Add module caching into the dockerfile #956
Description
a working version that also adds ssh support for private modules.
# syntax=docker/dockerfile:1.7
# This Dockerfile performs a multi-stage build. BUILDER_IMAGE is the image used
# to compile the layerd binary. RUNTIME_IMAGE is the image that will be
# returned with the final layerd binary.
#
# Separating the builder and runtime image allows the runtime image to be
# considerably smaller because it doesn't need to have Golang installed.
ARG BUILDER_IMAGE=docker.io/golang:1.25.3-alpine
ARG RUNTIME_IMAGE=docker.io/alpine:3.20
ARG TARGETOS
ARG TARGETARCH
# Stage 1: Build the layerd binary inside a builder image that will be discarded later.
# Ignore hadolint rule because hadolint can't parse the variable.
# See https://github.com/hadolint/hadolint/issues/339
# hadolint ignore=DL3006
FROM --platform=$BUILDPLATFORM ${BUILDER_IMAGE} AS builder
ENV CGO_ENABLED=0
ENV GO111MODULE=on
ENV GOPRIVATE=github.com/cryptoriums/*
ENV GONOSUMDB=github.com/cryptoriums/*
# hadolint ignore=DL3018
RUN apk update && apk add --no-cache \
gcc \
git \
# linux-headers are needed for Ledger support
linux-headers \
make \
musl-dev \
openssh-client
WORKDIR /layer
RUN mkdir -p -m 0700 /root/.ssh && \
ssh-keyscan github.com >> /root/.ssh/known_hosts
RUN git config --global url."ssh://git@github.com/".insteadOf "https://github.com/"
COPY go.mod go.sum ./
RUN --mount=type=ssh \
--mount=type=cache,target=/go/pkg/mod \
go mod download
COPY . .
RUN --mount=type=ssh \
--mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build \
uname -a &&\
CGO_ENABLED=${CGO_ENABLED} GOOS=${TARGETOS} GOARCH=${TARGETARCH} \
make build
# Stage 2: Create a minimal image to run the layerd binary
# Ignore hadolint rule because hadolint can't parse the variable.
# See https://github.com/hadolint/hadolint/issues/339
# hadolint ignore=DL3006
FROM ${RUNTIME_IMAGE} AS runtime
# Use UID 1025 to match heighliner standard for Cosmos SDK chains.
# This ensures compatibility with interchaintest and other Cosmos tooling.
ARG UID=1025
ARG USER_NAME=layerdevnet
ENV LAYER_HOME=/home/${USER_NAME}
# hadolint ignore=DL3018
RUN apk update && apk add --no-cache \
bash \
curl \
jq \
tini \
&& adduser ${USER_NAME} \
-D \
-g ${USER_NAME} \
-h ${LAYER_HOME} \
-s /sbin/nologin \
-u ${UID}
# Copy the layerd binary from the builder into the final image.
COPY --from=builder /layer/build/layerd /bin/layerd
# Copy the entrypoint script into the final image.
COPY --chown=${USER_NAME}:${USER_NAME} docker/entrypoint.sh /opt/entrypoint.sh
# Set the user to layerdevnet.
USER ${USER_NAME}
# Set the working directory to the home directory.
WORKDIR ${LAYER_HOME}
# Expose ports:
# 1317 is the default API server port.
# 9090 is the default GRPC server port.
# 26656 is the default node p2p port.
# 26657 is the default RPC port.
# 26660 is the port used for Prometheus.
# 26661 is the port used for tracing.
EXPOSE 1317 9090 26656 26657 26660 26661
# Add health check to ensure container is ready
HEALTHCHECK --interval=5s --timeout=3s --start-period=10s --retries=3 \
CMD curl -f http://localhost:26657/status || exit 1
ENTRYPOINT [ "/sbin/tini", "--", "/bin/bash", "/opt/entrypoint.sh" ]