chore: add tini to docker images

[auricom]

Description

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Performance improvement
• Refactoring

Related Issues

Fixes #(issue)

Checklist

• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published

Testing

Additional Notes

[gemini-code-assist]

Summary of Changes

Hello @auricom, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the robustness of the Docker images by integrating tini, a lightweight init system. By using tini as the entrypoint, the containers will benefit from improved signal handling and zombie process reaping, leading to more stable and predictable application behavior within the container environment.

Highlights

• Dependency Addition: The tini init system has been added to the apt-get install commands in both Dockerfile and Dockerfile.cross.
• Entrypoint Modification: The ENTRYPOINT in both Dockerfile and Dockerfile.cross has been updated to utilize tini to manage the ev-reth application, ensuring proper process supervision and signal handling.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• Dockerfile
  • Added tini to the list of installed packages.
  • Modified the ENTRYPOINT to run ev-reth via tini.
• Dockerfile.cross
  • Added tini to the list of installed packages.
  • Modified the ENTRYPOINT to run ev-reth via tini.

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[claude]

Claude finished @auricom's task —— View job

---

Pull Request Review

I've completed my review of this PR that adds tini to the Docker images. Here are my findings:

Todo List

• Read and analyze Dockerfile changes
• Read and analyze Dockerfile.cross changes
• Review tini implementation approach
• Check for potential issues and improvements
• Assess security implications
• Evaluate test coverage needs
• Note title/description inconsistencies
• Provide comprehensive review feedback

---

Review Summary

This PR correctly implements tini as a process manager for containerized ev-reth applications. The changes are minimal, well-implemented, and follow Docker best practices.

✅ Positive Aspects

Proper tini Implementation

• Dockerfile:57: Correctly adds tini to the package installation
• Dockerfile:72 & Dockerfile.cross:18: Proper ENTRYPOINT usage with ["/usr/bin/tini", "--", "/usr/local/bin/ev-reth"]
• Uses standard Ubuntu package manager installation (secure and maintained)
• Follows the recommended pattern for signal handling in containers

Consistency Across Images

• Both regular and cross-platform Dockerfiles updated identically
• Maintains same functionality across different build targets

Security Benefits

• tini provides proper signal forwarding to child processes
• Prevents zombie process accumulation
• Improves container shutdown behavior and resource cleanup

📝 Issues & Recommendations

Critical: Title/Description Mismatch

• Issue: PR title says "add jq to docker images" but changes implement tini
• Impact: Misleading for reviewers and future maintenance
• Recommendation: Update title to "chore: add tini init system to docker images"

Documentation Gap

• Missing: PR description is mostly empty template
• Recommendation: Add description explaining:
  • Why tini is being added (signal handling, zombie reaping)
  • Benefits for the ev-reth application
  • No breaking changes expected

Minor Optimization

• Dockerfile.cross:12: Consider using --no-install-recommends flag already present for consistency
• Current: apt-get install -y --no-install-recommends curl jq tini
• This is actually correct - no change needed

🛡️ Security Assessment

✅ SECURE:

• Uses official Ubuntu package repository
• tini is a well-established, minimal init system
• No custom binaries or untrusted sources
• Follows principle of least privilege

🧪 Test Coverage

Acceptable: No additional tests required for this change because:

• Infrastructure change, not application logic
• tini behavior is well-established and tested upstream
• Docker image functionality can be verified through existing integration tests
• Consider manual verification that containers start/stop properly

📊 Performance Impact

Minimal positive impact:

• tini adds ~1MB to image size
• Negligible runtime overhead
• Improves container lifecycle performance (faster/cleaner shutdowns)

✨ Overall Assessment

APPROVED - This is a good infrastructure improvement that enhances container reliability with minimal risk. The implementation is correct and follows best practices.

Required before merge:

1. Fix PR title to match actual changes (tini, not jq)
2. Add meaningful description to PR body

Optional improvements:

• Document the change in commit message explaining the benefits
• Consider updating any deployment documentation if container shutdown behavior is documented

---

Job run

[gemini-code-assist]

Code Review

This pull request adds tini as an init process for the Docker containers, which is a great improvement for handling signals and reaping zombie processes. The changes in Dockerfile.cross look good.

For Dockerfile, I've suggested removing unnecessary development packages from the final runtime image and using --no-install-recommends to keep the image lean and secure, consistent with the practice in Dockerfile.cross.

Also, the pull request title is a bit misleading as jq was already present. A title like "chore: add tini as init process to docker images" would better reflect the changes. This is just a minor note.

[gemini-code-assist]

It's great that you're adding tini as an init process. However, there are a couple of improvements we can make here:

1. libssl-dev and pkg-config are build-time dependencies and shouldn't be included in the final runtime image. They increase the image size and potential attack surface. The binary is already built and should link against libssl, not the development headers. The runtime dependency package is libssl3, which is likely pulled in by other packages or is part of the base image.
2. It's a good practice to use --no-install-recommends with apt-get install to avoid installing unnecessary packages and keep the image size minimal, as you've done in Dockerfile.cross.

I'd suggest removing the development packages and adding this flag.

    apt-get install -y --no-install-recommends ca-certificates curl jq strace tini && \