7e7393e4f8
DChain single-node blockchain + React Native messenger client. Core: - PBFT consensus with multi-sig validator admission + equivocation slashing - BadgerDB + schema migration scaffold (CurrentSchemaVersion=0) - libp2p gossipsub (tx/v1, blocks/v1, relay/v1, version/v1) - Native Go contracts (username_registry) alongside WASM (wazero) - WebSocket gateway with topic-based fanout + Ed25519-nonce auth - Relay mailbox with NaCl envelope encryption (X25519 + Ed25519) - Prometheus /metrics, per-IP rate limit, body-size cap Deployment: - Single-node compose (deploy/single/) with Caddy TLS + optional Prometheus - 3-node dev compose (docker-compose.yml) with mocked internet topology - 3-validator prod compose (deploy/prod/) for federation - Auto-update from Gitea via /api/update-check + systemd timer - Build-time version injection (ldflags → node --version) - UI / Swagger toggle flags (DCHAIN_DISABLE_UI, DCHAIN_DISABLE_SWAGGER) Client (client-app/): - Expo / React Native / NativeWind - E2E NaCl encryption, typing indicator, contact requests - Auto-discovery of canonical contracts, chain_id aware, WS reconnect on node switch Documentation: - README.md, CHANGELOG.md, CONTEXT.md - deploy/single/README.md with 6 operator scenarios - deploy/UPDATE_STRATEGY.md with 4-layer forward-compat design - docs/contracts/*.md per contract
64 lines
2.3 KiB
Docker
64 lines
2.3 KiB
Docker
# Production image for dchain-node.
|
|
#
|
|
# Differs from the repo-root Dockerfile in two ways:
|
|
# 1. No testdata / contract WASMs baked in — a fresh node uses the native
|
|
# username_registry (shipped in-binary) and starts with an empty keys
|
|
# directory; identities and optional WASM contracts come in via
|
|
# mounted volumes or docker-compose bind mounts.
|
|
# 2. Builds only `node` and `client` — no wallet/peerid helpers that
|
|
# aren't needed in production.
|
|
#
|
|
# The resulting image is ~20 MB vs ~60 MB for the dev one, and has no
|
|
# pre-installed keys that an attacker could exploit to impersonate a
|
|
# testnet validator.
|
|
|
|
# ---- build stage ----
|
|
FROM golang:1.24-alpine AS builder
|
|
WORKDIR /app
|
|
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
|
|
COPY . .
|
|
|
|
# Build-time version metadata. All four args are injected via -ldflags -X
|
|
# into go-blockchain/node/version so `node --version` and
|
|
# /api/well-known-version report the real commit, not the "dev" default.
|
|
# Callers pass these with `docker build --build-arg VERSION_TAG=... …`;
|
|
# the deploy/single/update.sh script derives them from git automatically.
|
|
ARG VERSION_TAG=dev
|
|
ARG VERSION_COMMIT=none
|
|
ARG VERSION_DATE=unknown
|
|
ARG VERSION_DIRTY=false
|
|
|
|
RUN LDFLAGS="-s -w \
|
|
-X go-blockchain/node/version.Tag=${VERSION_TAG} \
|
|
-X go-blockchain/node/version.Commit=${VERSION_COMMIT} \
|
|
-X go-blockchain/node/version.Date=${VERSION_DATE} \
|
|
-X go-blockchain/node/version.Dirty=${VERSION_DIRTY}" && \
|
|
CGO_ENABLED=0 GOOS=linux go build -trimpath -ldflags="$LDFLAGS" -o /bin/node ./cmd/node && \
|
|
CGO_ENABLED=0 GOOS=linux go build -trimpath -ldflags="$LDFLAGS" -o /bin/client ./cmd/client
|
|
|
|
# ---- runtime stage ----
|
|
FROM alpine:3.19
|
|
|
|
RUN apk add --no-cache ca-certificates tzdata
|
|
|
|
# Run as unprivileged user by default. Operators can override with --user root
|
|
# if they need to bind privileged ports (shouldn't be necessary behind Caddy).
|
|
RUN addgroup -S dchain && adduser -S -G dchain dchain
|
|
|
|
COPY --from=builder /bin/node /usr/local/bin/node
|
|
COPY --from=builder /bin/client /usr/local/bin/client
|
|
|
|
USER dchain
|
|
|
|
# Default data location; override in compose with a named volume.
|
|
VOLUME /data
|
|
|
|
# libp2p P2P port + HTTP (serves /api/*, /metrics, /api/ws).
|
|
EXPOSE 4001/tcp
|
|
EXPOSE 8080/tcp
|
|
|
|
ENTRYPOINT ["/usr/local/bin/node"]
|