ci: slim down docker image size

.github/workflows/containers.yml

@@ -9,6 +9,7 @@ on:
     branches:
       - main
       - dev
+      - "hope/ci/*"
 
 env:
   REGISTRY: ghcr.io/${{ github.repository_owner }}

Dockerfile.file-exchange

@@ -1,12 +1,46 @@
-FROM rust:1.74-bookworm as build
-WORKDIR /root
-COPY . .
-RUN cargo build --release --bin file-exchange
+FROM rust:1-bullseye AS build-image
 
-########################################################################################
-
-FROM debian:bookworm-slim
-RUN apt-get update && apt-get install -y --no-install-recommends openssl ca-certificates \
+# Update and install necessary packages, including libc6-dev for libresolv
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        wget \
+        curl \
+        libpq-dev \
+        pkg-config \
+        libssl-dev \
+        clang \
+        build-essential \
+        libc6-dev \
+    && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
-COPY --from=build /root/target/release/file-exchange /usr/local/bin/
-ENTRYPOINT ["/usr/local/bin/file-exchange"]
+
+# Ensure CA certificates are installed
+RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates
+
+# Copy project files to the container
+COPY . /file-exchange
+WORKDIR /file-exchange
+
+# Set Rust flags to link against libresolv
+ENV RUSTFLAGS="-C link-arg=-lresolv"
+
+# Build the Rust project
+RUN cargo build --release -p file-exchange
+
+# Setup the runtime environment
+FROM alpine:3.17.3 as alpine
+RUN set -x \
+    && apk update \
+    && apk add --no-cache upx dumb-init
+COPY --from=build-image /file-exchange/target/release/file-exchange /file-exchange/target/release/file-exchange
+RUN upx --overlay=strip --best /file-exchange/target/release/file-exchange
+
+FROM gcr.io/distroless/cc AS runtime
+COPY --from=build-image /usr/share/zoneinfo /usr/share/zoneinfo
+COPY --from=build-image /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=build-image /etc/passwd /etc/passwd
+COPY --from=build-image /etc/group /etc/group
+COPY --from=alpine /usr/bin/dumb-init /usr/bin/dumb-init
+COPY --from=alpine "/file-exchange/target/release/file-exchange" "/usr/local/bin/file-exchange"
+COPY --from=busybox:1.35.0-uclibc /bin/sh /bin/sh
+ENTRYPOINT [ "/usr/bin/dumb-init", "--", "/usr/local/bin/file-exchange" ]

Dockerfile.file-service

@@ -1,13 +1,46 @@
-FROM rust:1.74-bookworm as build
-WORKDIR /root
-COPY . .
-ENV SQLX_OFFLINE=true
-RUN cargo build --release --bin file-service
-
-########################################################################################
-FROM debian:bookworm-slim
+FROM rust:1-bullseye AS build-image
+
+# Update and install necessary packages, including libc6-dev for libresolv
 RUN apt-get update \
-    && apt-get install -y --no-install-recommends openssl ca-certificates \
+    && apt-get install -y --no-install-recommends \
+        wget \
+        curl \
+        libpq-dev \
+        pkg-config \
+        libssl-dev \
+        clang \
+        build-essential \
+        libc6-dev \
+    && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
-COPY --from=build /root/target/release/file-service /usr/local/bin/
-ENTRYPOINT ["/usr/local/bin/file-service"]
+
+# Ensure CA certificates are installed
+RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates
+
+# Copy project files to the container
+COPY . /file-service
+WORKDIR /file-service
+
+# Set Rust flags to link against libresolv
+ENV RUSTFLAGS="-C link-arg=-lresolv"
+
+# Build the Rust project
+RUN cargo build --release -p file-service
+
+# Setup the runtime environment
+FROM alpine:3.17.3 as alpine
+RUN set -x \
+    && apk update \
+    && apk add --no-cache upx dumb-init
+COPY --from=build-image /file-service/target/release/file-service /file-service/target/release/file-service
+RUN upx --overlay=strip --best /file-service/target/release/file-service
+
+FROM gcr.io/distroless/cc AS runtime
+COPY --from=build-image /usr/share/zoneinfo /usr/share/zoneinfo
+COPY --from=build-image /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=build-image /etc/passwd /etc/passwd
+COPY --from=build-image /etc/group /etc/group
+COPY --from=alpine /usr/bin/dumb-init /usr/bin/dumb-init
+COPY --from=alpine "/file-service/target/release/file-service" "/usr/local/bin/file-service"
+COPY --from=busybox:1.35.0-uclibc /bin/sh /bin/sh
+ENTRYPOINT [ "/usr/bin/dumb-init", "--", "/usr/local/bin/file-service" ]

file-exchange/tests/test0.toml

@@ -1,8 +1,8 @@
 [server]
-bundles = ["QmeaPp764FjQjPB66M9ijmQKmLhwBpHQhA7dEbH2FA1j3v:"]
+initial_bundles = ["QmeaPp764FjQjPB66M9ijmQKmLhwBpHQhA7dEbH2FA1j3v:"]
 admin_auth_token = "slayyy"
 admin_host_and_port = "0.0.0.0:5664"
-price_per_byte = 1
+default_price_per_byte = 1
 ipfs_gateway = "https://ipfs.network.thegraph.com"
 log_format = "Full"
 [server.storage_method.LocalFiles]

file-exchange/tests/test1.toml

@@ -1,12 +1,12 @@
 [server]
-bundles = [
+initial_bundles = [
     "QmVPPWWaraEvoc4LCrYXtMbL13WPNbnuXV2yo7W8zexFGq:",
     "QmeD3dRVV6Gs84TRwiNj3tLt9mBEMVqy3GoWm7WN8oDzGz:",
     "QmTSwj1BGkkmVSnhw6uEGkcxGZvP5nq4pDhzHjwJvsQC2Z:"
 ]
 admin_auth_token = "kueen"
 admin_host_and_port = "0.0.0.0:5665"
-price_per_byte = 1
+default_price_per_byte = 1
 ipfs_gateway = "https://ipfs.network.thegraph.com"
 log_format = "Pretty"
 [server.storage_method.LocalFiles]

file-service/src/config.rs

@@ -32,12 +32,12 @@ pub struct ServerArgs {
     // Taking from config right now, later can read from DB table for managing server states
     #[arg(
         long,
-        value_name = "BUNDLES",
-        env = "BUNDLES",
+        value_name = "initial-bundles",
+        env = "INITIAL_BUNDLES",
         value_delimiter = ',',
-        help = "Comma separated list of IPFS hashes and shared prefix of files in the bundles (empty if just in main_directory) to serve upon start-up; format: [ipfs_hash:prefix]"
+        help = "Comma separated list of IPFS hashes and shared prefix of files in the bundles (empty if just in main_directory) to serve upon start-up; the list can be managed through the /admin API without service restart.\nformat: [ipfs_hash:prefix]"
     )]
-    pub bundles: Vec<String>,
+    pub initial_bundles: Vec<String>,
     #[clap(
         long,
         value_name = "admin-auth-token",
@@ -48,15 +48,15 @@ pub struct ServerArgs {
     //TODO: More complex price management
     #[arg(
         long,
-        value_name = "ADMIN_ADDR",
+        value_name = "admin-addr",
         default_value = "0.0.0.0/6700",
         env = "ADMIN_ADDR",
         help = "Expost Admin service at address with both host and port"
     )]
     pub admin_host_and_port: SocketAddr,
     #[arg(
         long,
-        value_name = "IPFS_GATEWAY_URL",
+        value_name = "ipfs-gateway-url",
         default_value = "https://ipfs.network.thegraph.com",
         env = "IPFS_GATEWAY_URL",
         help = "IPFS gateway to interact with"
@@ -66,7 +66,7 @@ pub struct ServerArgs {
     pub storage_method: StorageMethod,
     #[arg(
         long,
-        value_name = "LOG_FORMAT",
+        value_name = "log-format",
         env = "LOG_FORMAT",
         help = "Support logging formats: pretty, json, full, compact",
         long_help = "pretty: verbose and human readable; json: not verbose and parsable; compact:  not verbose and not parsable; full: verbose and not parsible",
@@ -76,12 +76,12 @@ pub struct ServerArgs {
     //TODO: More complex price management
     #[arg(
         long,
-        value_name = "PRICE_PER_BYTE",
+        value_name = "default-price-per-byte",
         default_value = "1",
-        env = "PRICE_PER_BYTE",
-        help = "Price per byte in GRT"
+        env = "DEFAULT_PRICE_PER_BYTE",
+        help = "Default price per byte in GRT"
     )]
-    pub price_per_byte: f64,
+    pub default_price_per_byte: f64,
 }
 
 #[derive(clap::ValueEnum, Clone, Debug, Serialize, Deserialize, Default)]

file-service/src/file_server/cost.rs

@@ -28,7 +28,7 @@ impl Query {
             .state
             .config
             .server
-            .price_per_byte;
+            .default_price_per_byte;
         let cost_models = deployments
             .into_iter()
             .map(|s| GraphQlCostModel {
@@ -60,7 +60,7 @@ impl Query {
                 .state
                 .config
                 .server
-                .price_per_byte;
+                .default_price_per_byte;
             GraphQlCostModel {
                 deployment,
                 price_per_byte: price,

file-service/src/file_server/mod.rs

@@ -91,7 +91,7 @@ pub async fn initialize_server_context(config: Config) -> Result<ServerContext,
     } else {
         IpfsClient::localhost()
     };
-    let bundle_entries = validate_bundle_entries(config.server.bundles.clone())?;
+    let bundle_entries = validate_bundle_entries(config.server.initial_bundles.clone())?;
     tracing::debug!(
         entries = tracing::field::debug(&bundle_entries),
         "Validated bundle entries"

template.toml

@@ -39,8 +39,8 @@ chain_id = 421614
 receipts_verifier_address = "0xfC24cE7a4428A6B89B52645243662A02BA734ECF"
 
 [server]
-bundles = ["QmHash00:./example-file/","QmHash01:BUNDLE_PATH"]
+initial_bundles = ["QmHash00:./example-file/","QmHash01:BUNDLE_PATH"]
 admin_auth_token = "kueen"
-price_per_byte = 1
+default_price_per_byte = 1
 ipfs_gateway = "https://ipfs.network.thegraph.com"
 log_format = "Pretty"