Skip to content

WIP: add option to build Alpine Linux image for Substrate builder to generate 236MB image size #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ltfschoen wants to merge 1 commit into from
Closed

WIP: add option to build Alpine Linux image for Substrate builder to generate 236MB image size #2

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 19 additions & 7 deletions docker/substrate_builder.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,30 +6,42 @@ COPY . /substrate
RUN cargo build --locked --release

# This is the 2nd stage: a very small image where we copy the Substrate binary."
FROM docker.io/library/ubuntu:20.04
FROM docker.io/library/alpine:3.17
LABEL description="Multistage Docker image for Substrate: a platform for web3" \
io.parity.image.type="builder" \
io.parity.image.authors="[email protected], [email protected]" \
io.parity.image.vendor="Parity Technologies" \
io.parity.image.description="Substrate is a next-generation framework for blockchain innovation 🚀" \
io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/docker/substrate_builder.Dockerfile" \
io.parity.image.documentation="https://github.com/paritytech/polkadot/"
io.parity.image.source="https://github.com/paritytech/substrate/blob/${VCS_REF}/docker/substrate_builder.Dockerfile" \
io.parity.image.documentation="https://github.com/paritytech/substrate/blob/${VCS_REF}/docker/README.md"

COPY --from=builder /substrate/target/release/substrate /usr/local/bin
COPY --from=builder /substrate/target/release/subkey /usr/local/bin
COPY --from=builder /substrate/target/release/node-template /usr/local/bin
COPY --from=builder /substrate/target/release/chain-spec-builder /usr/local/bin

RUN useradd -m -u 1000 -U -s /bin/sh -d /substrate substrate && \
ENV GLIBC_REPO=https://github.com/sgerrand/alpine-pkg-glibc
ENV GLIBC_VERSION=2.34-r0

RUN apk update --no-cache && \
apk add --no-cache git curl binutils && \
curl -sL https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub && \
curl -sLO "${GLIBC_REPO}/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk" && \
curl -sLO "${GLIBC_REPO}/releases/download/${GLIBC_VERSION}/glibc-bin-${GLIBC_VERSION}.apk" && \
apk add --force-overwrite --no-cache glibc-${GLIBC_VERSION}.apk glibc-bin-${GLIBC_VERSION}.apk && \
addgroup --gid 1000 sgrp && \
adduser -D -u 1000 -G sgrp -s /bin/sh -h /substrate -g "" susr sgrp && \
mkdir -p /data /substrate/.local/share/substrate && \
chown -R substrate:substrate /data && \
chown -R susr:sgrp /data && \
ln -s /data /substrate/.local/share/substrate && \
# Sanity checks
ldd /usr/local/bin/substrate && \
#ldd /usr/local/bin/substrate && \
# unclutter and minimize the attack surface
rm -rf /usr/bin /usr/sbin && \
rm -rf /var/cache/apk/* && \
rm -rf /etc/apk/* && \
/usr/local/bin/substrate --version

USER substrate
USER susr
EXPOSE 30333 9933 9944 9615
VOLUME ["/data"]