Dockerfile.benchmark raw

   1  # Dockerfile for benchmark runner
   2  # Uses pure Go build with purego for dynamic libsecp256k1 loading
   3  # Fetches latest tag from git repository for stable builds
   4  
   5  # Use Debian-based Go image to match runtime stage (avoids musl/glibc linker mismatch)
   6  FROM golang:1.25-bookworm AS builder
   7  
   8  # Install build dependencies (no secp256k1 build needed)
   9  RUN apt-get update && apt-get install -y --no-install-recommends git ca-certificates && rm -rf /var/lib/apt/lists/*
  10  
  11  # Set working directory
  12  WORKDIR /build
  13  
  14  # Clone the repository and checkout the latest tag
  15  # Using git.nostrdev.com (primary repo, most up-to-date)
  16  RUN git clone https://git.nostrdev.com/mleku/next.orly.dev.git . && \
  17      LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "main") && \
  18      echo "Building benchmark from ORLY version: ${LATEST_TAG}" && \
  19      git checkout "${LATEST_TAG}"
  20  
  21  # Remove local replace directives and update to released version, then download dependencies
  22  RUN sed -i '/^replace .* => \/home/d' go.mod && \
  23      sed -i 's/git.mleku.dev\/mleku\/nostr v1.0.7/git.mleku.dev\/mleku\/nostr v1.0.8/' go.mod && \
  24      go mod tidy && \
  25      go mod download
  26  
  27  # Build the benchmark tool with CGO disabled (uses purego for crypto)
  28  RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o benchmark ./cmd/benchmark
  29  
  30  # Final stage
  31  # Use Debian slim instead of Alpine because Debian's libsecp256k1 includes
  32  # Schnorr signatures (secp256k1_schnorrsig_*) and ECDH which Nostr requires.
  33  # Alpine's libsecp256k1 is built without these modules.
  34  FROM debian:bookworm-slim
  35  
  36  # Install runtime dependencies
  37  RUN apt-get update && \
  38      apt-get install -y --no-install-recommends ca-certificates curl libsecp256k1-1 && \
  39      rm -rf /var/lib/apt/lists/*
  40  
  41  WORKDIR /app
  42  
  43  # Copy benchmark binary (libsecp256k1.so.1 is already installed via apt)
  44  COPY --from=builder /build/benchmark /app/benchmark
  45  
  46  # Copy benchmark runner script from the local code
  47  COPY --from=builder /build/cmd/benchmark/benchmark-runner.sh /app/benchmark-runner
  48  
  49  # Make scripts executable
  50  RUN chmod +x /app/benchmark-runner
  51  
  52  # Create runtime user and reports directory owned by uid 1000
  53  RUN useradd -m -u 1000 appuser && \
  54      mkdir -p /reports && \
  55      chown -R 1000:1000 /app /reports
  56  
  57  # Environment variables
  58  ENV BENCHMARK_EVENTS=50000
  59  ENV BENCHMARK_WORKERS=24
  60  ENV BENCHMARK_DURATION=60s
  61  
  62  # Drop privileges: run as uid 1000
  63  USER 1000:1000
  64  
  65  # Run the benchmark runner
  66  CMD ["/app/benchmark-runner"]
  67