basic dockerfiles and docker compose (#50)

austinabell · web-flow · commit 70ca1ddc9487 · 2024-10-01T10:49:45.000-04:00
* basic docker compose for dev and prod

* clean up dockerfiles

* Implement feature to use pre-built docker ELF

* update control ID for g16 verifier

* Add docs for docker builds and add sanity check

* rebuild contract

* remove whitespace

* fmt
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,9 @@
+.DS_Store
+target/
+.env
+
+contracts/cache
+dockerfiles
+
+# Docker build ignored, to allow overriding the dockerized service with the deterministic build.
+!target/riscv-guest/riscv32im-risc0-zkvm-elf/docker/light_client_guest/light-client-guest
diff --git a/.env.local b/.env.local
@@ -2,7 +2,7 @@ RISC0_DEV_MODE=true
 RUST_LOG=blobstream0=debug,info
 
 ETH_RPC=http://127.0.0.1:8545
-ETH_ADDRESS=0xe7f1725E7734CE288F8367e1Bb143E90bb3F0512
+ETH_ADDRESS=0x9fE46736679d2D9a65F0992F2272dE9f3c7fa6e0
 PRIVATE_KEY_HEX=0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80
 
 BATCH_SIZE=64
diff --git a/cli/Cargo.toml b/cli/Cargo.toml
@@ -24,3 +24,6 @@ reqwest = "0.12.4"
 serde = { workspace = true }
 serde_json = "1.0"
 serde_with = { version = "3.8", features = ["base64"] }
+
+[features]
+prebuilt-docker = ["blobstream0-core/prebuilt-docker"]
diff --git a/cli/src/main.rs b/cli/src/main.rs
@@ -50,9 +50,9 @@ sol!(
 
 // Pulled from https://github.com/risc0/risc0-ethereum/blob/ebec385cc526adb9279c1af55d699c645ca6d694/contracts/src/groth16/ControlID.sol
 const CONTROL_ID: [u8; 32] =
-    hex!("a516a057c9fbf5629106300934d48e0e775d4230e41e503347cad96fcbde7e2e");
+    hex!("8b6dcf11d463ac455361b41fb3ed053febb817491bdea00fdb340e45013b852e");
 const BN254_CONTROL_ID: [u8; 32] =
-    hex!("0eb6febcf06c5df079111be116f79bd8c7e85dc9448776ef9a59aaf2624ab551");
+    hex!("05a022e1db38457fb510bc347b30eb8f8cf3eda95587653d0eac19e1f10d164e");
 
 #[derive(Parser, Debug)]
 #[command(name = "blobstream0-cli")]
diff --git a/compose.yml b/compose.yml
@@ -0,0 +1,55 @@
+services:
+  blobstream0:
+    container_name: blobstream0
+    build:
+      context: .
+      dockerfile: ./dockerfiles/blobstream0.Dockerfile
+      target: final
+      args:
+        - BONSAI_API_URL
+        - BONSAI_API_KEY
+    env_file:
+      - .env
+    platform: linux/amd64
+    entrypoint: ["blobstream0", "service"]
+
+  blobstream0-dev:
+    container_name: blobstream0-dev
+    build:
+      context: .
+      dockerfile: ./dockerfiles/blobstream0-dev.Dockerfile
+    env_file:
+      - .env
+    platform: linux/amd64
+    entrypoint: ["/bin/sh", "-c"]
+    command:
+      - |
+        echo "Waiting for Anvil to be ready..."
+        until curl --silent --fail http://anvil:8545 -X POST -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' > /dev/null 2>&1; do
+          sleep 1
+        done
+        echo "Anvil is ready"
+        if [ ! -f .deployed ]; then
+          echo "Deploying contracts..."
+          blobstream0 deploy --dev && touch .deployed
+        fi
+        exec blobstream0 service
+    depends_on:
+      anvil:
+        condition: service_healthy 
+    environment:
+      - ETH_RPC=http://anvil:8545
+
+  anvil:
+    container_name: anvil
+    image: ghcr.io/foundry-rs/foundry:latest
+    ports:
+      - "8545:8545"
+    platform: linux/amd64
+    entrypoint: ["anvil", "--host", "0.0.0.0", "--port", "8545"]
+    healthcheck:
+      test: ["CMD", "nc", "-z", "localhost", "8545"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+      start_period: 5s
diff --git a/contracts/artifacts/Blobstream0.json b/contracts/artifacts/Blobstream0.json
diff --git a/contracts/src/ImageID.sol b/contracts/src/ImageID.sol
@@ -20,5 +20,5 @@ pragma solidity ^0.8.20;
 
 library ImageID {
     bytes32 public constant LIGHT_CLIENT_GUEST_ID =
-        bytes32(0x6dce022c2aea568a4484a24c36aa59bad7b10186205272b4e4f11157c9ad1421);
+        bytes32(0x3229c3708db83fd93c3f28275361870e40d75740c5c09498196474da8fc65f8e);
 }
diff --git a/core/Cargo.toml b/core/Cargo.toml
@@ -18,3 +18,6 @@ tendermint-proto = { workspace = true }
 tendermint-rpc = { workspace = true, features = ["http-client"] }
 tokio = { version = "1.38.0", features = ["rt", "macros", "fs"] }
 tracing = "0.1.40"
+
+[features]
+prebuilt-docker = ["light-client-guest/prebuilt-docker"]
diff --git a/core/src/lib.rs b/core/src/lib.rs
@@ -20,7 +20,6 @@ use blobstream0_primitives::{
     IBlobstream::IBlobstreamInstance,
     LightBlockProveData, RangeCommitment,
 };
-use light_client_guest::LIGHT_CLIENT_GUEST_ELF;
 use risc0_ethereum_contracts::groth16;
 use risc0_zkvm::{default_prover, is_dev_mode, sha::Digestible, ExecutorEnv, ProverOpts, Receipt};
 use std::{ops::Range, sync::Arc, time::Duration};
@@ -34,6 +33,15 @@ use tracing::{instrument, Level};
 mod range_iterator;
 use range_iterator::LightBlockRangeIterator;
 
+// This is configured to use the default docker build path. The reason for the feature flag is
+// because we want a consistent docker image to build the program, which should not be run within
+// the dockerized service container.
+#[cfg(feature = "prebuilt-docker")]
+const LIGHT_CLIENT_GUEST_ELF: &[u8] =
+    include_bytes!("../../target/riscv-guest/riscv32im-risc0-zkvm-elf/docker/light_client_guest/light-client-guest");
+#[cfg(not(feature = "prebuilt-docker"))]
+use light_client_guest::LIGHT_CLIENT_GUEST_ELF;
+
 /// Currently set to the max allowed by tendermint RPC
 const HEADER_REQ_COUNT: u64 = 20;
 
@@ -144,6 +152,7 @@ pub async fn prove_block(input: LightBlockProveData) -> anyhow::Result<Receipt>
     );
     let expected_next_hash = input.untrusted_block.signed_header.header().hash();
     let expected_next_height = input.untrusted_height();
+    let expected_trusted_hash = input.trusted_block.signed_header.header().hash();
 
     TrustedLightBlock {
         signed_header: input.trusted_block.signed_header,
@@ -183,6 +192,10 @@ pub async fn prove_block(input: LightBlockProveData) -> anyhow::Result<Receipt>
     // Assert that what is proven is expected based on the inputs.
     assert_eq!(expected_next_hash.as_bytes(), commitment.newHeaderHash);
     assert_eq!(expected_next_height, commitment.newHeight);
+    assert_eq!(
+        expected_trusted_hash.as_bytes(),
+        commitment.trustedHeaderHash.as_slice()
+    );
 
     Ok(receipt)
 }
diff --git a/dockerfiles/blobstream0-dev.Dockerfile b/dockerfiles/blobstream0-dev.Dockerfile
@@ -0,0 +1,38 @@
+# Use the official Rust image as the base image
+FROM rust:1.81-bullseye as builder
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y \
+    build-essential \
+    curl \
+    git \
+    libssl-dev \
+    pkg-config
+
+# Install Foundry
+RUN curl -L https://foundry.paradigm.xyz | bash
+ENV PATH="/root/.foundry/bin:${PATH}"
+RUN foundryup
+
+RUN cargo install cargo-binstall --version '=1.6.9' --locked
+RUN cargo binstall cargo-risczero@1.1.1 --no-confirm --force
+RUN cargo risczero install
+
+# Create and set permissions for the /app directory
+# RUN mkdir -p /app && chown -R nobody:nobody /app
+
+# Set the working directory to /app
+WORKDIR /app
+
+# Copy the entire project
+COPY . .
+
+RUN cargo c -p light-client-guest
+
+# Build the project
+RUN cargo build -p blobstream0
+
+run cp target/debug/blobstream0 /usr/local/bin/blobstream0
+
+# Set the entrypoint to the blobstream0 CLI
+ENTRYPOINT ["blobstream0"]
diff --git a/dockerfiles/blobstream0.Dockerfile b/dockerfiles/blobstream0.Dockerfile
@@ -0,0 +1,46 @@
+# Use the official Rust image as the base image
+FROM rust:1.81-bullseye as builder
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y \
+    build-essential \
+    curl \
+    git \
+    libssl-dev \
+    pkg-config
+
+# Install Foundry
+RUN curl -L https://foundry.paradigm.xyz | bash
+ENV PATH="/root/.foundry/bin:${PATH}"
+RUN foundryup
+
+RUN cargo install cargo-binstall --version '=1.6.9' --locked
+RUN cargo binstall cargo-risczero@1.1.1 --no-confirm --force
+RUN cargo risczero install
+
+# Create and set permissions for the /app directory
+# RUN mkdir -p /app && chown -R nobody:nobody /app
+
+# Set the working directory to /app
+WORKDIR /app
+
+# Copy the entire project
+COPY . .
+
+# Build the project
+RUN cargo build -p blobstream0 --release --features prebuilt-docker
+
+# Create a new stage for a smaller final image
+FROM debian:bullseye-slim as final
+
+# Install necessary runtime dependencies
+RUN apt-get update && apt-get install -y \
+    ca-certificates \
+    libssl-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy the built binary from the builder stage
+COPY --from=builder /app/target/release/blobstream0 /usr/local/bin/blobstream0
+
+# Set the entrypoint to the blobstream0 CLI
+ENTRYPOINT ["blobstream0"]
diff --git a/light-client-guest/Cargo.toml b/light-client-guest/Cargo.toml
@@ -10,5 +10,8 @@ risc0-build-ethereum = { git = "https://github.com/risc0/risc0-ethereum", tag =
 # Currently just used to format built artifact
 serde_json = "1.0"
 
+[features]
+prebuilt-docker = []
+
 [package.metadata.risc0]
-methods = ["guest"]
+methods = ["guest"]
diff --git a/light-client-guest/build.rs b/light-client-guest/build.rs
@@ -29,6 +29,12 @@ const SOLIDITY_IMAGE_ID_PATH: &str = "../contracts/src/ImageID.sol";
 const SOLIDITY_ELF_PATH: &str = "../contracts/test/Elf.sol";
 
 fn main() {
+    // If this feature is enabled, skip build and just use pre-built guest and EVM artifacts.
+    if cfg!(feature = "prebuilt-docker") {
+        println!("cargo:rerun-if-env-changed=CARGO_FEATURE_PREBUILT_DOCKER");
+        return;
+    }
+
     // Builds can be made deterministic, and thereby reproducible, by using Docker to build the
     // guest. Check the RISC0_USE_DOCKER variable and use Docker to build the guest if set.
     let use_docker = env::var("RISC0_USE_DOCKER").ok().map(|_| DockerOptions {
diff --git a/light-client-guest/src/lib.rs b/light-client-guest/src/lib.rs
@@ -12,4 +12,5 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+#[cfg(not(feature = "prebuilt-docker"))]
 include!(concat!(env!("OUT_DIR"), "/methods.rs"));
diff --git a/usage-guide.md b/usage-guide.md
@@ -91,6 +91,36 @@ RUST_LOG=blobstream0=debug,info cargo run -p blobstream0 --release -- service \
 	--batch-size 16
 ```
 
+### Dockerized service
+
+```console
+# Build the guest ELF in docker
+RISC0_USE_DOCKER=true cargo c
+
+# Build the docker image, which will use the docker built guest ELF
+docker build -f dockerfiles/blobstream0.Dockerfile --platform linux/amd64 -t blobstream0 .
+```
+
+And can use the `blobstream0` binary as:
+
+```console
+docker run blobstream0 deploy \
+	--eth-rpc http://host.docker.internal:8545 \
+	--private-key-hex 0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80 \
+	--tm-height 9 \
+	--tm-block-hash 5C5451567973D8658A607D58F035BA9078291E33D880A0E6E67145C717E6B11B \
+	--min-batch-size 7
+```
+
+```console
+docker run -e RUST_LOG=blobstream0=debug,info -e BONSAI_API_KEY=<API KEY> -e BONSAI_API_URL=https://api.bonsai.xyz blobstream0 service \
+	--tendermint-rpc https://celestia-testnet.brightlystake.com \
+	--eth-rpc http://host.docker.internal:8545/ \
+	--eth-address 0x9fE46736679d2D9a65F0992F2272dE9f3c7fa6e0 \
+	--private-key-hex 0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80 \
+	--batch-size 64
+
+
 ### Admin transaction examples:
 
 

Original file line number	Diff line number	Diff line change
`@@ -20,5 +20,5 @@ pragma solidity ^0.8.20;`
`20`	`20`
`21`	`21`	`library ImageID {`
`22`	`22`	`bytes32 public constant LIGHT_CLIENT_GUEST_ID =`
`23`		`- bytes32(0x6dce022c2aea568a4484a24c36aa59bad7b10186205272b4e4f11157c9ad1421);`
	`23`	`+ bytes32(0x3229c3708db83fd93c3f28275361870e40d75740c5c09498196474da8fc65f8e);`
`24`	`24`	`}`