base AS runtime
+ARG CARTESI_MACHINE_EMULATOR_VERSION
+ARG CARTESI_ROLLUPS_NODE_VERSION
+ARG TARGETARCH
+
+USER root
+ARG DEBIAN_FRONTEND=noninteractive
+RUN <<EOF
+apt-get install -y --no-install-recommends \
+    libslirp0 \
+    lua5.4 \
+    xz-utils
+rm -rf /var/lib/apt/lists/*
+EOF
+
+RUN <<EOF
+set -e
+addgroup --system --gid 102 cartesi
+adduser --system --uid 102 \
+    --disabled-login \
+    --gecos "cartesi user" \
+    --home /nonexistent \
+    --ingroup cartesi \
+    --no-create-home \
+    --shell /bin/false \
+    cartesi
+EOF
+
+# Install cartesi-machine emulator
+RUN <<EOF
+curl -fsSL https://github.com/cartesi/machine-emulator/releases/download/v${CARTESI_MACHINE_EMULATOR_VERSION}/cartesi-machine-v${CARTESI_MACHINE_EMULATOR_VERSION}_${TARGETARCH}.deb \
+    -o /tmp/cartesi-machine.deb
+dpkg -i /tmp/cartesi-machine.deb
+rm /tmp/cartesi-machine.deb
+cartesi-machine --version-json
+EOF
+
+# Install cartesi-rollups-node
+RUN <<EOF
+curl -fsSL https://github.com/cartesi/rollups-node/releases/download/v${CARTESI_ROLLUPS_NODE_VERSION}/cartesi-rollups-node-v${CARTESI_ROLLUPS_NODE_VERSION%%-*}_${TARGETARCH}.deb \
+    -o /tmp/cartesi-rollups-node.deb
+dpkg -i /tmp/cartesi-rollups-node.deb
+rm /tmp/cartesi-rollups-node.deb
+mkdir -p /var/lib/cartesi-rollups-node/snapshots
+chmod 755 /var/lib/cartesi-rollups-node/snapshots
+chown cartesi:cartesi /var/lib/cartesi-rollups-node/snapshots
+cartesi-rollups-node --version
+EOF
+
+COPY --from=graphql /usr/local/bin/cartesi-rollups-graphql /usr/local/bin/
+COPY --from=espresso-reader /usr/local/bin/cartesi-rollups-espresso-reader /usr/local/bin/
+
+USER cartesi
+
 ################################################################################
 # postgresql initdb
-FROM postgres:${POSTGRES_VERSION} AS postgresql-initdb
-ENV POSTGRES_PASSWORD=password
+FROM ${POSTGRES_BASE_IMAGE} AS postgresql-initdb
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN <<EOF
+set -eo
+apt-get update
+apt-get install -y --no-install-recommends \
+    libslirp0
+EOF
+
+COPY --from=runtime /usr/bin/cartesi-rollups-cli /usr/bin/
+COPY --from=runtime /usr/lib/libcartesi* /usr/lib/
+COPY --from=go-migrate /usr/local/bin/migrate /usr/local/bin/
+COPY --from=graphql-migration /usr/share/cartesi/rollups-graphql/migrations /usr/share/cartesi/rollups-graphql/migrations
+COPY --from=espresso-reader-migration /usr/share/cartesi/rollups-espresso-reader/migrations /usr/share/cartesi/rollups-espresso-reader/migrations
+
+ARG POSTGRES_PASSWORD=password
+
+# create rollupsdb, graphql and espresso databases
+COPY <<EOF /docker-entrypoint-initdb.d/00-createdb.sql
+CREATE DATABASE rollupsdb;
+CREATE DATABASE graphql;
+CREATE DATABASE espresso;
+EOF
+
+# rollups-node migrations
+COPY <<EOF /docker-entrypoint-initdb.d/01-rollups-node-migrations.sh
+#!/usr/bin/env bash
+set -e
+export CARTESI_DATABASE_CONNECTION="postgres://postgres@/rollupsdb?host=/var/run/postgresql"
+cartesi-rollups-cli db upgrade --verbose
+EOF
+
+# rollups-graphql migrations
+COPY <<EOF /docker-entrypoint-initdb.d/02-graphql-migrations.sh
+#!/usr/bin/env bash
+set -e
+migrate -verbose -path /usr/share/cartesi/rollups-graphql/migrations -database 'postgres://postgres@/graphql?host=/var/run/postgresql' up
+EOF
+
+# espresso-reader migrations
+COPY <<EOF /docker-entrypoint-initdb.d/03-espresso-reader-migrations.sh
+#!/usr/bin/env bash
+set -e
+migrate -verbose -path /usr/share/cartesi/rollups-espresso-reader/migrations -database 'postgres://postgres@/rollupsdb?host=/var/run/postgresql' up
+EOF
+
 RUN /usr/local/bin/docker-ensure-initdb.sh postgres
 
+################################################################################
+# rollups-database image
+FROM ${POSTGRES_BASE_IMAGE} AS database
+COPY --from=postgresql-initdb /var/lib/postgresql/data /var/lib/postgresql/data
+
 ################################################################################
 # sdk final image
-FROM base
+FROM runtime
 ARG ALTO_VERSION
+ARG CARTESI_DEVNET_VERSION
 ARG CARTESI_IMAGE_KERNEL_VERSION
+ARG CARTESI_LINUX_KERNEL_VERSION
 ARG CARTESI_MACHINE_EMULATOR_VERSION
+ARG CARTESI_PAYMASTER_VERSION
 ARG CARTESI_ROLLUPS_NODE_VERSION
-ARG DEVNET_VERSION
-ARG LINUX_KERNEL_VERSION
-ARG PAYMASTER_VERSION
+ARG TARGETARCH
 ARG TARGETARCH
 ARG XGENEXT2_VERSION
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive
 RUN <<EOF
+apt-get update
 apt-get install -y --no-install-recommends \
     jq \
     libarchive-tools \
@@ -163,8 +261,11 @@ apt-get install -y --no-install-recommends \
     squashfs-tools \
     xxd \
     xz-utils
+rm -rf /var/lib/apt/lists/*
+EOF
 
 # Install e2fsprogs from backports
+RUN <<EOF
 echo 'deb http://deb.debian.org/debian bookworm-backports main' > /etc/apt/sources.list.d/backports.list
 apt-get update
 apt-get install -y --no-install-recommends -t bookworm-backports \
@@ -188,15 +289,33 @@ EOF
 # Install nodejs packages
 RUN <<EOF
 npm install -g \
-    @cartesi/devnet@${DEVNET_VERSION} \
-    @cartesi/mock-verifying-paymaster@${PAYMASTER_VERSION} \
+    @cartesi/devnet@${CARTESI_DEVNET_VERSION} \
+    @cartesi/mock-verifying-paymaster@${CARTESI_PAYMASTER_VERSION} \
     @pimlico/alto@${ALTO_VERSION}
 
 mkdir -p /usr/share/cartesi
 cp /usr/local/lib/node_modules/@cartesi/devnet/export/abi/localhost.json /usr/share/cartesi/
 cp /usr/local/lib/node_modules/@cartesi/devnet/build/anvil_state.json /usr/share/cartesi/
 EOF
 
+# Install linux kernel image
+RUN <<EOF
+curl -fsSL "https://github.com/cartesi/image-kernel/releases/download/v${CARTESI_IMAGE_KERNEL_VERSION}/linux-${CARTESI_LINUX_KERNEL_VERSION}.bin" \
+    -o /usr/share/cartesi-machine/images/linux.bin
+echo "e4663365ea565792110129a6b479eca896cb31c23f561cb42214609588689f9d3d173a82b4ea27ff74ae05334747cc76ed6bc4c200a7499ac5134abfd2b3045e /usr/share/cartesi-machine/images/linux.bin" \
+    | sha512sum -c
+EOF
+
+# Install linux headers
+RUN <<EOF
+curl -fsSL "https://github.com/cartesi/image-kernel/releases/download/v${CARTESI_IMAGE_KERNEL_VERSION}/linux-headers-${CARTESI_LINUX_KERNEL_VERSION}.tar.xz" \
+    -o "/tmp/linux-headers-${CARTESI_LINUX_KERNEL_VERSION}.tar.xz"
+echo "2ecdb9c9f02a96faed2605ec811ef7188f963feb21b32d057b1ab3278f27ac42887f235a3f52eadd5f5caa56a61e141ad2bb666793d5bdd755c273adba167d45 /tmp/linux-headers-${CARTESI_LINUX_KERNEL_VERSION}.tar.xz" \
+    | sha512sum -c
+tar -xJf "/tmp/linux-headers-${CARTESI_LINUX_KERNEL_VERSION}.tar.xz" -C /
+rm "/tmp/linux-headers-${CARTESI_LINUX_KERNEL_VERSION}.tar.xz"
+EOF
+
 ENV LC_ALL=en_US.UTF-8
 ENV LANG=en_US.UTF-8
 ENV LANGUAGE=en_US:en
@@ -214,52 +333,10 @@ COPY --from=su-exec /usr/local/src/su-exec /usr/local/bin/
 COPY --from=crane /usr/local/bin/crane /usr/local/bin/
 COPY --from=foundry /usr/local/bin/anvil /usr/local/bin/
 COPY --from=foundry /usr/local/bin/cast /usr/local/bin/
+COPY --from=espresso-dev-node /usr/bin/espresso-dev-node /usr/local/bin/
 COPY --from=go-migrate /usr/local/bin/migrate /usr/local/bin/
-COPY --from=graphql /usr/local/bin/cartesi-rollups-graphql /usr/local/bin/
 COPY --from=graphql-migration /usr/share/cartesi/rollups-graphql/migrations /usr/share/cartesi/rollups-graphql/migrations
-COPY --from=espresso-reader /usr/local/bin/cartesi-rollups-espresso-reader /usr/local/bin/
 COPY --from=espresso-reader-migration /usr/share/cartesi/rollups-espresso-reader/migrations /usr/share/cartesi/rollups-espresso-reader/migrations
-COPY --from=espresso-dev-node /usr/bin/espresso-dev-node /usr/local/bin/
-COPY --from=postgresql-initdb /var/lib/postgresql/data /var/lib/postgresql/data
-
-RUN mkdir -p /tmp/.cartesi && chmod 1777 /tmp/.cartesi
-
-# Install cartesi-machine emulator
-RUN <<EOF
-curl -fsSL https://github.com/cartesi/machine-emulator/releases/download/v${CARTESI_MACHINE_EMULATOR_VERSION}/cartesi-machine-v${CARTESI_MACHINE_EMULATOR_VERSION}_${TARGETARCH}.deb \
-    -o /tmp/cartesi-machine.deb
-dpkg -i /tmp/cartesi-machine.deb
-rm /tmp/cartesi-machine.deb
-cartesi-machine --version-json
-EOF
-
-# Install linux kernel image
-RUN <<EOF
-curl -fsSL "https://github.com/cartesi/image-kernel/releases/download/v${CARTESI_IMAGE_KERNEL_VERSION}/linux-${LINUX_KERNEL_VERSION}.bin" \
-    -o /usr/share/cartesi-machine/images/linux.bin
-echo "e4663365ea565792110129a6b479eca896cb31c23f561cb42214609588689f9d3d173a82b4ea27ff74ae05334747cc76ed6bc4c200a7499ac5134abfd2b3045e /usr/share/cartesi-machine/images/linux.bin" \
-    | sha512sum -c
-EOF
-
-# Install linux headers
-RUN <<EOF
-curl -fsSL "https://github.com/cartesi/image-kernel/releases/download/v${CARTESI_IMAGE_KERNEL_VERSION}/linux-headers-${LINUX_KERNEL_VERSION}.tar.xz" \
-    -o "/tmp/linux-headers-$LINUX_KERNEL_VERSION.tar.xz"
-echo "2ecdb9c9f02a96faed2605ec811ef7188f963feb21b32d057b1ab3278f27ac42887f235a3f52eadd5f5caa56a61e141ad2bb666793d5bdd755c273adba167d45 /tmp/linux-headers-${LINUX_KERNEL_VERSION}.tar.xz" \
-    | sha512sum -c
-tar -xJf "/tmp/linux-headers-${LINUX_KERNEL_VERSION}.tar.xz" -C /
-rm "/tmp/linux-headers-${LINUX_KERNEL_VERSION}.tar.xz"
-EOF
-
-# Install cartesi-rollups-node
-RUN <<EOF
-curl -fsSL https://github.com/cartesi/rollups-node/releases/download/v${CARTESI_ROLLUPS_NODE_VERSION}/cartesi-rollups-node-v${CARTESI_ROLLUPS_NODE_VERSION%%-*}_${TARGETARCH}.deb \
-    -o /tmp/cartesi-rollups-node.deb
-dpkg -i /tmp/cartesi-rollups-node.deb
-rm /tmp/cartesi-rollups-node.deb
-mkdir -p /var/lib/cartesi-rollups-node/snapshots
-cartesi-rollups-node --version
-EOF
 
 WORKDIR /mnt
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
diff --git a/packages/sdk/docker-bake.hcl b/packages/sdk/docker-bake.hcl
@@ -5,21 +5,20 @@ target "default" {
   inherits = ["docker-metadata-action", "docker-platforms"]
   args = {
     ALTO_VERSION                      = "0.0.4"
-    BASE_IMAGE                        = "debian:bookworm-20250224"
+    CARTESI_BASE_IMAGE                = "docker.io/library/debian:bookworm-20250317-slim@sha256:1209d8fd77def86ceb6663deef7956481cc6c14a25e1e64daec12c0ceffcc19d"
+    CARTESI_DEVNET_VERSION            = "2.0.0-alpha.3"
     CARTESI_ESPRESSO_READER_VERSION   = "0.2.3-node-20250128"
     CARTESI_IMAGE_KERNEL_VERSION      = "0.20.0"
+    CARTESI_LINUX_KERNEL_VERSION      = "6.5.13-ctsi-1-v0.20.0"
     CARTESI_MACHINE_EMULATOR_VERSION  = "0.18.1"
+    CARTESI_PAYMASTER_VERSION         = "0.2.0"
     CARTESI_ROLLUPS_GRAPHQL_VERSION   = "2.3.8"
     CARTESI_ROLLUPS_NODE_VERSION      = "2.0.0-alpha.1"
     CRANE_VERSION                     = "0.19.1"
-    DEVNET_VERSION                    = "2.0.0-alpha.3"
-    ESPRESSO_DEV_NODE_TAG             = "20241120-patch6"
+    ESPRESSO_DEV_NODE_BASE_IMAGE      = "ghcr.io/espressosystems/espresso-sequencer/espresso-dev-node:20241120-patch6@sha256:453264eab19e3313c85a8720c784f16f15e36bacb28ae917034e24342cecf3c3"
     FOUNDRY_VERSION                   = "0.3.0"
     GO_MIGRATE_VERSION                = "4.18.2"
-    LINUX_KERNEL_VERSION              = "6.5.13-ctsi-1-v0.20.0"
-    NODEJS_VERSION                    = "18.19.0"
-    PAYMASTER_VERSION                 = "0.2.0"
-    POSTGRES_VERSION                  = "16"
+    POSTGRES_BASE_IMAGE               = "docker.io/library/postgres:16@sha256:e95b0cb95f719e0ce156c2bc5545c89fbd98a1a692845a5331ddc79ea61f1b1e"
     SU_EXEC_VERSION                   = "0.2"
     XGENEXT2_VERSION                  = "1.5.6"
   }

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@cartesi/sdk": patch
 +---
++
 +refactor Dockerfile for additional runtime and database targets