Skip to content

IA1.2 Generate dockers for services #182

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: celo-integration-rebase-13.1
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 0 additions & 11 deletions README_ESPRESSO.md
Original file line number Diff line number Diff line change
Expand Up @@ -257,17 +257,6 @@ docker compose down -v
docker volume prune -f
```

* If the genesis file is updated, initialize the chain data directory with the updated file.
```
docker run --rm \
-v $(pwd)/../config:/config \
-v espresso_op-geth-data:/data \
us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth:v1.101503.2-rc.3 \
init --datadir=/data --state.scheme=path /config/<genesis-file>
```
`<genesis-file>` is either `l1-genesis-devnet.json` or `l2-genesis-devnet.json`.


## Continuous Integration environment

### Running enclave tests in EC2
Expand Down
62 changes: 41 additions & 21 deletions espresso/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
# Espresso OP Integration Docker Setup

services:
l1:
l1-geth:
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8545"]
interval: 3s
timeout: 2s
retries: 40
build:
context: ../ops/docker/deployment-utils
context: ./dockerfiles/l1-geth
image: l1-geth:espresso
volumes:
- ../config/l1-genesis-devnet.json:/l1-genesis-devnet.json:ro
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pasting @Ancient123's comment from Slack:

when doing mounts at runtime don't mount individual files. If the file gets rewritten on the host machine, it won't take affect on the docker, because it can hold onto an older handle for the previous file.

- l1-data:/data
- l1-geth-data:/data
command:
- sh
- -c
Expand All @@ -35,18 +35,38 @@ services:
ports:
- "8545:8545" # L1 RPC

op-geth-init:
image: us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth:v1.101503.2-rc.3
Comment on lines +38 to +39
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is helpful!

volumes:
- ../config:/config
- op-geth-data:/data
entrypoint: ""
command: >
sh -c "

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This might be really annoying in terraform. I'd recommend checking how arbitrary scripts work in there. Ideally we'd just make this part of the container instead, so we can fork their container and then add this as a setup step (I think).

if [ ! -f /data/geth/chaindata/CURRENT ]; then
echo 'Initializing op-geth database...'
geth init --datadir=/data --state.scheme=path /config/l2-genesis-devnet.json
echo 'op-geth initialization completed'
else
echo 'op-geth database already initialized, skipping...'
fi
"
restart: "no"

op-geth:
# If the version below is updated, update the version for `images/op-geth` in the Docker
# Compose section in README_ESPRESSO.md as well.
image: us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth:v1.101503.2-rc.3
depends_on:
l1:
l1-geth:
condition: service_healthy
op-geth-init:
condition: service_completed_successfully
volumes:
- ../config:/config
- op-geth-data:/data
environment:
L1_RPC: http://l1:8545
L1_RPC: http://l1-geth:8545
command:
- --datadir=/data
- --networkid=1
Expand All @@ -69,19 +89,19 @@ services:
op-node-sequencer:
build:
context: ../
dockerfile: ./ops/docker/op-stack-go/Dockerfile
dockerfile: espresso/dockerfiles/op-stack/Dockerfile
target: op-node-target
image: op-node-sequencer:espresso
depends_on:
op-geth:
condition: service_started
environment:
L1_RPC: http://l1:8545
L1_RPC: http://l1-geth:8545
volumes:
- ../config:/config
command:
- op-node
- --l1=http://l1:8545
- --l1=http://l1-geth:8545
- --l2=http://op-geth:8551
- --l2.jwt-secret=/config/jwt.txt
- --rollup.config=/config/op-node/rollup-devnet.json
Expand All @@ -90,27 +110,27 @@ services:
op-node-verifier:
build:
context: ../
dockerfile: ./ops/docker/op-stack-go/Dockerfile
dockerfile: espresso/dockerfiles/op-stack/Dockerfile
target: op-node-target
image: op-node-verifier:espresso
depends_on:
op-geth:
condition: service_started
environment:
L1_RPC: http://l1:8545
L1_RPC: http://l1-geth:8545
volumes:
- ../config:/config
command:
- op-node
- --l1=http://l1:8545
- --l1=http://l1-geth:8545
- --l2=http://op-geth:8551
- --l2.jwt-secret=/config/jwt.txt
- --rollup.config=/config/op-node/rollup-devnet.json

caff-node:
build:
context: ../
dockerfile: ./ops/docker/op-stack-go/Dockerfile
dockerfile: espresso/dockerfiles/op-stack/Dockerfile
target: op-node-target
image: caff-node:espresso
depends_on:
Expand All @@ -119,13 +139,13 @@ services:
espresso-dev-node:
condition: service_started
environment:
L1_RPC: http://l1:8545
L1_RPC: http://l1-geth:8545
CAFF_ESPRESSO_LIGHT_CLIENT_ADDR: "0x703848f4c85f18e3acd8196c8ec91eb0b7bd0797"
volumes:
- ../config:/config
command:
- op-node
- --l1=http://l1:8545
- --l1=http://l1-geth:8545
- --l2=http://op-geth:8551
- --l2.jwt-secret=/config/jwt.txt
- --rollup.config=/config/op-node/rollup-devnet.json
Expand All @@ -145,18 +165,18 @@ services:
op-batcher:
build:
context: ../
dockerfile: ./ops/docker/op-stack-go/Dockerfile
dockerfile: espresso/dockerfiles/op-stack/Dockerfile
target: op-batcher-target
image: op-batcher:espresso
depends_on:
- op-node-sequencer
environment:
L1_RPC: http://l1:8545
L1_RPC: http://l1-geth:8545
volumes:
- ../packages/contracts-bedrock/lib/superchain-registry/ops/testdata/monorepo:/config
command:
- op-batcher
- --l1-eth-rpc=http://l1:8545
- --l1-eth-rpc=http://l1-geth:8545
- --l2-eth-rpc=http://op-geth:8551
- --rollup-rpc=http://op-node-sequencer:8545
- --espresso-url=http://espresso-dev-node:24000
Expand All @@ -165,7 +185,7 @@ services:
op-proposer:
build:
context: ../
dockerfile: ./ops/docker/op-stack-go/Dockerfile
dockerfile: espresso/dockerfiles/op-stack/Dockerfile
target: op-proposer-target
image: op-proposer:espresso
depends_on:
Expand All @@ -174,7 +194,7 @@ services:
- ../packages/contracts-bedrock/lib/superchain-registry/ops/testdata/monorepo:/config
command:
- op-proposer
- --l1-eth-rpc=http://l1:8545
- --l1-eth-rpc=http://l1-geth:8545
- --rollup-rpc=http://op-node-sequencer:8545
- --game-factory-address=0xDC9a4dba410aaC9D98a848710Aa82601752DBd44
- --proposal-interval=10m
Expand All @@ -185,7 +205,7 @@ services:
dockerfile: ./op-deployer/Dockerfile.default
image: op-deployer:espresso
depends_on:
- l1
- l1-geth
volumes:
- ../packages/contracts-bedrock/lib/superchain-registry/ops/testdata/monorepo:/config
restart: "no"
Expand All @@ -203,6 +223,6 @@ services:
ESPRESSO_SEQUENCER_STORAGE_PATH: /data/espresso

volumes:
l1-data:
l1-geth-data:
op-geth-data:
espresso-data:
54 changes: 54 additions & 0 deletions espresso/dockerfiles/l1-geth/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
# L1 Geth Dockerfile, simplified from ops/docker/deployment-utils/Dockerfile
FROM debian:12.7-slim

ENV DEBIAN_FRONTEND=noninteractive

# Install runtime dependencies
RUN apt-get update && apt-get install -y \
curl \
jq \
ca-certificates \
&& rm -rf /var/lib/apt/lists/*

# Install Geth
RUN ARCH=$(dpkg --print-architecture) && \
echo "Detected architecture: $ARCH" && \
case "$ARCH" in \
"amd64") \
GETH_URL="https://gethstore.blob.core.windows.net/builds/geth-linux-amd64-1.15.11-36b2371c.tar.gz" && \
GETH_SHA="a14a4285daedf75ea04a7a298e6caa48d566a2786c93fc5e86ec2c5998c92455" && \
GETH_DIR="geth-linux-amd64-1.15.11-36b2371c" && \
VERIFY_SHA="true" \
;; \
"arm64") \
GETH_URL="https://gethstore.blob.core.windows.net/builds/geth-linux-arm64-1.15.11-36b2371c.tar.gz" && \
GETH_SHA="148ec84db2268fa846ae68f6445f0c98d33e95069e40fe8c74b43ea5eb53df7b" && \
GETH_DIR="geth-linux-arm64-1.15.11-36b2371c" && \
VERIFY_SHA="true" \
;; \
*) \
echo "Unsupported architecture: $ARCH" && exit 1 \
;; \
esac && \
echo "Downloading: $GETH_URL" && \
curl -L "$GETH_URL" -o geth.tar.gz && \
tar -xvf geth.tar.gz && \
mv "$GETH_DIR/geth" /usr/local/bin/geth && \
rm -rf geth.tar.gz "$GETH_DIR" && \
chmod +x /usr/local/bin/geth

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should check the hash GETH_SHA here.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, we do! It's located around 10+ lines above, the command starting from GETH_SHA=.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, but this variable GETH_SHA does not seem to be used anywhere? Should not we compute the hash of the tar.gz file against GETH_SHA or something similar?

# Create data directory
RUN mkdir -p /data

# Expose the RPC port
EXPOSE 8545

# Set working directory
WORKDIR /data

# Healthcheck
HEALTHCHECK --interval=3s --timeout=2s --retries=40 \
CMD curl -f http://localhost:8545 || exit 1

# Default command
CMD ["geth", "--help"]
112 changes: 112 additions & 0 deletions espresso/dockerfiles/op-stack/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
# OP Stack Dockerfile, simplified from ops/docker/op-stack-go/Dockerfile
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Ancient123 Following the pattern in op-stack-go/Dockerfile, I used this file for the OP node, batcher, and proposer, instead of creating one Dockerfile for one service--is this okay?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is fine.


# Build arguments
ARG TARGET_BASE_IMAGE=alpine:3.20
ARG TARGETOS
ARG TARGETARCH

# Base builder image
FROM --platform=$BUILDPLATFORM golang:1.22.7-alpine3.20 AS builder

RUN apk add --no-cache curl tar gzip make gcc musl-dev linux-headers git jq bash

# Install mise for toolchain management
RUN curl https://mise.run | MISE_INSTALL_PATH=/usr/local/bin/mise sh

# Install yq
RUN case "$TARGETARCH" in \
"amd64") YQ_ARCH="amd64" ;; \
"arm64") YQ_ARCH="arm64" ;; \
*) YQ_ARCH="amd64" ;; \
esac && \
wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_$YQ_ARCH

# Install versioned toolchain
COPY ./mise.toml .
RUN mise trust && mise install -v -y just && cp $(mise which just) /usr/local/bin/just && just --version

# Copy and download Go dependencies
COPY ./go.mod /app/go.mod
COPY ./go.sum /app/go.sum
WORKDIR /app
RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build go mod download

# Copy source code
COPY . /app

# Build arguments for git metadata
ARG GIT_COMMIT
ARG GIT_DATE

# Rust builder for Espresso crypto libraries
FROM --platform=$BUILDPLATFORM rust:1.84.1-alpine3.20 AS rust-builder
ARG ESPRESSO_NETWORK_GO_VER=0.0.34
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a TODO to check the hash of the espresso go library when we switch to the new one. cc @dailinsubjam

RUN apk add perl make openssl-dev musl-dev gcc
ADD https://github.com/EspressoSystems/espresso-network-go/archive/refs/tags/v$ESPRESSO_NETWORK_GO_VER.tar.gz /source.tgz
RUN tar -oxzf /source.tgz
WORKDIR /espresso-network-go-$ESPRESSO_NETWORK_GO_VER
RUN --mount=type=cache,target=/usr/local/cargo/registry \
--mount=type=cache,target=/usr/local/cargo/git/db \
--mount=type=cache,target=/espresso-network-go/verification/rust/target \
cargo build --release --locked --manifest-path ./verification/rust/Cargo.toml
RUN mkdir -p /libespresso
RUN cp ./verification/rust/target/release/libespresso_crypto_helper.a \
/libespresso/libespresso_crypto_helper-aarch64-unknown-linux-gnu.a
RUN cp ./verification/rust/target/release/libespresso_crypto_helper.a \
/libespresso/libespresso_crypto_helper-x86_64-unknown-linux-gnu.a

# CGO builder for components that need Espresso crypto linking
FROM --platform=$BUILDPLATFORM alpine:3.20 AS op-cgo-builder
# Install dependencies
RUN apk add musl-dev gcc go g++ curl tar gzip make gcc linux-headers git jq bash yq
# Install just from mise
COPY ./mise.toml .
RUN curl -L https://github.com/casey/just/releases/download/$(yq '.tools.just' mise.toml)/just-$(yq '.tools.just' mise.toml)-x86_64-unknown-linux-musl.tar.gz | \
tar xz -C /usr/local/bin just
# Go sources
COPY ./go.mod /app/go.mod
COPY ./go.sum /app/go.sum
# Copy rust libs for dynamic linking
COPY --from=rust-builder /libespresso/* /lib
# Warm-up the cache
WORKDIR /app
RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build go mod download
COPY . /app

# Build op-node
FROM op-cgo-builder AS op-node-builder
ARG OP_NODE_VERSION=v0.0.0
RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build cd op-node && make op-node \
GOOS=$TARGETOS GOARCH=$TARGETARCH GITCOMMIT=$GIT_COMMIT GITDATE=$GIT_DATE VERSION="$OP_NODE_VERSION"

# Build op-batcher
FROM op-cgo-builder AS op-batcher-builder
ARG OP_BATCHER_VERSION=v0.0.0
WORKDIR /app/op-batcher
ENV GOOS=$TARGETOS GOARCH=$TARGETARCH GITCOMMIT=$GIT_COMMIT GITDATE=$GIT_DATE VERSION="$OP_BATCHER_VERSION"
RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build just op-batcher

# Build op-proposer
FROM --platform=$BUILDPLATFORM builder AS op-proposer-builder
ARG OP_PROPOSER_VERSION=v0.0.0
RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build cd op-proposer && make op-proposer \
GOOS=$TARGETOS GOARCH=$TARGETARCH GITCOMMIT=$GIT_COMMIT GITDATE=$GIT_DATE VERSION="$OP_PROPOSER_VERSION"

# Final runtime images
FROM $TARGET_BASE_IMAGE AS op-node-target
RUN apk add gcc
ENV AZTEC_SRS_PATH /aztec/kzg10-aztec20-srs-1048584.bin
ADD "https://github.com/EspressoSystems/ark-srs/releases/download/v0.2.0/kzg10-aztec20-srs-1048584.bin" /aztec/kzg10-aztec20-srs-1048584.bin
COPY --from=op-node-builder /app/op-node/bin/op-node /usr/local/bin/
CMD ["op-node"]

FROM $TARGET_BASE_IMAGE AS op-batcher-target
RUN apk add gcc
ENV AZTEC_SRS_PATH /aztec/kzg10-aztec20-srs-1048584.bin
ADD "https://github.com/EspressoSystems/ark-srs/releases/download/v0.2.0/kzg10-aztec20-srs-1048584.bin" /aztec/kzg10-aztec20-srs-1048584.bin
COPY --from=op-batcher-builder /app/op-batcher/bin/op-batcher /usr/local/bin/
CMD ["op-batcher"]

FROM $TARGET_BASE_IMAGE AS op-proposer-target
COPY --from=op-proposer-builder /app/op-proposer/bin/op-proposer /usr/local/bin/
CMD ["op-proposer"]
Loading