From c5950bd08add30294988b9aabb57b68d20a20028 Mon Sep 17 00:00:00 2001 From: Daniil Polyakov Date: Fri, 20 Mar 2026 03:07:04 +0300 Subject: [PATCH 1/2] feat: use docker volumes instend of mounts for runtime data directories --- .../{indexer => }/indexer_config.json | 0 .../{sequencer => }/sequencer_config.json | 0 docker-compose.override.yml | 8 ++--- indexer/service/Dockerfile | 17 +++-------- indexer/service/docker-compose.yml | 7 +++-- indexer/service/docker-entrypoint.sh | 29 ------------------- sequencer/service/Dockerfile | 19 ++++-------- sequencer/service/docker-compose.yml | 7 +++-- sequencer/service/docker-entrypoint.sh | 29 ------------------- 9 files changed, 23 insertions(+), 93 deletions(-) rename configs/docker-all-in-one/{indexer => }/indexer_config.json (100%) rename configs/docker-all-in-one/{sequencer => }/sequencer_config.json (100%) delete mode 100644 indexer/service/docker-entrypoint.sh delete mode 100644 sequencer/service/docker-entrypoint.sh diff --git a/configs/docker-all-in-one/indexer/indexer_config.json b/configs/docker-all-in-one/indexer_config.json similarity index 100% rename from configs/docker-all-in-one/indexer/indexer_config.json rename to configs/docker-all-in-one/indexer_config.json diff --git a/configs/docker-all-in-one/sequencer/sequencer_config.json b/configs/docker-all-in-one/sequencer_config.json similarity index 100% rename from configs/docker-all-in-one/sequencer/sequencer_config.json rename to configs/docker-all-in-one/sequencer_config.json diff --git a/docker-compose.override.yml b/docker-compose.override.yml index af70ddd6..db955b23 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -11,17 +11,17 @@ services: depends_on: - logos-blockchain-node-0 - indexer_service - volumes: !override - - ./configs/docker-all-in-one/sequencer:/etc/sequencer_service + volumes: + - ./configs/docker-all-in-one/sequencer_config.json:/etc/sequencer_service/sequencer_config.json indexer_service: depends_on: - logos-blockchain-node-0 volumes: - - ./configs/docker-all-in-one/indexer/indexer_config.json:/etc/indexer_service/indexer_config.json + - ./configs/docker-all-in-one/indexer_config.json:/etc/indexer_service/indexer_config.json explorer_service: depends_on: - indexer_service environment: - - INDEXER_RPC_URL=http://indexer_service:8779 \ No newline at end of file + - INDEXER_RPC_URL=http://indexer_service:8779 diff --git a/indexer/service/Dockerfile b/indexer/service/Dockerfile index bb93c2f2..2b78103e 100644 --- a/indexer/service/Dockerfile +++ b/indexer/service/Dockerfile @@ -65,15 +65,10 @@ RUN strip /indexer_service/target/release/indexer_service # Runtime stage - minimal image FROM debian:trixie-slim -# Install runtime dependencies -RUN apt-get update \ - && apt-get install -y gosu jq \ - && rm -rf /var/lib/apt/lists/* - # Create non-root user for security RUN useradd -m -u 1000 -s /bin/bash indexer_service_user && \ - mkdir -p /indexer_service /etc/indexer_service && \ - chown -R indexer_service_user:indexer_service_user /indexer_service /etc/indexer_service + mkdir -p /indexer_service /etc/indexer_service /var/lib/indexer_service && \ + chown -R indexer_service_user:indexer_service_user /indexer_service /etc/indexer_service /var/lib/indexer_service # Copy binary from builder COPY --from=builder --chown=indexer_service_user:indexer_service_user /indexer_service/target/release/indexer_service /usr/local/bin/indexer_service @@ -84,9 +79,7 @@ COPY --from=builder --chown=indexer_service_user:indexer_service_user /usr/local # Copy logos blockchain circuits from builder COPY --from=builder --chown=indexer_service_user:indexer_service_user /root/.logos-blockchain-circuits /home/indexer_service_user/.logos-blockchain-circuits -# Copy entrypoint script -COPY indexer/service/docker-entrypoint.sh /docker-entrypoint.sh -RUN chmod +x /docker-entrypoint.sh +VOLUME /var/lib/indexer_service # Expose default port EXPOSE 8779 @@ -105,9 +98,7 @@ HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ # Run the application ENV RUST_LOG=info -USER root - -ENTRYPOINT ["/docker-entrypoint.sh"] +USER indexer_service_user WORKDIR /indexer_service CMD ["indexer_service", "/etc/indexer_service/indexer_config.json"] diff --git a/indexer/service/docker-compose.yml b/indexer/service/docker-compose.yml index 73ac90ae..b690a180 100644 --- a/indexer/service/docker-compose.yml +++ b/indexer/service/docker-compose.yml @@ -10,5 +10,8 @@ services: volumes: # Mount configuration - ./configs/indexer_config.json:/etc/indexer_service/indexer_config.json - # Mount data folder - - ./data:/var/lib/indexer_service + # Mount data volume + - indexer_data:/var/lib/indexer_service + +volumes: + indexer_data: diff --git a/indexer/service/docker-entrypoint.sh b/indexer/service/docker-entrypoint.sh deleted file mode 100644 index 49a5f891..00000000 --- a/indexer/service/docker-entrypoint.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh - -# This is an entrypoint script for the indexer_service Docker container, -# it's not meant to be executed outside of the container. - -set -e - -CONFIG="/etc/indexer_service/indexer_config.json" - -# Check config file exists -if [ ! -f "$CONFIG" ]; then - echo "Config file not found: $CONFIG" >&2 - exit 1 -fi - -# Parse home dir -HOME_DIR=$(jq -r '.home' "$CONFIG") - -if [ -z "$HOME_DIR" ] || [ "$HOME_DIR" = "null" ]; then - echo "'home' key missing in config" >&2 - exit 1 -fi - -# Give permissions to the data directory and switch to non-root user -if [ "$(id -u)" = "0" ]; then - mkdir -p "$HOME_DIR" - chown -R indexer_service_user:indexer_service_user "$HOME_DIR" - exec gosu indexer_service_user "$@" -fi diff --git a/sequencer/service/Dockerfile b/sequencer/service/Dockerfile index 414d4889..52c9bd9b 100644 --- a/sequencer/service/Dockerfile +++ b/sequencer/service/Dockerfile @@ -26,7 +26,7 @@ RUN ARCH=$(uname -m); \ else \ echo "Using manual build for $ARCH"; \ git clone --depth 1 --branch release-3.0 https://github.com/risc0/risc0.git; \ - git clone --depth 1 --branch r0.1.94.0 https://github.com/risc0/rust.git; \ + git clone --depth 1 --branch r0.1.91.0 https://github.com/risc0/rust.git; \ cd /risc0; \ cargo install --path rzup; \ rzup build --path /rust rust --verbose; \ @@ -77,15 +77,10 @@ RUN strip /sequencer_service/target/release/sequencer_service # Runtime stage - minimal image FROM debian:trixie-slim -# Install runtime dependencies -RUN apt-get update \ - && apt-get install -y gosu jq \ - && rm -rf /var/lib/apt/lists/* - # Create non-root user for security RUN useradd -m -u 1000 -s /bin/bash sequencer_user && \ - mkdir -p /sequencer_service /etc/sequencer_service && \ - chown -R sequencer_user:sequencer_user /sequencer_service /etc/sequencer_service + mkdir -p /sequencer_service /etc/sequencer_service /var/lib/sequencer_service && \ + chown -R sequencer_user:sequencer_user /sequencer_service /etc/sequencer_service /var/lib/sequencer_service # Copy binary from builder COPY --from=builder --chown=sequencer_user:sequencer_user /sequencer_service/target/release/sequencer_service /usr/local/bin/sequencer_service @@ -96,9 +91,7 @@ COPY --from=builder --chown=sequencer_user:sequencer_user /usr/local/bin/r0vm /u # Copy logos blockchain circuits from builder COPY --from=builder --chown=sequencer_user:sequencer_user /root/.logos-blockchain-circuits /home/sequencer_user/.logos-blockchain-circuits -# Copy entrypoint script -COPY sequencer/service/docker-entrypoint.sh /docker-entrypoint.sh -RUN chmod +x /docker-entrypoint.sh +VOLUME /var/lib/sequencer_service # Expose default port EXPOSE 3040 @@ -120,9 +113,7 @@ ENV RUST_LOG=info # Set explicit location for r0vm binary ENV RISC0_SERVER_PATH=/usr/local/bin/r0vm -USER root - -ENTRYPOINT ["/docker-entrypoint.sh"] +USER sequencer_user WORKDIR /sequencer_service CMD ["sequencer_service", "/etc/sequencer_service/sequencer_config.json"] diff --git a/sequencer/service/docker-compose.yml b/sequencer/service/docker-compose.yml index 81520e7b..cede8143 100644 --- a/sequencer/service/docker-compose.yml +++ b/sequencer/service/docker-compose.yml @@ -10,5 +10,8 @@ services: volumes: # Mount configuration file - ./configs/docker/sequencer_config.json:/etc/sequencer_service/sequencer_config.json - # Mount data folder - - ./data:/var/lib/sequencer_service + # Mount data volume + - sequencer_data:/var/lib/sequencer_service + +volumes: + sequencer_data: diff --git a/sequencer/service/docker-entrypoint.sh b/sequencer/service/docker-entrypoint.sh deleted file mode 100644 index 131c83e6..00000000 --- a/sequencer/service/docker-entrypoint.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh - -# This is an entrypoint script for the sequencer_service Docker container, -# it's not meant to be executed outside of the container. - -set -e - -CONFIG="/etc/sequencer/service/sequencer_config.json" - -# Check config file exists -if [ ! -f "$CONFIG" ]; then - echo "Config file not found: $CONFIG" >&2 - exit 1 -fi - -# Parse home dir -HOME_DIR=$(jq -r '.home' "$CONFIG") - -if [ -z "$HOME_DIR" ] || [ "$HOME_DIR" = "null" ]; then - echo "'home' key missing in config" >&2 - exit 1 -fi - -# Give permissions to the data directory and switch to non-root user -if [ "$(id -u)" = "0" ]; then - mkdir -p "$HOME_DIR" - chown -R sequencer_user:sequencer_user "$HOME_DIR" - exec gosu sequencer_user "$@" -fi From f9071d492cf8d44e0794c60b8d4965721e366128 Mon Sep 17 00:00:00 2001 From: Daniil Polyakov Date: Fri, 20 Mar 2026 18:39:58 +0300 Subject: [PATCH 2/2] feat: cache rust builds in docker to speed up subsequent builds --- .dockerignore | 15 ++++++++++++--- explorer_service/Dockerfile | 12 +++++++++--- indexer/service/Dockerfile | 21 ++++++++++++++------- sequencer/service/Dockerfile | 23 +++++++++++++++-------- 4 files changed, 50 insertions(+), 21 deletions(-) diff --git a/.dockerignore b/.dockerignore index 0fbe460c..11f1a350 100644 --- a/.dockerignore +++ b/.dockerignore @@ -26,11 +26,20 @@ Thumbs.db ci_scripts/ # Documentation +docs/ *.md !README.md -# Configs (copy selectively if needed) +# Non-build project files +completions/ configs/ - -# License +Justfile +clippy.toml +rustfmt.toml +flake.nix +flake.lock LICENSE + +# Docker compose files (not needed inside build) +docker-compose*.yml +**/docker-compose*.yml diff --git a/explorer_service/Dockerfile b/explorer_service/Dockerfile index 238e77e6..6484619f 100644 --- a/explorer_service/Dockerfile +++ b/explorer_service/Dockerfile @@ -22,7 +22,13 @@ WORKDIR /explorer_service COPY . . # Build the app -RUN cargo leptos build --release -vv +RUN --mount=type=cache,target=/usr/local/cargo/registry/index \ + --mount=type=cache,target=/usr/local/cargo/registry/cache \ + --mount=type=cache,target=/usr/local/cargo/git \ + --mount=type=cache,target=/explorer_service/target \ + cargo leptos build --release -vv \ + && cp /explorer_service/target/release/explorer_service /usr/local/bin/explorer_service \ + && cp -r /explorer_service/target/site /explorer_service/site_output FROM debian:trixie-slim AS runtime WORKDIR /explorer_service @@ -33,10 +39,10 @@ RUN apt-get update -y \ && rm -rf /var/lib/apt/lists/* # Copy the server binary to the /explorer_service directory -COPY --from=builder /explorer_service/target/release/explorer_service /explorer_service/ +COPY --from=builder /usr/local/bin/explorer_service /explorer_service/ # /target/site contains our JS/WASM/CSS, etc. -COPY --from=builder /explorer_service/target/site /explorer_service/site +COPY --from=builder /explorer_service/site_output /explorer_service/site # Copy Cargo.toml as it’s needed at runtime COPY --from=builder /explorer_service/Cargo.toml /explorer_service/ diff --git a/indexer/service/Dockerfile b/indexer/service/Dockerfile index 2b78103e..cc7087bb 100644 --- a/indexer/service/Dockerfile +++ b/indexer/service/Dockerfile @@ -51,16 +51,23 @@ RUN cargo chef prepare --bin indexer_service --recipe-path recipe.json FROM chef AS builder COPY --from=planner /indexer_service/recipe.json recipe.json # Build dependencies only (this layer will be cached) -RUN cargo chef cook --bin indexer_service --release --recipe-path recipe.json +RUN --mount=type=cache,target=/usr/local/cargo/registry/index \ + --mount=type=cache,target=/usr/local/cargo/registry/cache \ + --mount=type=cache,target=/usr/local/cargo/git \ + --mount=type=cache,target=/indexer_service/target \ + cargo chef cook --bin indexer_service --release --recipe-path recipe.json # Copy source code COPY . . -# Build the actual application -RUN cargo build --release --bin indexer_service - -# Strip debug symbols to reduce binary size -RUN strip /indexer_service/target/release/indexer_service +# Build the actual application and copy the binary out of the cache mount +RUN --mount=type=cache,target=/usr/local/cargo/registry/index \ + --mount=type=cache,target=/usr/local/cargo/registry/cache \ + --mount=type=cache,target=/usr/local/cargo/git \ + --mount=type=cache,target=/indexer_service/target \ + cargo build --release --bin indexer_service \ + && strip /indexer_service/target/release/indexer_service \ + && cp /indexer_service/target/release/indexer_service /usr/local/bin/indexer_service # Runtime stage - minimal image FROM debian:trixie-slim @@ -71,7 +78,7 @@ RUN useradd -m -u 1000 -s /bin/bash indexer_service_user && \ chown -R indexer_service_user:indexer_service_user /indexer_service /etc/indexer_service /var/lib/indexer_service # Copy binary from builder -COPY --from=builder --chown=indexer_service_user:indexer_service_user /indexer_service/target/release/indexer_service /usr/local/bin/indexer_service +COPY --from=builder --chown=indexer_service_user:indexer_service_user /usr/local/bin/indexer_service /usr/local/bin/indexer_service # Copy r0vm binary from builder COPY --from=builder --chown=indexer_service_user:indexer_service_user /usr/local/bin/r0vm /usr/local/bin/r0vm diff --git a/sequencer/service/Dockerfile b/sequencer/service/Dockerfile index 52c9bd9b..10641e9a 100644 --- a/sequencer/service/Dockerfile +++ b/sequencer/service/Dockerfile @@ -55,7 +55,11 @@ FROM chef AS builder ARG STANDALONE COPY --from=planner /sequencer_service/recipe.json recipe.json # Build dependencies only (this layer will be cached) -RUN if [ "$STANDALONE" = "true" ]; then \ +RUN --mount=type=cache,target=/usr/local/cargo/registry/index \ + --mount=type=cache,target=/usr/local/cargo/registry/cache \ + --mount=type=cache,target=/usr/local/cargo/git \ + --mount=type=cache,target=/sequencer_service/target \ + if [ "$STANDALONE" = "true" ]; then \ cargo chef cook --bin sequencer_service --features standalone --release --recipe-path recipe.json; \ else \ cargo chef cook --bin sequencer_service --release --recipe-path recipe.json; \ @@ -64,15 +68,18 @@ RUN if [ "$STANDALONE" = "true" ]; then \ # Copy source code COPY . . -# Build the actual application -RUN if [ "$STANDALONE" = "true" ]; then \ +# Build the actual application and copy the binary out of the cache mount +RUN --mount=type=cache,target=/usr/local/cargo/registry/index \ + --mount=type=cache,target=/usr/local/cargo/registry/cache \ + --mount=type=cache,target=/usr/local/cargo/git \ + --mount=type=cache,target=/sequencer_service/target \ + if [ "$STANDALONE" = "true" ]; then \ cargo build --release --features standalone --bin sequencer_service; \ else \ cargo build --release --bin sequencer_service; \ - fi - -# Strip debug symbols to reduce binary size -RUN strip /sequencer_service/target/release/sequencer_service + fi \ + && strip /sequencer_service/target/release/sequencer_service \ + && cp /sequencer_service/target/release/sequencer_service /usr/local/bin/sequencer_service # Runtime stage - minimal image FROM debian:trixie-slim @@ -83,7 +90,7 @@ RUN useradd -m -u 1000 -s /bin/bash sequencer_user && \ chown -R sequencer_user:sequencer_user /sequencer_service /etc/sequencer_service /var/lib/sequencer_service # Copy binary from builder -COPY --from=builder --chown=sequencer_user:sequencer_user /sequencer_service/target/release/sequencer_service /usr/local/bin/sequencer_service +COPY --from=builder --chown=sequencer_user:sequencer_user /usr/local/bin/sequencer_service /usr/local/bin/sequencer_service # Copy r0vm binary from builder COPY --from=builder --chown=sequencer_user:sequencer_user /usr/local/bin/r0vm /usr/local/bin/r0vm