Split the dockerfiles into separate builder / image definitions

Author: jclapis

.gitignore

@@ -2,6 +2,7 @@
 # will have compiled files and executables
 debug/
 target/
+build/
 
 # These are backup files generated by rustfmt
 **/*.rs.bk
@@ -14,4 +15,4 @@ cb.docker-compose.yml
 targets.json
 .idea/
 logs
-.vscode/
+.vscode/

build-linux.sh

@@ -0,0 +1,144 @@
+#!/bin/bash
+
+# This script will build the Commit-Boost applications and modules for local Linux development.
+
+# =================
+# === Functions ===
+# =================
+
+# Print a failure message to stderr and exit
+fail() {
+    MESSAGE=$1
+    RED='\033[0;31m'
+    RESET='\033[;0m'
+    >&2 echo -e "\n${RED}**ERROR**\n$MESSAGE${RESET}\n"
+    exit 1
+}
+
+
+# Builds the CLI binaries for Linux
+# NOTE: You must install qemu first; e.g. sudo apt-get install -y qemu qemu-user-static
+build_cli() {
+    echo "Building CLI binaries..."
+    docker buildx build --rm --platform=linux/amd64,linux/arm64 -f provisioning/build.Dockerfile --output build/$VERSION --target output --build-arg TARGET_CRATE=commit-boost-cli . || fail "Error building CLI."
+    echo "done!"
+
+    # Flatten the folder structure for easier referencing
+    mv build/$VERSION/linux_amd64/commit-boost-cli build/$VERSION/commit-boost-cli-linux-amd64
+    mv build/$VERSION/linux_arm64/commit-boost-cli build/$VERSION/commit-boost-cli-linux-arm64
+
+    # Clean up the empty directories
+    rmdir build/$VERSION/linux_amd64 build/$VERSION/linux_arm64
+    echo "done!"
+}
+
+
+# Builds the PBS module binaries for Linux and the Docker image(s)
+# NOTE: You must install qemu first; e.g. sudo apt-get install -y qemu qemu-user-static
+build_pbs() {
+    echo "Building PBS binaries..."
+    docker buildx build --rm --platform=linux/amd64,linux/arm64 -f provisioning/build.Dockerfile --output build/$VERSION --target output --build-arg TARGET_CRATE=commit-boost-pbs . || fail "Error building PBS binaries."
+    echo "done!"
+
+    # Flatten the folder structure for easier referencing
+    mv build/$VERSION/linux_amd64/commit-boost-pbs build/$VERSION/commit-boost-pbs-linux-amd64
+    mv build/$VERSION/linux_arm64/commit-boost-pbs build/$VERSION/commit-boost-pbs-linux-arm64
+
+    # Clean up the empty directories
+    rmdir build/$VERSION/linux_amd64 build/$VERSION/linux_arm64
+    
+    echo "Building PBS Docker image..."
+    # If uploading, make and push a manifest
+    if [ "$LOCAL_UPLOAD" = true ]; then
+        if [ -z "$LOCAL_DOCKER_REGISTRY" ]; then
+            fail "LOCAL_DOCKER_REGISTRY must be set to upload to a local registry."
+        fi
+        docker buildx build --rm --platform=linux/amd64,linux/arm64 --build-arg BINARIES_PATH=build/$VERSION -t $LOCAL_DOCKER_REGISTRY/commit-boost/pbs:$VERSION -f provisioning/pbs.Dockerfile --push . || fail "Error building PBS image."
+    else
+        docker buildx build --rm --load --build-arg BINARIES_PATH=build/$VERSION -t commit-boost/pbs:$VERSION -f provisioning/pbs.Dockerfile . || fail "Error building PBS image."
+    fi
+    echo "done!"
+}
+
+
+# Builds the Signer module binaries for Linux and the Docker image(s)
+# NOTE: You must install qemu first; e.g. sudo apt-get install -y qemu qemu-user-static
+build_signer() {
+    echo "Building Signer binaries..."
+    docker buildx build --rm --platform=linux/amd64,linux/arm64 -f provisioning/build.Dockerfile --output build/$VERSION --target output --build-arg TARGET_CRATE=commit-boost-signer . || fail "Error building Signer binaries."
+    echo "done!"
+
+    # Flatten the folder structure for easier referencing
+    mv build/$VERSION/linux_amd64/commit-boost-signer build/$VERSION/commit-boost-signer-linux-amd64
+    mv build/$VERSION/linux_arm64/commit-boost-signer build/$VERSION/commit-boost-signer-linux-arm64
+
+    # Clean up the empty directories
+    rmdir build/$VERSION/linux_amd64 build/$VERSION/linux_arm64
+    
+    echo "Building Signer Docker image..."
+    # If uploading, make and push a manifest
+    if [ "$LOCAL_UPLOAD" = true ]; then
+        if [ -z "$LOCAL_DOCKER_REGISTRY" ]; then
+            fail "LOCAL_DOCKER_REGISTRY must be set to upload to a local registry."
+        fi
+        docker buildx build --rm --platform=linux/amd64,linux/arm64 --build-arg BINARIES_PATH=build/$VERSION -t $LOCAL_DOCKER_REGISTRY/commit-boost/signer:$VERSION -f provisioning/signer.Dockerfile --push . || fail "Error building Signer image."
+    else
+        docker buildx build --rm --load --build-arg BINARIES_PATH=build/$VERSION -t commit-boost/signer:$VERSION -f provisioning/signer.Dockerfile . || fail "Error building Signer image."
+    fi
+    echo "done!"
+}
+
+
+# Print usage
+usage() {
+    echo "Usage: build.sh [options] -v <version number>"
+    echo "This script assumes it is in the commit-boost-client repository directory."
+    echo "Options:"
+    echo $'\t-a\tBuild all of the artifacts (CLI, PBS, and Signer, along with Docker images)'
+    echo $'\t-c\tBuild the Commit-Boost CLI binaries'
+    echo $'\t-p\tBuild the PBS module binary and its Docker container'
+    echo $'\t-s\tBuild the Signer module binary and its Docker container'
+    echo $'\t-o\tWhen passed with a build, upload the resulting image tags to a local Docker registry specified in $LOCAL_DOCKER_REGISTRY'
+    exit 0
+}
+
+
+# =================
+# === Main Body ===
+# =================
+
+# Parse arguments
+while getopts "acpsov:" FLAG; do
+    case "$FLAG" in
+        a) CLI=true PBS=true SIGNER=true ;;
+        c) CLI=true ;;
+        p) PBS=true ;;
+        s) SIGNER=true ;;
+        o) LOCAL_UPLOAD=true ;;
+        v) VERSION="$OPTARG" ;;
+        *) usage ;;
+    esac
+done
+if [ -z "$VERSION" ]; then
+    usage
+fi
+
+# Cleanup old artifacts
+rm -rf build/$VERSION/*
+mkdir -p build/$VERSION
+
+# Make a multiarch builder, ignore if it's already there
+docker buildx create --name multiarch-builder --driver docker-container --use > /dev/null 2>&1
+# NOTE: if using a local repo with a private CA, you will have to follow these steps to add the CA to the builder:
+# https://stackoverflow.com/a/73585243
+
+# Build the artifacts
+if [ "$CLI" = true ]; then
+    build_cli
+fi
+if [ "$PBS" = true ]; then
+    build_pbs
+fi
+if [ "$SIGNER" = true ]; then
+    build_signer
+fi

provisioning/build.Dockerfile

@@ -0,0 +1,120 @@
+# This will be the main build image
+FROM --platform=${BUILDPLATFORM} lukemathwalker/cargo-chef:latest-rust-1.83 AS chef
+ARG TARGETOS TARGETARCH BUILDPLATFORM OPENSSL_VENDORED TARGET_CRATE
+WORKDIR /app
+
+FROM --platform=${BUILDPLATFORM} chef AS planner
+ARG TARGETOS TARGETARCH BUILDPLATFORM OPENSSL_VENDORED TARGET_CRATE
+COPY . .
+RUN cargo chef prepare --recipe-path recipe.json
+
+FROM --platform=${BUILDPLATFORM} chef AS builder
+ARG TARGETOS TARGETARCH BUILDPLATFORM OPENSSL_VENDORED TARGET_CRATE
+RUN test -n "$TARGET_CRATE" || (echo "TARGET_CRATE must be set to the service / binary you want to build" && false)
+ENV BUILD_VAR_SCRIPT=/tmp/env.sh
+COPY --from=planner /app/recipe.json recipe.json
+
+# Get the latest Protoc since the one in the Debian repo is incredibly old
+RUN apt update && apt install -y unzip curl ca-certificates && \
+  PROTOC_VERSION=$(curl -s "https://api.github.com/repos/protocolbuffers/protobuf/releases/latest" | grep -Po '"tag_name": "v\K[0-9.]+') && \
+  if [ "$BUILDPLATFORM" = "linux/amd64" ]; then \
+    PROTOC_ARCH=x86_64; \
+  elif [ "$BUILDPLATFORM" = "linux/arm64" ]; then \
+    PROTOC_ARCH=aarch_64; \
+  else \
+    echo "${BUILDPLATFORM} is not supported."; \
+    exit 1; \
+  fi && \
+  curl -Lo protoc.zip https://github.com/protocolbuffers/protobuf/releases/latest/download/protoc-$PROTOC_VERSION-linux-$PROTOC_ARCH.zip && \
+  unzip -q protoc.zip bin/protoc -d /usr && \
+  unzip -q protoc.zip "include/google/*" -d /usr && \
+  chmod a+x /usr/bin/protoc && \
+  rm -rf protoc.zip
+
+# Set up the build environment for cross-compilation if needed
+RUN if [ "$BUILDPLATFORM" = "linux/amd64" -a "$TARGETARCH" = "arm64" ]; then \
+      # We're on x64, cross-compiling for arm64
+      rustup target add aarch64-unknown-linux-gnu && \
+      apt update && \
+      apt install -y gcc-aarch64-linux-gnu && \
+      echo "#!/bin/sh" > ${BUILD_VAR_SCRIPT} && \
+      echo "export TARGET=aarch64-unknown-linux-gnu" >> ${BUILD_VAR_SCRIPT} && \
+      echo "export TARGET_FLAG=--target=aarch64-unknown-linux-gnu" >> ${BUILD_VAR_SCRIPT} && \
+      echo "export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=/usr/bin/aarch64-linux-gnu-gcc" >> ${BUILD_VAR_SCRIPT} && \
+      echo "export RUSTFLAGS=\"-L /usr/aarch64-linux-gnu/lib -L $(dirname $(aarch64-linux-gnu-gcc -print-libgcc-file-name))\"" >> ${BUILD_VAR_SCRIPT} && \
+      if [ "$OPENSSL_VENDORED" != "true" ]; then \
+        # If we're linking to OpenSSL dynamically, we have to set it up for cross-compilation
+        dpkg --add-architecture arm64 && \
+        apt update && \
+        apt install -y libssl-dev:arm64 zlib1g-dev:arm64 && \
+        echo "export PKG_CONFIG_ALLOW_CROSS=true" >> ${BUILD_VAR_SCRIPT} && \
+        echo "export PKG_CONFIG_LIBDIR=/usr/lib/aarch64-linux-gnu/pkgconfig" >> ${BUILD_VAR_SCRIPT} && \
+        echo "export OPENSSL_INCLUDE_DIR=/usr/include/aarch64-linux-gnu" >> ${BUILD_VAR_SCRIPT} && \
+        echo "export OPENSSL_LIB_DIR=/usr/lib/aarch64-linux-gnu" >> ${BUILD_VAR_SCRIPT}; \
+      fi; \
+    elif [ "$BUILDPLATFORM" = "linux/arm64" -a "$TARGETARCH" = "amd64" ]; then \
+      # We're on arm64, cross-compiling for x64
+      rustup target add x86_64-unknown-linux-gnu && \
+      apt update && \
+      apt install -y gcc-x86-64-linux-gnu && \
+      echo "#!/bin/sh" > ${BUILD_VAR_SCRIPT} && \
+      echo "export TARGET=x86_64-unknown-linux-gnu" >> ${BUILD_VAR_SCRIPT} && \
+      echo "export TARGET_FLAG=--target=x86_64-unknown-linux-gnu" >> ${BUILD_VAR_SCRIPT} && \
+      echo "export CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER=/usr/bin/x86_64-linux-gnu-gcc" >> ${BUILD_VAR_SCRIPT} && \
+      echo "export RUSTFLAGS=\"-L /usr/x86_64-linux-gnu/lib -L $(dirname $(x86_64-linux-gnu-gcc -print-libgcc-file-name))\"" >> ${BUILD_VAR_SCRIPT} && \
+      if [ "$OPENSSL_VENDORED" != "true" ]; then \
+        # If we're linking to OpenSSL dynamically, we have to set it up for cross-compilation
+        dpkg --add-architecture amd64 && \
+        apt update && \
+        apt install -y libssl-dev:amd64 zlib1g-dev:amd64 && \
+        echo "export PKG_CONFIG_ALLOW_CROSS=true" >> ${BUILD_VAR_SCRIPT} && \
+        echo "export PKG_CONFIG_LIBDIR=/usr/lib/x86_64-linux-gnu/pkgconfig" >> ${BUILD_VAR_SCRIPT} && \
+        echo "export OPENSSL_INCLUDE_DIR=/usr/include/x86_64-linux-gnu" >> ${BUILD_VAR_SCRIPT} && \
+        echo "export OPENSSL_LIB_DIR=/usr/lib/x86_64-linux-gnu" >> ${BUILD_VAR_SCRIPT}; \
+      fi; \
+    fi
+
+# Run cook to prep the build 
+RUN if [ -f ${BUILD_VAR_SCRIPT} ]; then \
+      . ${BUILD_VAR_SCRIPT} && \
+      echo "Cross-compilation environment set up for ${TARGET}"; \
+    else \
+      echo "No cross-compilation needed"; \
+    fi && \
+    if [ "$OPENSSL_VENDORED" = "true" ]; then \
+      echo "Using vendored OpenSSL" && \
+      FEATURE_OPENSSL_VENDORED='--features openssl-vendored'; \
+    else \
+      echo "Using system OpenSSL"; \
+    fi && \
+    export GIT_HASH=$(git rev-parse HEAD) && \
+    cargo chef cook ${TARGET_FLAG} --release --recipe-path recipe.json ${FEATURE_OPENSSL_VENDORED}
+
+# Now we can copy the source files - chef cook wants to run before this step
+COPY . .
+
+# Build the application
+RUN if [ -f ${BUILD_VAR_SCRIPT} ]; then \
+      chmod +x ${BUILD_VAR_SCRIPT} && \
+      . ${BUILD_VAR_SCRIPT} && \
+      echo "Cross-compilation environment set up for ${TARGET}"; \
+    else \
+      echo "No cross-compilation needed"; \
+    fi && \
+    if [ "$OPENSSL_VENDORED" = "true" ]; then \
+      echo "Using vendored OpenSSL" && \
+      FEATURE_OPENSSL_VENDORED='--features openssl-vendored'; \
+    else \
+      echo "Using system OpenSSL"; \
+    fi && \
+    export GIT_HASH=$(git rev-parse HEAD) && \
+    cargo build ${TARGET_FLAG} --release --bin ${TARGET_CRATE} ${FEATURE_OPENSSL_VENDORED} && \
+    if [ ! -z "$TARGET" ]; then \
+      # If we're cross-compiling, we need to move the binary out of the target dir
+      mv target/${TARGET}/release/${TARGET_CRATE} target/release/${TARGET_CRATE}; \
+    fi
+
+# Copy the output
+FROM scratch AS output
+ARG TARGET_CRATE
+COPY --from=builder /app/target/release/${TARGET_CRATE} /${TARGET_CRATE}