feat: use docker volumes instend of mounts for runtime data directories

docker-compose.override.yml

@@ -11,17 +11,17 @@ services:
     depends_on:
       - logos-blockchain-node-0
       - indexer_service
-    volumes: !override
-      - ./configs/docker-all-in-one/sequencer:/etc/sequencer_service
+    volumes:
+      - ./configs/docker-all-in-one/sequencer_config.json:/etc/sequencer_service/sequencer_config.json
 
   indexer_service:
     depends_on:
       - logos-blockchain-node-0
     volumes:
-      - ./configs/docker-all-in-one/indexer/indexer_config.json:/etc/indexer_service/indexer_config.json
+      - ./configs/docker-all-in-one/indexer_config.json:/etc/indexer_service/indexer_config.json
 
   explorer_service:
     depends_on:
       - indexer_service
     environment:
-      - INDEXER_RPC_URL=http://indexer_service:8779
+      - INDEXER_RPC_URL=http://indexer_service:8779

indexer/service/Dockerfile

@@ -65,15 +65,10 @@ RUN strip /indexer_service/target/release/indexer_service
 # Runtime stage - minimal image
 FROM debian:trixie-slim
 
-# Install runtime dependencies
-RUN apt-get update \
- && apt-get install -y gosu jq \
- && rm -rf /var/lib/apt/lists/*
-
 # Create non-root user for security
 RUN useradd -m -u 1000 -s /bin/bash indexer_service_user && \
-    mkdir -p /indexer_service /etc/indexer_service && \
-    chown -R indexer_service_user:indexer_service_user /indexer_service /etc/indexer_service
+    mkdir -p /indexer_service /etc/indexer_service /var/lib/indexer_service && \
+    chown -R indexer_service_user:indexer_service_user /indexer_service /etc/indexer_service /var/lib/indexer_service
 
 # Copy binary from builder
 COPY --from=builder --chown=indexer_service_user:indexer_service_user /indexer_service/target/release/indexer_service /usr/local/bin/indexer_service
@@ -84,9 +79,7 @@ COPY --from=builder --chown=indexer_service_user:indexer_service_user /usr/local
 # Copy logos blockchain circuits from builder
 COPY --from=builder --chown=indexer_service_user:indexer_service_user /root/.logos-blockchain-circuits /home/indexer_service_user/.logos-blockchain-circuits
 
-# Copy entrypoint script
-COPY indexer/service/docker-entrypoint.sh /docker-entrypoint.sh
-RUN chmod +x /docker-entrypoint.sh
+VOLUME /var/lib/indexer_service
 
 # Expose default port
 EXPOSE 8779
@@ -105,9 +98,7 @@ HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
 # Run the application
 ENV RUST_LOG=info
 
-USER root
-
-ENTRYPOINT ["/docker-entrypoint.sh"]
+USER indexer_service_user
 
 WORKDIR /indexer_service
 CMD ["indexer_service", "/etc/indexer_service/indexer_config.json"]

indexer/service/docker-compose.yml

@@ -10,5 +10,8 @@ services:
     volumes:
       # Mount configuration
       - ./configs/indexer_config.json:/etc/indexer_service/indexer_config.json
-      # Mount data folder
-      - ./data:/var/lib/indexer_service
+      # Mount data volume
+      - indexer_data:/var/lib/indexer_service
+
+volumes:
+  indexer_data:

indexer/service/docker-entrypoint.sh

@@ -1,29 +0,0 @@
-#!/bin/sh
-
-# This is an entrypoint script for the indexer_service Docker container,
-# it's not meant to be executed outside of the container.
-
-set -e
-
-CONFIG="/etc/indexer_service/indexer_config.json"
-
-# Check config file exists
-if [ ! -f "$CONFIG" ]; then
-  echo "Config file not found: $CONFIG" >&2
-  exit 1
-fi
-
-# Parse home dir
-HOME_DIR=$(jq -r '.home' "$CONFIG")
-
-if [ -z "$HOME_DIR" ] || [ "$HOME_DIR" = "null" ]; then
-  echo "'home' key missing in config" >&2
-  exit 1
-fi
-
-# Give permissions to the data directory and switch to non-root user
-if [ "$(id -u)" = "0" ]; then
-  mkdir -p "$HOME_DIR"
-  chown -R indexer_service_user:indexer_service_user "$HOME_DIR"
-  exec gosu indexer_service_user "$@"
-fi

sequencer/service/Dockerfile

@@ -26,7 +26,7 @@ RUN ARCH=$(uname -m); \
     else \
         echo "Using manual build for $ARCH"; \
         git clone --depth 1 --branch release-3.0 https://github.com/risc0/risc0.git; \
-        git clone --depth 1 --branch r0.1.94.0 https://github.com/risc0/rust.git; \
+        git clone --depth 1 --branch r0.1.91.0 https://github.com/risc0/rust.git; \
         cd /risc0; \
         cargo install --path rzup; \
         rzup build --path /rust rust --verbose; \
@@ -77,15 +77,10 @@ RUN strip /sequencer_service/target/release/sequencer_service
 # Runtime stage - minimal image
 FROM debian:trixie-slim
 
-# Install runtime dependencies
-RUN apt-get update \
- && apt-get install -y gosu jq \
- && rm -rf /var/lib/apt/lists/*
-
 # Create non-root user for security
 RUN useradd -m -u 1000 -s /bin/bash sequencer_user && \
-    mkdir -p /sequencer_service /etc/sequencer_service && \
-    chown -R sequencer_user:sequencer_user /sequencer_service /etc/sequencer_service
+    mkdir -p /sequencer_service /etc/sequencer_service /var/lib/sequencer_service && \
+    chown -R sequencer_user:sequencer_user /sequencer_service /etc/sequencer_service /var/lib/sequencer_service
 
 # Copy binary from builder
 COPY --from=builder --chown=sequencer_user:sequencer_user /sequencer_service/target/release/sequencer_service /usr/local/bin/sequencer_service
@@ -96,9 +91,7 @@ COPY --from=builder --chown=sequencer_user:sequencer_user /usr/local/bin/r0vm /u
 # Copy logos blockchain circuits from builder
 COPY --from=builder --chown=sequencer_user:sequencer_user /root/.logos-blockchain-circuits /home/sequencer_user/.logos-blockchain-circuits
 
-# Copy entrypoint script
-COPY sequencer/service/docker-entrypoint.sh /docker-entrypoint.sh
-RUN chmod +x /docker-entrypoint.sh
+VOLUME /var/lib/sequencer_service
 
 # Expose default port
 EXPOSE 3040
@@ -120,9 +113,7 @@ ENV RUST_LOG=info
 # Set explicit location for r0vm binary
 ENV RISC0_SERVER_PATH=/usr/local/bin/r0vm
 
-USER root
-
-ENTRYPOINT ["/docker-entrypoint.sh"]
+USER sequencer_user
 
 WORKDIR /sequencer_service
 CMD ["sequencer_service", "/etc/sequencer_service/sequencer_config.json"]

sequencer/service/docker-compose.yml

@@ -10,5 +10,8 @@ services:
     volumes:
       # Mount configuration file
       - ./configs/docker/sequencer_config.json:/etc/sequencer_service/sequencer_config.json
-      # Mount data folder
-      - ./data:/var/lib/sequencer_service
+      # Mount data volume
+      - sequencer_data:/var/lib/sequencer_service
+
+volumes:
+  sequencer_data:

sequencer/service/docker-entrypoint.sh

@@ -1,29 +0,0 @@
-#!/bin/sh
-
-# This is an entrypoint script for the sequencer_service Docker container,
-# it's not meant to be executed outside of the container.
-
-set -e
-
-CONFIG="/etc/sequencer/service/sequencer_config.json"
-
-# Check config file exists
-if [ ! -f "$CONFIG" ]; then
-  echo "Config file not found: $CONFIG" >&2
-  exit 1
-fi
-
-# Parse home dir
-HOME_DIR=$(jq -r '.home' "$CONFIG")
-
-if [ -z "$HOME_DIR" ] || [ "$HOME_DIR" = "null" ]; then
-  echo "'home' key missing in config" >&2
-  exit 1
-fi
-
-# Give permissions to the data directory and switch to non-root user
-if [ "$(id -u)" = "0" ]; then
-  mkdir -p "$HOME_DIR"
-  chown -R sequencer_user:sequencer_user "$HOME_DIR"
-  exec gosu sequencer_user "$@"
-fi