Simple crosscomp (#33)

Simple crosscomp
lncm · Jan 19, 2020 · 8b6af01 · 8b6af01
2 parents affc3b3 + 8fba308
commit 8b6af01
Show file tree

Hide file tree

Showing 14 changed files with 193 additions and 50 deletions.
diff --git a/.github/workflows/on-tag.yml b/.github/workflows/on-tag.yml
@@ -128,10 +128,11 @@ jobs:
         run: |
           mkdir -p binaries/
           ID=$(docker create "${APP}:${{matrix.arch}}")
-          docker cp  "${ID}:/bin/${APP}"  binaries/
-          docker cp  "${ID}:/bin/lncli"   binaries/
+          docker cp  "${ID}:/usr/local/bin/${APP}"  binaries/
+          docker cp  "${ID}:/usr/local/bin/lncli"   binaries/
           docker rm  "${ID}"
 
+          # Compress each binary separately
           for file in binaries/*; do
             gzip "${file}"
             mv "${file}.gz" "${file}-${TAG}-${{matrix.arch}}.gz"
@@ -175,6 +176,8 @@ jobs:
         run: docker images "${APP}"
 
       - name: Run sanity checks
+        env:
+          DIR: /usr/local/bin
         run: |
           for tag in $(docker images "${APP}" --format "{{.Tag}}"); do
             echo
@@ -186,9 +189,9 @@ jobs:
 
             docker run --rm --entrypoint=uname      "${APP}:${tag}" -a
             docker run --rm --entrypoint=cat        "${APP}:${tag}" /etc/os-release
-            docker run --rm --entrypoint=sha256sum  "${APP}:${tag}" /bin/lnd /bin/lncli
+            docker run --rm --entrypoint=sha256sum  "${APP}:${tag}" "${DIR}/lnd" "${DIR}/lncli"
 
-            docker run --rm --entrypoint=sh -u=root "${APP}:${tag}" -c "apk add --no-cache file && file /bin/${APP} /bin/lncli"
+            docker run --rm --entrypoint=sh -u=root "${APP}:${tag}" -c "apk add --no-cache file && file ${DIR}/${APP} ${DIR}/lncli"
           done
 
 

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -79,10 +79,11 @@ jobs:
         run: |
           mkdir -p bins/ binaries/
           ID=$(docker create "${APP}:${VER_ARCH}")
-          docker cp  "${ID}:/bin/${APP}"  bins/
-          docker cp  "${ID}:/bin/lncli"   bins/
+          docker cp  "${ID}:/usr/local/bin/${APP}"  bins/
+          docker cp  "${ID}:/usr/local/bin/lncli"   bins/
           docker rm  "${ID}"
 
+          # Compress both binaries into a one archive
           tar  -C bins/  -cvaf "binaries/${APP}-${VER_ARCH}.tgz"  .
 
       - name: Print sha256sum of extracted binaries
@@ -122,6 +123,8 @@ jobs:
         run: docker images "${APP}"
 
       - name: Run sanity checks
+        env:
+          DIR: /usr/local/bin
         run: |
           for tag in $(docker images "${APP}" --format "{{.Tag}}"); do
             echo
@@ -133,7 +136,7 @@ jobs:
 
             docker run --rm --entrypoint=uname      "${APP}:${tag}" -a
             docker run --rm --entrypoint=cat        "${APP}:${tag}" /etc/os-release
-            docker run --rm --entrypoint=sha256sum  "${APP}:${tag}" /bin/${APP} /bin/lncli
+            docker run --rm --entrypoint=sha256sum  "${APP}:${tag}" ${DIR}/${APP} ${DIR}/lncli
 
-            docker run --rm --entrypoint=sh         "${APP}:${tag}" -c 'apk add --no-cache file && file /bin/${APP} /bin/lncli'
+            docker run --rm --entrypoint=sh -u=root "${APP}:${tag}" -c "apk add --no-cache file && file ${DIR}/${APP} ${DIR}/lncli"
           done
diff --git a/0.5/Dockerfile b/0.5/Dockerfile
@@ -10,6 +10,9 @@ ARG ARCH
 ARG VER_GO=1.13
 ARG VER_ALPINE=3.11
 
+ARG USER=lnd
+ARG DIR=/data/
+
 
 #
 ## This stage fetches and verifies source code, and applies necessary fixes
@@ -106,22 +109,49 @@ RUN upx -v /go/bin/*
 
 
 
+#
+## This stage is used to generate /etc/{group,passwd,shadow} files & avoid RUN-ing commands in the `final` layer,
+#   which would break cross-compiled images.
+#
+FROM alpine:${VER_ALPINE} AS perms
+
+ARG USER
+ARG DIR
+
+# NOTE: Default GID == UID == 1000
+RUN adduser --disabled-password \
+            --home ${DIR} \
+            --gecos "" \
+            ${USER}
+
+
+
 #
 ## This is the final image that gets shipped to Docker Hub
 #
 # NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
 FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS final
 
+ARG USER
+ARG DIR
+
 LABEL maintainer="Damian Mee (@meeDamian)"
 
+# Copy only the relevant parts from the `perms` image
+COPY  --from=perms  /etc/group   /etc/
+COPY  --from=perms  /etc/passwd  /etc/
+COPY  --from=perms  /etc/shadow  /etc/
+
 COPY  --from=builder /etc/ssl/certs/ca-certificates.crt  /etc/ssl/certs/
 
 # Copy binaries from the builder image
-COPY  --from=builder /go/bin/lnd    /bin/
-COPY  --from=builder /go/bin/lncli  /bin/
+COPY  --from=builder /go/bin/lnd    /usr/local/bin/
+COPY  --from=builder /go/bin/lncli  /usr/local/bin/
+
+USER ${USER}
 
 # Expose volume containing all `lnd` data
-VOLUME /root/.lnd
+VOLUME ${DIR}/.lnd
 
 # Expose lnd ports (rest, p2p, rpc respectively)
 EXPOSE  8080  9735  10009

diff --git a/0.6/Dockerfile b/0.6/Dockerfile
@@ -10,6 +10,9 @@ ARG ARCH
 ARG VER_GO=1.13
 ARG VER_ALPINE=3.11
 
+ARG USER=lnd
+ARG DIR=/data/
+
 
 #
 ## This stage fetches and verifies source code, and applies necessary fixes
@@ -105,22 +108,49 @@ RUN upx -v /go/bin/*
 
 
 
+#
+## This stage is used to generate /etc/{group,passwd,shadow} files & avoid RUN-ing commands in the `final` layer,
+#   which would break cross-compiled images.
+#
+FROM alpine:${VER_ALPINE} AS perms
+
+ARG USER
+ARG DIR
+
+# NOTE: Default GID == UID == 1000
+RUN adduser --disabled-password \
+            --home ${DIR} \
+            --gecos "" \
+            ${USER}
+
+
+
 #
 ## This is the final image that gets shipped to Docker Hub
 #
 # NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
 FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS final
 
+ARG USER
+ARG DIR
+
 LABEL maintainer="Damian Mee (@meeDamian)"
 
+# Copy only the relevant parts from the `perms` image
+COPY  --from=perms  /etc/group   /etc/
+COPY  --from=perms  /etc/passwd  /etc/
+COPY  --from=perms  /etc/shadow  /etc/
+
 COPY  --from=builder /etc/ssl/certs/ca-certificates.crt  /etc/ssl/certs/
 
 # Copy binaries from the builder image
-COPY  --from=builder /go/bin/lnd    /bin/
-COPY  --from=builder /go/bin/lncli  /bin/
+COPY  --from=builder /go/bin/lnd    /usr/local/bin/
+COPY  --from=builder /go/bin/lncli  /usr/local/bin/
+
+USER ${USER}
 
 # Expose volume containing all `lnd` data
-VOLUME /root/.lnd
+VOLUME ${DIR}/.lnd
 
 # Expose lnd ports (rest, p2p, rpc respectively)
 EXPOSE  8080  9735  10009

diff --git a/0.7/Dockerfile b/0.7/Dockerfile
@@ -11,6 +11,9 @@ ARG ARCH
 ARG VER_GO=1.13
 ARG VER_ALPINE=3.11
 
+ARG USER=lnd
+ARG DIR=/data/
+
 #
 ## NOTE: You should only override the ARGs below, if you know what you're doing
 #
@@ -232,22 +235,49 @@ RUN du          /bin/lnd  /bin/lncli
 
 
 
+#
+## This stage is used to generate /etc/{group,passwd,shadow} files & avoid RUN-ing commands in the `final` layer,
+#   which would break cross-compiled images.
+#
+FROM alpine:${VER_ALPINE} AS perms
+
+ARG USER
+ARG DIR
+
+# NOTE: Default GID == UID == 1000
+RUN adduser --disabled-password \
+            --home ${DIR} \
+            --gecos "" \
+            ${USER}
+
+
+
 #
 ## This is the final image that gets shipped to Docker Hub
 #
 # NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
 FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS final
 
+ARG USER
+ARG DIR
+
 LABEL maintainer="Damian Mee (@meeDamian)"
 
+# Copy only the relevant parts from the `perms` image
+COPY  --from=perms  /etc/group   /etc/
+COPY  --from=perms  /etc/passwd  /etc/
+COPY  --from=perms  /etc/shadow  /etc/
+
 COPY  --from=cross-check /etc/ssl/certs/ca-certificates.crt  /etc/ssl/certs/
 
 # Copy binaries from the cross-check stage
-COPY  --from=cross-check /bin/lnd    /bin/
-COPY  --from=cross-check /bin/lncli  /bin/
+COPY  --from=cross-check /bin/lnd    /usr/local/bin/
+COPY  --from=cross-check /bin/lncli  /usr/local/bin/
+
+USER ${USER}
 
 # Expose volume containing all `lnd` data
-VOLUME /root/.lnd
+VOLUME ${DIR}/.lnd
 
 # Expose lnd ports (rest, p2p, rpc respectively)
 EXPOSE  8080  9735  10009

diff --git a/0.7/variant-monitoring.patch b/0.7/variant-monitoring.patch
@@ -1,8 +1,8 @@
 diff --git Dockerfile Dockerfile
-index ed9f858..485e8b5 100644
+index 1dfbfe8..f3d0406 100644
 --- Dockerfile
 +++ Dockerfile
-@@ -26,7 +26,7 @@ ARG TAGS_LND="signrpc chainrpc"
+@@ -29,7 +29,7 @@ ARG TAGS_LND="signrpc chainrpc"
  ARG TAGS_STATIC="osusergo netgo static_build"
 
  # Added by yours truly (@lncm)
@@ -11,7 +11,7 @@ index ed9f858..485e8b5 100644
 
  # Force Go to use the cgo based DNS resolver. This is required to ensure DNS
  #   queries required to connect to linked containers succeed
-@@ -252,5 +252,11 @@ VOLUME /root/.lnd
+@@ -282,5 +282,11 @@ VOLUME ${DIR}/.lnd
  # Expose lnd ports (rest, p2p, rpc respectively)
  EXPOSE  8080  9735  10009
 

diff --git a/0.8/Dockerfile b/0.8/Dockerfile
@@ -11,6 +11,9 @@ ARG ARCH
 ARG VER_GO=1.13
 ARG VER_ALPINE=3.11
 
+ARG USER=lnd
+ARG DIR=/data/
+
 #
 ## NOTE: You should only override the ARGs below, if you know what you're doing
 #
@@ -230,22 +233,49 @@ RUN du          /bin/lnd  /bin/lncli
 
 
 
+#
+## This stage is used to generate /etc/{group,passwd,shadow} files & avoid RUN-ing commands in the `final` layer,
+#   which would break cross-compiled images.
+#
+FROM alpine:${VER_ALPINE} AS perms
+
+ARG USER
+ARG DIR
+
+# NOTE: Default GID == UID == 1000
+RUN adduser --disabled-password \
+            --home ${DIR} \
+            --gecos "" \
+            ${USER}
+
+
+
 #
 ## This is the final image that gets shipped to Docker Hub
 #
 # NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
 FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS final
 
+ARG USER
+ARG DIR
+
 LABEL maintainer="Damian Mee (@meeDamian)"
 
+# Copy only the relevant parts from the `perms` image
+COPY  --from=perms  /etc/group   /etc/
+COPY  --from=perms  /etc/passwd  /etc/
+COPY  --from=perms  /etc/shadow  /etc/
+
 COPY  --from=cross-check /etc/ssl/certs/ca-certificates.crt  /etc/ssl/certs/
 
 # Copy binaries from the cross-check stage
-COPY  --from=cross-check /bin/lnd    /bin/
-COPY  --from=cross-check /bin/lncli  /bin/
+COPY  --from=cross-check /bin/lnd    /usr/local/bin/
+COPY  --from=cross-check /bin/lncli  /usr/local/bin/
+
+USER ${USER}
 
 # Expose volume containing all `lnd` data
-VOLUME /root/.lnd
+VOLUME ${DIR}/.lnd
 
 # Expose lnd ports (rest, p2p, watchtower, rpc respectively)
 EXPOSE  8080  9735  9911  10009

diff --git a/0.8/variant-bitcoind-0.19.patch b/0.8/variant-bitcoind-0.19.patch
diff --git a/0.8/variant-experimental.patch b/0.8/variant-experimental.patch
@@ -1,8 +1,8 @@
 diff --git Dockerfile Dockerfile
-index 118ab7f..58e9482 100644
+index cda3a7e..641f9c2 100644
 --- Dockerfile
 +++ Dockerfile
-@@ -26,7 +26,7 @@ ARG TAGS_LND="signrpc chainrpc"
+@@ -29,7 +29,7 @@ ARG TAGS_LND="signrpc chainrpc"
  ARG TAGS_STATIC="osusergo netgo static_build"
 
  # Added by yours truly (@lncm)

diff --git a/0.8/variant-monitoring.patch b/0.8/variant-monitoring.patch
@@ -1,8 +1,8 @@
 diff --git Dockerfile Dockerfile
-index 118ab7f..4150002 100644
+index cda3a7e..01b203f 100644
 --- Dockerfile
 +++ Dockerfile
-@@ -26,7 +26,7 @@ ARG TAGS_LND="signrpc chainrpc"
+@@ -29,7 +29,7 @@ ARG TAGS_LND="signrpc chainrpc"
  ARG TAGS_STATIC="osusergo netgo static_build"
 
  # Added by yours truly (@lncm)
@@ -11,7 +11,7 @@ index 118ab7f..4150002 100644
 
  # Force Go to use the cgo based DNS resolver. This is required to ensure DNS
  #   queries required to connect to linked containers succeed
-@@ -250,5 +250,11 @@ VOLUME /root/.lnd
+@@ -280,5 +280,11 @@ VOLUME ${DIR}/.lnd
  # Expose lnd ports (rest, p2p, watchtower, rpc respectively)
  EXPOSE  8080  9735  9911  10009