mina/dockerfiles/stages/3-toolchain at develop · MinaProtocol/mina · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
#################################################################################################
# The "toolchain" Stage
# - installs optional tools that are required in our CI/CD but are not required to build mina
#################################################################################################
FROM opam-deps AS toolchain

ARG DOCKER_VERSION=28.3.1
ARG DEBS3_VERSION=0.11.7
ARG INFLUXDB_CLI_VERSION=2.7.5
ARG SHELLCHECK_VERSION=0.11.0
ARG HADOLINT_VERSION=2.12.0
ARG GCLOUD_VERSION=476.0.0
ARG TARGETARCH

USER root

# OS package dependencies
RUN apt-get update --yes \
  && apt-get install --yes --no-install-recommends \
    aptly \
    apt-transport-https \
    apt-utils \
    dnsutils \
    fakeroot \
    gnupg2 \
    jq \
    libgmp10 \
    libgomp1 \
    lsb-release \
    pandoc \
    patchelf \
    postgresql \
    postgresql-contrib \
    perl \
    procps \
    python3 \
    python3-pip \
    python3-sexpdata \
    python3-yaml \
    rubygems \
    wget \
  && rm -rf /var/lib/apt/lists/*

# --- deb-s3 tool
# Custom version, with lock only on manifest upload
RUN curl -sLO https://github.com/MinaProtocol/deb-s3/releases/download/${DEBS3_VERSION}/deb-s3-${DEBS3_VERSION}.gem \
    && gem install deb-s3-${DEBS3_VERSION}.gem \
    && rm -f deb-s3-${DEBS3_VERSION}.gem

# --- influx db tool
# Custom version, with lock only on manifest upload
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN curl -L -o influxdb2-client-${INFLUXDB_CLI_VERSION}-linux-${TARGETARCH}.tar.gz https://download.influxdata.com/influxdb/releases/influxdb2-client-${INFLUXDB_CLI_VERSION}-linux-${TARGETARCH}.tar.gz \
    && mkdir -p "influx_dir" && tar xvzf influxdb2-client-${INFLUXDB_CLI_VERSION}-linux-${TARGETARCH}.tar.gz -C influx_dir \
    && cp influx_dir/influx /usr/local/bin/ \
    && rm influxdb2-client-${INFLUXDB_CLI_VERSION}-linux-${TARGETARCH}.tar.gz \
    && rm -rf influx_dir

# --- Docker Daemon
RUN case "${TARGETARCH}" in \
        "amd64") DOCKER_ARCH="x86_64" ;; \
        "arm64") DOCKER_ARCH="aarch64" ;; \
        *) echo "Unsupported arch: ${TARGETARCH}"; exit 1 ;; \
    esac; \
    curl -sL https://download.docker.com/linux/static/stable/${DOCKER_ARCH}/docker-${DOCKER_VERSION}.tgz \
    | tar --extract --gzip --strip-components 1 --directory=/usr/bin --file=-

# --- Google Cloud tools
RUN case "${TARGETARCH}" in \
        "amd64") GCLOUD_ARCH="x86_64" ;; \
        "arm64") GCLOUD_ARCH="arm" ;; \
        *) echo "Unsupported arch: ${TARGETARCH}"; exit 1 ;; \
    esac; \
    curl -sSfL "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-${GCLOUD_VERSION}-linux-${GCLOUD_ARCH}.tar.gz" | \
    tar -xz -C /opt/ && \
    /opt/google-cloud-sdk/bin/gcloud components install kubectl --quiet

ENV PATH="/opt/google-cloud-sdk/bin:${PATH}"

ENV USE_GKE_GCLOUD_AUTH_PLUGIN=True

# --- nodejs, pinned version
# REF: https://nodesource.com/products/distributions
RUN curl -sL https://deb.nodesource.com/setup_24.x | bash - \
    && apt-get update --yes \
    && apt-get install --yes --no-install-recommends nodejs \
    && rm -rf /var/lib/apt/lists/*

# --- Hadolint
RUN case "${TARGETARCH}" in \
        "amd64") HADOLINT_ARCH="x86_64" ;; \
        "arm64") HADOLINT_ARCH="arm64" ;; \
        *) echo "Unsupported arch: ${TARGETARCH}"; exit 1 ;; \
    esac; \
    curl -sL "https://github.com/hadolint/hadolint/releases/download/v${HADOLINT_VERSION}/hadolint-Linux-${HADOLINT_ARCH}" \
    -o /usr/bin/hadolint \
    && chmod +x /usr/bin/hadolint

# --- Shellcheck
RUN case "${TARGETARCH}" in \
        "amd64") SHELLCHECK_ARCH="x86_64" ;; \
        "arm64") SHELLCHECK_ARCH="aarch64" ;; \
        *) echo "Unsupported arch: ${TARGETARCH}"; exit 1 ;; \
    esac; \
    curl -sL "https://github.com/koalaman/shellcheck/releases/download/v${SHELLCHECK_VERSION}/shellcheck-v${SHELLCHECK_VERSION}.linux.${SHELLCHECK_ARCH}.tar.xz" \
    | tar --extract --file=- --xz --strip-components=1 --directory=/usr/bin shellcheck-v$SHELLCHECK_VERSION/shellcheck

# --- AWS
RUN case "${TARGETARCH}" in \
        "amd64") AWS_ARCH="x86_64" ;; \
        "arm64") AWS_ARCH="aarch64" ;; \
        *) echo "Unsupported arch: ${TARGETARCH}"; exit 1 ;; \
    esac; \
    curl "https://awscli.amazonaws.com/awscli-exe-linux-${AWS_ARCH}.zip" -o "awscliv2.zip" \
    && unzip awscliv2.zip \
    && ./aws/install \
    && rm -rf awscliv2.zip aws

USER opam