build: bump Alpine version to 3.21

[lklimek]

Issue being fixed or feature implemented

Alpine 3.21 is the most recent version of Alpine, with EOL on 2026-11-01.
Current version (3.18) EOL is 2025-11-01, and it only gets security fixes atm.

What was done?

• Updated Alpine in Dockerfile to 3.21
• Installed missingcurl

How Has This Been Tested?

GHA https://github.com/dashpay/platform/actions/runs/13261874605

Breaking Changes

None

Checklist:

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have added or updated relevant unit/integration/functional/e2e tests
• I have added "!" to the title and described breaking changes in the corresponding section if my code contains any
• I have made corresponding changes to the documentation if needed

For repository code-owners and collaborators only

• I have assigned this pull request to a milestone

Summary by CodeRabbit

• Chores
  • Upgraded the container environment and dependencies for improved stability and security.
  • Enhanced the build configuration to ensure efficient resource management and reliable WebAssembly support.

[lklimek]

Does not work, needs update of rocksdb on grovedb OR more work on c++ stack.

[coderabbitai]

Walkthrough

The Dockerfile has been updated to manage dependencies and adjust the build environment. Changes include updating the Alpine Linux base version, adding a new build argument, and correcting a build argument name. Modifications to package installation commands ensure that updated versions of clang and llvm are used and that the appropriate symbolic links and environment variables are set. Additional commands install curl in the deps-base stage, copy the RocksDB static library in the deps-rocksdb stage, and unset compiler flags in the build-js stage for WebAssembly builds.

Changes

File

Change Summary

Dockerfile

- Updated ALPINE_VERSION from 3.18 to 3.21 - Added build argument CARGO_BUILD_PROFILE=dev - Corrected build argument name from SCCHACHE_VERSION=0.8.2 to SCCACHE_VERSION=0.8.2 - Modified apk add commands to use clang18-static clang18-dev and llvm18-static llvm18-dev - Added installation of curl in the deps-base stage - Configured symbolic links for clang and clang++ and set CC/CXX environment variables - Copied librocksdb.a in the deps-rocksdb stage - Unset CFLAGS and CXXFLAGS in the build-js stage for WASM32 builds

Possibly related PRs

• build!: optimize for x86-64-v3 cpu microarchitecture (Haswell+) #2374: Modifies the Dockerfile for Rust toolchain management and build profiles, directly relating to dependency and build configuration updates.

Suggested Reviewers

• QuantumExplorer
• shumkov

Poem

I'm a rabbit, nibbling code with glee,
Dockerfile tweaks set the build process free.
Dependencies updated, flags cleared with style,
Hop along the pipelines, mile after mile.
Celebrate these changes with a joyful smile!
🐰💻🌟

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1bd61b3 and d21f878.

📒 Files selected for processing (1)

• Dockerfile (6 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• Dockerfile

⏰ Context from checks skipped due to timeout of 90000ms (14)

• GitHub Check: Release Test Suite image / Build linux/arm64 image
• GitHub Check: Release Test Suite image / Build linux/amd64 image
• GitHub Check: Release Drive debug image / Build linux/arm64 image
• GitHub Check: Release DAPI image / Build linux/arm64 image
• GitHub Check: Release Drive debug image / Build linux/amd64 image
• GitHub Check: Release Dashmate Helper image / Build linux/arm64 image
• GitHub Check: Release DAPI image / Build linux/amd64 image
• GitHub Check: Release Drive image / Build linux/arm64 image
• GitHub Check: Release Dashmate Helper image / Build linux/amd64 image
• GitHub Check: Release Drive image / Build linux/amd64 image
• GitHub Check: Build Docker images (Drive, drive, drive-abci) / Build Drive image
• GitHub Check: Build Docker images (DAPI, dapi, dapi) / Build DAPI image
• GitHub Check: Build Docker images (Dashmate helper, dashmate-helper, dashmate-helper) / Build Dashmate helper image
• GitHub Check: Build JS packages / Build JS

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.devcontainer/Dockerfile (1)

Line range hint 69-73: LGTM! Secure installation configuration

The wasm-bindgen-cli installation uses appropriate security flags. Consider adding a comment explaining the purpose of each flag for better maintainability.

 RUN cargo binstall [email protected] --locked \
+                                           # Ensure reproducible builds
                                            --no-discover-github-token \
+                                           # Prevent automatic GitHub token discovery
                                            --disable-telemetry \
+                                           # Disable usage tracking
                                            --no-track \
+                                           # Additional tracking prevention
                                            --no-confirm
+                                           # Non-interactive installation

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8185d21 and b14bb5b.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (11)

• .devcontainer/Dockerfile (1 hunks)
• .github/workflows/release.yml (1 hunks)
• .github/workflows/tests-build-js.yml (1 hunks)
• Dockerfile (4 hunks)
• README.md (1 hunks)
• packages/wasm-dpp/Cargo.toml (2 hunks)
• packages/wasm-dpp/README.md (1 hunks)
• packages/wasm-dpp/src/identity/factory_utils.rs (2 hunks)
• packages/wasm-dpp/src/identity/state_transition/asset_lock_proof/mod.rs (1 hunks)
• packages/wasm-dpp/src/identity/state_transition/identity_create_transition/identity_create_transition.rs (2 hunks)
• packages/wasm-dpp/src/identity/state_transition/identity_update_transition/identity_update_transition.rs (3 hunks)

👮 Files not reviewed due to content moderation or server errors (3)

• packages/wasm-dpp/src/identity/state_transition/asset_lock_proof/mod.rs
• .github/workflows/release.yml
• packages/wasm-dpp/src/identity/state_transition/identity_create_transition/identity_create_transition.rs

🔇 Additional comments (11)

packages/wasm-dpp/Cargo.toml (1)

18-18: Verify version synchronization across files

The wasm-bindgen and wasm-bindgen-futures versions have been updated. Let's verify that these versions are synchronized across all mentioned locations.

Also applies to: 52-52

✅ Verification successful

Let me check the exact version in the Dockerfile to ensure proper synchronization.

---

Versions are properly synchronized

The wasm-bindgen version 0.2.99 is consistently used across:

• packages/wasm-dpp/Cargo.toml: wasm-bindgen = { version = "=0.2.99" }
• .devcontainer/Dockerfile: [email protected]

The wasm-bindgen-futures dependency was not found in the codebase, so the original review comment was partially incorrect in mentioning it.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check wasm-bindgen version consistency across files

echo "Checking wasm-bindgen version in build script..."
rg -l "wasm-bindgen.*0\.2\.(86|99)" packages/wasm-dpp/scripts/build-wasm.sh || echo "Version not found in build script"

echo "Checking wasm-bindgen version in Dockerfile..."
rg -l "wasm-bindgen-cli@0\.2\.(86|99)" .devcontainer/Dockerfile

echo "Checking wasm-bindgen version in Cargo.toml..."
rg "wasm-bindgen.*=.*0\.2\.(86|99)" packages/wasm-dpp/Cargo.toml

Length of output: 664

---

Script:

#!/bin/bash
# Get the exact version from Dockerfile
echo "Exact version in Dockerfile:"
rg -A 1 "wasm-bindgen-cli" .devcontainer/Dockerfile

# Also check for wasm-bindgen-futures version since it was mentioned
echo -e "\nChecking wasm-bindgen-futures version:"
rg "wasm-bindgen-futures.*=.*0\.2\." packages/wasm-dpp/Cargo.toml

Length of output: 405

packages/wasm-dpp/README.md (1)

42-44: LGTM! Installation instruction updated correctly

The wasm-bindgen-cli version has been updated to match the dependency version in Cargo.toml. The note about version verification is helpful for users.

.github/workflows/tests-build-js.yml (1)

53-53: Verify wasm-bindgen-cli version compatibility

The version update to 0.2.99 should be verified against other wasm-bindgen related dependencies in the project.

✅ Verification successful

Let me gather more information about the wasm-bindgen dependencies.

---

Version 0.2.99 of wasm-bindgen-cli is consistent with dependencies

The verification shows that the wasm-bindgen dependency in Cargo.toml is pinned to exactly version 0.2.99, which matches the CLI version being installed. This version is consistently referenced across the codebase in Dockerfile, READMEs, and Rust dependencies, indicating a coordinated update.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check wasm-bindgen version consistency across the project
# Look for wasm-bindgen dependencies in Cargo.toml files
rg -A 3 'wasm-bindgen = .*"0\.2\.' 'Cargo.toml$'

# Look for wasm-bindgen-cli version references
rg 'wasm-bindgen-cli.*0\.2\.' 

Length of output: 469

---

Script:

#!/bin/bash
# Search for wasm-bindgen dependencies in all Cargo.toml files
fd Cargo.toml --exec cat {} | rg -A 3 'wasm-bindgen.*=.*'

# Search for any wasm-bindgen version references in package.json files
fd package.json --exec cat {} | rg 'wasm-bindgen'

Length of output: 632

packages/wasm-dpp/src/identity/factory_utils.rs (1)

49-52: LGTM! Clean type annotation removal

The removal of explicit type annotations improves code readability while maintaining type safety through Rust's type inference system.

Also applies to: 75-76

README.md (1)

64-64: Verify build prerequisites accuracy

The wasm-bindgen-cli version update is consistent with other changes. However, we should verify that:

1. The version matches wasm-bindgen in Cargo.lock as noted
2. All listed prerequisites and their versions are still accurate

✅ Verification successful

Prerequisites are accurate and consistent

The wasm-bindgen-cli version 0.2.99 matches exactly with the wasm-bindgen dependency version in packages/wasm-dpp/Cargo.toml. All other prerequisites in the README are up-to-date:

• Node.js v20 requirement is clearly specified
• Rust v1.83+ requirement is documented
• wasm32 target and wasm-bindgen toolchain instructions are accurate

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify wasm-bindgen version in Cargo.lock
rg '"wasm-bindgen"' Cargo.lock -A 2 | grep 'version'

# Check if prerequisites versions in README match workflow configurations
rg 'node\.?js.*v\d+' .github/workflows/
rg 'rust.*v\d+\.\d+' .github/workflows/

Length of output: 155

---

Script:

#!/bin/bash
# Let's verify the prerequisites more thoroughly

# Check wasm-bindgen-cli version in Cargo.toml and other dependencies
rg 'wasm-bindgen.*=.*0\.2\.99' -A 2

# Check Node.js version requirements in package.json and README
cat package.json | grep -A 2 '"engines"'
rg 'node' README.md

# Check Rust version requirements
rg 'rust' README.md
rg 'MSRV|minimal.*rust|minimum.*rust' -i

Length of output: 1234

packages/wasm-dpp/src/identity/state_transition/identity_update_transition/identity_update_transition.rs (3)

Line range hint 1-28: LGTM: Import organization looks good.

The imports are well-organized and necessary for the functionality.

---

88-91: LGTM: Improved type handling in public key mapping.

The code simplifies the mapping of JsValue to IdentityPublicKeyWithWitnessWasm with better type safety.

---

Line range hint 133-138: LGTM: Proper compiler configuration.

The CC and CXX environment variables are correctly set to use clang/clang++.

Dockerfile (3)

47-47: LGTM: Alpine version update.

Updating to Alpine 3.21 is a good choice as it has a longer EOL date (November 1, 2026) compared to 3.18 (November 1, 2025).

---

75-75: LGTM: Added missing curl package.

The addition of curl is necessary for downstream operations in the Dockerfile.

---

322-322: Verify compatibility with updated wasm-bindgen-cli version.

The update from wasm-bindgen-cli 0.2.86 to 0.2.99 is significant. While this aligns with the changes mentioned in the AI summary, we should verify compatibility.

✅ Verification successful

The wasm-bindgen-cli update is compatible with the codebase

The update from 0.2.86 to 0.2.99 is safe because:

1. The wasm-bindgen dependency in Cargo.toml is explicitly pinned to version 0.2.99, matching the CLI version
2. The wasm-bindgen-futures dependency is at 0.4.49 which is compatible with wasm-bindgen 0.2.99
3. The project uses a custom fork of serde-wasm-bindgen that is designed to work with this version

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for breaking changes in wasm-bindgen-cli between versions

# Search for wasm-bindgen usage patterns that might be affected
rg -l 'wasm_bindgen' | while read -r file; do
  echo "=== $file ==="
  rg -A 5 'wasm_bindgen' "$file"
done

# Check Cargo.toml files for wasm-bindgen dependency versions
fd Cargo.toml | while read -r file; do
  echo "=== $file ==="
  rg 'wasm-bindgen' "$file"
done

Length of output: 131070

---

Script:

#!/bin/bash
# Search for wasm-bindgen dependency version in Cargo.toml files
fd Cargo.toml | while read -r file; do
  echo "=== $file ==="
  rg 'wasm-bindgen = ".*"' "$file"
done

# Search for wasm-bindgen-cli usage in build scripts
fd -e rs -e sh -e toml | while read -r file; do
  echo "=== $file ==="
  rg -i 'wasm-bindgen-cli' "$file"
done

Length of output: 131070

---

Script:

#!/bin/bash
# Search for wasm-bindgen version in package.json and Cargo.toml files
echo "=== Searching package.json for wasm-bindgen-cli version ==="
fd package.json | while read -r file; do
  echo "=== $file ==="
  rg '"wasm-bindgen-cli"' "$file"
done

echo "=== Searching Cargo.toml for wasm-bindgen version ==="
fd Cargo.toml | while read -r file; do
  echo "=== $file ==="
  rg 'wasm-bindgen = ".*"' "$file"
  rg 'wasm-bindgen-cli = ".*"' "$file"
done

# Search for wasm-bindgen usage in build scripts
echo "=== Searching build scripts for wasm-bindgen-cli usage ==="
fd -e sh | while read -r file; do
  echo "=== $file ==="
  rg -i 'wasm-bindgen-cli' "$file"
done

Length of output: 15098

---

Script:

#!/bin/bash
# Check Dockerfile for wasm-bindgen-cli installation and version
echo "=== Checking Dockerfile for wasm-bindgen-cli installation ==="
rg -A 5 -B 5 'wasm-bindgen-cli' Dockerfile

# Check package.json and Cargo.toml in wasm-dpp package specifically
echo "=== Checking wasm-dpp package dependencies ==="
echo "=== packages/wasm-dpp/package.json ==="
cat packages/wasm-dpp/package.json | rg -i 'wasm-bindgen'
echo "=== packages/wasm-dpp/Cargo.toml ==="
cat packages/wasm-dpp/Cargo.toml | rg -i 'wasm-bindgen'

Length of output: 1821

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

Dockerfile (2)

133-138: Improve compiler configuration setup.

The compiler configuration is now explicitly set to use clang, which is good. However, consider moving these environment variables to a separate configuration file for better maintainability.

-RUN rm /usr/bin/cc && ln -s /usr/bin/clang /usr/bin/cc
-RUN <<EOS
-echo "export CXX='clang++'" >> /root/env
-echo "export CC='clang'" >> /root/env
-EOS
+COPY compiler-config.env /root/compiler-config.env
+RUN cat /root/compiler-config.env >> /root/env && \
+    rm /usr/bin/cc && ln -s /usr/bin/clang /usr/bin/cc

---

Line range hint 644-644: Consider using multi-stage build for JS dependencies.

The current approach copies all JS packages individually. Consider using a multi-stage build to copy all required packages at once, reducing the number of layers and improving maintainability.

-# TODO: Do one COPY with --parents
-COPY --from=build-dashmate-helper /platform/.yarn /platform/.yarn
+COPY --from=build-dashmate-helper /platform /platform/deps
+RUN cp -r /platform/deps/.yarn /platform/ && \
+    rm -rf /platform/deps

Also applies to: 645-645

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b14bb5b and df7064d.

📒 Files selected for processing (1)

• Dockerfile (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (8)

• GitHub Check: Release Drive debug image / Build linux/arm64 image
• GitHub Check: Release Drive debug image / Build linux/amd64 image
• GitHub Check: Release Drive image / Build linux/arm64 image
• GitHub Check: Release Drive image / Build linux/amd64 image
• GitHub Check: Build Docker images (Drive, drive, drive-abci) / Build Drive image
• GitHub Check: Build Docker images (Dashmate helper, dashmate-helper, dashmate-helper) / Build Dashmate helper image
• GitHub Check: Build Docker images (DAPI, dapi, dapi) / Build DAPI image
• GitHub Check: Build JS packages / Build JS

🔇 Additional comments (4)

Dockerfile (4)

75-75: Good addition of curl package.

Adding the curl package is essential as it's a dependency for various download operations in the build process.

---

Line range hint 401-401: Critical: Update rocksdb version compatibility.

Based on the PR comments, the current changes don't work due to rocksdb compatibility issues. The PR author mentioned that an update of rocksdb on grovedb is necessary.

Also applies to: 402-402

---

Line range hint 472-472: Verify wasm-bindgen-cli version compatibility.

The wasm-bindgen-cli version has been updated to 0.2.99. Ensure this version is compatible with the rest of the toolchain.

✅ Verification successful

✓ wasm-bindgen version 0.2.99 is consistently configured across the toolchain

The version is properly synchronized between the Rust dependency, CLI tool, and build configuration, ensuring compatibility.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check wasm-bindgen version compatibility
rg -A 5 "wasm-bindgen" .
cargo tree -i wasm-bindgen

Length of output: 14512

---

Line range hint 754-754: Security: Review ZMQ shared library installation.

The ZeroMQ installation in the final dapi image should be reviewed for security implications. Consider pinning the version and scanning for known vulnerabilities.

Also applies to: 755-755

✅ Verification successful

ZeroMQ installation is secure in its current form

The current implementation using Alpine's package manager with a pinned Alpine version (3.21) is secure. No recent vulnerabilities have been reported, and the package is installed from official Alpine repositories which provide signed packages and security updates. While version pinning wasn't implemented directly, the Alpine version constraint provides adequate version control while allowing for security patches.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check ZMQ version and known vulnerabilities
curl -s "https://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz" | tar -xz -O | grep -A5 "P:zeromq"

# Check for any security advisories
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: ALPINE, package: "zeromq") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
    }
  }
}'

Length of output: 876

---

Script:

#!/bin/bash
# Check Dockerfile for ZMQ installation
cat Dockerfile

# Try different approach to get Alpine package info
curl -s "https://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz" | tar -xz -O | strings | grep -A5 "P:zeromq"

# Check GitHub security advisories with correct ecosystem
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: MAVEN, package: "org.zeromq") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
    }
  }
}'

Length of output: 24992

---

Script:

#!/bin/bash
# Check Alpine package info for zeromq
curl -s "https://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz" | tar -xz -O | grep -a "P:zeromq"

# Check CVE database for zeromq vulnerabilities
curl -s "https://services.nvd.nist.gov/rest/json/cves/2.0?keywordSearch=zeromq&lastModStartDate=2023-01-01T00:00:00.000" | jq -r '.vulnerabilities[] | select(.cve.published >= "2023-01-01") | {id: .cve.id, published: .cve.published, description: .cve.descriptions[0].value}'

Length of output: 412

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/rs-drive-abci/Cargo.toml (1)

118-119: LGTM! Lint configuration aligns with tokio_unstable usage concerns.

The lint configuration will warn about unexpected usage of tokio_unstable cfg flag, which aligns with the TODO comment about not using tokio_unstable in production.

Would you like me to create an issue to track the TODO about removing tokio_unstable in production?

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between df7064d and ef009ac.

📒 Files selected for processing (4)

• .cargo/config-release.toml (1 hunks)
• .cargo/config.toml (1 hunks)
• Dockerfile (6 hunks)
• packages/rs-drive-abci/Cargo.toml (1 hunks)

🧰 Additional context used

📓 Learnings (1)

Dockerfile (1)

Learnt from: lklimek
PR: dashpay/platform#2074
File: Dockerfile:47-47
Timestamp: 2025-01-29T16:57:28.818Z
Learning: Alpine 3.21 is a stable release (released December 2024) and includes all required build dependencies with version suffixes (e.g., clang17-static, clang17-dev) instead of generic package names.

⏰ Context from checks skipped due to timeout of 90000ms (6)

• GitHub Check: Rust packages (drive-abci) / Check each feature
• GitHub Check: Rust packages (drive-abci) / Linting
• GitHub Check: Rust packages (drive-abci) / Tests
• GitHub Check: Build Docker images (Dashmate helper, dashmate-helper, dashmate-helper) / Build Dashmate helper image
• GitHub Check: Build Docker images (DAPI, dapi, dapi) / Build DAPI image
• GitHub Check: Build JS packages / Build JS

🔇 Additional comments (10)

.cargo/config-release.toml (2)

8-8: LGTM! CPU optimization flag aligns with build configuration.

The addition of -C target-cpu=x86-64-v3 rustflag for x86_64-unknown-linux-musl target aligns with the CFLAGS/CXXFLAGS settings in the Dockerfile.

---

10-11: LGTM! Consistent CPU optimizations across targets.

The new x86_64-unknown-linux-gnu target configuration mirrors the x86_64-unknown-linux-musl target settings, ensuring consistent CPU optimizations.

.cargo/config.toml (2)

7-14: LGTM! CPU optimization flag aligns with dev build configuration.

The addition of -C target-cpu=x86-64 rustflag for x86_64-unknown-linux-musl target aligns with the CFLAGS/CXXFLAGS settings in the Dockerfile for dev builds.

---

16-24: LGTM! Consistent CPU optimizations across targets.

The new x86_64-unknown-linux-gnu target configuration mirrors the x86_64-unknown-linux-musl target settings, ensuring consistent CPU optimizations.

Dockerfile (6)

47-47: LGTM! Alpine version update aligns with objectives.

The update to Alpine 3.21 is appropriate as it's a stable release (released December 2024) with all required build dependencies and has an EOL date of November 1, 2026.

---

75-75: LGTM! Addition of curl package aligns with objectives.

The addition of the curl package addresses the missing dependency requirement.

---

120-139: LGTM! CPU optimizations align with Rust configurations.

The C/C++ compiler flags are properly configured based on architecture and build profile, aligning with the rustflags in the Cargo configurations.

---

152-157: LGTM! Proper clang configuration.

The clang configuration is properly done by updating both the symlink and environment variables.

---

286-289: LGTM! Original CARGO_BUILD_PROFILE ARG.

This is the correct location for the CARGO_BUILD_PROFILE ONBUILD ARG.

---

118-119: ⚠️ Potential issue

Remove duplicate ONBUILD ARG.

This ONBUILD ARG for CARGO_BUILD_PROFILE is a duplicate of the one at line 288.

Apply this diff to remove the duplicate:

-ONBUILD ARG CARGO_BUILD_PROFILE=dev
-

⛔ Skipped due to learnings

Learnt from: lklimek
PR: dashpay/platform#2374
File: Dockerfile:117-118
Timestamp: 2024-12-16T08:59:40.338Z
Learning: In our Dockerfiles, using `ONBUILD ARG CARGO_BUILD_PROFILE=dev` works correctly, and `CARGO_BUILD_PROFILE` is recognized in subsequent stages.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

Dockerfile (1)

Line range hint 1-731: Consider implementing parallel stage builds for optimization.

The Dockerfile follows excellent practices with multi-stage builds, proper caching, and security considerations. To further optimize the build process, consider:

1. Implementing parallel stage builds where possible (e.g., build-drive-abci, build-js, and build-dashmate-helper could potentially run in parallel)
2. Using BuildKit's --mount=type=cache more extensively for npm/yarn caches

This could significantly reduce build times in CI/CD pipelines.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c5898ab and 89ef666.

📒 Files selected for processing (1)

• Dockerfile (6 hunks)

🧰 Additional context used

📓 Learnings (1)

Dockerfile (1)

Learnt from: lklimek
PR: dashpay/platform#2074
File: Dockerfile:47-47
Timestamp: 2025-01-29T16:57:28.818Z
Learning: Alpine 3.21 is a stable release (released December 2024) and includes all required build dependencies with version suffixes (e.g., clang17-static, clang17-dev) instead of generic package names.

⏰ Context from checks skipped due to timeout of 90000ms (10)

• GitHub Check: Rust packages (drive-abci) / Tests
• GitHub Check: Rust packages (drive-abci) / Check each feature
• GitHub Check: Rust packages (drive-abci) / Linting
• GitHub Check: Rust packages (drive-abci) / Unused dependencies
• GitHub Check: Rust packages (drive-abci) / Formatting
• GitHub Check: Build Docker images (Drive, drive, drive-abci) / Build Drive image
• GitHub Check: Build Docker images (Dashmate helper, dashmate-helper, dashmate-helper) / Build Dashmate helper image
• GitHub Check: Build Docker images (DAPI, dapi, dapi) / Build DAPI image
• GitHub Check: Build JS packages / Build JS
• GitHub Check: Rust crates security audit

🔇 Additional comments (5)

Dockerfile (5)

47-47: LGTM: Alpine version upgrade is appropriate.

The upgrade to Alpine 3.21 is a good move as it extends the EOL support from November 2025 to November 2026.

---

Line range hint 118-160: Excellent optimization strategy for different architectures.

The conditional optimization flags based on architecture and build profile is a good practice:

• x86-64-v3 for release builds on amd64
• x86-64 for dev builds on amd64
• Default settings for other architectures

---

289-292: LGTM: Build profile configuration is properly duplicated.

The CARGO_BUILD_PROFILE argument is correctly duplicated in both the base stage and rocksdb stage to ensure consistent build configuration throughout the multi-stage build.

---

493-493: Consider adding a newline for better readability.

A newline has been added here which improves the visual separation between build stages.

---

73-80: Verify compiler toolchain compatibility.

The upgrade to clang18/llvm18 packages is significant. While these are available in Alpine 3.21, we should verify compatibility with the Rust toolchain and rocksdb.

✅ Verification successful

Toolchain compatibility verified for Alpine 3.21

The clang18/llvm18 packages (version 18.1.8) are available in Alpine 3.21 and should be compatible with the build system. The codebase is designed to work with both system-provided and custom-installed LLVM toolchains, with no strict version requirements that would prevent using these packages.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if clang18 packages are available in Alpine 3.21
echo "Checking clang18 packages..."
curl -s "https://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz" | tar -xz -O | grep -A1 "P:clang18"

# Check if these versions are compatible with rocksdb
echo "Checking rocksdb compatibility..."
rg -A 5 "CLANG_VERSION|LLVM_VERSION" 

Length of output: 342

---

Script:

#!/bin/bash
# Check Alpine packages properly
echo "=== Checking Alpine packages ==="
curl -s "https://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz" | tar -xzf - APKINDEX
cat APKINDEX | grep -A3 "^P:clang18"
cat APKINDEX | grep -A3 "^P:llvm18"

echo -e "\n=== Checking build configurations ==="
# Check CMake files for compiler requirements
fd -e cmake -e txt -x cat {}

echo -e "\n=== Checking Rust toolchain ==="
# Check Rust toolchain specifications
fd "rust-toolchain|rust-toolchain.toml" -x cat {}
cat Cargo.toml 2>/dev/null || true

echo -e "\n=== Checking build scripts ==="
# Look for version constraints in build scripts
fd "build.sh|compile.sh" -x cat {}

Length of output: 94426

---

Script:

#!/bin/bash
# Check RocksDB build requirements
echo "=== Checking RocksDB build requirements ==="
fd -e mk -e sh -e rs -x grep -l "CLANG\|LLVM\|CC\|CXX" {} | xargs cat 2>/dev/null || true

echo -e "\n=== Checking Rust toolchain requirements ==="
# Look for Rust toolchain specifications
fd -e toml -x grep -l "rust\|RUST\|llvm\|LLVM\|clang\|CLANG" {} | xargs cat 2>/dev/null || true

echo -e "\n=== Checking build system configurations ==="
# Check build system configurations
fd -e cmake -e mk -e sh -x grep -l "compiler\|COMPILER\|toolchain\|TOOLCHAIN" {} | xargs cat 2>/dev/null || true

Length of output: 67842

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 89ef666 and deb43ac.

📒 Files selected for processing (1)

• Dockerfile (8 hunks)

🧰 Additional context used

📓 Learnings (1)

Dockerfile (1)

Learnt from: lklimek
PR: dashpay/platform#2074
File: Dockerfile:47-47
Timestamp: 2025-01-29T16:57:28.818Z
Learning: Alpine 3.21 is a stable release (released December 2024) and includes all required build dependencies with version suffixes (e.g., clang17-static, clang17-dev) instead of generic package names.

⏰ Context from checks skipped due to timeout of 90000ms (13)

• GitHub Check: Release Drive image / Build linux/arm64 image
• GitHub Check: Release Drive debug image / Build linux/arm64 image
• GitHub Check: Release Drive image / Build linux/amd64 image
• GitHub Check: Release Drive debug image / Build linux/amd64 image
• GitHub Check: Rust packages (drive-abci) / Tests
• GitHub Check: Rust packages (drive-abci) / Unused dependencies
• GitHub Check: Rust packages (drive-abci) / Formatting
• GitHub Check: Rust packages (drive-abci) / Check each feature
• GitHub Check: Rust packages (drive-abci) / Linting
• GitHub Check: Build Docker images (Drive, drive, drive-abci) / Build Drive image
• GitHub Check: Build Docker images (Dashmate helper, dashmate-helper, dashmate-helper) / Build Dashmate helper image
• GitHub Check: Build Docker images (DAPI, dapi, dapi) / Build DAPI image
• GitHub Check: Build JS packages / Build JS

🔇 Additional comments (4)

Dockerfile (4)

47-47: LGTM! Alpine version upgrade is appropriate.

The upgrade to Alpine 3.21 is a good choice as it:

• Extends EOL support by one year (until November 2026)
• Provides all required build dependencies
• Has been tested without breaking changes

---

75-75: LGTM! Essential curl package added.

Adding curl is necessary as it's used in various stages for downloading artifacts and interacting with APIs.

---

118-139: LGTM! Well-structured build configuration with appropriate optimizations.

The changes introduce:

1. Flexible build profiles with a sensible default
2. Architecture-specific optimizations:
   • x86-64-v3 for AMD64 release builds
   • x86-64 for AMD64 debug builds
   • Portable builds for other architectures

---

502-508: LGTM! Proper handling of compiler flags for wasm builds.

Correctly unsets CFLAGS and CXXFLAGS to prevent architecture-specific optimizations from breaking wasm32 builds.

Also applies to: 555-562

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

Dockerfile (1)

291-292: Consider using dynamic thread count based on available memory.

While using a single thread prevents OOM issues, it significantly increases build time. Consider implementing a dynamic approach:

-# Only use 1 thread to avoid OOM
-export MAKEFLAGS='-j1' 
+# Use dynamic thread count based on available memory
+export MAKEFLAGS="-j$(awk '/MemAvailable/ { printf "%.0f", $2/2097152 }' /proc/meminfo | sed 's/^0$/1/')"

This will use approximately one thread per 2GB of available memory, with a minimum of 1 thread.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between deb43ac and 11a932d.

📒 Files selected for processing (1)

• Dockerfile (8 hunks)

🧰 Additional context used

📓 Learnings (1)

Dockerfile (1)

Learnt from: lklimek
PR: dashpay/platform#2074
File: Dockerfile:47-47
Timestamp: 2025-01-29T16:57:28.818Z
Learning: Alpine 3.21 is a stable release (released December 2024) and includes all required build dependencies with version suffixes (e.g., clang17-static, clang17-dev) instead of generic package names.

🔇 Additional comments (4)

Dockerfile (4)

47-47: LGTM! Good proactive upgrade to Alpine 3.21.

The upgrade from Alpine 3.18 to 3.21 extends the support window from November 2025 to November 2026, ensuring longer-term security updates and stability.

---

75-75: LGTM! Essential curl package added.

The explicit addition of curl as a dependency is good practice, as it's required for downloading artifacts and interacting with external services.

---

120-139: LGTM! Well-structured architecture-specific optimizations.

The configuration correctly sets optimization flags based on:

• Architecture (amd64 vs others)
• Build profile (release vs debug)
• For amd64: x86-64-v3 for release builds, x86-64 for debug builds
• For other architectures: PORTABLE=1

---

152-158: LGTM! Clean compiler configuration setup.

The configuration properly:

• Sets up symbolic links for clang
• Exports CC and CXX environment variables
• Maintains flexibility for later updates (e.g., sccache integration)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

Dockerfile (1)

498-504: Consider refactoring duplicated wasm32 build configuration.

The unset of CFLAGS/CXXFLAGS for wasm32 builds is duplicated in two places. Consider extracting this into a shared script or build arg to maintain DRY principles.

+ # Add at the top of the file
+ ARG WASM32_BUILD_SCRIPT='unset CFLAGS CXXFLAGS'

- unset CFLAGS CXXFLAGS
+ $WASM32_BUILD_SCRIPT

Also applies to: 551-558

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between de8af22 and a10fff7.

📒 Files selected for processing (1)

• Dockerfile (7 hunks)

🧰 Additional context used

📓 Learnings (1)

Dockerfile (1)

Learnt from: lklimek
PR: dashpay/platform#2074
File: Dockerfile:47-47
Timestamp: 2025-01-29T16:57:28.818Z
Learning: Alpine 3.21 is a stable release (released December 2024) and includes all required build dependencies with version suffixes (e.g., clang17-static, clang17-dev) instead of generic package names.

⏰ Context from checks skipped due to timeout of 90000ms (9)

• GitHub Check: Rust packages (drive-abci) / Unused dependencies
• GitHub Check: Rust packages (drive-abci) / Tests
• GitHub Check: Rust packages (drive-abci) / Formatting
• GitHub Check: Rust packages (drive-abci) / Linting
• GitHub Check: Rust packages (drive-abci) / Check each feature
• GitHub Check: Build Docker images (DAPI, dapi, dapi) / Build DAPI image
• GitHub Check: Build Docker images (Drive, drive, drive-abci) / Build Drive image
• GitHub Check: Build Docker images (Dashmate helper, dashmate-helper, dashmate-helper) / Build Dashmate helper image
• GitHub Check: Build JS packages / Build JS

🔇 Additional comments (4)

Dockerfile (4)

47-47: LGTM! Alpine version upgrade is well-justified.

The upgrade from Alpine 3.18 to 3.21 extends the support timeline by a year (EOL: Nov 2026) while maintaining compatibility with all required build dependencies.

---

75-75: LGTM! The addition of curl package is necessary.

The curl package is required for downloading various dependencies throughout the build process (toolchain, protoc, etc.).

---

152-158: LGTM! Compiler configuration improves build reproducibility.

The explicit symlinks and environment variables ensure consistent compiler selection across different build scenarios.

---

125-138: Verify compatibility of x86-64-v3 optimization level.

The CPU optimization strategy is sound, but x86-64-v3 might be too aggressive for some production environments. Please verify that:

1. Target deployment environments support x86-64-v3 instruction set
2. A fallback mechanism exists for incompatible systems

Run this script to check CPU feature requirements:

✅ Verification successful

CPU optimization strategy is well-designed and safe.

The implementation provides appropriate fallback mechanisms:

• Debug builds maintain base x86-64 compatibility
• Non-amd64 architectures automatically use portable mode
• Release builds with x86-64-v3 are limited to amd64 architecture only

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check x86-64-v3 CPU feature requirements
echo "x86-64-v3 requires the following CPU features:"
gcc -Q --help=target | grep -A15 "x86-64-v3 "

echo -e "\nChecking if common cloud providers support x86-64-v3:"
curl -s "https://cloud.google.com/compute/docs/cpu-platforms" | grep -B2 -A2 "AVX2"
curl -s "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cpu-features.html" | grep -B2 -A2 "AVX2"

Length of output: 549

---

Script:

#!/bin/bash
# Search for CPU detection, build configs, and documentation
echo "=== Searching for CPU detection or fallback mechanisms ==="
rg -i "cpu|processor|x86[_-]64|march|target.*arch" --type rust -A 3

echo -e "\n=== Checking build configuration files ==="
fd -e toml -x cat {}

echo -e "\n=== Checking documentation for deployment requirements ==="
fd "README|DEPLOY|INSTALL" -e md -e txt -x cat {}

Length of output: 66658