Revamp dockerfiles to use an entrypoint script to both run apps as a non-root user and chown the mounted host dir.

Reduce code duplication in dockerfiles.
Minor improvements.

Author: ImplOfAnImpl

.dockerignore

@@ -1,2 +1,53 @@
-target
-.git
+# Ignore some files that are not needed inside docker images, so that editing them doesn't cause
+# docker to rebuild everything.
+.dockerignore
+.gitignore
+
+######################################
+# Below goes the contents of gitignore
+
+# Generated by Cargo
+# will have compiled files and executables
+**/target/
+# These are backup files generated by rustfmt
+**/*.rs.bk
+
+.DS_Store
+
+# Intellij IDEA
+.idea/
+*.iml
+/customSpec.json
+
+# VSCode
+.vscode/
+
+#exclude python env
+env/
+
+# Test Python cache
+test/**/__pycache__
+
+# Files generated for the testing system
+test/config.ini
+
+# The cache for docker container dependency
+.cargo
+
+# The cache for chain data in container
+.local
+
+# direnv cache
+.direnv
+
+# Python compiled files
+*.pyc
+
+# wasm
+wasm-wrappers/pkg/
+
+# 'mintlayer-data' will be mapped to home directories of docker containers, so everything
+# inside it will be generated by the containers.
+build-tools/docker/example-mainnet/mintlayer-data/*
+# Same for example-mainnet-dns-server.
+build-tools/docker/example-mainnet-dns-server/mintlayer-data/*

.gitignore

@@ -38,11 +38,8 @@ test/config.ini
 # wasm
 wasm-wrappers/pkg/
 
-# 'container_home' will be mapped to a home directory of a docker container, so everything
-# except for README.md will be generated by the container.
-build-tools/docker/example-mainnet/container_home/*
-!build-tools/docker/example-mainnet/container_home/README.md
-
+# 'mintlayer-data' will be mapped to home directories of docker containers, so everything
+# inside it will be generated by the containers.
+build-tools/docker/example-mainnet/mintlayer-data/*
 # Same for example-mainnet-dns-server.
-build-tools/docker/example-mainnet-dns-server/container_home/*
-!build-tools/docker/example-mainnet-dns-server/container_home/README.md
+build-tools/docker/example-mainnet-dns-server/mintlayer-data/*

api-server/scanner-daemon/src/config.rs

@@ -28,19 +28,19 @@ pub struct ApiServerScannerArgs {
 
     /// Optional RPC address
     #[clap(long)]
-    pub rpc_address: Option<NetworkAddressWithPort>,
+    pub node_rpc_address: Option<NetworkAddressWithPort>,
 
     /// Path to the RPC cookie file. If not set, the value is read from the default cookie file location.
     #[clap(long)]
-    pub rpc_cookie_file: Option<String>,
+    pub node_rpc_cookie_file: Option<String>,
 
     /// RPC username (either provide a username and password, or use a cookie file. You cannot use both)
     #[clap(long)]
-    pub rpc_username: Option<String>,
+    pub node_rpc_username: Option<String>,
 
     /// RPC password (either provide a username and password, or use a cookie file. You cannot use both)
     #[clap(long)]
-    pub rpc_password: Option<String>,
+    pub node_rpc_password: Option<String>,
 
     /// Postgres config values
     #[clap(flatten)]

api-server/scanner-daemon/src/main.rs

@@ -27,7 +27,6 @@ use clap::Parser;
 use common::chain::{config::ChainType, ChainConfig};
 use config::ApiServerScannerArgs;
 use node_comm::{make_rpc_client, rpc_client::NodeRpcClient};
-use node_lib::default_rpc_config;
 use rpc::RpcAuthData;
 use utils::{cookie::COOKIE_FILENAME, default_data_dir::default_data_dir_for_chain};
 mod config;
@@ -146,17 +145,17 @@ async fn main() -> Result<(), ApiServerScannerError> {
 
     let ApiServerScannerArgs {
         network,
-        rpc_address,
-        rpc_cookie_file,
-        rpc_username,
-        rpc_password,
+        node_rpc_address,
+        node_rpc_cookie_file,
+        node_rpc_username,
+        node_rpc_password,
         postgres_config,
     } = args;
 
     let chain_type: ChainType = network.into();
     let chain_config = Arc::new(common::chain::config::Builder::new(chain_type).build());
 
-    let rpc_auth = match (rpc_cookie_file, rpc_username, rpc_password) {
+    let node_rpc_auth = match (node_rpc_cookie_file, node_rpc_username, node_rpc_password) {
         (None, None, None) => {
             let cookie_file_path =
                 default_data_dir_for_chain(chain_type.name()).join(COOKIE_FILENAME);
@@ -173,14 +172,22 @@ async fn main() -> Result<(), ApiServerScannerError> {
         }
     };
 
-    let default_rpc_bind_address =
-        || default_rpc_config(&chain_config).bind_address.expect("Can't fail").into();
+    let default_node_rpc_bind_address = || {
+        node_lib::default_rpc_config(&chain_config)
+            .bind_address
+            .expect("Can't fail")
+            .into()
+    };
 
-    let rpc_address = rpc_address.unwrap_or_else(default_rpc_bind_address);
+    let node_rpc_address = node_rpc_address.unwrap_or_else(default_node_rpc_bind_address);
 
-    let rpc_client = make_rpc_client(chain_config.clone(), rpc_address.to_string(), rpc_auth)
-        .await
-        .map_err(ApiServerScannerError::RpcError)?;
+    let rpc_client = make_rpc_client(
+        chain_config.clone(),
+        node_rpc_address.to_string(),
+        node_rpc_auth,
+    )
+    .await
+    .map_err(ApiServerScannerError::RpcError)?;
 
     let storage = make_postgres_storage(
         postgres_config.postgres_host,

build-tools/codecheck/codecheck.py

@@ -29,6 +29,13 @@
     r'|//'
 ]
 
+COMMON_EXCLUDE_DIRS = [
+    'target',
+    '.git',
+    'build-tools/docker/example-mainnet/mintlayer-data',
+    'build-tools/docker/example-mainnet-dns-server/mintlayer-data'
+]
+
 
 # List Rust source files
 def rs_sources(exclude = []):
@@ -47,7 +54,7 @@ def py_sources(exclude = []):
 
 # Cargo.toml files
 def cargo_toml_files(exclude = []):
-    exclude = [ os.path.normpath(dir) for dir in ['target', '.git', '.github'] + exclude ]
+    exclude = [ os.path.normpath(dir) for dir in COMMON_EXCLUDE_DIRS + ['.github'] + exclude ]
     is_excluded = lambda top, d: os.path.normpath(os.path.join(top, d).lower()) in exclude
 
     for top, dirs, files in os.walk('.', topdown=True):
@@ -57,7 +64,7 @@ def cargo_toml_files(exclude = []):
                 yield os.path.join(top, file)
 
 def _sources_with_extension(ext: str, exclude = []):
-    exclude = [ os.path.normpath(dir) for dir in ['target', '.git', '.github'] + exclude ]
+    exclude = [ os.path.normpath(dir) for dir in COMMON_EXCLUDE_DIRS + ['.github'] + exclude ]
     is_excluded = lambda top, d: os.path.normpath(os.path.join(top, d).lower()) in exclude
 
     for top, dirs, files in os.walk('.', topdown=True):
@@ -73,7 +80,7 @@ def sources_with_extensions(exts: list[str], exclude = []):
 
 # All files
 def all_files(exclude = []):
-    exclude_full_paths = [ os.path.normpath(dir) for dir in ['target', '.git'] + exclude ]
+    exclude_full_paths = [ os.path.normpath(dir) for dir in COMMON_EXCLUDE_DIRS + exclude ]
     exclude_dir_names = ['__pycache__']
 
     def is_excluded(top, d):

build-tools/docker/Dockerfile.api-blockchain-scanner-daemon

@@ -2,25 +2,8 @@
 FROM mintlayer-builder:latest AS builder
 
 # Runtime Stage
-FROM debian:bookworm-slim
-
-# Create a new user and group
-RUN groupadd -g 1000 mintlayer && \
-    useradd -u 1000 -g mintlayer -d /home/mintlayer -s /bin/bash -c "Mintlayer User" mintlayer
-
-# Create and set the home directory for the new user
-RUN mkdir /home/mintlayer && \
-    chown mintlayer:mintlayer /home/mintlayer
+FROM mintlayer-runner-base
 
 COPY --from=builder /usr/src/target/release/api-blockchain-scanner-daemon /usr/bin
 
-# Define mintlayer directory as a volume
-VOLUME ["/home/mintlayer"]
-
-# Switch to the non-root user
-USER mintlayer
-
-# Set the working directory
-WORKDIR /home/mintlayer
-
 CMD ["api-blockchain-scanner-daemon"]

build-tools/docker/Dockerfile.api-web-server

@@ -2,25 +2,8 @@
 FROM mintlayer-builder:latest AS builder
 
 # Runtime Stage
-FROM debian:bookworm-slim
-
-# Create a new user and group
-RUN groupadd -g 1000 mintlayer && \
-    useradd -u 1000 -g mintlayer -d /home/mintlayer -s /bin/bash -c "Mintlayer User" mintlayer
-
-# Create and set the home directory for the new user
-RUN mkdir /home/mintlayer && \
-    chown mintlayer:mintlayer /home/mintlayer
+FROM mintlayer-runner-base
 
 COPY --from=builder /usr/src/target/release/api-web-server /usr/bin
 
-# Define mintlayer directory as a volume
-VOLUME ["/home/mintlayer"]
-
-# Switch to the non-root user
-USER mintlayer
-
-# Set the working directory
-WORKDIR /home/mintlayer
-
 CMD ["api-web-server"]

build-tools/docker/Dockerfile.builder

@@ -1,11 +1,25 @@
+# Note: this "source" stage only exists so that we could copy the source tree into
+# the "builder" stage excluding the "build-tools" directory. This is to avoid rebuilding
+# all the images every time when a file in "build-tools" is modified. Note that for most
+# of the contents of "build-tools" this could be solved by adding them to .dockerignore,
+# but there are files (e.g. entrypoint.sh) that are needed inside images, so they can't
+# be ignored.
+#
+# TODO: dockerfile 1.7 syntax allows specifying --exclude for COPY, so the same can be done
+# without an additional stage. But at the moment of writing this it's still experimental.
+# Switch to using it when it becomes stable.
+FROM rust as source
+COPY . /src
+RUN rm -r /src/build-tools
+
 FROM rust AS builder
 
 WORKDIR /usr/src/
 
 # Install necessary build dependencies for the GUI (such as X11, etc.)
-RUN apt-get update && apt-get install -y ca-certificate && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
 
-COPY . .
+COPY --from=source /src/ /usr/src/
 
 ARG NUM_JOBS=1
 RUN cargo build --release -j${NUM_JOBS}

build-tools/docker/Dockerfile.dns-server

@@ -2,25 +2,8 @@
 FROM mintlayer-builder:latest AS builder
 
 # Runtime Stage
-FROM debian:bookworm-slim
-
-# Create a new user and group
-RUN groupadd -g 1000 mintlayer && \
-    useradd -u 1000 -g mintlayer -d /home/mintlayer -s /bin/bash -c "Mintlayer User" mintlayer
-
-# Create and set the home directory for the new user
-RUN mkdir /home/mintlayer && \
-    chown mintlayer:mintlayer /home/mintlayer
+FROM mintlayer-runner-base
 
 COPY --from=builder /usr/src/target/release/dns-server /usr/bin
 
-# Define mintlayer directory as a volume
-VOLUME ["/home/mintlayer"]
-
-# Switch to the non-root user
-USER mintlayer
-
-# Set the working directory
-WORKDIR /home/mintlayer
-
 CMD ["dns-server"]

build-tools/docker/Dockerfile.node-daemon

@@ -2,25 +2,8 @@
 FROM mintlayer-builder:latest AS builder
 
 # Runtime Stage
-FROM debian:bookworm-slim
+FROM mintlayer-runner-base
 
-# Create a new user and group
-RUN groupadd -g 1000 mintlayer && \
-    useradd -u 1000 -g mintlayer -d /home/mintlayer -s /bin/bash -c "Mintlayer User" mintlayer
-
-# Create and set the home directory for the new user
-RUN mkdir /home/mintlayer && \
-    chown mintlayer:mintlayer /home/mintlayer
-
-COPY --from=builder /usr/src/target/release/node-daemon /usr/src/target/release/wallet-cli /usr/bin/
-
-# Define mintlayer directory as a volume
-VOLUME ["/home/mintlayer"]
-
-# Switch to the non-root user
-USER mintlayer
-
-# Set the working directory
-WORKDIR /home/mintlayer
+COPY --from=builder /usr/src/target/release/node-daemon /usr/bin/
 
 CMD ["node-daemon"]