Skip to content

Commit

Permalink
feat: use apt update --snapshot for reproducibility (#154)
Browse files Browse the repository at this point in the history
  • Loading branch information
endersonmaia authored Sep 13, 2024
1 parent 0adeee1 commit d518c9d
Showing 1 changed file with 49 additions and 21 deletions.
70 changes: 49 additions & 21 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,18 +1,48 @@
# syntax=docker.io/docker/dockerfile:1.4
# syntax=docker.io/docker/dockerfile:1

# This enforces that the packages downloaded from the repositories are the same
# for the defined date, no matter when the image is built.
ARG NOBLE_DATE=20240801
ARG APT_UPDATE_SNAPSHOT=${NOBLE_DATE}T030400Z

################################################################################
# cross base stage
FROM ubuntu:noble-${NOBLE_DATE} AS base-build-stage

ARG APT_UPDATE_SNAPSHOT
ARG DEBIAN_FRONTEND=noninteractive
RUN <<EOF
set -eu
apt update
apt install -y --no-install-recommends ca-certificates
apt update --snapshot=${APT_UPDATE_SNAPSHOT}
EOF

################################################################################
# riscv64 base stage
FROM --platform=linux/riscv64 ubuntu:noble-${NOBLE_DATE} AS base-target-stage

Check warning on line 23 in Dockerfile

View workflow job for this annotation

GitHub Actions / build

FROM --platform flag should not use a constant value

FromPlatformFlagConstDisallowed: FROM --platform flag should not use constant value "linux/riscv64" More info: https://docs.docker.com/go/dockerfile/rule/from-platform-flag-const-disallowed/

ARG APT_UPDATE_SNAPSHOT
ARG DEBIAN_FRONTEND=noninteractive
RUN <<EOF
set -eu
apt update
apt install -y --no-install-recommends ca-certificates
apt update --snapshot=${APT_UPDATE_SNAPSHOT}
EOF

################################################################################
# cross build stage
FROM ubuntu:noble-20240801 as build-stage
FROM base-build-stage AS build-stage

ARG DEBIAN_FRONTEND=noninteractive
RUN <<EOF
set -e
apt update
apt install -y --no-install-recommends \
build-essential=12.10ubuntu1 \
ca-certificates=20240203 \
g++-riscv64-linux-gnu=4:13.2.0-7ubuntu1 \
wget=1.21.4-1ubuntu4.1
build-essential \
ca-certificates \
g++-riscv64-linux-gnu \
wget
EOF

ARG GOVERSION=1.23.0
Expand All @@ -38,17 +68,16 @@ RUN go build -o ./dapp ./contract

################################################################################
# riscv64 build stage
FROM --platform=linux/riscv64 ubuntu:noble-20240801 as riscv64-build-stage
FROM base-target-stage AS riscv64-build-stage

ARG DEBIAN_FRONTEND=noninteractive
RUN <<EOF
set -e
apt update
apt install -y --no-install-recommends \
lua5.4=5.4.6-3build2 \
build-essential=12.10ubuntu1 \
ca-certificates=20240203 \
wget=1.21.4-1ubuntu4.1
lua5.4 \
build-essential \
ca-certificates \
wget
EOF

WORKDIR /opt/build
Expand Down Expand Up @@ -82,7 +111,7 @@ EOF

################################################################################
# runtime stage: produces final image that will be executed
FROM --platform=linux/riscv64 ubuntu:noble-20240801
FROM base-target-stage

LABEL io.cartesi.sdk_version=0.9.0
LABEL io.cartesi.rollups.ram_size=128Mi
Expand All @@ -93,14 +122,13 @@ ARG MACHINE_EMULATOR_TOOLS_DEB=machine-emulator-tools-v${MACHINE_EMULATOR_TOOLS_
ARG DEBIAN_FRONTEND=noninteractive
RUN <<EOF
set -eu
apt-get update
apt-get install -y --no-install-recommends \
busybox-static=1:1.36.1-6ubuntu3.1 \
ca-certificates=20240203 \
curl=8.5.0-2ubuntu10.3 \
libasan6=11.4.0-9ubuntu1 \
libasan8=14-20240412-0ubuntu1 \
xz-utils=5.6.1+really5.4.5-1build0.1
busybox-static \
ca-certificates \
curl \
libasan6 \
libasan8 \
xz-utils
curl -o ${MACHINE_EMULATOR_TOOLS_DEB} -fsSL https://github.com/cartesi/machine-emulator-tools/releases/download/v${MACHINE_EMULATOR_TOOLS_VERSION}/${MACHINE_EMULATOR_TOOLS_DEB}
dpkg -i ${MACHINE_EMULATOR_TOOLS_DEB}
rm ${MACHINE_EMULATOR_TOOLS_DEB}
Expand Down

0 comments on commit d518c9d

Please sign in to comment.