Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docker speedup #31

Open
wants to merge 2 commits into
base: hack-mainnet-1.6.1
Choose a base branch
from
Open

Docker speedup #31

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cdeb98e
Optimize and cleanup dockerfiles
sbellem Feb 10, 2023
94ee013
wip: docker build artifacts
sbellem Feb 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 23 additions & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -235,8 +235,29 @@ clean:
$(MAKE) -C cosmwasm/enclaves/test clean
$(MAKE) -C check-hw clean

compile-enclave:
DOCKER_BUILDKIT=1 docker build \
$(DOCKER_BUILD_ARGS) \
--build-arg BUILD_VERSION=1.6.1 \
--build-arg SGX_MODE=HW \
--file deployment/dockerfiles/Dockerfile \
--target compile-enclave \
--tag scrt-enclave \
.

compile-libgo-cosmwasm:
DOCKER_BUILDKIT=1 docker build \
$(DOCKER_BUILD_ARGS) \
--build-arg BUILD_VERSION=1.6.1 \
--build-arg SGX_MODE=HW \
--file deployment/dockerfiles/Dockerfile \
--target compile-libgo-cosmwasm \
--tag scrt-libgo-cosmwasm \
.

compile-secretd:
DOCKER_BUILDKIT=1 docker build \
$(DOCKER_BUILD_ARGS) \
--build-arg SECRET_NODE_TYPE=NODE \
--build-arg DB_BACKEND=goleveldb \
--build-arg CGO_LDFLAGS= \
Expand All @@ -251,13 +272,14 @@ compile-secretd:

artifacts:
DOCKER_BUILDKIT=1 docker build \
$(DOCKER_BUILD_ARGS) \
--build-arg FEATURES=production \
--build-arg FEATURES_U=production \
--build-arg SECRET_NODE_TYPE=NODE \
--build-arg DB_BACKEND=goleveldb \
--build-arg BUILD_VERSION=1.6.1 \
--build-arg SGX_MODE=HW \
--file deployment/dockerfiles/Dockerfile \
--file deployment/dockerfiles/artifacts.Dockerfile \
--secret id=API_KEY,src=ias_keys/api_key.txt \
--secret id=SPID,src=ias_keys/sw_dummy/spid.txt \
--target secret-artifacts \
Expand Down
33 changes: 27 additions & 6 deletions deployment/dockerfiles/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,14 @@ ENV MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551}

WORKDIR /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm

RUN --mount=type=cache,target=/root/.cargo/registry . /opt/sgxsdk/environment && env \
&& MITIGATION_CVE_2020_0551={MITIGATION_CVE_2020_0551} VERSION=${VERSION} FEATURES=${FEATURES} FEATURES_U=${FEATURES_U} SGX_MODE=${SGX_MODE} make build-rust
RUN --mount=type=cache,target=/root/.cargo/registry \
. /opt/sgxsdk/environment && env && \
MITIGATION_CVE_2020_0551={MITIGATION_CVE_2020_0551} \
VERSION=${VERSION} \
FEATURES=${FEATURES} \
FEATURES_U=${FEATURES_U} \
SGX_MODE=${SGX_MODE} \
make build-rust

ENTRYPOINT ["/bin/bash"]

Expand All @@ -69,7 +75,8 @@ ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin

ADD https://go.dev/dl/go1.19.linux-amd64.tar.gz go.linux-amd64.tar.gz
RUN tar -C /usr/local -xzf go.linux-amd64.tar.gz
RUN go install github.com/jteeuwen/go-bindata/go-bindata@latest && go-bindata -version
RUN --mount=type=cache,target=/root/.cache/go-build \
go install github.com/jteeuwen/go-bindata/go-bindata@latest && go-bindata -version

# Set working directory for the build
WORKDIR /go/src/github.com/enigmampc/SecretNetwork
Expand Down Expand Up @@ -104,6 +111,8 @@ COPY Makefile .
RUN true
COPY client client

RUN go mod graph | awk '$1 !~ /@/ { print $2 }' | xargs -r go get

RUN ln -s /usr/lib/x86_64-linux-gnu/liblz4.so /usr/local/lib/liblz4.so && ln -s /usr/lib/x86_64-linux-gnu/libzstd.so /usr/local/lib/libzstd.so

RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/
Expand All @@ -124,8 +133,20 @@ RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets
RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets/api_key.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy/api_key.txt
RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets/api_key.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production/api_key.txt

RUN --mount=type=cache,target=/root/.cache/go-build . /opt/sgxsdk/environment && env && CGO_LDFLAGS=${CGO_LDFLAGS} DB_BACKEND=${DB_BACKEND} VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_local_no_rust
RUN --mount=type=cache,target=/root/.cache/go-build . /opt/sgxsdk/environment && env && VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_cli
RUN --mount=type=cache,target=/root/.cache/go-build \
. /opt/sgxsdk/environment && env && \
CGO_LDFLAGS=${CGO_LDFLAGS} \
DB_BACKEND=${DB_BACKEND} \
VERSION=${VERSION} \
FEATURES=${FEATURES} \
SGX_MODE=${SGX_MODE} \
make build_local_no_rust
RUN --mount=type=cache,target=/root/.cache/go-build \
. /opt/sgxsdk/environment && env && \
VERSION=${VERSION} \
FEATURES=${FEATURES} \
SGX_MODE=${SGX_MODE} \
make build_cli
#RUN . /opt/sgxsdk/environment && env && CGO_LDFLAGS=${CGO_LDFLAGS} DB_BACKEND=${DB_BACKEND} VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_local_no_rust
#RUN . /opt/sgxsdk/environment && env && VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_cli

Expand Down Expand Up @@ -328,4 +349,4 @@ COPY deployment/docker/localsecret/faucet/faucet_server.js .

HEALTHCHECK --interval=5s --timeout=1s --retries=120 CMD bash -c 'curl -sfm1 http://localhost:26657/status && curl -s http://localhost:26657/status | jq -e "(.result.sync_info.latest_block_height | tonumber) > 0"'

ENTRYPOINT ["./bootstrap_init.sh"]
ENTRYPOINT ["./bootstrap_init.sh"]
127 changes: 71 additions & 56 deletions deployment/dockerfiles/artifacts.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
# `--target build-deb-mainnet` - the image used to generate deb package for mainnet (will pull precompiled enclave)
# `--target compile-secretd` - image with compiled enclave and secretd

ARG SCRT_BASE_IMAGE_SECRETD=enigmampc/rocksdb:v6.24.2-1.1.5
ARG TEST=enigmampc/rocksdb:v6.24.2
ARG SCRT_BASE_IMAGE_ENCLAVE=enigmampc/rocksdb:v6.24.2-1.1.5
ARG SCRT_RELEASE_BASE_IMAGE=enigmampc/enigma-sgx-base:2004-1.1.5
Expand All @@ -34,9 +33,15 @@ RUN --mount=type=cache,target=/root/.cargo/registry cargo install xargo --versio
COPY third_party third_party

# Add source files
COPY go-cosmwasm go-cosmwasm/
#COPY go-cosmwasm go-cosmwasm/
COPY cosmwasm cosmwasm/

# build header enclave-ffi-types.h needed by both librust_cosmwasm and libgo_cosmwasm
WORKDIR /go/src/github.com/enigmampc/SecretNetwork/cosmwasm/enclaves/ffi-types
RUN --mount=type=cache,target=/root/.cargo/registry \
cargo check --features "build_headers"


# ***************** COMPILE ENCLAVE ************** #

FROM prepare-compile-enclave AS compile-enclave
Expand All @@ -53,60 +58,47 @@ ENV FEATURES=${FEATURES}
ENV FEATURES_U=${FEATURES_U}
ENV MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551}

WORKDIR /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm
WORKDIR /go/src/github.com/enigmampc/SecretNetwork/cosmwasm/enclaves/execute

#RUN --mount=type=cache,target=/root/.cargo/registry . /opt/sgxsdk/environment && env \
# && MITIGATION_CVE_2020_0551={MITIGATION_CVE_2020_0551} VERSION=${VERSION} FEATURES=${FEATURES} FEATURES_U=${FEATURES_U} SGX_MODE=${SGX_MODE} make build-rust
RUN --mount=type=cache,target=/root/.cargo/registry . /opt/sgxsdk/environment && env && \
MITIGATION_CVE_2020_0551={MITIGATION_CVE_2020_0551} \
VERSION=${VERSION} \
FEATURES=${FEATURES} \
FEATURES_U=${FEATURES_U} \
SGX_MODE=${SGX_MODE} \
make build-enclave

#FROM compile-enclave as compile-libgo-cosmwasm
#RUN --mount=type=cache,target=/root/.cargo/registry . /opt/sgxsdk/environment && env && \
#RUN . /opt/sgxsdk/environment && \
# FEATURES_U=${FEATURES_U} \
# make build-libgo-cosmwasm
RUN --mount=type=cache,target=/root/.cargo/registry \
cp ../target/headers/enclave-ffi-types.h ./ && \
. /opt/sgxsdk/environment && env && \
MITIGATION_CVE_2020_0551={MITIGATION_CVE_2020_0551} \
VERSION=${VERSION} \
FEATURES=${FEATURES} \
SGX_MODE=${SGX_MODE} \
make librust_cosmwasm_enclave.signed.so

ENTRYPOINT ["/bin/bash"]

# ***************** COMPILE libgo_cosmwasm.so ************** #
FROM prepare-compile-enclave AS compile-libgo-cosmwasm

#FROM prepare-compile-enclave AS compile-libgo-cosmwasm
FROM compile-enclave AS compile-libgo-cosmwasm

#ARG BUILD_VERSION="v0.0.0"
#ARG SGX_MODE=SW
#ARG FEATURES
#ARG FEATURES_U
#ARG MITIGATION_CVE_2020_0551=LOAD
#
#ENV VERSION=${BUILD_VERSION}
#ENV SGX_MODE=${SGX_MODE}
#ENV FEATURES=${FEATURES}
#ENV FEATURES_U=${FEATURES_U}
#ENV MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551}
#
#WORKDIR /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm
ARG BUILD_VERSION="v0.0.0"
ARG SGX_MODE=SW
ARG FEATURES
ARG FEATURES_U
ARG MITIGATION_CVE_2020_0551=LOAD

#COPY --from=compile-enclave \
# /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so .
#COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/lib .
#RUN --mount=type=cache,target=/root/.cargo/registry . /opt/sgxsdk/environment && env && \
RUN . /opt/sgxsdk/environment && \
FEATURES_U=${FEATURES_U} \
make build-libgo-cosmwasm
ENV VERSION=${BUILD_VERSION}
ENV SGX_MODE=${SGX_MODE}
ENV FEATURES=${FEATURES}
ENV FEATURES_U=${FEATURES_U}
ENV MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551}

ENTRYPOINT ["/bin/bash"]
WORKDIR /go/src/github.com/enigmampc/SecretNetwork
COPY go-cosmwasm go-cosmwasm
WORKDIR /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm

FROM scratch AS libgo_cosmwasm
COPY --from=compile-libgo-cosmwasm /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so .
#COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so /usr/lib/
#COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/secretd /usr/bin/secretd
RUN --mount=type=cache,target=/root/.cargo/registry \
. /opt/sgxsdk/environment && env && \
MITIGATION_CVE_2020_0551={MITIGATION_CVE_2020_0551} \
VERSION=${VERSION} \
FEATURES=${FEATURES} \
FEATURES_U=${FEATURES_U} \
SGX_MODE=${SGX_MODE} \
make build-libgo-cosmwasm

ENTRYPOINT ["/bin/bash"]

# ***************** COMPILE SECRETD ************** #
FROM $TEST AS compile-secretd
Expand All @@ -117,7 +109,8 @@ ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin

ADD https://go.dev/dl/go1.19.linux-amd64.tar.gz go.linux-amd64.tar.gz
RUN tar -C /usr/local -xzf go.linux-amd64.tar.gz
RUN go install github.com/jteeuwen/go-bindata/go-bindata@latest && go-bindata -version
RUN --mount=type=cache,target=/root/.cache/go-build \
go install github.com/jteeuwen/go-bindata/go-bindata@latest && go-bindata -version

# Set working directory for the build
WORKDIR /go/src/github.com/enigmampc/SecretNetwork
Expand All @@ -137,6 +130,7 @@ ENV CGO_LDFLAGS=${CGO_LDFLAGS}

# Add source files
COPY go-cosmwasm go-cosmwasm

# This is due to some esoteric docker bug with the underlying filesystem, so until I figure out a better way, this should be a workaround
RUN true
COPY x x
Expand All @@ -151,12 +145,18 @@ COPY Makefile .
RUN true
COPY client client

RUN go mod graph | awk '$1 !~ /@/ { print $2 }' | xargs -r go get

RUN ln -s /usr/lib/x86_64-linux-gnu/liblz4.so /usr/local/lib/liblz4.so && ln -s /usr/lib/x86_64-linux-gnu/libzstd.so /usr/local/lib/libzstd.so

RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/

COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so
COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so
COPY --from=compile-enclave \
/go/src/github.com/enigmampc/SecretNetwork/cosmwasm/enclaves/execute/librust_cosmwasm_enclave.signed.so \
/go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so
COPY --from=compile-libgo-cosmwasm \
/go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so \
/go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so
# COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_query_enclave.signed.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_query_enclave.signed.so

RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop
Expand All @@ -171,13 +171,28 @@ RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets
RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets/api_key.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy/api_key.txt
RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets/api_key.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production/api_key.txt

RUN . /opt/sgxsdk/environment && env && CGO_LDFLAGS=${CGO_LDFLAGS} DB_BACKEND=${DB_BACKEND} VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_local_no_rust
RUN . /opt/sgxsdk/environment && env && VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_cli

RUN --mount=type=cache,target=/root/.cache/go-build \
. /opt/sgxsdk/environment && env && \
CGO_LDFLAGS=${CGO_LDFLAGS} \
DB_BACKEND=${DB_BACKEND} \
VERSION=${VERSION} \
FEATURES=${FEATURES} \
SGX_MODE=${SGX_MODE} \
make build_local_no_rust
RUN --mount=type=cache,target=/root/.cache/go-build \
. /opt/sgxsdk/environment && env && \
VERSION=${VERSION} \
FEATURES=${FEATURES} \
SGX_MODE=${SGX_MODE} \
make build_cli
#RUN . /opt/sgxsdk/environment && env && CGO_LDFLAGS=${CGO_LDFLAGS} DB_BACKEND=${DB_BACKEND} VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_local_no_rust
#RUN . /opt/sgxsdk/environment && env && VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_cli

# ******************* BUILD ARTIFACTS ******************** #
FROM scratch as secret-artifacts
COPY --from=compile-libgo-cosmwasm /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so .
COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so /usr/lib/
COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/secretd /usr/bin/secretd
COPY --from=compile-secretd /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so .
COPY --from=compile-secretd /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so .
COPY --from=compile-secretd /go/src/github.com/enigmampc/SecretNetwork/secretd .

# ******************* RELEASE IMAGE ******************** #
FROM $SCRT_RELEASE_BASE_IMAGE as release-image
Expand Down
2 changes: 1 addition & 1 deletion go-cosmwasm/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ build-rust: build-enclave
@ #this pulls out ELF symbols, 80% size reduction!

.PHONY: build-libgo-cosmwasm
build-libgo-cosmwasm:
build-libgo-cosmwasm: lib/libEnclave_u.a
cargo build -Z unstable-options --profile $(BUILD_PROFILE) --features "$(FEATURES_U)"
cp target/$(BUILD_PROFILE)/libgo_cosmwasm.$(DLL_EXT) api
@ #this pulls out ELF symbols, 80% size reduction!
Expand Down
Loading