.

.github/workflows/docker.yml

@@ -7,7 +7,7 @@ on:
     branches:
       - main
       - docker
-      - 'releases/**'
+      - 'release/**'
     tags:
       - '**'
 
@@ -44,7 +44,7 @@ jobs:
         uses: docker/metadata-action@v3
         with:
           images: |
-            ghcr.io/subcoin-project/subcoin-node
+            ghcr.io/subcoin-project/subcoin
           tags: |
             type=ref,event=tag
             type=ref,event=branch

Dockerfile

@@ -7,25 +7,27 @@ ARG SUBSTRATE_CLI_GIT_COMMIT_HASH
 # Incremental compilation here isn't helpful
 ENV CARGO_INCREMENTAL=0
 
-WORKDIR /subcoin
+WORKDIR /src
 
 RUN \
     apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
         ca-certificates \
-        protobuf-compiler \
+        clang \
+        cmake \
         curl \
         git \
         llvm \
-        clang \
-        cmake \
+        protobuf-compiler \
         make && \
     curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
 
 # Copy the source code
 COPY . .
 
-RUN /root/.cargo/bin/cargo build --locked --profile=$PROFILE
+RUN /root/.cargo/bin/cargo build --locked --bin subcoin \
+    --profile=$PROFILE \
+    --target $(uname -p)-unknown-linux-gnu
 
 # This is the 2nd stage: a very small image where we copy the binary.
 FROM docker.io/library/ubuntu:22.04
@@ -35,25 +37,21 @@ LABEL description="Multistage Docker image for Subcoin Node" \
   image.vendor="Subcoin Contributors" \
   image.description="Multistage Docker image for Subnode Node" \
   image.source="https://github.com/subcoin-project/subcoin" \
-  image.documentation="https://subcoin-project.github.io/subcoin"
+  image.documentation="https://subcoin-project.github.io/subcoin" \
+  org.opencontainers.image.description="Multistage Docker image for Subcoin Node" \
+  org.opencontainers.image.source="https://github.com/subcoin-project/subcoin"
 
 ARG PROFILE=production
 
 # Copy the node binary.
-COPY --from=builder /subcoin/target/$PROFILE/subcoin /usr/local/bin
+COPY --from=builder /src/target/$PROFILE/subcoin /subcoin
+
+RUN mkdir /node-data && chown nobody:nogroup /node-data
 
-RUN useradd -m -u 1000 -U -s /bin/sh -d /node-dev node-dev && \
-  mkdir -p /chain-data /node-dev/.local/share && \
-  chown -R node-dev:node-dev /chain-data && \
-  ln -s /chain-data /node-dev/.local/share/subcoin && \
-  # unclutter and minimize the attack surface
-  rm -rf /usr/bin /usr/sbin && \
-  # check if executable works in this container
-  /usr/local/bin/subcoin --help
+VOLUME ["/node-data"]
 
-USER node-dev
+USER nobody:nogroup
 
 EXPOSE 30333 9933 9944 9615
-VOLUME ["/chain-data"]
 
-ENTRYPOINT ["/usr/local/bin/subcoin"]
+ENTRYPOINT ["/subcoin"]