From 9bbc80c70cb3cc6183ccece6a28c62180b61c6fd Mon Sep 17 00:00:00 2001 From: James Bayly <46693720+jamesbayly@users.noreply.github.com> Date: Tue, 8 Nov 2022 23:47:02 +1300 Subject: [PATCH] Add an automated Docker Image Build Pipeline (#385) * Chore/dockerfile GitHub action (#1) * chore: initial Dockerfile * chore: docker hub actions Co-authored-by: Hugh Hoang * chore: update docs (#2) * chore: initial Dockerfile * chore: docker hub actions * Additional docs * Update Dockerfile * chore: remove deprecate `::set-output` * fix: typo Co-authored-by: Hugh Hoang Co-authored-by: hugh-onf <105209853+hugh-onf@users.noreply.github.com> * chore: remove redundant action * chore: update actions version (#3) * chore: using latest version of the actions * chore: not triggering on PRs * Remove auto build * Create check.yml * Add environment variable * Update rev to v Co-authored-by: Hugh Hoang Co-authored-by: hugh-onf <105209853+hugh-onf@users.noreply.github.com> --- .dockerignore | 5 +++ .github/workflows/build-publish-image.yml | 53 +++++++++++++++++++++++ Dockerfile | 37 ++++++++++++++++ 3 files changed, 95 insertions(+) create mode 100644 .dockerignore create mode 100644 .github/workflows/build-publish-image.yml create mode 100644 Dockerfile diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..ca5c882 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,5 @@ +.devcontainer +.github +.vscode +scripts +target \ No newline at end of file diff --git a/.github/workflows/build-publish-image.yml b/.github/workflows/build-publish-image.yml new file mode 100644 index 0000000..53b03eb --- /dev/null +++ b/.github/workflows/build-publish-image.yml @@ -0,0 +1,53 @@ +# This is an example GitHub action that will build and publish a Docker image to DockerHub +# You need to add the following secrets to your GitHub Repository or Organization to make this work +# - DOCKER_USERNAME: The username of the DockerHub account. E.g. parity +# - DOCKER_TOKEN: Access token for DockerHub, see https://docs.docker.com/docker-hub/access-tokens/. E.g. VVVVVVVV-WWWW-XXXXXX-YYYY-ZZZZZZZZZ +# The following are setup as an environment variable below +# - DOCKER_REPO: The unique name of the DockerHub repository. E.g. parity/polkadot + +name: Build & Publish Docker Image + +# Controls when the action will run. +on: + # Triggers the workflow on push events but only for the main branch + # push: + # branches: [ main ] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# Set an environment variable (that can be overriden) for the Docker Repo +env: + DOCKER_REPO: parity/polkadot + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + build: + # The type of runner that the job will run on + runs-on: ubuntu-20.04 + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - name: Check out the repo + uses: actions/checkout@v2.5.0 + + # Login to Docker hub using the credentials stored in the repository secrets + - name: Log in to Docker Hub + uses: docker/login-action@v2.1.0 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + + # Get the commit short hash, to use as the rev + - name: Calculate rev hash + id: rev + run: echo "value=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + # Build and push 2 images, One with the version tag and the other with latest tag + - name: Build and push Docker images + uses: docker/build-push-action@v3.2.0 + with: + context: . + push: true + tags: ${{ env.DOCKER_REPO }}:v${{ steps.rev.outputs.value }}, ${{ secrets.DOCKER_REPO }}:latest diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c62bb71 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,37 @@ +# This is an example build stage for the node template. Here we create the binary in a temporary image. + +# This is a base image to build substrate nodes +FROM docker.io/paritytech/ci-linux:production as builder + +WORKDIR /node-template +COPY . . +RUN cargo build --locked --release + +# This is the 2nd stage: a very small image where we copy the binary." +FROM docker.io/library/ubuntu:20.04 +LABEL description="Multistage Docker image for Substrate Node Template" \ + image.type="builder" \ + image.authors="you@email.com" \ + image.vendor="Substrate Developer Hub" \ + image.description="Multistage Docker image for Substrate Node Template" \ + image.source="https://github.com/substrate-developer-hub/substrate-node-template" \ + image.documentation="https://github.com/substrate-developer-hub/substrate-node-template" + +# Copy the node binary. +COPY --from=builder /node-template/target/release/node-template /usr/local/bin + +RUN useradd -m -u 1000 -U -s /bin/sh -d /node-dev node-dev && \ + mkdir -p /chain-data /node-dev/.local/share && \ + chown -R node-dev:node-dev /chain-data && \ + ln -s /chain-data /node-dev/.local/share/node-template && \ + # unclutter and minimize the attack surface + rm -rf /usr/bin /usr/sbin && \ + # check if executable works in this container + /usr/local/bin/node-template --version + +USER node-dev + +EXPOSE 30333 9933 9944 9615 +VOLUME ["/chain-data"] + +ENTRYPOINT ["/usr/local/bin/node-template"]