From c7cd9626271478f9949a3d3a13fe58dd1b3b3d3d Mon Sep 17 00:00:00 2001 From: Tommy Verrall Date: Mon, 16 Feb 2026 14:33:02 +0100 Subject: [PATCH] localnet: multi-stage dockerfile --- .dockerignore | 1 + docker/localnet/Dockerfile.localnet | 43 ++++++++++++++++------------- 2 files changed, 25 insertions(+), 19 deletions(-) diff --git a/.dockerignore b/.dockerignore index a11022eb2b..09428cfe68 100644 --- a/.dockerignore +++ b/.dockerignore @@ -3,4 +3,5 @@ .gitignore **/node_modules **/target +target-otel dist diff --git a/docker/localnet/Dockerfile.localnet b/docker/localnet/Dockerfile.localnet index e3d3460c6e..528ea3bf7e 100644 --- a/docker/localnet/Dockerfile.localnet +++ b/docker/localnet/Dockerfile.localnet @@ -1,21 +1,24 @@ -# Single-stage Dockerfile for Nym localnet -# Builds: nym-node, nym-network-requester, nym-socks5-client -# Target: Apple Container Runtime with host networking +# Multi-stage Dockerfile for Nym localnet +# Stage 1: Build binaries +# Stage 2: Slim runtime with only the final binaries -FROM rust:latest +# --- Build stage --- +FROM rust:latest AS builder WORKDIR /usr/src/nym COPY ./ ./ ENV CARGO_BUILD_JOBS=8 -# Build all required binaries in release mode -# nym-node is built with the otel feature for OpenTelemetry tracing support RUN cargo build --release --locked -p nym-node --features otel && \ cargo build --release --locked -p nym-network-requester -p nym-socks5-client -# Install runtime dependencies including Go for wireguard-go -RUN apt update && apt install -y \ +# --- Runtime stage --- +FROM debian:trixie-slim + +RUN apt-get update && apt-get install -y --no-install-recommends \ + ca-certificates \ + build-essential \ python3 \ python3-pip \ netcat-openbsd \ @@ -23,31 +26,33 @@ RUN apt update && apt install -y \ iproute2 \ net-tools \ wireguard-tools \ - golang-go \ git \ iptables \ + curl \ && rm -rf /var/lib/apt/lists/* -# Install wireguard-go (userspace WireGuard implementation) -RUN git clone https://git.zx2c4.com/wireguard-go && \ +# Install Go and build wireguard-go, then clean up +ARG TARGETARCH +RUN curl -fsSL "https://go.dev/dl/go1.23.6.linux-${TARGETARCH}.tar.gz" \ + | tar -C /usr/local -xz && \ + export PATH="/usr/local/go/bin:$PATH" && \ + git clone https://git.zx2c4.com/wireguard-go && \ cd wireguard-go && \ make && \ cp wireguard-go /usr/local/bin/ && \ cd .. && \ - rm -rf wireguard-go + rm -rf wireguard-go /usr/local/go && \ + apt-get purge -y --auto-remove build-essential curl -# Install Python dependencies for build_topology.py RUN pip3 install --break-system-packages base58 -# Move binaries to /usr/local/bin for easy access -RUN cp target/release/nym-node /usr/local/bin/ && \ - cp target/release/nym-network-requester /usr/local/bin/ && \ - cp target/release/nym-socks5-client /usr/local/bin/ +# Copy only the compiled binaries from the builder stage +COPY --from=builder /usr/src/nym/target/release/nym-node /usr/local/bin/ +COPY --from=builder /usr/src/nym/target/release/nym-network-requester /usr/local/bin/ +COPY --from=builder /usr/src/nym/target/release/nym-socks5-client /usr/local/bin/ -# Copy supporting scripts COPY ./docker/localnet/build_topology.py /usr/local/bin/ WORKDIR /nym -# Default command CMD ["nym-node", "--help"]