refactor dockerfiles

.dockerignore

@@ -0,0 +1,37 @@
+.DS_Store
+/node_modules
+/SpecRunner.html
+/clients/nodejs/*-full-consensus
+/clients/nodejs/*-light-consensus
+/clients/nodejs/peer-key
+/clients/nodejs/wallet
+/clients/nodejs/localhost.*
+/dist/nimiq*
+/dist/worker.js*
+/dist/web*
+/dist/node*
+/dist/doc/
+/dist/peer-key/
+.idea
+*.iml
+/database
+/build
+/.istanbul/
+settings.json
+/coverage
+packaging/BUILD/VERSION
+packaging/BUILD/fakeroot/etc/nimiq/
+packaging/BUILD/index.js
+packaging/BUILD/keytool.js
+packaging/BUILD/remote.js
+packaging/BUILD/build/
+packaging/BUILD/lib/
+packaging/BUILD/modules/
+packaging/BUILD/nimiq
+packaging/BUILD/node
+packaging/BUILD/node_modules/
+packaging/BUILD/package.json
+packaging/BUILD/node-ui/
+packaging/npm/*
+!packaging/npm/README.md
+/docker

.gitignore

@@ -11,6 +11,7 @@
 /dist/web*
 /dist/node*
 /dist/doc/
+/dist/peer-key/
 .idea
 *.iml
 /database

README.md

@@ -27,7 +27,7 @@ For developers looking to include Nimiq support on their applications, there are
 
 ## Quickstart
 
-1. Install [Node.js](https://nodejs.org) v8.10.0 or higher.
+1. Install [Node.js](https://nodejs.org) v8.10.0 - v15.14.0.
 2. On Ubuntu and Debian, install `git` and `build-essential`: `sudo apt-get install -y git build-essential`.
     - On other Linux systems, install `git`, `python2.7`, `make`, `gcc` and `gcc-c++`.
     - For MacOS or Windows, [check here for git](https://git-scm.com/downloads) and [here for compilation tools](https://github.com/nodejs/node-gyp#on-mac-os-x).

doc/docker.md

@@ -1,24 +1,25 @@
 # Docker
 
-The following Dockerfile(s) allow for creating simple Node.js client images. Depending on the desired build method and source origin, one can choose between the following Dockerfile(s):
+The following Dockerfile(s) allow for creating simple Node.js client images. All of them are located in the ```docker``` directory. The development files (git and local) require BuildKit. Depending on the desired build method and source origin, one can choose between the following Dockerfile(s):
 
-* **Dockerfile_deb**
+* **deb.Dockerfile**
 The Dockerfile will create a container which uses Node.js client from the latest stable Nimiq DEB package. 
 This is mostly recommended for any stable deployment of the Node.js client.
 
-* **Dockerfile_git**
+* **git.Dockerfile**
 The Dockerfile will checkout the latest revision of a given branch from the *core* repository. By default, the *master* branch will be used. One can select a different branch by specifying the *BRANCH* build argument when building the container, i.e. ```--build-arg BRANCH=foobar``` with *foobar* being replaced by the branch that should be used.
 You can use this container to explore the latest cutting-edge updates or a specific feature branch from the *core* repository. The *master* branch should be usually be stable, but nonetheless it is not specifically recommended to use this version for production deployments.
 
-* **Dockerfile_repo**
+* **local.Dockerfile**
 The Dockerfile tries to copy the entire *core* repository from the current build context. If the Dockerfile is located at its usual location within the *core* repository, one can just the repository, i.e. most likely the current working directory, as build context.
 This container is specifically suited for development, since it will be created from the current repository state including any local changes.
 
 ## Building the Docker image
-```
+```bash
+export DOCKER_BUILDKIT=1    # required by {git,local}.Dockerfile
 docker build
   -t nimiq/nodejs-client
-  -f ${DOCKERFILE}
+  -f docker/${DOCKERFILE}
   (--build-arg BRANCH=foobar)
   .
 ```
@@ -29,7 +30,7 @@ You should replace ```${DOCKERFILE}``` with one of the Dockerfiles explained abo
 
 One can customize the created container easily to one's needs by (at least) the following options:
  - supply your own arguments to the entrypoint while creating the container, e.g.
-    ```
+    ```bash
       docker run
         nimiq/nodejs-client
         $ARG
@@ -38,19 +39,19 @@ One can customize the created container easily to one's needs by (at least) the
  - just bind mount your own nimiq.conf to the container at /etc/nimiq/nimiq.conf
    then you can just create the container like (assuming the config is in the
    current working directory)
-    ```
+    ```bash
      docker run
        -v $(pwd)/nimiq.conf:/etc/nimiq/nimiq.conf
        nimiq/nodejs-client
        --config=/etc/nimiq/nimiq.conf
     ```
  - (of course, you can combine and modify these options suitable to your needs)
 
-The -v flag allows for mapping a local system path into the container, i.e.
+The `-v` flag allows for mapping a local system path into the container, i.e.
 the nimiq.conf file in above example. You can also use this for the purpose
 of using your existing domain certificates.
 
-```
+```bash
 docker run
   -v /etc/letsencrypt:/etc/letsencrypt
   -v $(pwd)/nimiq.conf:/etc/nimiq/nimiq.conf
@@ -60,6 +61,18 @@ docker run
   --config=/etc/nimiq/nimiq.conf
 ```
 
+The `-v` flag also allows for mounting a named volume to the data directory.
+Named volumes are managed by docker and don't mess with your local filesystem.
+This way the data can be reused by different images and builds:
+
+```bash
+docker run
+  -v nimiq:/nimiq
+  -v $(pwd)/nimiq.conf:/etc/nimiq/nimiq.conf
+  nimiq/nodejs-client
+  --config=/etc/nimiq/nimiq.conf
+```
+
 If in doubt regarding the command line options to the container, one can just
 run the image directly without any options, e.g.
  ```docker run --rm nimiq/nodejs-client```.

Dockerfile_deb → docker/deb.Dockerfile

@@ -1,33 +1,44 @@
-FROM node:10-stretch
+ARG DATA_PATH=/nimiq
 
+#---------------------------- BUILD NIMIQ - BUILD ------------------------------
+FROM node:14-buster as builder
 # Get repo key and install it
 RUN wget -qO - https://www.nimiq.com/nimiq-signing-key.pub | apt-key add -
 
+#---------------------------- BUILD NIMIQ - NODE -------------------------------
+FROM node:14-buster-slim
+
 # Install the repo
+COPY --from=builder /etc/apt/trusted.gpg /etc/apt/
 RUN echo "deb [arch=amd64] http://repo.nimiq.com/deb stable main" > /etc/apt/sources.list.d/nimiq.list
 
-# Install dependencies
-RUN apt-get update && apt-get -y upgrade
-RUN apt-get install -y nimiq
+# Install nimiq and tini
+RUN apt-get update \
+    && apt-get --no-install-recommends -y install nimiq tini \
+    && rm -rf /var/lib/apt/lists/*
 
 # We're going to execute nimiq in the context of its own user, what else?
 ENV USER=nimiq
 
-# Create a working directory for the nimiq process
-ENV DATA_PATH=/nimiq
-RUN mkdir ${DATA_PATH} && chown ${USER}:root ${DATA_PATH}
+# Create data directory for the nimiq process
+ARG DATA_PATH
+RUN mkdir -p ${DATA_PATH} && chown ${USER}:root ${DATA_PATH}
+VOLUME ${DATA_PATH}
 WORKDIR ${DATA_PATH}
 
 # Execute client as non-root user
 USER ${USER}
 
+# Documentation
+EXPOSE 8443 8648 8649
+
 # Just execute the nimiq process. One can customize the created container easily
 # to one's needs by (at least) the following options:
 # - supply your own arguments to the entrypoint while creating the container, e.g.
 #    docker run nimiq/nodejs-client --miner
 # - just bind mount your own nimiq.conf to the container at /etc/nimiq/nimiq.conf
 #   then you can just create the container like (assuming the config is in the
 #   current working directory)
-#     docker run nimiq/nodejs-client -v $(pwd)/nimiq.conf:/etc/nimiq/nimiq.conf --config=/etc/nimiq.conf
+#     docker run -v $(pwd)/nimiq.conf:/etc/nimiq/nimiq.conf nimiq/nodejs-client --config=/etc/nimiq.conf
 # (- of course, you can combine and modify these options suitable to your needs)
-ENTRYPOINT [ "/usr/bin/nimiq" ]
+ENTRYPOINT [ "/usr/bin/tini", "--", "/usr/bin/nimiq" ]

docker/git.Dockerfile

@@ -0,0 +1,85 @@
+# syntax=docker/dockerfile:1.2
+
+# Build from master branch by default.
+# One can override this using --build-arg when building the docker image from this file.
+ARG REPO_URL=https://github.com/nimiq/core-js.git
+ARG BRANCH=master
+ARG DATA_PATH=/nimiq
+
+#---------------------------- BUILD NIMIQ - BASE -------------------------------
+FROM node:14-buster as base
+
+# Install build dependencies
+RUN apt-get update \
+    && apt-get --no-install-recommends -y install build-essential git-core \
+    && rm -rf /var/lib/apt/lists/*
+
+# Create build directory
+WORKDIR /build
+
+# Clone repo
+ARG BRANCH
+ARG REPO_URL
+RUN git clone --branch ${BRANCH} ${REPO_URL} /build
+
+#---------------------------- BUILD NIMIQ - BUILD ------------------------------
+FROM base as builder
+
+# Install, Build & Test
+RUN --mount=type=cache,sharing=locked,target=/usr/local/share/.cache/yarn \
+    yarn --frozen-lockfile
+RUN yarn lint
+RUN yarn lint-types
+RUN yarn test-node
+
+#---------------------------- BUILD NIMIQ - DEPS -------------------------------
+FROM base as installer
+
+# Install and build production dependencies
+RUN --mount=type=cache,sharing=locked,target=/usr/local/share/.cache/yarn \
+    yarn install --frozen-lockfile --production
+
+#---------------------------- BUILD NIMIQ - NODE -------------------------------
+FROM node:14-buster-slim
+
+# Install tini - a tiny init for containers
+RUN apt-get update \
+    && apt-get --no-install-recommends -y install tini \
+    && rm -rf /var/lib/apt/lists/*
+
+# We're going to execute nimiq in the context of its own user, what else?
+ENV USER=nimiq
+RUN groupadd -r -g 999 ${USER} \
+    && useradd -r -g ${USER} -u 999 -s /sbin/nologin -c "User with restricted privileges for Nimiq daemon" ${USER}
+
+# Create data directory for the nimiq process
+ARG DATA_PATH
+RUN mkdir -p ${DATA_PATH} && chown ${USER}:root ${DATA_PATH}
+VOLUME ${DATA_PATH}
+WORKDIR ${DATA_PATH}
+
+# Copy production dependencies from installer and built files from builder
+COPY --from=installer /build/package.json /build/yarn.lock  /usr/share/nimiq/
+COPY --from=installer /build/node_modules                   /usr/share/nimiq/node_modules
+COPY --from=builder   /build/*.md                           /usr/share/nimiq/
+COPY --from=builder   /build/build                          /usr/share/nimiq/build
+COPY --from=builder   /build/clients                        /usr/share/nimiq/clients
+COPY --from=builder   /build/dist                           /usr/share/nimiq/dist
+COPY --from=builder   /build/doc                            /usr/share/nimiq/doc
+
+# Execute client as non-root user
+USER ${USER}
+
+# Documentation
+EXPOSE 8443 8648 8649
+
+# Just execute the nimiq process. One can customize the created container easily
+# to one's needs by (at least) the following options:
+# - supply your own arguments to the entrypoint while creating the container, e.g.
+#    docker run nimiq/nodejs-client --miner
+# - just bind mount your own nimiq.conf to the container at /etc/nimiq/nimiq.conf
+#   then you can just create the container like (assuming the config is in the
+#   current working directory)
+#     docker run -v $(pwd)/nimiq.conf:/etc/nimiq/nimiq.conf nimiq/nodejs-client --config=/etc/nimiq.conf
+# (- of course, you can combine and modify these options suitable to your needs)
+ENTRYPOINT [ "/usr/bin/tini", "--", "/usr/share/nimiq/clients/nodejs/nimiq" ]