ci: Refactor Dockerfile & entrypoint #8923
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
upbqdn
added
C-bug
gustavovalverde
approved these changes
Feb 12, 2025
upbqdn
removed
the
C-trivial
gustavovalverde
pushed a commit
that referenced
this pull request
Feb 13, 2025
* Refactor formatting & docs * Refactor the `runtime` stage in Dockerfile * Remove unused code from `entrypoint.sh` * Simplify `entrypoint.sh` setup * Revise docs & formatting * Adjust default values for env vars * Bump Rust v from 1.79 to 1.81 in Dockerfile * Refactor `entrypoint.sh` * Refactor `Dockerfile` * Add TODOs for monitoring stage to Dockerfile * Refactor `Dockerfile` * Add TODOs for monitoring stage to Dockerfile * Fix a typo * Allow running `zebrad` in test mode * Allow custom config for `zebrad` in test mode * Remove `curl` from the `runtime` Docker image * Remove redundant echos * Remove a malfunctioning CD test The test was using a custom config file set in `test_variables`. However, the file was not included in the Docker image, and the entrypoint script created a new, default one under the original file's path. Zebra then loaded this new file, and the test passed because the pattern in `grep_patterns` matched Zebra's output containing the original path, even though the config file was different. * Remove a redundant CI test * Remove all packages from the `runtime` stage * Docs cosmetics * Clarify docs * Bump Rust version * Remove a security note * Explicitly specify network cache dir * Explicitly specify cookie dir * Set UID, GID and home dir for the `zebra` user * Set a working dir for the `zebra` user * Don't remove `FEATURES` * Try re-introducing the `testnet-conf` check * `ZEBRA_CACHED_STATE_DIR` -> `ZEBRA_CACHE_DIR` This dir doesn't hold only the state cache anymore, but also the cache for network peers, and the cookie file. * Refactor the dir structure * Check that `ZEBRA_CONF_PATH` exists in the image * Improve the check for `ZEBRA_CONF_PATH` * Use different flag in the `ZEBRA_CONF_PATH` check * Simplify the `ZEBRA_CONF_PATH` check * Fix spelling * Comment out the `testnet-conf` CI check * Add commented out `test-zebra-conf-path` CI check * Reintroduce `testnet-conf` CI check * Update the `custom-conf` CI check * Add `v2.1.0.toml` conf file * Refine the `v2.1.0.toml` conf file * Remove `ZEBRA_LISTEN_ADDR` from the entrypoint * Remove `ZEBRA_CHECKPOINT_SYNC` from the entrypoint * Stop supporting configuration of the RPC port * Add default conf file * Prepare Zebra's config in the entrypoint script * Remove unneeded packages from the `deps` target * Docs cosmetics * Use only `$FEATURES` in entrypoint * Simplify handling of Rust features * Add a TODO * Add CI debug statements * Don't require test vars in conf test * Reintroduce `protoc` * Remove `-e NETWORK` * Remove `ZEBRA_FORCE_USE_COLOR=1` * Remove `ZEBRA_CACHE_DIR=/var/cache/zebrad-cache` * Reintroduce the "custom-conf" test * Set up test env the same way as prod * Don't repeatedly check for conf file in entrypoint * Simplify file ownership in Dockerfile * Fix checkpoint tests in entrypoint * Fix Zebra config CI tests * `LIGHTWALLETD_DATA_DIR` -> `LWD_CACHE_DIR` * Add config for `LWD_CACHE_DIR` to Dockerfile * `/var/cache/zebrad-cache` -> `~/.cache/zebra` * `var/cache/lwd-cache` -> `/home/zebra/.cache/lwd` * Remove `LOG_COLOR=false` from GCP setup * Don't specify `LWD_CACHE_DIR` in CI tests * Don't switch to `zebra` user for tests in Docker * Join "experimental" and "all" tests in CI * Remove outdated docs * Refactor tests with fake activation heights * Fix tests for scanner
7 tasks
This was referenced Feb 25, 2025
elijahhampton
pushed a commit
to elijahhampton/zebra
that referenced
this pull request
Feb 25, 2025
* Refactor formatting & docs * Refactor the `runtime` stage in Dockerfile * Remove unused code from `entrypoint.sh` * Simplify `entrypoint.sh` setup * Revise docs & formatting * Adjust default values for env vars * Bump Rust v from 1.79 to 1.81 in Dockerfile * Refactor `entrypoint.sh` * Refactor `Dockerfile` * Add TODOs for monitoring stage to Dockerfile * Refactor `Dockerfile` * Add TODOs for monitoring stage to Dockerfile * Fix a typo * Allow running `zebrad` in test mode * Allow custom config for `zebrad` in test mode * Remove `curl` from the `runtime` Docker image * Remove redundant echos * Remove a malfunctioning CD test The test was using a custom config file set in `test_variables`. However, the file was not included in the Docker image, and the entrypoint script created a new, default one under the original file's path. Zebra then loaded this new file, and the test passed because the pattern in `grep_patterns` matched Zebra's output containing the original path, even though the config file was different. * Remove a redundant CI test * Remove all packages from the `runtime` stage * Docs cosmetics * Clarify docs * Bump Rust version * Remove a security note * Explicitly specify network cache dir * Explicitly specify cookie dir * Set UID, GID and home dir for the `zebra` user * Set a working dir for the `zebra` user * Don't remove `FEATURES` * Try re-introducing the `testnet-conf` check * `ZEBRA_CACHED_STATE_DIR` -> `ZEBRA_CACHE_DIR` This dir doesn't hold only the state cache anymore, but also the cache for network peers, and the cookie file. * Refactor the dir structure * Check that `ZEBRA_CONF_PATH` exists in the image * Improve the check for `ZEBRA_CONF_PATH` * Use different flag in the `ZEBRA_CONF_PATH` check * Simplify the `ZEBRA_CONF_PATH` check * Fix spelling * Comment out the `testnet-conf` CI check * Add commented out `test-zebra-conf-path` CI check * Reintroduce `testnet-conf` CI check * Update the `custom-conf` CI check * Add `v2.1.0.toml` conf file * Refine the `v2.1.0.toml` conf file * Remove `ZEBRA_LISTEN_ADDR` from the entrypoint * Remove `ZEBRA_CHECKPOINT_SYNC` from the entrypoint * Stop supporting configuration of the RPC port * Add default conf file * Prepare Zebra's config in the entrypoint script * Remove unneeded packages from the `deps` target * Docs cosmetics * Use only `$FEATURES` in entrypoint * Simplify handling of Rust features * Add a TODO * Add CI debug statements * Don't require test vars in conf test * Reintroduce `protoc` * Remove `-e NETWORK` * Remove `ZEBRA_FORCE_USE_COLOR=1` * Remove `ZEBRA_CACHE_DIR=/var/cache/zebrad-cache` * Reintroduce the "custom-conf" test * Set up test env the same way as prod * Don't repeatedly check for conf file in entrypoint * Simplify file ownership in Dockerfile * Fix checkpoint tests in entrypoint * Fix Zebra config CI tests * `LIGHTWALLETD_DATA_DIR` -> `LWD_CACHE_DIR` * Add config for `LWD_CACHE_DIR` to Dockerfile * `/var/cache/zebrad-cache` -> `~/.cache/zebra` * `var/cache/lwd-cache` -> `/home/zebra/.cache/lwd` * Remove `LOG_COLOR=false` from GCP setup * Don't specify `LWD_CACHE_DIR` in CI tests * Don't switch to `zebra` user for tests in Docker * Join "experimental" and "all" tests in CI * Remove outdated docs * Refactor tests with fake activation heights * Fix tests for scanner
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
CI contains a bunch of nits:
rootinside Docker, which is a security risk.runtimeDocker stage for production images contains unneeded packages, making the images larger than necessary and increasing the surface for security vulnerabilities.depsDocker stage for tests contains unneeded packages, which slows CI down.EXPOSEinstruction contains two ports, but Zebra uses only one of them at a time, and it doesn't contain some other ports Zebra uses.FEATURES(which comes fromRUST_PROD_FEATURESin CI)TEST_FEATURES(which comes fromRUST_TEST_FEATURESin CI)EXPERIMENTAL_FEATURES(which should probably come fromRUST_EXPERIMENTAL_FEATURESin CI, containing"shielded-scan", but it doesn't, so the Dockerfile uses the default value"journald prometheus filter-reload")ENTRYPOINT_FEATURES = "$FEATURES $TEST_FEATURES"ENTRYPOINT_FEATURES_EXPERIMENTAL = $ENTRYPOINT_FEATURES $EXPERIMENTAL_FEATURESClose #9210.
Solution
runtimeDocker stage and switch to it.gosu.runtimestage.depsstageEXPOSEinstruction in Docker./etc/zebradto/usr/local/bin.ZEBRA_CACHED_STATE_DIRenv var toZEBRA_CACHE_DIRsince that dir no longer contains only the state but also the network cache and the cookie file.Tests
Manually test that
zebradruns under the newzebrauser:Running
displays
PR Checklist