feat(ci-builder): Copy docker buildx for reproducible builds (#8913)

8ee5b220 · refcell.eth · GitHub · e9467522 · 8ee5b220 · 8ee5b220
Commit 8ee5b220 authored Jan 10, 2024 by refcell.eth Committed by GitHub Jan 10, 2024
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 3 deletions

Dockerfile ops/docker/ci-builder/Dockerfile +11 -3

Dockerfile.dockerignore ops/docker/ci-builder/Dockerfile.dockerignore +1 -0

No files found.
--- a/ops/docker/ci-builder/Dockerfile
+++ b/ops/docker/ci-builder/Dockerfile
+# Copy docker buildx in order to generate the absolute prestate
+# in the CI pipeline for reproducible fault proof builds
+FROM docker
+COPY --from=docker/buildx-bin /buildx /usr/libexec/docker/cli-plugins/docker-buildx
+RUN docker buildx version
+
 FROM --platform=linux/amd64 debian:bullseye-slim as rust-build

 SHELL ["/bin/bash", "-c"]
@@ -66,6 +72,7 @@ RUN mkdir /root/.cargo && mkdir /root/.cargo/bin && mkdir /root/.rustup

 # copy the go installation, but not the module cache (cache will get stale, and would add a lot of weight)
 COPY --from=go-build /usr/local/go /usr/local/go
+
 # copy tools
 COPY --from=go-build /go/bin/gotestsum /go/bin/gotestsum
 COPY --from=go-build /go/bin/mockery /go/bin/mockery
@@ -76,6 +83,7 @@ COPY --from=go-build /go/bin/geth /usr/local/bin/geth
 # copy the rust installation, alongside the installed toolchains
 COPY --from=rust-build /root/.cargo/bin /root/.cargo/bin
 COPY --from=rust-build /root/.rustup /root/.rustup
+
 # copy tools
 COPY --from=rust-build /root/.foundry/bin/forge /usr/local/bin/forge
 COPY --from=rust-build /root/.foundry/bin/cast /usr/local/bin/cast
@@ -83,10 +91,10 @@ COPY --from=rust-build /root/.foundry/bin/anvil /usr/local/bin/anvil

 COPY --from=echidna-test /usr/local/bin/echidna-test /usr/local/bin/echidna-test

+COPY ./.slitherrc ./.slitherrc
 COPY .nvmrc .nvmrc

 ENV NODE_MAJOR=20
-ENV SLITHER_VERSION=0.10.0

 # note: python3 package in apt is python 3.9, while base image already has python 3.11
 RUN /bin/sh -c set -eux; \
@@ -102,14 +110,13 @@ RUN /bin/sh -c set -eux; \
  apt-get install -y nodejs docker-ce-cli; \
  ln -s /usr/local/go/bin/gofmt /usr/local/bin/gofmt; \
  npm i -g depcheck; \
-  pip install slither-analyzer==$SLITHER_VERSION capstone pyelftools; \
+  pip install slither-analyzer==$(cat .slitherrc) capstone pyelftools; \
  curl -fLSs https://raw.githubusercontent.com/CircleCI-Public/circleci-cli/master/install.sh | bash; \
  apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
  rm -rf /var/lib/apt/lists/*; \
  rm -rf /root/.cache/pip; \
  rm -rf /root/.cache/npm;

-
 RUN npm i -g pnpm && npm i -g yarn@1 && pnpm --version && yarn --version

 RUN svm install 0.5.17 && \
@@ -129,6 +136,7 @@ RUN echo "downloading and verifying Codecov uploader" && \

 # within docker use bash
 SHELL ["/bin/bash", "-c"]
+
 # set env to use bash
 ENV SHELL=/bin/bash
 ENV BASH=/bin/bash

--- a/ops/docker/ci-builder/Dockerfile.dockerignore
+++ b/ops/docker/ci-builder/Dockerfile.dockerignore
@@ -3,4 +3,5 @@
 !/.abigenrc
 !/.gethrc
 !/.nvmrc
+!/.slitherrc
 !/ops/scripts/install-foundry.sh