feat: cronos_1.5.0-testnet

[darinvhs]

Summary by CodeRabbit

• New Features
  • Container now starts the Cronos daemon automatically on launch.
• Refactor
  • Streamlined build steps for downloading, verifying, and installing the binary.
  • Standardized working directories during build and at runtime.
• Chores
  • Image now runs as a non-root user by default for improved security.
  • Added integrity verification of downloaded artifacts via SHA-256.
  • Adjusted file ownership and permissions to match non-root execution.
  • Cleaned up build artifacts to reduce image clutter and improve reliability.

[coderabbitai]

Walkthrough

Consolidates Dockerfile steps: creates non-root user and directories, downloads Cronos tarball in /tmp, verifies SHA256, extracts and installs the binary to /home/cronos/bin, cleans up, sets ownership/permissions, switches working directory to /home/cronos, and configures ENTRYPOINT to run the Cronos daemon as the non-root user.

Changes

Cohort / File(s)	Summary of Changes
Image build flow Dockerfile	Consolidated RUN steps; created user cronos and directories; moved build context to /tmp for download/extract; added sha256sum verification; extracted tarball and moved binary to /home/cronos/bin; cleaned temporary artifacts; set ownership/permissions; final WORKDIR set to /home/cronos.
Runtime/entrypoint Dockerfile	Switched to non-root execution via USER cronos; added explicit ENTRYPOINT to start the Cronos daemon.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant B as Docker Build
  participant U as User 'cronos'
  participant FS as Filesystem
  participant Net as Release Server
  participant Sum as sha256sum

  rect rgba(230,245,255,0.5)
  Note over B: Build-time flow
  B->>FS: add user 'cronos' and create dirs (/home/cronos/bin, ...)
  B->>FS: WORKDIR /tmp
  B->>Net: download cronos.tar.gz and cronos.sha256
  B->>Sum: verify SHA256 of tarball
  Sum-->>B: OK (match) / FAIL
  alt checksum OK
    B->>FS: extract tarball
    B->>FS: move cronos -> /home/cronos/bin
    B->>FS: chown -R cronos:cronos /home/cronos
    B->>FS: cleanup /tmp artifacts
  else checksum FAIL
    B-->>B: abort build
  end
  B->>FS: WORKDIR /home/cronos
  B->>U: set USER cronos
  end

  rect rgba(235,255,235,0.5)
  Note over U: Runtime
  U->>FS: ENTRYPOINT executes cronos daemon
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• chore:upgrade to 1.4.9.testnet #76 — Similar Dockerfile edits to download/extract Cronos; overlaps in tarball handling and cleanup.
• chore:1.4.9-mainnet #77 — Adjusts artifact URL to Linux build; directly related to the download/extraction logic touched here.
• Cronos mainnet image bump v1.5.0 #81 — Bumps Cronos version within the same install flow; intersects with the tarball and placement steps.

Poem

I hop through layers, light as air,
Fetch, verify—no root to wear.
In /tmp I nibble, then I clean,
A checksum shine, so crisp and keen.
Now cronos runs, a gentle start—
A bunny’s build with careful heart. 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title succinctly indicates the addition of Cronos 1.5.0 testnet support, which aligns with the main purpose of the changeset and is neither generic nor misleading.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/update-cronos-testnet-image-dockerfile

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between beeb703 and 240acb3.

📒 Files selected for processing (1)

• Dockerfile (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: guardrails/scan