logos-blockchain-testing/testing-framework/assets/stack/Dockerfile

# syntax=docker/dockerfile:1
# check=skip=SecretsUsedInArgOrEnv
# Ignore warnings about sensitive information as this is test data.

ARG VERSION
ARG CIRCUITS_OVERRIDE
ARG NOMOS_NODE_REV
ARG CIRCUITS_PLATFORM

# ===========================
# BUILD IMAGE
# ===========================

FROM rust:1.91.0-slim-bookworm AS builder

ARG VERSION
ARG CIRCUITS_OVERRIDE
ARG NOMOS_NODE_REV
ARG CIRCUITS_PLATFORM

LABEL maintainer="augustinas@status.im" \
    source="https://github.com/logos-co/nomos-node" \
    description="Nomos testnet build image"

WORKDIR /workspace
COPY . .

# Reduce debug artifact size.
ENV CARGO_PROFILE_DEV_DEBUG=0
ENV NOMOS_NODE_REV=${NOMOS_NODE_REV}

# Install dependencies needed for building RocksDB.
RUN apt-get update && apt-get install -yq \
    git gcc g++ clang make cmake m4 xz-utils libgmp-dev libssl-dev pkg-config ca-certificates curl wget file

RUN mkdir -p /opt/circuits && \
    select_circuits_source() { \
        # Prefer an explicit override when it exists (file or directory). \
        if [ -n "$CIRCUITS_OVERRIDE" ] && [ -e "/workspace/${CIRCUITS_OVERRIDE}" ]; then \
            echo "/workspace/${CIRCUITS_OVERRIDE}"; \
            return 0; \
        fi; \
        # Fall back to the workspace bundle shipped with the repo. \
        if [ -e "/workspace/tests/kzgrs/kzgrs_test_params" ]; then \
            echo "/workspace/tests/kzgrs/kzgrs_test_params"; \
            return 0; \
        fi; \
        return 1; \
    }; \
    if CIRCUITS_PATH="$(select_circuits_source)"; then \
        echo "Using prebuilt circuits bundle from ${CIRCUITS_PATH#/workspace/}"; \
        if [ -d "$CIRCUITS_PATH" ]; then \
            cp -R "${CIRCUITS_PATH}/." /opt/circuits; \
        else \
            cp "${CIRCUITS_PATH}" /opt/circuits/; \
        fi; \
    fi; \
    TARGET_ARCH="$(uname -m)"; \
    expect_arch() { \
      case "$1" in \
        x86_64) echo "x86-64|x86_64" ;; \
        aarch64|arm64) echo "arm64|aarch64" ;; \
        *) echo "$1" ;; \
      esac; \
    }; \
    require_linux_execs=0; \
    check_linux_exec() { \
      local path="$1"; \
      if [ ! -f "$path" ]; then \
        return 0; \
      fi; \
      local info; \
      info="$(file -b "$path" 2>/dev/null || true)"; \
      case "$info" in \
        *ELF*) : ;; \
        *) \
          echo "Circuits executable is not ELF: ${path} (${info}); forcing circuits download"; \
          require_linux_execs=1; \
          return 0; \
          ;; \
      esac; \
      pattern="$(expect_arch "$TARGET_ARCH")"; \
      if [ -n "$pattern" ] && ! echo "$info" | grep -Eqi "$pattern"; then \
        echo "Circuits executable arch mismatch: ${path} (${info}); forcing circuits download"; \
        require_linux_execs=1; \
      fi; \
    }; \
    check_linux_exec /opt/circuits/zksign/witness_generator; \
    check_linux_exec /opt/circuits/pol/witness_generator; \
    if [ -f "/opt/circuits/prover" ]; then \
      PROVER_INFO="$(file -b /opt/circuits/prover || true)"; \
      case "$TARGET_ARCH" in \
        x86_64) EXPECT_ARCH="x86-64" ;; \
        aarch64|arm64) EXPECT_ARCH="aarch64" ;; \
        *) EXPECT_ARCH="$TARGET_ARCH" ;; \
      esac; \
      if [ -n "$PROVER_INFO" ] && ! echo "$PROVER_INFO" | grep -qi "$EXPECT_ARCH"; then \
        echo "Circuits prover architecture ($PROVER_INFO) does not match target ${TARGET_ARCH}; rebuilding rapidsnark binaries"; \
        chmod +x scripts/build-rapidsnark.sh && \
        RAPIDSNARK_FORCE_REBUILD=1 \
            scripts/build-rapidsnark.sh /opt/circuits; \
      fi; \
    fi; \
    if [ "$require_linux_execs" -eq 1 ] || [ ! -f "/opt/circuits/pol/verification_key.json" ]; then \
        echo "Downloading ${VERSION} circuits bundle for ${CIRCUITS_PLATFORM}"; \
        chmod +x scripts/setup-nomos-circuits.sh && \
        NOMOS_CIRCUITS_PLATFORM="${CIRCUITS_PLATFORM}" \
        NOMOS_CIRCUITS_REBUILD_RAPIDSNARK=1 \
        RAPIDSNARK_BUILD_GMP=1 \
            scripts/setup-nomos-circuits.sh "$VERSION" "/opt/circuits"; \
    fi

ENV NOMOS_CIRCUITS=/opt/circuits

# Provide runtime binaries. Prefer prebuilt artifacts (when present) for speed;
# otherwise build from source (or if prebuilt artifacts don't match the image
# architecture).
RUN set -eu; \
    mkdir -p /workspace/artifacts; \
    TARGET_ARCH="$(uname -m)"; \
    expect_arch() { \
      case "$1" in \
        x86_64) echo "x86-64" ;; \
        aarch64|arm64) echo "arm64" ;; \
        *) echo "$1" ;; \
      esac; \
    }; \
    have_prebuilt() { \
      [ -f testing-framework/assets/stack/bin/nomos-node ] && \
      [ -f testing-framework/assets/stack/bin/nomos-executor ] && \
      [ -f testing-framework/assets/stack/bin/nomos-cli ]; \
    }; \
    bin_matches_arch() { \
      BIN_INFO="$(file -b testing-framework/assets/stack/bin/nomos-node 2>/dev/null || true)"; \
      case "$BIN_INFO" in \
        *ELF*);; \
        *) return 1 ;; \
      esac; \
      case "$TARGET_ARCH" in \
        x86_64) PATTERN="x86-64|x86_64" ;; \
        aarch64|arm64) PATTERN="arm64|aarch64" ;; \
        *) PATTERN="$(expect_arch "$TARGET_ARCH")" ;; \
      esac; \
      [ -n "$BIN_INFO" ] && echo "$BIN_INFO" | grep -Eqi "$PATTERN"; \
    }; \
    if have_prebuilt && bin_matches_arch; then \
      echo "Using prebuilt nomos binaries from testing-framework/assets/stack/bin"; \
      cp testing-framework/assets/stack/bin/nomos-node /workspace/artifacts/nomos-node; \
      cp testing-framework/assets/stack/bin/nomos-executor /workspace/artifacts/nomos-executor; \
      cp testing-framework/assets/stack/bin/nomos-cli /workspace/artifacts/nomos-cli; \
    else \
      if have_prebuilt; then \
        echo "Prebuilt nomos binaries do not match target architecture (${TARGET_ARCH}); rebuilding from source"; \
      fi; \
      echo "Prebuilt nomos binaries missing or wrong architecture; building from source (rev ${NOMOS_NODE_REV})"; \
      git clone https://github.com/logos-co/nomos-node.git /tmp/nomos-node && \
      cd /tmp/nomos-node && \
      git fetch --depth 1 origin "${NOMOS_NODE_REV}" && \
      git checkout "${NOMOS_NODE_REV}" && \
      git reset --hard && git clean -fdx && \
      # Enable pol-dev-mode via cfg to let POL_PROOF_DEV_MODE short-circuit proofs in tests.
      RUSTFLAGS='--cfg feature="pol-dev-mode"' NOMOS_CIRCUITS=/opt/circuits cargo build --features "testing" \
        -p nomos-node -p nomos-executor -p nomos-cli; \
      cp /tmp/nomos-node/target/debug/nomos-node /workspace/artifacts/nomos-node; \
      cp /tmp/nomos-node/target/debug/nomos-executor /workspace/artifacts/nomos-executor; \
      cp /tmp/nomos-node/target/debug/nomos-cli /workspace/artifacts/nomos-cli; \
      rm -rf /tmp/nomos-node/target/debug/incremental; \
    fi

# Strip local path patches so container builds use git sources.
RUN sed -i '/^\[patch\.\"https:\/\/github.com\/logos-co\/nomos-node\"\]/,/^$/d' /workspace/Cargo.toml

# Build cfgsync binaries from this workspace.
RUN cargo build --all-features --manifest-path /workspace/testing-framework/tools/cfgsync/Cargo.toml --bins
RUN cp /workspace/target/debug/cfgsync-server /workspace/artifacts/cfgsync-server && \
    cp /workspace/target/debug/cfgsync-client /workspace/artifacts/cfgsync-client && \
    rm -rf /workspace/target/debug/incremental

# ===========================
# NODE IMAGE
# ===========================

FROM ubuntu:24.04

ARG VERSION

LABEL maintainer="augustinas@status.im" \
    source="https://github.com/logos-co/nomos-node" \
    description="Nomos node image"

RUN apt-get update && apt-get install -yq \
    libstdc++6 \
    libgmp10 \
    libgomp1 \
    libssl3 \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/*

COPY --from=builder /opt/circuits /opt/circuits

# Provide a stable in-image location for the KZG test parameters so EKS runs do
# not rely on hostPath volumes.
COPY --from=builder /workspace/testing-framework/assets/stack/kzgrs_test_params/kzgrs_test_params /opt/nomos/kzg-params/kzgrs_test_params

COPY --from=builder /workspace/artifacts/nomos-node /usr/bin/nomos-node
COPY --from=builder /workspace/artifacts/nomos-executor /usr/bin/nomos-executor
COPY --from=builder /workspace/artifacts/nomos-cli /usr/bin/nomos-cli
COPY --from=builder /workspace/artifacts/cfgsync-server /usr/bin/cfgsync-server
COPY --from=builder /workspace/artifacts/cfgsync-client /usr/bin/cfgsync-client

ENV NOMOS_CIRCUITS=/opt/circuits

EXPOSE 3000 8080 9000 60000

ENTRYPOINT ["/usr/bin/nomos-node"]
Initial import of Nomos testing framework 2025-12-01 12:48:39 +01:00			`# syntax=docker/dockerfile:1`
			`# check=skip=SecretsUsedInArgOrEnv`
			`# Ignore warnings about sensitive information as this is test data.`

Require versions.env, add rev updater, and externalize Docker args 2025-12-09 17:24:11 +01:00			`ARG VERSION`
Initial import of Nomos testing framework 2025-12-01 12:48:39 +01:00			`ARG CIRCUITS_OVERRIDE`
Require versions.env, add rev updater, and externalize Docker args 2025-12-09 17:24:11 +01:00			`ARG NOMOS_NODE_REV`
			`ARG CIRCUITS_PLATFORM`
Initial import of Nomos testing framework 2025-12-01 12:48:39 +01:00
			`# ===========================`
			`# BUILD IMAGE`
			`# ===========================`

			`FROM rust:1.91.0-slim-bookworm AS builder`

			`ARG VERSION`
			`ARG CIRCUITS_OVERRIDE`
Align workflows and configs with latest nomos-node rev 2025-12-06 10:17:06 +01:00			`ARG NOMOS_NODE_REV`
Pass circuits platform through compose builds and Dockerfile 2025-12-09 16:28:59 +01:00			`ARG CIRCUITS_PLATFORM`
Initial import of Nomos testing framework 2025-12-01 12:48:39 +01:00
			`LABEL maintainer="augustinas@status.im" \`
			`source="https://github.com/logos-co/nomos-node" \`
			`description="Nomos testnet build image"`

			`WORKDIR /workspace`
			`COPY . .`

			`# Reduce debug artifact size.`
			`ENV CARGO_PROFILE_DEV_DEBUG=0`
Align workflows and configs with latest nomos-node rev 2025-12-06 10:17:06 +01:00			`ENV NOMOS_NODE_REV=${NOMOS_NODE_REV}`
Initial import of Nomos testing framework 2025-12-01 12:48:39 +01:00
			`# Install dependencies needed for building RocksDB.`
			`RUN apt-get update && apt-get install -yq \`
			`git gcc g++ clang make cmake m4 xz-utils libgmp-dev libssl-dev pkg-config ca-certificates curl wget file`

			`RUN mkdir -p /opt/circuits && \`
			`select_circuits_source() { \`
			`# Prefer an explicit override when it exists (file or directory). \`
			`if [ -n "$CIRCUITS_OVERRIDE" ] && [ -e "/workspace/${CIRCUITS_OVERRIDE}" ]; then \`
			`echo "/workspace/${CIRCUITS_OVERRIDE}"; \`
			`return 0; \`
			`fi; \`
			`# Fall back to the workspace bundle shipped with the repo. \`
			`if [ -e "/workspace/tests/kzgrs/kzgrs_test_params" ]; then \`
			`echo "/workspace/tests/kzgrs/kzgrs_test_params"; \`
			`return 0; \`
			`fi; \`
			`return 1; \`
			`}; \`
			`if CIRCUITS_PATH="$(select_circuits_source)"; then \`
			`echo "Using prebuilt circuits bundle from ${CIRCUITS_PATH#/workspace/}"; \`
			`if [ -d "$CIRCUITS_PATH" ]; then \`
			`cp -R "${CIRCUITS_PATH}/." /opt/circuits; \`
			`else \`
			`cp "${CIRCUITS_PATH}" /opt/circuits/; \`
			`fi; \`
			`fi; \`
			`TARGET_ARCH="$(uname -m)"; \`
image: include KZG params file for EKS 2025-12-16 09:12:19 +01:00			`expect_arch() { \`
			`case "$1" in \`
			`x86_64) echo "x86-64\|x86_64" ;; \`
			`aarch64\|arm64) echo "arm64\|aarch64" ;; \`
			`*) echo "$1" ;; \`
			`esac; \`
			`}; \`
			`require_linux_execs=0; \`
			`check_linux_exec() { \`
			`local path="$1"; \`
			`if [ ! -f "$path" ]; then \`
			`return 0; \`
			`fi; \`
			`local info; \`
			`info="$(file -b "$path" 2>/dev/null \|\| true)"; \`
			`case "$info" in \`
			`ELF) : ;; \`
			`*) \`
			`echo "Circuits executable is not ELF: ${path} (${info}); forcing circuits download"; \`
			`require_linux_execs=1; \`
			`return 0; \`
			`;; \`
			`esac; \`
			`pattern="$(expect_arch "$TARGET_ARCH")"; \`
			`if [ -n "$pattern" ] && ! echo "$info" \| grep -Eqi "$pattern"; then \`
			`echo "Circuits executable arch mismatch: ${path} (${info}); forcing circuits download"; \`
			`require_linux_execs=1; \`
			`fi; \`
			`}; \`
			`check_linux_exec /opt/circuits/zksign/witness_generator; \`
			`check_linux_exec /opt/circuits/pol/witness_generator; \`
Initial import of Nomos testing framework 2025-12-01 12:48:39 +01:00			`if [ -f "/opt/circuits/prover" ]; then \`
image: include KZG params file for EKS 2025-12-16 09:12:19 +01:00			`PROVER_INFO="$(file -b /opt/circuits/prover \|\| true)"; \`
			`case "$TARGET_ARCH" in \`
			`x86_64) EXPECT_ARCH="x86-64" ;; \`
			`aarch64\|arm64) EXPECT_ARCH="aarch64" ;; \`
			`*) EXPECT_ARCH="$TARGET_ARCH" ;; \`
			`esac; \`
			`if [ -n "$PROVER_INFO" ] && ! echo "$PROVER_INFO" \| grep -qi "$EXPECT_ARCH"; then \`
			`echo "Circuits prover architecture ($PROVER_INFO) does not match target ${TARGET_ARCH}; rebuilding rapidsnark binaries"; \`
			`chmod +x scripts/build-rapidsnark.sh && \`
			`RAPIDSNARK_FORCE_REBUILD=1 \`
			`scripts/build-rapidsnark.sh /opt/circuits; \`
			`fi; \`
Initial import of Nomos testing framework 2025-12-01 12:48:39 +01:00			`fi; \`
image: include KZG params file for EKS 2025-12-16 09:12:19 +01:00			`if [ "$require_linux_execs" -eq 1 ] \|\| [ ! -f "/opt/circuits/pol/verification_key.json" ]; then \`
			`echo "Downloading ${VERSION} circuits bundle for ${CIRCUITS_PLATFORM}"; \`
Initial import of Nomos testing framework 2025-12-01 12:48:39 +01:00			`chmod +x scripts/setup-nomos-circuits.sh && \`
Pass circuits platform through compose builds and Dockerfile 2025-12-09 16:28:59 +01:00			`NOMOS_CIRCUITS_PLATFORM="${CIRCUITS_PLATFORM}" \`
Initial import of Nomos testing framework 2025-12-01 12:48:39 +01:00			`NOMOS_CIRCUITS_REBUILD_RAPIDSNARK=1 \`
			`RAPIDSNARK_BUILD_GMP=1 \`
			`scripts/setup-nomos-circuits.sh "$VERSION" "/opt/circuits"; \`
			`fi`

			`ENV NOMOS_CIRCUITS=/opt/circuits`
Share prebuilt nomos binaries between smoke jobs 2025-12-02 07:41:17 +01:00
Fix bundle cross-build + cfgsync config generation 2025-12-15 17:08:48 +01:00			`# Provide runtime binaries. Prefer prebuilt artifacts (when present) for speed;`
			`# otherwise build from source (or if prebuilt artifacts don't match the image`
			`# architecture).`
Align workflows and configs with latest nomos-node rev 2025-12-06 10:17:06 +01:00			`RUN set -eu; \`
			`mkdir -p /workspace/artifacts; \`
Fix bundle cross-build + cfgsync config generation 2025-12-15 17:08:48 +01:00			`TARGET_ARCH="$(uname -m)"; \`
			`expect_arch() { \`
			`case "$1" in \`
			`x86_64) echo "x86-64" ;; \`
			`aarch64\|arm64) echo "arm64" ;; \`
			`*) echo "$1" ;; \`
			`esac; \`
			`}; \`
			`have_prebuilt() { \`
			`[ -f testing-framework/assets/stack/bin/nomos-node ] && \`
			`[ -f testing-framework/assets/stack/bin/nomos-executor ] && \`
			`[ -f testing-framework/assets/stack/bin/nomos-cli ]; \`
			`}; \`
			`bin_matches_arch() { \`
			`BIN_INFO="$(file -b testing-framework/assets/stack/bin/nomos-node 2>/dev/null \|\| true)"; \`
			`case "$BIN_INFO" in \`
			`ELF);; \`
			`*) return 1 ;; \`
			`esac; \`
			`case "$TARGET_ARCH" in \`
			`x86_64) PATTERN="x86-64\|x86_64" ;; \`
			`aarch64\|arm64) PATTERN="arm64\|aarch64" ;; \`
			`*) PATTERN="$(expect_arch "$TARGET_ARCH")" ;; \`
			`esac; \`
			`[ -n "$BIN_INFO" ] && echo "$BIN_INFO" \| grep -Eqi "$PATTERN"; \`
			`}; \`
			`if have_prebuilt && bin_matches_arch; then \`
			`echo "Using prebuilt nomos binaries from testing-framework/assets/stack/bin"; \`
Align workflows and configs with latest nomos-node rev 2025-12-06 10:17:06 +01:00			`cp testing-framework/assets/stack/bin/nomos-node /workspace/artifacts/nomos-node; \`
			`cp testing-framework/assets/stack/bin/nomos-executor /workspace/artifacts/nomos-executor; \`
			`cp testing-framework/assets/stack/bin/nomos-cli /workspace/artifacts/nomos-cli; \`
			`else \`
Fix bundle cross-build + cfgsync config generation 2025-12-15 17:08:48 +01:00			`if have_prebuilt; then \`
			`echo "Prebuilt nomos binaries do not match target architecture (${TARGET_ARCH}); rebuilding from source"; \`
			`fi; \`
			`echo "Prebuilt nomos binaries missing or wrong architecture; building from source (rev ${NOMOS_NODE_REV})"; \`
			`git clone https://github.com/logos-co/nomos-node.git /tmp/nomos-node && \`
			`cd /tmp/nomos-node && \`
			`git fetch --depth 1 origin "${NOMOS_NODE_REV}" && \`
			`git checkout "${NOMOS_NODE_REV}" && \`
			`git reset --hard && git clean -fdx && \`
			`# Enable pol-dev-mode via cfg to let POL_PROOF_DEV_MODE short-circuit proofs in tests.`
			`RUSTFLAGS='--cfg feature="pol-dev-mode"' NOMOS_CIRCUITS=/opt/circuits cargo build --features "testing" \`
			`-p nomos-node -p nomos-executor -p nomos-cli; \`
			`cp /tmp/nomos-node/target/debug/nomos-node /workspace/artifacts/nomos-node; \`
			`cp /tmp/nomos-node/target/debug/nomos-executor /workspace/artifacts/nomos-executor; \`
			`cp /tmp/nomos-node/target/debug/nomos-cli /workspace/artifacts/nomos-cli; \`
			`rm -rf /tmp/nomos-node/target/debug/incremental; \`
Align workflows and configs with latest nomos-node rev 2025-12-06 10:17:06 +01:00			`fi`
Initial import of Nomos testing framework 2025-12-01 12:48:39 +01:00
Sync updates to docs, workloads, and monitoring 2025-12-13 05:59:28 +01:00			`# Strip local path patches so container builds use git sources.`
			`RUN sed -i '/^\[patch\.\"https:\/\/github.com\/logos-co\/nomos-node\"\]/,/^$/d' /workspace/Cargo.toml`

Initial import of Nomos testing framework 2025-12-01 12:48:39 +01:00			`# Build cfgsync binaries from this workspace.`
Build nomos-node without locked lockfile in CI 2025-12-02 05:12:47 +01:00			`RUN cargo build --all-features --manifest-path /workspace/testing-framework/tools/cfgsync/Cargo.toml --bins`
Share prebuilt nomos binaries between smoke jobs 2025-12-02 07:41:17 +01:00			`RUN cp /workspace/target/debug/cfgsync-server /workspace/artifacts/cfgsync-server && \`
			`cp /workspace/target/debug/cfgsync-client /workspace/artifacts/cfgsync-client && \`
			`rm -rf /workspace/target/debug/incremental`
Trim compose build disk usage 2025-12-02 06:01:34 +01:00
Initial import of Nomos testing framework 2025-12-01 12:48:39 +01:00			`# ===========================`
			`# NODE IMAGE`
			`# ===========================`

Use Ubuntu base for stack runtime 2025-12-06 14:41:41 +01:00			`FROM ubuntu:24.04`
Initial import of Nomos testing framework 2025-12-01 12:48:39 +01:00
			`ARG VERSION`

			`LABEL maintainer="augustinas@status.im" \`
			`source="https://github.com/logos-co/nomos-node" \`
			`description="Nomos node image"`

			`RUN apt-get update && apt-get install -yq \`
			`libstdc++6 \`
			`libgmp10 \`
			`libgomp1 \`
			`libssl3 \`
			`ca-certificates \`
			`&& rm -rf /var/lib/apt/lists/*`

			`COPY --from=builder /opt/circuits /opt/circuits`

k8s: support in-image KZG params for EKS 2025-12-16 08:19:56 +01:00			`# Provide a stable in-image location for the KZG test parameters so EKS runs do`
			`# not rely on hostPath volumes.`
image: include KZG params file for EKS 2025-12-16 09:12:19 +01:00			`COPY --from=builder /workspace/testing-framework/assets/stack/kzgrs_test_params/kzgrs_test_params /opt/nomos/kzg-params/kzgrs_test_params`
k8s: support in-image KZG params for EKS 2025-12-16 08:19:56 +01:00
Trim compose build disk usage 2025-12-02 06:01:34 +01:00			`COPY --from=builder /workspace/artifacts/nomos-node /usr/bin/nomos-node`
			`COPY --from=builder /workspace/artifacts/nomos-executor /usr/bin/nomos-executor`
			`COPY --from=builder /workspace/artifacts/nomos-cli /usr/bin/nomos-cli`
			`COPY --from=builder /workspace/artifacts/cfgsync-server /usr/bin/cfgsync-server`
			`COPY --from=builder /workspace/artifacts/cfgsync-client /usr/bin/cfgsync-client`
Initial import of Nomos testing framework 2025-12-01 12:48:39 +01:00
			`ENV NOMOS_CIRCUITS=/opt/circuits`

			`EXPOSE 3000 8080 9000 60000`

			`ENTRYPOINT ["/usr/bin/nomos-node"]`