-
Notifications
You must be signed in to change notification settings - Fork 90
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* locked down dockerfiles * begin migration to interchaintest * upgrade to horcrux test * run e2e tests in matrix * TestDownedSigners and TestLeaderElection * TestChainPureHorcrux * TestMultipleChainHorcrux, remove rest of old framework * tidy * handle feedback * fix nil pre-genesis * fix cosigner start vs chain start race * fix no chains in WaitForBlocks * remove sleep in remote signer
- Loading branch information
Showing
20 changed files
with
4,525 additions
and
2,599 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -3,4 +3,7 @@ test/ | |
| scripts/ | ||
| docs/ | ||
| data/ | ||
| build/ | ||
| build/ | ||
| docker/ | ||
| go.work | ||
| go.work.sum | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,24 +1,72 @@ | ||
| FROM --platform=$BUILDPLATFORM golang:1.20-alpine AS build-env | ||
| FROM --platform=$BUILDPLATFORM golang:1.20-alpine3.16 AS build-env | ||
|
|
||
| ENV PACKAGES make git | ||
| RUN apk add --update --no-cache curl make git libc-dev bash gcc linux-headers eudev-dev | ||
|
|
||
| RUN apk add --no-cache $PACKAGES | ||
| ARG TARGETARCH | ||
| ARG BUILDARCH | ||
|
|
||
| RUN if [ "${TARGETARCH}" = "arm64" ] && [ "${BUILDARCH}" != "arm64" ]; then \ | ||
| wget -c https://musl.cc/aarch64-linux-musl-cross.tgz -O - | tar -xzvv --strip-components 1 -C /usr; \ | ||
| elif [ "${TARGETARCH}" = "amd64" ] && [ "${BUILDARCH}" != "amd64" ]; then \ | ||
| wget -c https://musl.cc/x86_64-linux-musl-cross.tgz -O - | tar -xzvv --strip-components 1 -C /usr; \ | ||
| fi | ||
|
|
||
| WORKDIR /go/src/github.com/strangelove-ventures/horcrux | ||
| WORKDIR /horcrux | ||
|
|
||
| ADD . . | ||
|
|
||
| ARG TARGETARCH | ||
| ARG TARGETOS | ||
| RUN if [ "${TARGETARCH}" = "arm64" ] && [ "${BUILDARCH}" != "arm64" ]; then \ | ||
| export CC=aarch64-linux-musl-gcc CXX=aarch64-linux-musl-g++;\ | ||
| elif [ "${TARGETARCH}" = "amd64" ] && [ "${BUILDARCH}" != "amd64" ]; then \ | ||
| export CC=x86_64-linux-musl-gcc CXX=x86_64-linux-musl-g++; \ | ||
| fi; \ | ||
| GOOS=linux GOARCH=$TARGETARCH CGO_ENABLED=1 LDFLAGS='-linkmode external -extldflags "-static"' make install | ||
|
|
||
| RUN if [ -d "/go/bin/linux_${TARGETARCH}" ]; then mv /go/bin/linux_${TARGETARCH}/* /go/bin/; fi | ||
|
|
||
| # Use minimal busybox from infra-toolkit image for final scratch image | ||
| FROM ghcr.io/strangelove-ventures/infra-toolkit:v0.0.6 AS busybox-min | ||
| RUN addgroup --gid 2345 -S horcrux && adduser --uid 2345 -S horcrux -G horcrux | ||
|
|
||
| # Use ln and rm from full featured busybox for assembling final image | ||
| FROM busybox:1.34.1-musl AS busybox-full | ||
|
|
||
| # Build final image from scratch | ||
| FROM scratch | ||
|
|
||
| LABEL org.opencontainers.image.source="https://github.com/cosmos/horcrux" | ||
|
|
||
| WORKDIR /bin | ||
|
|
||
| # Install ln (for making hard links) and rm (for cleanup) from full busybox image (will be deleted, only needed for image assembly) | ||
| COPY --from=busybox-full /bin/ln /bin/rm ./ | ||
|
|
||
| RUN export GOOS=${TARGETOS} GOARCH=${TARGETARCH} && make build | ||
| # Install minimal busybox image as shell binary (will create hardlinks for the rest of the binaries to this data) | ||
| COPY --from=busybox-min /busybox/busybox /bin/sh | ||
|
|
||
| FROM alpine:edge | ||
| # Add hard links for read-only utils, then remove ln and rm | ||
| # Will then only have one copy of the busybox minimal binary file with all utils pointing to the same underlying inode | ||
| RUN ln sh pwd && \ | ||
| ln sh ls && \ | ||
| ln sh cat && \ | ||
| ln sh less && \ | ||
| ln sh grep && \ | ||
| ln sh sleep && \ | ||
| ln sh env && \ | ||
| ln sh tar && \ | ||
| ln sh tee && \ | ||
| ln sh du && \ | ||
| rm ln rm | ||
|
|
||
| RUN apk add --no-cache ca-certificates | ||
| # Install chain binaries | ||
| COPY --from=build-env /go/bin/horcrux /bin | ||
|
|
||
| WORKDIR /root | ||
| # Install trusted CA certificates | ||
| COPY --from=busybox-min /etc/ssl/cert.pem /etc/ssl/cert.pem | ||
|
|
||
| COPY --from=build-env /go/src/github.com/strangelove-ventures/horcrux/build/horcrux /usr/bin/horcrux | ||
| # Install horcrux user | ||
| COPY --from=busybox-min /etc/passwd /etc/passwd | ||
| COPY --from=busybox-min --chown=2345:2345 /home/horcrux /home/horcrux | ||
|
|
||
| CMD ["horcrux"] | ||
| WORKDIR /home/horcrux | ||
| USER horcrux |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,21 +1,60 @@ | ||
| FROM golang:1.20-alpine AS build-env | ||
| FROM golang:1.20-alpine3.16 AS build-env | ||
|
|
||
| ENV PACKAGES make git | ||
| RUN apk add --update --no-cache curl make git libc-dev bash gcc linux-headers eudev-dev | ||
|
|
||
| RUN apk add --no-cache $PACKAGES | ||
| WORKDIR /horcrux | ||
|
|
||
| WORKDIR /go/src/github.com/strangelove-ventures/horcrux | ||
| ADD go.mod go.sum ./ | ||
|
|
||
| RUN go mod download | ||
|
|
||
| ADD . . | ||
|
|
||
| RUN make build | ||
| RUN CGO_ENABLED=1 LDFLAGS='-linkmode external -extldflags "-static"' make install | ||
|
|
||
| # Use minimal busybox from infra-toolkit image for final scratch image | ||
| FROM ghcr.io/strangelove-ventures/infra-toolkit:v0.0.6 AS busybox-min | ||
| RUN addgroup --gid 2345 -S horcrux && adduser --uid 2345 -S horcrux -G horcrux | ||
|
|
||
| # Use ln and rm from full featured busybox for assembling final image | ||
| FROM busybox:1.34.1-musl AS busybox-full | ||
|
|
||
| # Build final image from scratch | ||
| FROM scratch | ||
|
|
||
| LABEL org.opencontainers.image.source="https://github.com/strangelove-ventures/horcrux" | ||
|
|
||
| WORKDIR /bin | ||
|
|
||
| # Install ln (for making hard links) and rm (for cleanup) from full busybox image (will be deleted, only needed for image assembly) | ||
| COPY --from=busybox-full /bin/ln /bin/rm ./ | ||
|
|
||
| # Install minimal busybox image as shell binary (will create hardlinks for the rest of the binaries to this data) | ||
| COPY --from=busybox-min /busybox/busybox /bin/sh | ||
|
|
||
| FROM alpine:edge | ||
| # Add hard links for read-only utils, then remove ln and rm | ||
| # Will then only have one copy of the busybox minimal binary file with all utils pointing to the same underlying inode | ||
| RUN ln sh pwd && \ | ||
| ln sh ls && \ | ||
| ln sh cat && \ | ||
| ln sh less && \ | ||
| ln sh grep && \ | ||
| ln sh sleep && \ | ||
| ln sh env && \ | ||
| ln sh tar && \ | ||
| ln sh tee && \ | ||
| ln sh du && \ | ||
| rm ln rm | ||
|
|
||
| RUN apk add --no-cache ca-certificates | ||
| # Install chain binaries | ||
| COPY --from=build-env /go/bin/horcrux /bin | ||
|
|
||
| WORKDIR /root | ||
| # Install trusted CA certificates | ||
| COPY --from=busybox-min /etc/ssl/cert.pem /etc/ssl/cert.pem | ||
|
|
||
| COPY --from=build-env /go/src/github.com/strangelove-ventures/horcrux/build/horcrux /usr/bin/horcrux | ||
| # Install horcrux user | ||
| COPY --from=busybox-min /etc/passwd /etc/passwd | ||
| COPY --from=busybox-min --chown=2345:2345 /home/horcrux /home/horcrux | ||
|
|
||
| CMD ["horcrux"] | ||
| WORKDIR /home/horcrux | ||
| USER horcrux |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.