diff --git a/.github/workflows/task-rust-lint.yml b/.github/workflows/task-rust-lint.yml index 58c2b3d0..7435f1d3 100644 --- a/.github/workflows/task-rust-lint.yml +++ b/.github/workflows/task-rust-lint.yml @@ -34,7 +34,6 @@ jobs: - uses: ./.github/workflows/actions/setup-env with: cache-key: FMT - cache-targets: false install-deps: false # Self-hosted runners have deps pre-installed - name: Run cargo fmt diff --git a/docker/datahaven-build.Dockerfile b/docker/datahaven-build.Dockerfile index 3b0195f9..d93614ec 100644 --- a/docker/datahaven-build.Dockerfile +++ b/docker/datahaven-build.Dockerfile @@ -57,7 +57,25 @@ RUN --mount=type=cache,target=/usr/local/cargo/registry \ # --- Create final lightweight runtime image --- FROM docker.io/parity/base-bin:latest -COPY --from=builder /usr/lib/x86_64-linux-gnu/libpq.so* /usr/lib/x86_64-linux-gnu/ +# Copy CA certificates and shared libraries from builder +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=builder \ + /lib/x86_64-linux-gnu/libpq.so.5 \ + /lib/x86_64-linux-gnu/libssl.so.3 \ + /lib/x86_64-linux-gnu/libcrypto.so.3 \ + /lib/x86_64-linux-gnu/libgssapi_krb5.so.2 \ + /lib/x86_64-linux-gnu/libldap.so.2 \ + /lib/x86_64-linux-gnu/libz.so.1 \ + /lib/x86_64-linux-gnu/libzstd.so.1 \ + /lib/x86_64-linux-gnu/libkrb5.so.3 \ + /lib/x86_64-linux-gnu/libk5crypto.so.3 \ + /lib/x86_64-linux-gnu/libcom_err.so.2 \ + /lib/x86_64-linux-gnu/libkrb5support.so.0 \ + /lib/x86_64-linux-gnu/liblber.so.2 \ + /lib/x86_64-linux-gnu/libsasl2.so.2 \ + /lib/x86_64-linux-gnu/libkeyutils.so.1 \ + /lib/x86_64-linux-gnu/ + COPY --from=builder /datahaven/target/release/datahaven-node /usr/local/bin USER root @@ -69,7 +87,7 @@ RUN useradd -m -u 1001 -U -s /bin/sh -d /datahaven datahaven && \ USER datahaven -EXPOSE 30333 9933 9944 9615 +EXPOSE 30333 9944 9615 VOLUME ["/data"] ENTRYPOINT ["/usr/local/bin/datahaven-node"] \ No newline at end of file diff --git a/docker/datahaven-production.Dockerfile b/docker/datahaven-production.Dockerfile index a3cec0af..142d89b6 100644 --- a/docker/datahaven-production.Dockerfile +++ b/docker/datahaven-production.Dockerfile @@ -43,18 +43,34 @@ FROM debian:stable-slim LABEL maintainer="steve@moonsonglabs.com" LABEL description="Production Binary for DataHaven Nodes" -RUN apt-get update && apt-get install -y libpq5 +# Copy CA certificates and shared libraries from builder +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=builder \ + /lib/x86_64-linux-gnu/libpq.so.5 \ + /lib/x86_64-linux-gnu/libssl.so.3 \ + /lib/x86_64-linux-gnu/libcrypto.so.3 \ + /lib/x86_64-linux-gnu/libgssapi_krb5.so.2 \ + /lib/x86_64-linux-gnu/libldap.so.2 \ + /lib/x86_64-linux-gnu/libz.so.1 \ + /lib/x86_64-linux-gnu/libzstd.so.1 \ + /lib/x86_64-linux-gnu/libkrb5.so.3 \ + /lib/x86_64-linux-gnu/libk5crypto.so.3 \ + /lib/x86_64-linux-gnu/libcom_err.so.2 \ + /lib/x86_64-linux-gnu/libkrb5support.so.0 \ + /lib/x86_64-linux-gnu/liblber.so.2 \ + /lib/x86_64-linux-gnu/libsasl2.so.2 \ + /lib/x86_64-linux-gnu/libkeyutils.so.1 \ + /lib/x86_64-linux-gnu/ +# Create datahaven user and directories RUN useradd -m -u 1000 -U -s /bin/sh -d /datahaven datahaven && \ - mkdir -p /datahaven/.local/share && \ - mkdir /data && \ - chown -R datahaven:datahaven /data && \ - ln -s /data /datahaven/.local/share/datahaven && \ - rm -rf /usr/sbin + mkdir -p /datahaven/.local/share /data && \ + chown -R datahaven:datahaven /data && \ + ln -s /data /datahaven/.local/share/datahaven && \ + rm -rf /usr/sbin USER datahaven -COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt COPY --from=builder --chown=datahaven /datahaven/target/production/datahaven-node /datahaven/datahaven-node RUN chmod uog+x /datahaven/datahaven-node