ci: Slim down CI builder (#9339)

* ci: Slim down CI builder The CI builder image is downloaded many hundreds of times per day. The larger it is, the longer it takes for each CI executor to spin up which increases overall CI runtime. It also causes a significant amount of bandwidth costs from GCP Artifact Registry. This PR reduces the size of CI builder by moving the Rust toolchain to a dedicated builder image which will only be used with the jobs that require it. The Rust toolchain accounts for more than 50% of the size of the builder image. * add binutils * fix path * Update SVM * have to source bash first * bad copy * add back elf tools

ci: Slim down CI builder (#9339)
* ci: Slim down CI builder The CI builder image is downloaded many hundreds of times per day. The larger it is, the longer it takes for each CI executor to spin up which increases overall CI runtime. It also causes a significant amount of bandwidth costs from GCP Artifact Registry. This PR reduces the size of CI builder by moving the Rust toolchain to a dedicated builder image which will only be used with the jobs that require it. The Rust toolchain accounts for more than 50% of the size of the builder image. * add binutils * fix path * Update SVM * have to source bash first * bad copy * add back elf tools
7bed11c9 · Matthew Slipper · GitHub · 1ed50c44 · 7bed11c9 · 7bed11c9
Commit 7bed11c9 authored Feb 04, 2024 by Matthew Slipper Committed by GitHub Feb 04, 2024
5 changed files
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1505,9 +1505,6 @@ workflows:
          name: op-service-tests
          module: op-service
          requires: ["go-mod-download"]
-      - op-service-rethdb-tests:
-          requires:
-            - go-mod-download
      - go-e2e-test:
          name: op-e2e-HTTP-tests
          module: op-e2e
@@ -1565,7 +1562,6 @@ workflows:
            - op-e2e-fault-proof-tests
            - op-e2e-action-tests
            - op-e2e-ext-geth-tests
-            - op-service-rethdb-tests
      - docker-build: # just to warm up the cache (other jobs run in parallel)
          name: op-stack-go-docker-build
          docker_name: op-stack-go

--- a/.github/workflows/tag-service.yml
+++ b/.github/workflows/tag-service.yml
@@ -19,6 +19,7 @@ on:
        type: choice
        options:
          - ci-builder
+          - ci-builder-rust
          - indexer
          - op-heartbeat
          - chain-mon

--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -203,9 +203,18 @@ target "ci-builder" {
  dockerfile = "./ops/docker/ci-builder/Dockerfile"
  context = "."
  platforms = split(",", PLATFORMS)
+  target="base-builder"
  tags = [for tag in split(",", IMAGE_TAGS) : "${REGISTRY}/${REPOSITORY}/ci-builder:${tag}"]
 }
+target "ci-builder-rust" {
+  dockerfile = "./ops/docker/ci-builder/Dockerfile"
+  context = "."
+  platforms = split(",", PLATFORMS)
+  target="rust-builder"
+  tags = [for tag in split(",", IMAGE_TAGS) : "${REGISTRY}/${REPOSITORY}/ci-builder-rust:${tag}"]
+}
 target "contracts-bedrock" {
  dockerfile = "./ops/docker/Dockerfile.packages"
  context = "."

--- a/ops/docker/ci-builder/Dockerfile
+++ b/ops/docker/ci-builder/Dockerfile
@@ -28,15 +28,18 @@ COPY ./versions.json ./versions.json
 COPY ./ops/scripts/install-foundry.sh ./install-foundry.sh
 RUN curl -L https://foundry.paradigm.xyz | bash
-RUN source $HOME/.profile && ./install-foundry.sh
+RUN source $HOME/.profile && \
+    ./install-foundry.sh && \
+    cargo install svm-rs
 RUN strip /root/.foundry/bin/forge && \
  strip /root/.foundry/bin/cast && \
-  strip /root/.foundry/bin/anvil
+  strip /root/.foundry/bin/anvil && \
+  strip /root/.cargo/bin/svm
 FROM --platform=linux/amd64 debian:bullseye-slim as go-build
-RUN apt-get update && apt-get install -y curl ca-certificates jq
+RUN apt-get update && apt-get install -y curl ca-certificates jq binutils
 ENV GO_VERSION=1.21.1
@@ -56,16 +59,20 @@ RUN go install gotest.tools/gotestsum@latest
 RUN go install github.com/vektra/mockery/v2@v2.28.1
 RUN go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.2
-FROM --platform=linux/amd64 debian:bullseye-slim
+# Strip binaries to reduce size
+RUN strip /go/bin/gotestsum && \
+  strip /go/bin/mockery && \
+  strip /go/bin/golangci-lint && \
+  strip /go/bin/abigen && \
+  strip /go/bin/geth
+FROM --platform=linux/amd64 debian:bullseye-slim as base-builder
 ENV GOPATH=/go
 ENV PATH=/usr/local/go/bin:$GOPATH/bin:$PATH
 ENV PATH=/root/.cargo/bin:$PATH
 ENV DEBIAN_FRONTEND=noninteractive
-# Create rust directories for copying the installation into
-RUN mkdir /root/.cargo && mkdir /root/.cargo/bin && mkdir /root/.rustup
 # copy the go installation, but not the module cache (cache will get stale, and would add a lot of weight)
 COPY --from=go-build /usr/local/go /usr/local/go
@@ -76,14 +83,11 @@ COPY --from=go-build /go/bin/golangci-lint /go/bin/golangci-lint
 COPY --from=go-build /go/bin/abigen /usr/local/bin/abigen
 COPY --from=go-build /go/bin/geth /usr/local/bin/geth
-# copy the rust installation, alongside the installed toolchains
-COPY --from=rust-build /root/.cargo/bin /root/.cargo/bin
-COPY --from=rust-build /root/.rustup /root/.rustup
 # copy tools
 COPY --from=rust-build /root/.foundry/bin/forge /usr/local/bin/forge
 COPY --from=rust-build /root/.foundry/bin/cast /usr/local/bin/cast
 COPY --from=rust-build /root/.foundry/bin/anvil /usr/local/bin/anvil
+COPY --from=rust-build /root/.cargo/bin/svm /usr/local/bin/svm
 COPY .nvmrc .nvmrc
 COPY ./versions.json ./versions.json
@@ -92,7 +96,7 @@ ENV NODE_MAJOR=20
 RUN /bin/sh -c set -eux; \
  apt-get update; \
-  apt-get install -y --no-install-recommends bash curl openssh-client git build-essential pkg-config libssl-dev clang lld libclang-dev ca-certificates jq gnupg binutils-mips-linux-gnu python3 python3-pip; \
+  apt-get install -y --no-install-recommends bash curl openssh-client git build-essential ca-certificates jq gnupg binutils-mips-linux-gnu python3 python3-pip; \
  mkdir -p /etc/apt/keyrings; \
  curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg; \
  echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list; \
@@ -103,7 +107,7 @@ RUN /bin/sh -c set -eux; \
  apt-get install -y nodejs docker-ce-cli; \
  ln -s /usr/local/go/bin/gofmt /usr/local/bin/gofmt; \
  npm i -g depcheck; \
-  pip install slither-analyzer==$(jq -r .slither < versions.json) capstone pyelftools; \
+  pip install capstone pyelftools; \
  curl -fLSs https://raw.githubusercontent.com/CircleCI-Public/circleci-cli/master/install.sh | bash; \
  apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
  rm -rf /var/lib/apt/lists/*; \
@@ -138,3 +142,13 @@ ENV SHELL=/bin/bash
 ENV BASH=/bin/bash
 ENTRYPOINT ["/bin/bash", "-c"]
+FROM base-builder as rust-builder
+# Copy the rust installation, alongside the installed toolchains
+COPY --from=rust-build /root/.cargo /root/.cargo
+COPY --from=rust-build /root/.rustup /root/.rustup
+# copy the rust installation, alongside the installed toolchains
+COPY --from=rust-build /root/.cargo/bin /root/.cargo/bin
+COPY --from=rust-build /root/.rustup /root/.rustup
\ No newline at end of file
--- a/ops/tag-service/tag-service.py
+++ b/ops/tag-service/tag-service.py
@@ -11,6 +11,7 @@ import semver
 # Minimum version numbers for packages migrating from legacy versioning.
 MIN_VERSIONS = {
    'ci-builder': '0.6.0',
+    'ci-builder-rust': '0.1.0',
    'chain-mon': '0.2.2',
    'indexer': '0.5.0',
    'op-node': '0.10.14',