docker distroless

.github/workflows/docker-release.yml

@@ -25,15 +25,13 @@ jobs:
           --label "org.opencontainers.image.source=${IMAGE_SOURCE}" \
           --label "org.opencontainers.image.revision=$(git rev-parse HEAD)" \
           --label "org.opencontainers.image.version=$(git describe --tags --abbrev=0)" \
-          --label "org.opencontainers.image.licenses=AGPL-3.0" \
-          -f ./Dockerfile -t "${IMAGE_NAME}"
+          -f ./server-distroless.dockerfile -t "${IMAGE_NAME}:server-distroless"
 
           docker build . \
           --label "org.opencontainers.image.source=${IMAGE_SOURCE}" \
           --label "org.opencontainers.image.revision=$(git rev-parse HEAD)" \
           --label "org.opencontainers.image.version=$(git describe --tags --abbrev=0)" \
-          --label "org.opencontainers.image.licenses=AGPL-3.0" \
-          -f ./Dockerfile.distroless -t "${IMAGE_NAME}:distroless"
+          -f ./syncer-distroless.dockerfile -t "${IMAGE_NAME}:syncer-distroless"
 
       - name: Login to GHCR
         uses: docker/login-action@v2
@@ -52,10 +50,7 @@ jobs:
           [ "$VERSION" == "master" ] && VERSION=latest
           echo IMAGE_NAME=$IMAGE_NAME
           echo VERSION=$VERSION
-          docker tag $IMAGE_NAME $IMAGE_NAME:$VERSION
-          docker tag $IMAGE_NAME $IMAGE_NAME:latest
-          docker tag ${IMAGE_NAME}:distroless $IMAGE_NAME:$VERSION-distroless
-          docker push $IMAGE_NAME:$VERSION
-          docker push $IMAGE_NAME:latest
-          docker push $IMAGE_NAME:$VERSION-distroless
-          
+          docker tag ${IMAGE_NAME}:server-distroless $IMAGE_NAME:$VERSION-server-distroless
+          docker tag ${IMAGE_NAME}:syncer-distroless $IMAGE_NAME:$VERSION-syncer-distroless
+          docker push $IMAGE_NAME:$VERSION-server-distroless
+          docker push $IMAGE_NAME:$VERSION-syncer-distroless

server-distroless.dockerfile

@@ -0,0 +1,50 @@
+FROM golang:1.20-alpine as builder
+
+# Set up apk dependencies
+ENV PACKAGES make git libc-dev bash gcc linux-headers eudev-dev curl ca-certificates build-base
+
+# Set working directory for the build
+WORKDIR /opt/app
+
+# Add source files
+COPY . .
+
+# Install minimum necessary dependencies, remove packages
+RUN apk add --no-cache $PACKAGES
+
+# For Private REPO
+ARG GH_TOKEN=""
+RUN go env -w GOPRIVATE="github.com/bnb-chain/*"
+RUN git config --global url."https://${GH_TOKEN}@github.com".insteadOf "https://github.com"
+
+RUN make build_server
+
+
+FROM alpine:3.17
+
+ARG USER=app
+ARG USER_UID=1000
+ARG USER_GID=1000
+
+ENV PACKAGES ca-certificates libstdc++ curl
+ENV WORKDIR=/app
+
+RUN apk add --no-cache $PACKAGES \
+  && rm -rf /var/cache/apk/* \
+  && addgroup -g ${USER_GID} ${USER} \
+  && adduser -u ${USER_UID} -G ${USER} --shell /sbin/nologin --no-create-home -D ${USER} \
+  && addgroup ${USER} tty \
+  && sed -i -e "s/bin\/sh/bin\/bash/" /etc/passwd
+
+WORKDIR ${WORKDIR}
+RUN chown -R ${USER_UID}:${USER_GID} ${WORKDIR}
+USER ${USER_UID}:${USER_GID}
+
+ENV CONFIG_FILE_PATH /opt/app/config/config.json
+
+ENV WORKDIR=/app
+WORKDIR ${WORKDIR}
+COPY --from=builder /opt/app/build/blob-syncer-server ${WORKDIR}
+
+# Run the app
+CMD /app/blob-syncer-server --host 0.0.0.0 --port 8080 --config-path "$CONFIG_FILE_PATH"

server.Dockerfile

@@ -17,7 +17,7 @@ ARG GH_TOKEN=""
 RUN go env -w GOPRIVATE="github.com/bnb-chain/*"
 RUN git config --global url."https://${GH_TOKEN}@github.com".insteadOf "https://github.com"
 
-RUN make build
+RUN make build_server
 
 # Pull binary into a second stage deploy alpine container
 FROM alpine:3.17

syncer-distroless.dockerfile

@@ -0,0 +1,50 @@
+FROM golang:1.20-alpine as builder
+
+# Set up apk dependencies
+ENV PACKAGES make git libc-dev bash gcc linux-headers eudev-dev curl ca-certificates build-base
+
+# Set working directory for the build
+WORKDIR /opt/app
+
+# Add source files
+COPY . .
+
+# Install minimum necessary dependencies, remove packages
+RUN apk add --no-cache $PACKAGES
+
+# For Private REPO
+ARG GH_TOKEN=""
+RUN go env -w GOPRIVATE="github.com/bnb-chain/*"
+RUN git config --global url."https://${GH_TOKEN}@github.com".insteadOf "https://github.com"
+
+RUN make build_syncer
+
+
+FROM alpine:3.17
+
+ARG USER=app
+ARG USER_UID=1000
+ARG USER_GID=1000
+
+ENV PACKAGES ca-certificates libstdc++ curl
+ENV WORKDIR=/app
+
+RUN apk add --no-cache $PACKAGES \
+  && rm -rf /var/cache/apk/* \
+  && addgroup -g ${USER_GID} ${USER} \
+  && adduser -u ${USER_UID} -G ${USER} --shell /sbin/nologin --no-create-home -D ${USER} \
+  && addgroup ${USER} tty \
+  && sed -i -e "s/bin\/sh/bin\/bash/" /etc/passwd
+
+WORKDIR ${WORKDIR}
+RUN chown -R ${USER_UID}:${USER_GID} ${WORKDIR}
+USER ${USER_UID}:${USER_GID}
+
+ENV CONFIG_FILE_PATH /opt/app/config/config.json
+
+ENV WORKDIR=/app
+WORKDIR ${WORKDIR}
+COPY --from=builder /opt/app/build/blob-syncer ${WORKDIR}
+
+# Run the app
+CMD /app/blob-syncer --config-path "$CONFIG_FILE_PATH"

syncer.Dockerfile

@@ -17,7 +17,7 @@ ARG GH_TOKEN=""
 RUN go env -w GOPRIVATE="github.com/bnb-chain/*"
 RUN git config --global url."https://${GH_TOKEN}@github.com".insteadOf "https://github.com"
 
-RUN make build
+RUN make build_syncer
 
 # Pull binary into a second stage deploy alpine container
 FROM alpine:3.17