From ef3850fe2e089590bed2f92c22873f17ee89b8ec Mon Sep 17 00:00:00 2001 From: Chris Gianelloni Date: Wed, 6 Sep 2023 10:05:19 -0400 Subject: [PATCH] feat: initial mithril-client image Signed-off-by: Chris Gianelloni --- .github/workflows/ci-docker.yml | 85 ++++++ .github/workflows/conventional-commits.yml | 16 ++ .github/workflows/publish.yml | 311 +++++++++++++++++++++ Dockerfile | 23 ++ 4 files changed, 435 insertions(+) create mode 100644 .github/workflows/ci-docker.yml create mode 100644 .github/workflows/conventional-commits.yml create mode 100644 .github/workflows/publish.yml create mode 100644 Dockerfile diff --git a/.github/workflows/ci-docker.yml b/.github/workflows/ci-docker.yml new file mode 100644 index 0000000..3aebdcd --- /dev/null +++ b/.github/workflows/ci-docker.yml @@ -0,0 +1,85 @@ +name: Docker CI + +on: + pull_request: + branches: ['main'] + paths: ['Dockerfile','.github/workflows/ci-docker.yml'] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: blinklabs/mithril-client + +jobs: + build-amd64: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: qemu + uses: docker/setup-qemu-action@v2 + - uses: docker/setup-buildx-action@v2 + - uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-${{ runner.arch }}-buildx- + - id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + flavor: | + latest=false + suffix=-amd64 + - name: build + uses: docker/build-push-action@v3 + with: + context: . + push: false + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + # TEMP fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + build-arm64: + runs-on: self-hosted + steps: + - uses: actions/checkout@v2 + - name: qemu + uses: docker/setup-qemu-action@v2 + - uses: docker/setup-buildx-action@v2 + - uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-${{ runner.arch }}-buildx- + - id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + flavor: | + latest=false + suffix=-arm64v8 + - name: build + uses: docker/build-push-action@v3 + with: + context: . + push: false + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + # TEMP fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache diff --git a/.github/workflows/conventional-commits.yml b/.github/workflows/conventional-commits.yml new file mode 100644 index 0000000..d42770b --- /dev/null +++ b/.github/workflows/conventional-commits.yml @@ -0,0 +1,16 @@ +# The below is pulled from upstream and slightly modified +# https://github.com/webiny/action-conventional-commits/blob/master/README.md#usage + +name: Conventional Commits + +on: + pull_request: + +jobs: + build: + name: Conventional Commits + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - uses: webiny/action-conventional-commits@v1.0.3 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..dbd3717 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,311 @@ +name: publish + +on: + push: + branches: ['main'] + tags: ['v*.*.*'] + +concurrency: ${{ github.ref }} + +env: + DOCKER_IMAGE_NAME: blinklabs/mithril-client + GHCR_IMAGE_NAME: ghcr.io/blinklabs-io/mithril-client + +jobs: + + build-amd64: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@v2 + - uses: docker/setup-buildx-action@v2 + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: blinklabs + password: ${{ secrets.DOCKER_PASSWORD }} # uses token + - name: Login to GHCR + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-${{ runner.arch }}-buildx- + - id: meta + uses: docker/metadata-action@v4 + with: + images: | + ${{ env.DOCKER_IMAGE_NAME }} + ${{ env.GHCR_IMAGE_NAME }} + flavor: | + latest=false + suffix=-amd64 + tags: | + # Only version, no revision + type=match,pattern=v(.*)-(.*),group=1 + # branch + type=ref,event=branch + # semver + type=semver,pattern={{version}} + - name: push + uses: docker/build-push-action@v3 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + # TEMP fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + # TEMP fix + # Something strange is happening with the manifests when we push which + # breaks the downstream multi-arch-manifest, so pull and push to work + # around this by resubmitting manifests + - name: pull-and-push + run: | + for t in `echo '${{ steps.meta.outputs.tags }}'`; do + docker pull $t && docker push $t + done + + build-arm64: + runs-on: self-hosted + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@v2 + - uses: docker/setup-buildx-action@v2 + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: blinklabs + password: ${{ secrets.DOCKER_PASSWORD }} # uses token + - name: Login to GHCR + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-${{ runner.arch }}-buildx- + - id: meta + uses: docker/metadata-action@v4 + with: + images: | + ${{ env.DOCKER_IMAGE_NAME }} + ${{ env.GHCR_IMAGE_NAME }} + flavor: | + latest=false + suffix=-arm64v8 + tags: | + # Only version, no revision + type=match,pattern=v(.*)-(.*),group=1 + # branch + type=ref,event=branch + # semver + type=semver,pattern={{version}} + - name: push + uses: docker/build-push-action@v3 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + # TEMP fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + # TEMP fix + # Something strange is happening with the manifests when we push which + # breaks the downstream multi-arch-manifest, so pull and push to work + # around this by resubmitting manifests + - name: pull-and-push + run: | + for t in `echo '${{ steps.meta.outputs.tags }}'`; do + docker pull $t && docker push $t + done + + multi-arch-manifest: + runs-on: ubuntu-latest + needs: [build-amd64, build-arm64] + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@v2 + - uses: docker/setup-buildx-action@v2 + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: blinklabs + password: ${{ secrets.DOCKER_PASSWORD }} # uses token + - name: Login to GHCR + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - id: meta-dockerhub + name: Metadata - Docker Hub + uses: docker/metadata-action@v4 + with: + images: ${{ env.DOCKER_IMAGE_NAME }} + flavor: | + latest=false + tags: | + # Only version, no revision + type=match,pattern=v(.*)-(.*),group=1 + # branch + type=ref,event=branch + # semver + type=semver,pattern={{version}} + - id: meta-dockerhub-tag + name: Metadata - Docker Hub (Tags) + uses: docker/metadata-action@v4 + with: + images: | + ${{ env.DOCKER_IMAGE_NAME }} + flavor: | + latest=false + tags: | + # Only version, no revision + type=match,pattern=v(.*)-(.*),group=1 + - id: meta-ghcr + name: Metadata - GHCR + uses: docker/metadata-action@v4 + with: + images: ${{ env.GHCR_IMAGE_NAME }} + flavor: | + latest=false + tags: | + # Only version, no revision + type=match,pattern=v(.*)-(.*),group=1 + # branch + type=ref,event=branch + # semver + type=semver,pattern={{version}} + - id: meta-ghcr-tag + name: Metadata - GHCR (Tags) + uses: docker/metadata-action@v4 + with: + images: | + ${{ env.GHCR_IMAGE_NAME }} + flavor: | + latest=false + tags: | + # Only version, no revision + type=match,pattern=v(.*)-(.*),group=1 + + # First, create manifests and push to GHCR + + # Manifest for either branch or semver + - name: manifest-ghcr + run: | + for t in `echo '${{ steps.meta-ghcr.outputs.tags }}'`; do + docker manifest create ${t} --amend ${t}-amd64 --amend ${t}-arm64v8 + done + # Optional manifest for tag versions (includes revisions) + - name: manifest-ghcr-tags + run: | + for t in `echo '${{ steps.meta-ghcr-tag.outputs.tags }}'`; do + docker manifest create ${t} --amend ${t}-amd64 --amend ${t}-arm64v8 + docker manifest create ${{ env.GHCR_IMAGE_NAME }}:latest --amend ${t}-amd64 --amend ${t}-arm64v8 + done + if: startsWith(github.ref, 'refs/tags/') + # Push various manifests + - name: push-ghcr + run: | + for t in `echo '${{ steps.meta-ghcr.outputs.tags }}'`; do + docker manifest push ${t} + done + - name: push-ghcr-tags + run: | + docker manifest push ${{ env.GHCR_IMAGE_NAME }}:latest + for t in `echo '${{ steps.meta-ghcr-tag.outputs.tags }}'`; do + docker manifest push ${t} + done + if: startsWith(github.ref, 'refs/tags/') + + # Now, create manifests for Docker Hub + + - name: manifest-dockerhub + run: | + for t in `echo '${{ steps.meta-dockerhub.outputs.tags }}'`; do + docker manifest create ${t} --amend ${t}-amd64 --amend ${t}-arm64v8 + done + - name: manifest-dockerhub-tags + run: | + for t in `echo '${{ steps.meta-dockerhub-tag.outputs.tags }}'`; do + docker manifest create ${t} --amend ${t}-amd64 --amend ${t}-arm64v8 + docker manifest create ${{ env.DOCKER_IMAGE_NAME }}:latest --amend ${t}-amd64 --amend ${t}-arm64v8 + done + if: startsWith(github.ref, 'refs/tags/') + - name: push-dockerhub + run: | + for t in `echo '${{ steps.meta-dockerhub.outputs.tags }}'`; do + docker manifest push ${t} + done + - name: push-dockerhub-tags + run: | + docker manifest push ${{ env.DOCKER_IMAGE_NAME }}:latest + for t in `echo '${{ steps.meta-dockerhub-tag.outputs.tags }}'`; do + docker manifest push ${t} + done + if: startsWith(github.ref, 'refs/tags/') + + # Update Docker Hub from README + + - name: Docker Hub Description + uses: peter-evans/dockerhub-description@v3 + with: + username: blinklabs + password: ${{ secrets.DOCKER_PASSWORD }} + repository: ${{ env.DOCKER_IMAGE_NAME }} + readme-filepath: ./README.md + short-description: "Mithril client built from source on Debian" + + github-release: + runs-on: ubuntu-latest + needs: [multi-arch-manifest] + steps: + - run: "echo \"RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV" + - uses: actions/github-script@v5 + if: startsWith(github.ref, 'refs/tags/') + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + try { + await github.rest.repos.createRelease({ + draft: false, + generate_release_notes: true, + name: process.env.RELEASE_TAG, + owner: context.repo.owner, + prerelease: false, + repo: context.repo.repo, + tag_name: process.env.RELEASE_TAG, + }); + } catch (error) { + core.setFailed(error.message); + } diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..7c4c284 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,23 @@ +FROM rust:bullseye AS rustbuilder +ARG MITHRIL_VERSION=2335.0 +ENV MITHRIL_VERSION=${MITHRIL_VERSION} +WORKDIR /code +RUN echo "Building tags/${MITHRIL_VERSION}..." \ + && git clone https://github.com/input-output-hk/mithril.git \ + && cd mithril \ + && git fetch --all --recurse-submodules --tags \ + && git tag \ + && git checkout tags/${MITHRIL_VERSION} \ + && cargo build --release -p mithril-client + +FROM debian:bookworm-slim as mithrill-client +COPY --from=rustbuilder /code/mithril/target/release/mithril-client /usr/local/bin/ +RUN apt-get update -y \ + && apt-get install -y \ + ca-certificates \ + libssl3 \ + llvm-14-runtime \ + sqlite3 \ + wget \ + && rm -rf /var/lib/apt/lists/* +ENTRYPOINT ["/usr/local/bin/mithril-client"]