From 9ca1e9aea96d7213780056920b7d50e04343ac08 Mon Sep 17 00:00:00 2001
From: Guillermo Perez <guillermo@centrifuge.io>
Date: Sat, 16 Sep 2023 04:18:54 -0400
Subject: [PATCH] inject sccache in the docker image

---
 .dockerignore                         |  7 ++++
 .github/workflows/build-docker.yml    | 14 ++++++-
 ci/install-sccache-tarball.sh         | 45 ++++++++++++++++++++++
 docker/centrifuge-chain/.dockerignore |  5 ---
 docker/centrifuge-chain/Dockerfile    | 55 +++++++++++++++++----------
 5 files changed, 100 insertions(+), 26 deletions(-)
 create mode 100644 .dockerignore
 create mode 100644 ci/install-sccache-tarball.sh
 delete mode 100644 docker/centrifuge-chain/.dockerignore

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000000..50b1114787
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,7 @@
+**/target/
+.github/
+scripts/
+docker-compos
+.gitignore
+docker
+README.md
\ No newline at end of file
diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
index 6ca8c3383d..3d69fa745b 100644
--- a/.github/workflows/build-docker.yml
+++ b/.github/workflows/build-docker.yml
@@ -63,13 +63,25 @@ jobs:
             type=semver,pattern={{major}}
             type=edge
 
+      - name: Configure sccache
+        uses: actions/github-script@v6
+        with:
+          script: |
+            core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
+            core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || '');
+
       - name: Build and push centrifugeio/centrifuge-chain
         uses: docker/build-push-action@v5
         env:
-          FEATURES: ${{ matrix.target == 'test' && '"fast-runtime"' || '' }}
+          BUILDKIT_PROGRESS: plain
+          DOCKER_BUILDKIT: 1
         with:
           context: .
           file: ./docker/centrifuge-chain/Dockerfile
+          build-args: |
+            FEATURES=${{ matrix.target == 'test' && '"fast-runtime"' || '' }}
+            SCCACHE_GHA_ENABLED="true"
+            RUSTC_WRAPPER=sccache
           push: ${{ github.ref == '/refs/heads/main' && true || false }}
           tags: ${{ steps.meta.outputs.tags }}
           # Cache options:
diff --git a/ci/install-sccache-tarball.sh b/ci/install-sccache-tarball.sh
new file mode 100644
index 0000000000..e9f47a6f1b
--- /dev/null
+++ b/ci/install-sccache-tarball.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+# Used by centrifuge Linux Docker image docker/centrifuge-chain/Dockerfile
+set -eux
+# Define URLs and file names
+URL="https://github.com/mozilla/sccache/releases/download/v0.5.4/"
+TARBALL_URL="${URL}/sccache-v0.5.4-aarch64-unknown-linux-musl.tar.gz"
+CHECKSUM_URL="${URL}/sccache-v0.5.4-aarch64-unknown-linux-musl.tar.gz.sha256"
+TARBALL_FILENAME="sccache.tar.gz"
+CHECKSUM_FILENAME="sccache.sha256"
+
+# Define the target directory where you want to extract the binary
+TARGET_DIR="/usr/local/cargo/bin"
+
+# Download the tarball and checksum
+echo "Downloading tarball..."
+curl -L "$TARBALL_URL" -o "$TARBALL_FILENAME"
+
+echo "Downloading checksum..."
+curl -L "$CHECKSUM_URL" -o "$CHECKSUM_FILENAME"
+
+# Verify the checksum
+echo "Verifying checksum..."
+EXPECTED_SHA256=$(cat "$CHECKSUM_FILENAME" | awk '{print $1}')
+ACTUAL_SHA256=$(sha256sum "$TARBALL_FILENAME" | awk '{print $1}')
+
+if [ "$ACTUAL_SHA256" != "$EXPECTED_SHA256" ]; then
+  echo "Checksum verification failed. Aborting."
+  rm "$TARBALL_FILENAME" "$CHECKSUM_FILENAME"
+  exit 1
+fi
+
+# Extract the tarball
+echo "Extracting tarball..."
+mkdir sccache
+tar -vxzf sccache.tar.gz -C ./sccache/ --strip-components 1
+
+# Copy the sccache binary to the target directory
+echo "Copying sccache binary to $TARGET_DIR"
+cp "sccache/sccache" "$TARGET_DIR/"
+
+# Clean up downloaded files and extracted folder
+rm "$TARBALL_FILENAME" "$CHECKSUM_FILENAME"
+rm -rf "sccache"
+
+echo "Installation completed successfully."
diff --git a/docker/centrifuge-chain/.dockerignore b/docker/centrifuge-chain/.dockerignore
deleted file mode 100644
index 93c3c5d6db..0000000000
--- a/docker/centrifuge-chain/.dockerignore
+++ /dev/null
@@ -1,5 +0,0 @@
-**/target/
-ci/
-.github/
-scripts/
-docker-compose*
\ No newline at end of file
diff --git a/docker/centrifuge-chain/Dockerfile b/docker/centrifuge-chain/Dockerfile
index 8c604f6a08..3bdcb82ab6 100644
--- a/docker/centrifuge-chain/Dockerfile
+++ b/docker/centrifuge-chain/Dockerfile
@@ -2,13 +2,11 @@
 # https://github.com/paritytech/polkadot-sdk/blob/master/docker/dockerfiles/polkadot/polkadot_injected_release.Dockerfile
 
 # ToDo: create a CI/builder image with preloaded tools
-FROM docker.io/library/ubuntu:22.04 as builder
+FROM --platform=linux/amd64 docker.io/library/ubuntu:22.04 as builder
 
 	# Defaults
 	ENV RUST_BACKTRACE 1
 	ENV DEBIAN_FRONTEND=noninteractive
-	ARG FEATURES=""
-	ARG RUST_TOOLCHAIN="1.66"
 	
 	RUN apt-get update && \
 		# apt-get dist-upgrade -y -o Dpkg::Options::="--force-confold" && \
@@ -21,26 +19,40 @@ FROM docker.io/library/ubuntu:22.04 as builder
 			libclang-dev \
 			protobuf-compiler \
 			curl
-	
-	RUN curl https://sh.rustup.rs -sSf | sh -s -- -y
-	ENV PATH="${PATH}:/root/.cargo/bin"
-	
+
+	ENV RUSTUP_HOME=/usr/local/rustup \
+		CARGO_HOME=/usr/local/cargo \
+		PATH=/usr/local/cargo/bin:$PATH 
+# install rustup, use minimum components
+    RUN curl -L "https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init" \
+        -o rustup-init; \
+		chmod +x rustup-init; \
+		./rustup-init -y --no-modify-path --profile minimal --default-toolchain stable; \
+		rm rustup-init; 
+# install sccache		
+	COPY ./ci/install-sccache-tarball.sh ./
+	RUN chmod +x install-sccache-tarball.sh && \
+		./install-sccache-tarball.sh 
+
 	# BUILD
-	COPY . centrifuge-chain
-	WORKDIR /centrifuge-chain
-	RUN echo $(ls -l /centrifuge-chain/)
-	RUN \
-		rustup-init -y --profile minimal --default-toolchain stable; \
-		cargo install sccache;
-	
+	ARG FEATURES=""
+	ARG RUST_TOOLCHAIN="1.66"
+	ARG RUSTC_WRAPPER=sccache
+	ARG SCCACHE_GHA_ENABLED="false"	
+
 	RUN	rustup default $RUST_TOOLCHAIN && \
 		rustup target add wasm32-unknown-unknown --toolchain $RUST_TOOLCHAIN
-	
-	# RUN cargo build "--release" --features=${FEATURES}
+
+	RUN echo $(sccache --show-stats)
+	COPY . centrifuge-chain
+	WORKDIR /centrifuge-chain	
+	RUN --mount=type=cache,target=/root/.cache/sccache \
+		cargo build "--release" --features=${FEATURES}
+	RUN sccache --show-stats
 
 # ===== SECOND STAGE ======
 # ToDo: create a secure image as a base for the binary
-FROM docker.io/library/ubuntu:22.04
+FROM --platform=linux/amd64 docker.io/library/ubuntu:22.04
 
 	LABEL io.centrifuge.image.authors="guillermo@k-f.co" \
 		io.centrifuge.image.vendor="Centrifuge" \
@@ -67,13 +79,16 @@ FROM docker.io/library/ubuntu:22.04
 	# RUN mv /usr/share/ca* /tmp && \
 	# 	rm -rf /usr/share/*  && \
 	# 	mv /tmp/ca-certificates /usr/share/
+
   # minimize the attack surface
-		# rm -rf /usr/bin /usr/sbin /usr/lib/python* && \
+	# RUN rm -rf /usr/bin /usr/sbin /usr/lib/python*
+	
+	RUN apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/* ;
 	RUN	mkdir -p /root/.local/share/centrifuge-chain && \
 		ln -s /root/.local/share/centrifuge-chain /data 
 	
-
-
+	
+ENV RUST_BACKTRACE 1
 USER centrifuge
 EXPOSE 30333 9933 9944
 VOLUME ["/data"]