Add an automated Docker Image Build Pipeline (#385)
* Chore/dockerfile GitHub action (#1) * chore: initial Dockerfile * chore: docker hub actions Co-authored-by: Hugh Hoang <hugh.hoang@onfinality.io> * chore: update docs (#2) * chore: initial Dockerfile * chore: docker hub actions * Additional docs * Update Dockerfile * chore: remove deprecate `::set-output` * fix: typo Co-authored-by: Hugh Hoang <hugh.hoang@onfinality.io> Co-authored-by: hugh-onf <105209853+hugh-onf@users.noreply.github.com> * chore: remove redundant action * chore: update actions version (#3) * chore: using latest version of the actions * chore: not triggering on PRs * Remove auto build * Create check.yml * Add environment variable * Update rev to v Co-authored-by: Hugh Hoang <hugh.hoang@onfinality.io> Co-authored-by: hugh-onf <105209853+hugh-onf@users.noreply.github.com>main
parent
378a3e5ae4
commit
9bbc80c70c
|
@ -0,0 +1,5 @@
|
|||
.devcontainer
|
||||
.github
|
||||
.vscode
|
||||
scripts
|
||||
target
|
|
@ -0,0 +1,53 @@
|
|||
# This is an example GitHub action that will build and publish a Docker image to DockerHub
|
||||
# You need to add the following secrets to your GitHub Repository or Organization to make this work
|
||||
# - DOCKER_USERNAME: The username of the DockerHub account. E.g. parity
|
||||
# - DOCKER_TOKEN: Access token for DockerHub, see https://docs.docker.com/docker-hub/access-tokens/. E.g. VVVVVVVV-WWWW-XXXXXX-YYYY-ZZZZZZZZZ
|
||||
# The following are setup as an environment variable below
|
||||
# - DOCKER_REPO: The unique name of the DockerHub repository. E.g. parity/polkadot
|
||||
|
||||
name: Build & Publish Docker Image
|
||||
|
||||
# Controls when the action will run.
|
||||
on:
|
||||
# Triggers the workflow on push events but only for the main branch
|
||||
# push:
|
||||
# branches: [ main ]
|
||||
|
||||
# Allows you to run this workflow manually from the Actions tab
|
||||
workflow_dispatch:
|
||||
|
||||
# Set an environment variable (that can be overriden) for the Docker Repo
|
||||
env:
|
||||
DOCKER_REPO: parity/polkadot
|
||||
|
||||
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
|
||||
jobs:
|
||||
build:
|
||||
# The type of runner that the job will run on
|
||||
runs-on: ubuntu-20.04
|
||||
|
||||
# Steps represent a sequence of tasks that will be executed as part of the job
|
||||
steps:
|
||||
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
|
||||
- name: Check out the repo
|
||||
uses: actions/checkout@v2.5.0
|
||||
|
||||
# Login to Docker hub using the credentials stored in the repository secrets
|
||||
- name: Log in to Docker Hub
|
||||
uses: docker/login-action@v2.1.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_TOKEN }}
|
||||
|
||||
# Get the commit short hash, to use as the rev
|
||||
- name: Calculate rev hash
|
||||
id: rev
|
||||
run: echo "value=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
||||
|
||||
# Build and push 2 images, One with the version tag and the other with latest tag
|
||||
- name: Build and push Docker images
|
||||
uses: docker/build-push-action@v3.2.0
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
tags: ${{ env.DOCKER_REPO }}:v${{ steps.rev.outputs.value }}, ${{ secrets.DOCKER_REPO }}:latest
|
|
@ -0,0 +1,37 @@
|
|||
# This is an example build stage for the node template. Here we create the binary in a temporary image.
|
||||
|
||||
# This is a base image to build substrate nodes
|
||||
FROM docker.io/paritytech/ci-linux:production as builder
|
||||
|
||||
WORKDIR /node-template
|
||||
COPY . .
|
||||
RUN cargo build --locked --release
|
||||
|
||||
# This is the 2nd stage: a very small image where we copy the binary."
|
||||
FROM docker.io/library/ubuntu:20.04
|
||||
LABEL description="Multistage Docker image for Substrate Node Template" \
|
||||
image.type="builder" \
|
||||
image.authors="you@email.com" \
|
||||
image.vendor="Substrate Developer Hub" \
|
||||
image.description="Multistage Docker image for Substrate Node Template" \
|
||||
image.source="https://github.com/substrate-developer-hub/substrate-node-template" \
|
||||
image.documentation="https://github.com/substrate-developer-hub/substrate-node-template"
|
||||
|
||||
# Copy the node binary.
|
||||
COPY --from=builder /node-template/target/release/node-template /usr/local/bin
|
||||
|
||||
RUN useradd -m -u 1000 -U -s /bin/sh -d /node-dev node-dev && \
|
||||
mkdir -p /chain-data /node-dev/.local/share && \
|
||||
chown -R node-dev:node-dev /chain-data && \
|
||||
ln -s /chain-data /node-dev/.local/share/node-template && \
|
||||
# unclutter and minimize the attack surface
|
||||
rm -rf /usr/bin /usr/sbin && \
|
||||
# check if executable works in this container
|
||||
/usr/local/bin/node-template --version
|
||||
|
||||
USER node-dev
|
||||
|
||||
EXPOSE 30333 9933 9944 9615
|
||||
VOLUME ["/chain-data"]
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/node-template"]
|
Loading…
Reference in New Issue