forked from cosmos/relayer
-
Notifications
You must be signed in to change notification settings - Fork 6
/
local.Dockerfile
54 lines (39 loc) · 1.71 KB
/
local.Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
FROM golang:1-alpine3.17 AS build-env
RUN apk add --update --no-cache curl make git libc-dev bash gcc linux-headers eudev-dev
ADD . .
RUN CGO_ENABLED=1 LDFLAGS='-linkmode external -extldflags "-static"' make install
# Use minimal busybox from infra-toolkit image for final scratch image
FROM ghcr.io/strangelove-ventures/infra-toolkit:v0.0.6 AS busybox-min
RUN addgroup --gid 1000 -S relayer && adduser --uid 100 -S relayer -G relayer
# Use ln and rm from full featured busybox for assembling final image
FROM busybox:1.34.1-musl AS busybox-full
# Build final image from scratch
FROM scratch
LABEL org.opencontainers.image.source="https://github.com/cosmos/relayer"
WORKDIR /bin
# Install ln (for making hard links) and rm (for cleanup) from full busybox image (will be deleted, only needed for image assembly)
COPY --from=busybox-full /bin/ln /bin/rm ./
# Install minimal busybox image as shell binary (will create hardlinks for the rest of the binaries to this data)
COPY --from=busybox-min /busybox/busybox /bin/sh
# Add hard links for read-only utils, then remove ln and rm
# Will then only have one copy of the busybox minimal binary file with all utils pointing to the same underlying inode
RUN ln sh pwd && \
ln sh ls && \
ln sh cat && \
ln sh less && \
ln sh grep && \
ln sh sleep && \
ln sh env && \
ln sh tar && \
ln sh tee && \
ln sh du && \
rm ln rm
# Install chain binaries
COPY --from=build-env /bin/rly /bin
# Install trusted CA certificates
COPY --from=busybox-min /etc/ssl/cert.pem /etc/ssl/cert.pem
# Install relayer user
COPY --from=busybox-min /etc/passwd /etc/passwd
COPY --from=busybox-min --chown=100:1000 /home/relayer /home/relayer
WORKDIR /home/relayer
USER relayer