Skip to content

Add docker buildx bake and support for cmake #692

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Mar 17, 2025
Merged

Add docker buildx bake and support for cmake #692

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
cb6de6a
Use docker buildx bake to build images
willcl-ark Nov 19, 2024
0942822
patch to enable aarch64
willcl-ark Nov 21, 2024
79da159
add miniupnp-dev to v0.20.0
willcl-ark Nov 21, 2024
fadf038
image build: use cmake with docker buildx bake
danvergara Mar 6, 2025
92f7719
add docs on how to use load and push options
danvergara Mar 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
238 changes: 238 additions & 0 deletions docker-bake.hcl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,238 @@
group "all" {
targets = [
"bitcoin-28",
"bitcoin-27",
"bitcoin-26",
"v0-21-1",
"v0-20-0",
"v0-19-2",
"v0-17-0",
"v0-16-1",
"bitcoin-unknown-message",
"bitcoin-invalid-blocks",
"bitcoin-50-orphans",
"bitcoin-no-mp-trim",
"bitcoin-disabled-opcodes",
"bitcoin-5k-inv"
]
}

group "maintained" {
targets = [
"bitcoin-28",
"bitcoin-27",
"bitcoin-26"
]
}

group "practice" {
targets = [
"bitcoin-unknown-message",
"bitcoin-invalid-blocks",
"bitcoin-50-orphans",
"bitcoin-no-mp-trim",
"bitcoin-disabled-opcodes",
"bitcoin-5k-inv"
]
}

group "vulnerable" {
targets = [
"v0-21-1",
"v0-20-0",
"v0-19-2",
"v0-17-0",
"v0-16-1",
]
}

target "maintained-base" {
context = "./resources/images/bitcoin"
args = {
REPO = "bitcoin/bitcoin"
BUILD_ARGS = "--disable-tests --without-gui --disable-bench --disable-fuzz-binary --enable-suppress-external-warnings"
}
platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7"]
}

target "cmake-base" {
inherits = ["maintained-base"]
dockerfile = "./Dockerfile.dev"
args = {
BUILD_ARGS = "-DBUILD_TESTS=OFF -DBUILD_GUI=OFF -DBUILD_BENCH=OFF -DBUILD_FUZZ_BINARY=OFF -DWITH_ZMQ=ON"
}
Comment on lines +58 to +63
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this need amd and arm platforms?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh I suppose not because it inherits. Looks like they get built in parallel too which is awesome:

Screenshot 2025-03-11 at 9 36 21 AM

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it only rewrites what's needed for the cmake build, other than that, it inherits from the maintained-base target.

}

target "autogen-base" {
inherits = ["maintained-base"]
dockerfile = "./Dockerfile"
}

target "bitcoin-master" {
inherits = ["cmake-base"]
tags = ["bitcoindevproject/bitcoin:28.1"]
args = {
COMMIT_SHA = "bd0ee07310c3dcdd08633c69eac330e2e567b235"
}
}

target "bitcoin-28" {
inherits = ["autogen-base"]
tags = ["bitcoindevproject/bitcoin:28.0"]
args = {
COMMIT_SHA = "110183746150428e6385880c79f8c5733b1361ba"
}
}

target "bitcoin-27" {
inherits = ["autogen-base"]
tags = ["bitcoindevproject/bitcoin:27.2"]
args = {
COMMIT_SHA = "bf03c458e994abab9be85486ed8a6d8813313579"
}
}

target "bitcoin-26" {
inherits = ["autogen-base"]
tags = ["bitcoindevproject/bitcoin:26.2"]
args = {
COMMIT_SHA = "7b7041019ba5e7df7bde1416aa6916414a04f3db"
}
}

target "practice-base" {
dockerfile = "./Dockerfile"
context = "./resources/images/bitcoin/insecure"
contexts = {
bitcoin-src = "."
}
args = {
ALPINE_VERSION = "3.20"
BITCOIN_VERSION = "28.1.1"
EXTRA_PACKAGES = "sqlite-dev"
EXTRA_RUNTIME_PACKAGES = ""
REPO = "willcl-ark/bitcoin"
}
platforms = ["linux/amd64", "linux/armhf"]
}

target "bitcoin-unknown-message" {
inherits = ["practice-base"]
tags = ["bitcoindevproject/bitcoin:99.0.0-unknown-message"]
args = {
COMMIT_SHA = "ae999611026e941eca5c0b61f22012c3b3f3d8dc"
}
}

target "bitcoin-invalid-blocks" {
inherits = ["practice-base"]
tags = ["bitcoindevproject/bitcoin:98.0.0-invalid-blocks"]
args = {
COMMIT_SHA = "9713324368e5a966ec330389a533ae8ad7a0ea8f"
}
}

target "bitcoin-50-orphans" {
inherits = ["practice-base"]
tags = ["bitcoindevproject/bitcoin:97.0.0-50-orphans"]
args = {
COMMIT_SHA = "cbcb308eb29621c0db3a105e1a1c1788fb0dab6b"
}
}

target "bitcoin-no-mp-trim" {
inherits = ["practice-base"]
tags = ["bitcoindevproject/bitcoin:96.0.0-no-mp-trim"]
args = {
COMMIT_SHA = "a3a15a9a06dd541d1dafba068c00eedf07e1d5f8"
}
}

target "bitcoin-disabled-opcodes" {
inherits = ["practice-base"]
tags = ["bitcoindevproject/bitcoin:95.0.0-disabled-opcodes"]
args = {
COMMIT_SHA = "5bdb8c52a8612cac9aa928c84a499dd701542b2a"
}
}

target "bitcoin-5k-inv" {
inherits = ["practice-base"]
tags = ["bitcoindevproject/bitcoin:94.0.0-5k-inv"]
args = {
COMMIT_SHA = "e70e610e07eea3aeb0c49ae0bd9f4049ffc1b88c"
}
}

target "CVE-base" {
dockerfile = "./Dockerfile"
context = "./resources/images/bitcoin/insecure"
contexts = {
bitcoin-src = "."
}
platforms = ["linux/amd64", "linux/armhf"]
args = {
REPO = "josibake/bitcoin"
}
}

target "v0-16-1" {
inherits = ["CVE-base"]
tags = ["bitcoindevproject/bitcoin:0.16.1"]
args = {
ALPINE_VERSION = "3.7"
BITCOIN_VERSION = "0.16.1"
COMMIT_SHA = "dc94c00e58c60412a4e1a540abdf0b56093179e8"
EXTRA_PACKAGES = "protobuf-dev libressl-dev"
EXTRA_RUNTIME_PACKAGES = "boost boost-program_options libressl"
PRE_CONFIGURE_COMMANDS = "sed -i '/AC_PREREQ/a\\AR_FLAGS=cr' src/univalue/configure.ac && sed -i '/AX_PROG_CC_FOR_BUILD/a\\AR_FLAGS=cr' src/secp256k1/configure.ac && sed -i 's:sys/fcntl.h:fcntl.h:' src/compat.h"
}
}

target "v0-17-0" {
inherits = ["CVE-base"]
tags = ["bitcoindevproject/bitcoin:0.17.0"]
args = {
ALPINE_VERSION = "3.9"
BITCOIN_VERSION = "0.17.0"
COMMIT_SHA = "f6b2db49a707e7ad433d958aee25ce561c66521a"
EXTRA_PACKAGES = "protobuf-dev libressl-dev"
EXTRA_RUNTIME_PACKAGES = "boost boost-program_options libressl sqlite-dev"
}
}

target "v0-19-2" {
inherits = ["CVE-base"]
tags = ["bitcoindevproject/bitcoin:0.19.2"]
args = {
ALPINE_VERSION = "3.12.12"
BITCOIN_VERSION = "0.19.2"
COMMIT_SHA = "e20f83eb5466a7d68227af14a9d0cf66fb520ffc"
EXTRA_PACKAGES = "sqlite-dev libressl-dev"
EXTRA_RUNTIME_PACKAGES = "boost boost-program_options libressl sqlite-dev"
}
}

target "v0-20-0" {
inherits = ["CVE-base"]
tags = ["bitcoindevproject/bitcoin:0.20.0"]
args = {
ALPINE_VERSION = "3.12.12"
BITCOIN_VERSION = "0.20.0"
COMMIT_SHA = "0bbff8feff0acf1693dfe41184d9a4fd52001d3f"
EXTRA_PACKAGES = "sqlite-dev miniupnpc-dev"
EXTRA_RUNTIME_PACKAGES = "boost-filesystem miniupnpc-dev sqlite-dev"
}
}

target "v0-21-1" {
inherits = ["CVE-base"]
tags = ["bitcoindevproject/bitcoin:0.21.1"]
args = {
ALPINE_VERSION = "3.17"
BITCOIN_VERSION = "0.21.1"
COMMIT_SHA = "e0a22f14c15b4877ef6221f9ee2dfe510092d734"
EXTRA_PACKAGES = "sqlite-dev"
EXTRA_RUNTIME_PACKAGES = "boost-filesystem sqlite-dev"
}
}
31 changes: 31 additions & 0 deletions docs/developer-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,3 +72,34 @@ python3 -m build
# Upload to Pypi
python3 -m twine upload dist/*
```

## Building docker images

The Bitcoin Core docker images used by warnet are specified in the *docker-bake.hcl* file.
This uses the (experimental) `bake` build functionality of docker buildx.
We use [HCL language](https://github.com/hashicorp/hcl) in the declaration file itself.
See the `bake` [documentation](https://docs.docker.com/build/bake/) for more information on specifications, and how to e.g. override arguments.

In order to build (or "bake") a certain image, find the image's target (name) in the *docker-bake.hcl* file, and then run `docker buildx bake <target>`.

```bash
# build the dummy image that will crash on 5k invs
docker buildx bake bitcoin-5k-inv

# build the same image, but set platform to only linux/amd64
docker buildx bake bitcoin-5k-inv --set bitcoin-5k-inv.platform=linux/amd64
Comment on lines +86 to +90
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should also mention --load or --push ?

Or actually, see src/warnet/image_build.py I'm not sure if these explicit docker buildx commands are necessary because of that abstract command...?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some a few paragraphs on how to use those options.

```

To load the single-platform build result to `docker images`, run:

```bash
docker buildx bake --load bitcoin-5k-inv
```

Push the build result to a registry by running:

```bash
docker buildx bake --push bitcoin-5k-inv
```

It will automatically push the build result to registry.
80 changes: 80 additions & 0 deletions resources/images/bitcoin/Dockerfile.dev
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
# Setup deps stage
FROM alpine AS deps
ARG REPO
ARG COMMIT_SHA
ARG BUILD_ARGS

RUN --mount=type=cache,target=/var/cache/apk \
sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories \
&& apk --no-cache add \
cmake \
python3 \
boost-dev \
build-base \
chrpath \
file \
gnupg \
git \
libevent-dev \
libressl \
libtool \
linux-headers \
sqlite-dev \
zeromq-dev

COPY isroutable.patch /tmp/
COPY addrman.patch /tmp/


# Clone and patch and build stage
FROM deps AS build
ENV BITCOIN_PREFIX=/opt/bitcoin
WORKDIR /build

RUN set -ex \
&& cd /build \
&& git clone --depth 1 "https://github.com/${REPO}" \
&& cd bitcoin \
&& git fetch --depth 1 origin "$COMMIT_SHA" \
&& git checkout "$COMMIT_SHA" \
&& git apply /tmp/isroutable.patch \
&& git apply /tmp/addrman.patch \
&& sed -i s:sys/fcntl.h:fcntl.h: src/compat/compat.h \
&& cmake -B build \
-DCMAKE_INSTALL_PREFIX=${BITCOIN_PREFIX} \
${BUILD_ARGS} \
&& cmake --build build -j$(nproc) \
&& cmake --install build \
&& strip ${BITCOIN_PREFIX}/bin/bitcoin-cli \
&& strip ${BITCOIN_PREFIX}/bin/bitcoind \
&& rm -f ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.a \
&& rm -f ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.so.0.0.0

# Final clean stage
FROM alpine
ARG UID=100
ARG GID=101
ENV BITCOIN_DATA=/root/.bitcoin
ENV BITCOIN_PREFIX=/opt/bitcoin
ENV PATH=${BITCOIN_PREFIX}/bin:$PATH
LABEL maintainer.0="bitcoindevproject"

RUN addgroup bitcoin --gid ${GID} --system \
&& adduser --uid ${UID} --system bitcoin --ingroup bitcoin
RUN --mount=type=cache,target=/var/cache/apk sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories \
&& apk --no-cache add \
bash \
libevent \
libzmq \
shadow \
sqlite-dev \
su-exec

COPY --from=build /opt/bitcoin /usr/local
COPY entrypoint.sh /

VOLUME ["/home/bitcoin/.bitcoin"]
EXPOSE 8332 8333 18332 18333 18443 18444 38333 38332

ENTRYPOINT ["/entrypoint.sh"]
CMD ["bitcoind"]
7 changes: 6 additions & 1 deletion resources/images/bitcoin/insecure/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,12 @@ RUN mkdir -p ${BERKELEYDB_PREFIX}

WORKDIR /${BERKELEYDB_VERSION}/build_unix

RUN ../dist/configure --enable-cxx --disable-shared --with-pic --prefix=${BERKELEYDB_PREFIX}
ARG TARGETPLATFORM
RUN if [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
../dist/configure --enable-cxx --disable-shared --with-pic --prefix=${BERKELEYDB_PREFIX} --build=aarch64-unknown-linux-gnu; \
else \
../dist/configure --enable-cxx --disable-shared --with-pic --prefix=${BERKELEYDB_PREFIX}; \
fi
RUN make -j$(nproc)
RUN make install
RUN rm -rf ${BERKELEYDB_PREFIX}/docs
Expand Down
Loading
Loading