chore: refresh of the substrate_builder image (#9808)

* chore: refresh of the substrate_builder image

fix #9715

* chore: renaming +  build script

* Fix spaces/tabs

* Add doc

* Remove non binary

* Update docker/substrate_builder.Dockerfile

Co-authored-by: Denis Pisarev <denis.pisarev@parity.io>

substrate/.dockerignore

@@ -4,3 +4,4 @@ doc
 Dockerfile
 .dockerignore
 .local
+.env*

substrate/.maintain/Dockerfile

@@ -1,59 +0,0 @@
-# Note: We don't use Alpine and its packaged Rust/Cargo because they're too often out of date,
-# preventing them from being used to build Substrate/Polkadot.
-
-FROM phusion/baseimage:0.11 as builder
-LABEL maintainer="chevdor@gmail.com"
-LABEL description="This is the build stage for Substrate. Here we create the binary."
-
-ENV DEBIAN_FRONTEND=noninteractive
-
-ARG PROFILE=release
-WORKDIR /substrate
-
-COPY . /substrate
-
-RUN apt-get update && \
-	apt-get dist-upgrade -y -o Dpkg::Options::="--force-confold" && \
-	apt-get install -y cmake pkg-config libssl-dev git clang
-
-RUN curl https://sh.rustup.rs -sSf | sh -s -- -y && \
-	export PATH="$PATH:$HOME/.cargo/bin" && \
-	rustup toolchain install nightly && \
-	rustup target add wasm32-unknown-unknown --toolchain nightly && \
-	rustup default stable && \
-	cargo build "--$PROFILE"
-
-# ===== SECOND STAGE ======
-
-FROM phusion/baseimage:0.11
-LABEL maintainer="chevdor@gmail.com"
-LABEL description="This is the 2nd stage: a very small image where we copy the Substrate binary."
-ARG PROFILE=release
-
-RUN mv /usr/share/ca* /tmp && \
-	rm -rf /usr/share/*  && \
-	mv /tmp/ca-certificates /usr/share/ && \
-	useradd -m -u 1000 -U -s /bin/sh -d /substrate substrate && \
-	mkdir -p /substrate/.local/share/substrate && \
-	chown -R substrate:substrate /substrate/.local && \
-	ln -s /substrate/.local/share/substrate /data
-
-COPY --from=builder /substrate/target/$PROFILE/substrate /usr/local/bin
-COPY --from=builder /substrate/target/$PROFILE/subkey /usr/local/bin
-COPY --from=builder /substrate/target/$PROFILE/node-rpc-client /usr/local/bin
-COPY --from=builder /substrate/target/$PROFILE/node-template /usr/local/bin
-COPY --from=builder /substrate/target/$PROFILE/chain-spec-builder /usr/local/bin
-
-# checks
-RUN ldd /usr/local/bin/substrate && \
-	/usr/local/bin/substrate --version
-
-# Shrinking
-RUN rm -rf /usr/lib/python* && \
-	rm -rf /usr/bin /usr/sbin /usr/share/man
-
-USER substrate
-EXPOSE 30333 9933 9944 9615
-VOLUME ["/data"]
-
-CMD ["/usr/local/bin/substrate"]

substrate/docker/README.md

@@ -0,0 +1,22 @@
+# Substrate Builder Docker Image
+
+The Docker image in this folder is a `builder` image. It is self contained and allow users to build the binaries themselves.
+There is no requirement on having Rust or any other toolchain installed but a working Docker environment.
+
+Unlike the `parity/polkadot` image which contains a single binary (`polkadot`!) used by default, the image in this folder builds and contains several binaries and you need to provide the name of the binary to be called.
+
+You should refer to the .Dockerfile for the actual list. At the time of editing, the list of included binaries is:
+
+- substrate
+- subkey
+- node-template
+- chain-spec-builder
+
+The image can be used by passing the selected binary followed by the appropriate tags for this binary.
+
+Your best guess to get started is to pass the `--help flag`. Here are a few examples:
+
+- `docker run --rm -it parity/substrate substrate --version`
+- `docker run --rm -it parity/substrate subkey --help`
+- `docker run --rm -it parity/substrate node-template --version`
+- `docker run --rm -it parity/substrate chain-spec-builder --help`

substrate/docker/build.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+set -e
+
+pushd .
+
+# The following line ensure we run from the project root
+PROJECT_ROOT=`git rev-parse --show-toplevel`
+cd $PROJECT_ROOT
+
+# Find the current version from Cargo.toml
+VERSION=`grep "^version" ./bin/node/cli/Cargo.toml | egrep -o "([0-9\.]+)"`
+GITUSER=parity
+GITREPO=substrate
+
+# Build the image
+echo "Building ${GITUSER}/${GITREPO}:latest docker image, hang on!"
+time docker build -f ./docker/substrate_builder.Dockerfile -t ${GITUSER}/${GITREPO}:latest .
+docker tag ${GITUSER}/${GITREPO}:latest ${GITUSER}/${GITREPO}:v${VERSION}
+
+# Show the list of available images for this repo
+echo "Image is ready"
+docker images | grep ${GITREPO}
+
+popd

substrate/docker/substrate_builder.Dockerfile

@@ -0,0 +1,35 @@
+# This is the build stage for Substrate. Here we create the binary.
+FROM docker.io/paritytech/ci-linux:production as builder
+
+WORKDIR /substrate
+COPY . /substrate
+RUN cargo build --locked --release
+
+# This is the 2nd stage: a very small image where we copy the Substrate binary."
+FROM docker.io/library/ubuntu:20.04
+LABEL description="Multistage Docker image for Substrate: a platform for web3" \
+	io.parity.image.type="builder" \
+	io.parity.image.authors="chevdor@gmail.com, devops-team@parity.io" \
+	io.parity.image.vendor="Parity Technologies" \
+	io.parity.image.description="Substrate is a next-generation framework for blockchain innovation 🚀" \
+	io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/docker/substrate_builder.Dockerfile" \
+	io.parity.image.documentation="https://github.com/paritytech/polkadot/"
+
+COPY --from=builder /substrate/target/release/substrate /usr/local/bin
+COPY --from=builder /substrate/target/release/subkey /usr/local/bin
+COPY --from=builder /substrate/target/release/node-template /usr/local/bin
+COPY --from=builder /substrate/target/release/chain-spec-builder /usr/local/bin
+
+RUN useradd -m -u 1000 -U -s /bin/sh -d /substrate substrate && \
+	mkdir -p /data /substrate/.local/share/substrate && \
+	chown -R substrate:substrate /data && \
+	ln -s /data /substrate/.local/share/substrate && \
+# unclutter and minimize the attack surface
+	rm -rf /usr/bin /usr/sbin && \
+# Sanity checks
+	ldd /usr/local/bin/substrate && \
+	/usr/local/bin/substrate --version
+
+USER substrate
+EXPOSE 30333 9933 9944 9615
+VOLUME ["/data"]