rollchains / spawn

The best development platform for building custom modular Cosmos-SDK blockchains
Apache License 2.0
98 stars 23 forks source link

CosmWasm v2 #243

Open Reecepbcups opened 1 month ago

Reecepbcups commented 1 month ago

Seems Confio just stopped pushing security patches for v1. So we have to migrate to v2 now.

Original: https://github.com/rollchains/spawn/pull/100

Reecepbcups commented 1 month ago

https://github.com/rollchains/andromedad-upgrade/pull/12

ref: Will need to bump heighliner for building docker images in the ci (or does it auto do this for latest?)

    uses: strangelove-ventures/heighliner-build-action@v1.0.3
    with:
      # v0.0.1
      heighliner-tag: v1.7.0

and also trim /v2 in the main Dockerfile

WASM_VERSION=$(go list -m all | grep github.com/CosmWasm/wasmvm/v2 || true); \
    if [ ! -z "${WASM_VERSION}" ]; then \
      WASMVM_REPO=$(echo $WASM_VERSION | awk '{print $1}');\
      WASMVM_REPO=${WASMVM_REPO%/v2};\
FROM golang:1.22-alpine AS go-builder

SHELL ["/bin/sh", "-ecuxo", "pipefail"]

RUN apk add --no-cache ca-certificates build-base git

WORKDIR /code

ARG TARGETARCH=amd64
ARG BUILDARCH=amd64
RUN if [ "${TARGETARCH}" = "arm64" ] && [ "${BUILDARCH}" != "arm64" ]; then\
        wget -c https://musl.cc/aarch64-linux-musl-cross.tgz -O - | tar -xzvv --strip-components 1 -C /usr;\
    elif [ "${TARGETARCH}" = "amd64" ] && [ "${BUILDARCH}" != "amd64" ]; then\
        wget -c https://musl.cc/x86_64-linux-musl-cross.tgz -O - | tar -xzvv --strip-components 1 -C /usr;\
    fi

ADD go.mod go.sum ./
RUN set -eux; \
    export ARCH=$(uname -m); \
    LIBDIR=/lib;\
    if [ "${TARGETARCH}" = "arm64" ]; then\
      export ARCH=aarch64;\
      if [ "${BUILDARCH}" != "arm64" ]; then\
        LIBDIR=/usr/aarch64-linux-musl/lib;\
        mkdir -p $LIBDIR;\
        export CC=aarch64-linux-musl-gcc CXX=aarch64-linux-musl-g++;\
      fi;\
    elif [ "${TARGETARCH}" = "amd64" ]; then\
      export ARCH=x86_64;\
      if [ "${BUILDARCH}" != "amd64" ]; then\
        LIBDIR=/usr/x86_64-linux-musl/lib;\
        mkdir -p $LIBDIR;\
        export CC=x86_64-linux-musl-gcc CXX=x86_64-linux-musl-g++;\
      fi;\
    fi;\
    WASM_VERSION=$(go list -m all | grep github.com/CosmWasm/wasmvm/v2 || true); \
    if [ ! -z "${WASM_VERSION}" ]; then \
      WASMVM_REPO=$(echo $WASM_VERSION | awk '{print $1}');\
      WASMVM_REPO=${WASMVM_REPO%/v2};\
      WASMVM_VERS=$(echo $WASM_VERSION | awk '{print $2}');\
      wget -O $LIBDIR/libwasmvm_muslc.a https://${WASMVM_REPO}/releases/download/${WASMVM_VERS}/libwasmvm_muslc.${ARCH}.a;\
      ln $LIBDIR/libwasmvm_muslc.a $LIBDIR/libwasmvm.x86_64.a;\
      ln $LIBDIR/libwasmvm_muslc.a $LIBDIR/libwasmvm_muslc.x86_64.a;\
      ln $LIBDIR/libwasmvm_muslc.a $LIBDIR/libwasmvm.aarch64.a;\
      ln $LIBDIR/libwasmvm_muslc.a $LIBDIR/libwasmvm_muslc.aarch64.a;\
    fi;\
    go mod download;

# Copy over code
COPY . /code

# force it to use static lib (from above) not standard libgo_cosmwasm.so file
# then log output of file /code/bin/andromedad
# then ensure static linking
RUN LEDGER_ENABLED=false BUILD_TAGS=muslc LINK_STATICALLY=true make build \
  && file /code/build/andromedad \
  && echo "Ensuring binary is statically linked ..." \
  && (file /code/build/andromedad | grep "statically linked")

# --------------------------------------------------------
FROM alpine:3.16

COPY --from=go-builder /code/build/andromedad /usr/bin/andromedad

# Install dependencies used for Starship
RUN apk add --no-cache curl make bash jq sed

WORKDIR /opt

# rest server, tendermint p2p, tendermint rpc
EXPOSE 1317 26656 26657

CMD ["/usr/bin/andromedad", "version"]