From 574d66aa07552511a2053bf63bd839e978659a16 Mon Sep 17 00:00:00 2001 From: Guillermo Perez Date: Tue, 19 Dec 2023 13:57:20 +0100 Subject: [PATCH 01/13] Add a readiness check to the Docker container --- docker/centrifuge-chain/Dockerfile | 25 +++++++++++++++---------- docker/scripts/check-node-ready | 27 +++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 10 deletions(-) create mode 100644 docker/scripts/check-node-ready diff --git a/docker/centrifuge-chain/Dockerfile b/docker/centrifuge-chain/Dockerfile index 7cbe624e51..cc98e74e42 100644 --- a/docker/centrifuge-chain/Dockerfile +++ b/docker/centrifuge-chain/Dockerfile @@ -35,24 +35,29 @@ FROM --platform=linux/amd64 docker.io/library/ubuntu:jammy io.centrifuge.image.source="https://github.com/centrifuge/centrifuge-chain/blob/main/docker/centrifuge-chain/Dockerfile" \ io.centrifuge.image.created="${BUILD_DATE}" - # Add chain resources to image - COPY node/res /resources/ - - COPY --from=builder /centrifuge-chain/target/release/centrifuge-chain /usr/local/bin + RUN apt-get update && apt-get install -y curl jq RUN apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/* ; # Because of the following, all data and config directories need to be owned by UID and GID 1000 RUN useradd -m -u 1000 -U -s /bin/sh -d /centrifuge centrifuge + - RUN mkdir -p /data && \ + COPY node/res /resources/ + COPY --from=builder /centrifuge-chain/target/release/centrifuge-chain /centrifuge/bin/ + COPY ./docker/scripts/ /centrifuge/scripts/ + + RUN mkdir -p /data && \ chown -R centrifuge:centrifuge /data && \ chown -R centrifuge:centrifuge /resources && \ chown -R centrifuge:centrifuge /usr/local/bin/centrifuge-chain && \ - chown -R centrifuge:centrifuge /centrifuge/ - - COPY ./docker/scripts/entrypoint.sh /centrifuge/entrypoint.sh - RUN chown -R centrifuge:centrifuge /centrifuge/entrypoint.sh && chmod +x /centrifuge/entrypoint.sh + chown -R centrifuge:centrifuge /centrifuge/ + RUN chmod -R +x /centrifuge/bin/ \ + chmod -R +x /centrifuge/scripts/ + + # Alternative: create symlinks on /usr/local/bin or similar + ENV PATH=/centrifuge/scripts/:$PATH + ENV PATH=/centrifuge/bin/:$PATH # Running as an non-root is a good security practice # in some cases the container can be forced to run as root overriding the next line @@ -65,5 +70,5 @@ RUN ldd /usr/local/bin/centrifuge-chain && \ EXPOSE 30333 9933 9944 VOLUME ["/data"] -ENTRYPOINT ["/centrifuge/entrypoint.sh"] +ENTRYPOINT ["entrypoint.sh"] CMD ["--help"] diff --git a/docker/scripts/check-node-ready b/docker/scripts/check-node-ready new file mode 100644 index 0000000000..f31db3a081 --- /dev/null +++ b/docker/scripts/check-node-ready @@ -0,0 +1,27 @@ +#!/bin/bash + +# Contact port 9933 and store the response +response=$(curl -s http://localhost:9933/health) + +# Extract the number of peers and the syncing status from the response +peers=$(echo "$response" | jq '.peers') +isSyncing=$(echo "$response" | jq '.isSyncing') + +# Check that the number of peers is more than 0 +if [ "$peers" -gt 0 ]; then + echo "Node has peers." +else + echo "Error: Node has no peers. Check the logs" + exit 1 +fi + +# Check that syncing is false +if [ "$isSyncing" == "false" ]; then + echo "Node is synched." +else + echo "Error: Node is still syncing but has peers. Check again later" + exit 1 +fi + +echo "Health check passed." +exit 0 From 34eac1c4958fedbde35b1bb239e50a34d46cb893 Mon Sep 17 00:00:00 2001 From: Guillermo Perez Date: Tue, 19 Dec 2023 19:45:32 +0100 Subject: [PATCH 02/13] missing path change for centrifuge binary --- docker/centrifuge-chain/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/centrifuge-chain/Dockerfile b/docker/centrifuge-chain/Dockerfile index cc98e74e42..11f18dbee0 100644 --- a/docker/centrifuge-chain/Dockerfile +++ b/docker/centrifuge-chain/Dockerfile @@ -50,8 +50,8 @@ FROM --platform=linux/amd64 docker.io/library/ubuntu:jammy RUN mkdir -p /data && \ chown -R centrifuge:centrifuge /data && \ chown -R centrifuge:centrifuge /resources && \ - chown -R centrifuge:centrifuge /usr/local/bin/centrifuge-chain && \ chown -R centrifuge:centrifuge /centrifuge/ + RUN chmod -R +x /centrifuge/bin/ \ chmod -R +x /centrifuge/scripts/ From 93a12f15cd64a9fecce48b553e86aa322781fc40 Mon Sep 17 00:00:00 2001 From: Guillermo Perez Date: Tue, 19 Dec 2023 20:12:29 +0100 Subject: [PATCH 03/13] push docker to GH registry on PRs to test image --- .github/workflows/build-docker.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index 032cff5ade..cff5f52bba 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -22,7 +22,8 @@ jobs: target: [ release, test ] runs-on: ubuntu-latest-8-cores permissions: - contents: write + contents: write + id-token: write steps: - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4 with: @@ -41,7 +42,7 @@ jobs: id: meta uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 #v5 with: - images: centrifugeio/centrifuge-chain + images: ${{ github.event_name != 'pull_request' && 'centrifugeio/centrifuge-chain' || 'ghcr.io/centrifuge/centrifuge-chain' }} tags: | type=semver,pattern={{raw}},prefix=${{ matrix.target == 'test' && 'test-' || '' }} type=raw,value=latest,enable=${{ github.event_name == 'release' }} @@ -63,7 +64,8 @@ jobs: file: ./docker/centrifuge-chain/Dockerfile build-args: | FEATURES=${{ matrix.target == 'test' && 'fast-runtime' || '' }} - push: ${{ github.event_name != 'pull_request' }} + # Always push, either to ghcr or Dockerhub + push: true tags: ${{ steps.meta.outputs.tags }} # Cache options: # https://docs.docker.com/build/ci/github-actions/cache/ From 9c7e809ec8610808c4348c9d669ec2e87db10477 Mon Sep 17 00:00:00 2001 From: Guillermo Perez Date: Wed, 20 Dec 2023 10:41:43 +0100 Subject: [PATCH 04/13] more standard paths for the binaries --- docker/centrifuge-chain/Dockerfile | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/docker/centrifuge-chain/Dockerfile b/docker/centrifuge-chain/Dockerfile index 11f18dbee0..137f048ed1 100644 --- a/docker/centrifuge-chain/Dockerfile +++ b/docker/centrifuge-chain/Dockerfile @@ -36,37 +36,33 @@ FROM --platform=linux/amd64 docker.io/library/ubuntu:jammy io.centrifuge.image.created="${BUILD_DATE}" RUN apt-get update && apt-get install -y curl jq - - RUN apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/* ; + RUN apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/* # Because of the following, all data and config directories need to be owned by UID and GID 1000 RUN useradd -m -u 1000 -U -s /bin/sh -d /centrifuge centrifuge - COPY node/res /resources/ - COPY --from=builder /centrifuge-chain/target/release/centrifuge-chain /centrifuge/bin/ - COPY ./docker/scripts/ /centrifuge/scripts/ + COPY --from=builder /centrifuge-chain/target/release/centrifuge-chain /usr/local/bin/ + + COPY docker/scripts /centrifuge/scripts + RUN chmod +x /centrifuge/scripts/* && \ + ln -s /centrifuge/scripts/* /usr/local/bin/ RUN mkdir -p /data && \ chown -R centrifuge:centrifuge /data && \ chown -R centrifuge:centrifuge /resources && \ chown -R centrifuge:centrifuge /centrifuge/ - - RUN chmod -R +x /centrifuge/bin/ \ - chmod -R +x /centrifuge/scripts/ - - # Alternative: create symlinks on /usr/local/bin or similar - ENV PATH=/centrifuge/scripts/:$PATH - ENV PATH=/centrifuge/bin/:$PATH # Running as an non-root is a good security practice # in some cases the container can be forced to run as root overriding the next line # but by default we want to enforce this. USER centrifuge +WORKDIR /centrifuge # checks RUN ldd /usr/local/bin/centrifuge-chain && \ /usr/local/bin/centrifuge-chain --version +RUN set -e && command -v check-node-ready && command -v entrypoint.sh EXPOSE 30333 9933 9944 VOLUME ["/data"] From 2bf6fefd09cdfacf4e777c0a01d1f6684db2f6f9 Mon Sep 17 00:00:00 2001 From: Guillermo Perez Date: Wed, 20 Dec 2023 13:42:26 +0100 Subject: [PATCH 05/13] log into ghcr --- .github/workflows/build-docker.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index cff5f52bba..e5f35d5e81 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -11,7 +11,8 @@ on: pull_request: paths: - ".github/workflows/build-docker.yml" - - "docker/centrifuge-chain/Dockerfile" + - "docker/" + - ".dockerignore" concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }}${{ github.event_name }} cancel-in-progress: true @@ -30,12 +31,22 @@ jobs: fetch-depth: 0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 #v3 + - name: DockerHub Login + if: github.event_name != 'pull_request' uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_TOKEN }} + - name: GHCR login (PRs only) + if: github.event_name == 'pull_request' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - run: echo "NOW=$(date -u +%y-%m-%d)" >> $GITHUB_ENV - name: Setup docker metadata From da6dda49a2d0696ca5d4368e5f98d115d4f601b7 Mon Sep 17 00:00:00 2001 From: Guillermo Perez Date: Wed, 20 Dec 2023 14:31:41 +0100 Subject: [PATCH 06/13] Add standardized OCI labels --- docker/centrifuge-chain/Dockerfile | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/docker/centrifuge-chain/Dockerfile b/docker/centrifuge-chain/Dockerfile index 137f048ed1..a9a7f08fe5 100644 --- a/docker/centrifuge-chain/Dockerfile +++ b/docker/centrifuge-chain/Dockerfile @@ -27,13 +27,25 @@ FROM --platform=linux/amd64 docker.io/paritytech/ci-linux:production as builder # and simply download the binaries here. Some short of hash or integrity check would need to # happen to make sure the binary is what we want. FROM --platform=linux/amd64 docker.io/library/ubuntu:jammy + ARG BUILD_DATE + ARG VERSION + # Standard OCI labels + # https://github.com/opencontainers/image-spec/blob/main/annotations.md + LABEL io.centrifuge.image.vendor="Centrifuge" \ + org.opencontainers.image.created= \ + org.opencontainers.image.authors="protocol@k-f.co" \ + org.opencontainers.image.title="centrifugeio/centrifuge-chain" \ + org.opencontainers.image.description="Centrifuge, the layer 1 of RWA. This is the official Centrifuge (para)chain image" \ + org.opencontainers.image.source="https://github.com/centrifuge/centrifuge-chain/" \ + org.opencontainers.image.created="${BUILD_DATE}" \ + org.opencontainers.image.documentation="https://github.com/centrifuge/centrifuge-chain/blob/main/README.md" \ + org.opencontainers.image.version="$VERSION" \ + org.opencontainers.image.licenses="GPL-3" \ + org.opencontainers.image.base.name="ubuntu/jammy" \ + org.opencontainers.image.base.digest="ubuntu@sha256:6042500cf4b44023ea1894effe7890666b0c5c7871ed83a97c36c76ae560bb9b" + # org.opencontainers.image.url= \ + - LABEL io.centrifuge.image.authors="protocol@k-f.co" \ - io.centrifuge.image.vendor="Centrifuge" \ - io.centrifuge.image.title="centrifugeio/centrifuge-chain" \ - io.centrifuge.image.description="Centrifuge, the layer 1 of RWA. This is the official Centrifuge (para)chain image" \ - io.centrifuge.image.source="https://github.com/centrifuge/centrifuge-chain/blob/main/docker/centrifuge-chain/Dockerfile" \ - io.centrifuge.image.created="${BUILD_DATE}" RUN apt-get update && apt-get install -y curl jq RUN apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/* From 6338404dcf67bd54b234ec102eef898ec375fcc3 Mon Sep 17 00:00:00 2001 From: Guillermo Perez Date: Wed, 20 Dec 2023 14:34:40 +0100 Subject: [PATCH 07/13] push to both registries --- .github/workflows/build-docker.yml | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index e5f35d5e81..4baec36e07 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -32,20 +32,18 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 #v3 - - name: DockerHub Login - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 + - name: DockerHub Registry Login + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_TOKEN }} - - name: GHCR login (PRs only) - if: github.event_name == 'pull_request' - uses: docker/login-action@v3 + - name: Github Registry login + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d with: registry: ghcr.io username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + password: ${{ secrets.GITHUB_TOKEN }} - run: echo "NOW=$(date -u +%y-%m-%d)" >> $GITHUB_ENV @@ -53,7 +51,9 @@ jobs: id: meta uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 #v5 with: - images: ${{ github.event_name != 'pull_request' && 'centrifugeio/centrifuge-chain' || 'ghcr.io/centrifuge/centrifuge-chain' }} + images: | + ghcr.io/centrifuge/centrifuge-chain + ${{ github.event_name != 'pull_request' && 'centrifugeio/centrifuge-chain'}} tags: | type=semver,pattern={{raw}},prefix=${{ matrix.target == 'test' && 'test-' || '' }} type=raw,value=latest,enable=${{ github.event_name == 'release' }} @@ -68,6 +68,7 @@ jobs: core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || ''); core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || ''); + - run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV - name: Build and push centrifugeio/centrifuge-chain uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 #v5 with: @@ -75,6 +76,8 @@ jobs: file: ./docker/centrifuge-chain/Dockerfile build-args: | FEATURES=${{ matrix.target == 'test' && 'fast-runtime' || '' }} + BUILD_DATE=${{ env.NOW }} + VERSION=${{env.VERSION}} # Always push, either to ghcr or Dockerhub push: true tags: ${{ steps.meta.outputs.tags }} @@ -95,14 +98,14 @@ jobs: repository: centrifuge/centrifuge-chain short-description: ${{ github.event.repository.description }} enable-url-completion: true - + - name: Update GitHub release if: github.event_name == 'release' && matrix.target == 'release' uses: softprops/action-gh-release@v1 with: append_body: true body: | - **Docker tags:** + **Docker tags:** ${{ steps.meta.outputs.tags }} - if: failure() From b99ac64fe43982813beeaeac4ca968e19148118a Mon Sep 17 00:00:00 2001 From: Guillermo Perez Date: Wed, 20 Dec 2023 20:51:07 +0100 Subject: [PATCH 08/13] fix registry permissions --- .github/workflows/build-docker.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index 4baec36e07..d1442e0ad1 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -23,8 +23,8 @@ jobs: target: [ release, test ] runs-on: ubuntu-latest-8-cores permissions: - contents: write - id-token: write + contents: write # to update the GH release w/ Docker tags + packages: write # to upload images to ghcr steps: - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4 with: From 769701e980beb8506b51f16065e4e9cec880cf61 Mon Sep 17 00:00:00 2001 From: Guillermo Perez Date: Wed, 20 Dec 2023 22:20:23 +0100 Subject: [PATCH 09/13] test different permissions --- .github/workflows/build-docker.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index d1442e0ad1..c40addb22f 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -25,6 +25,7 @@ jobs: permissions: contents: write # to update the GH release w/ Docker tags packages: write # to upload images to ghcr + id-token: write steps: - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4 with: @@ -32,11 +33,11 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 #v3 - - name: DockerHub Registry Login - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} + # - name: DockerHub Registry Login + # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d + # with: + # username: ${{ secrets.DOCKER_HUB_USERNAME }} + # password: ${{ secrets.DOCKER_HUB_TOKEN }} - name: Github Registry login uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d @@ -53,7 +54,7 @@ jobs: with: images: | ghcr.io/centrifuge/centrifuge-chain - ${{ github.event_name != 'pull_request' && 'centrifugeio/centrifuge-chain'}} + ${{ github.event_name != 'pull_request' && 'centrifugeio/centrifuge-chain' || ''}} tags: | type=semver,pattern={{raw}},prefix=${{ matrix.target == 'test' && 'test-' || '' }} type=raw,value=latest,enable=${{ github.event_name == 'release' }} From 12ec00a0dc02f8bf476aa8fb7b63e72812de0c4a Mon Sep 17 00:00:00 2001 From: Guillermo Perez Date: Sun, 24 Dec 2023 14:03:15 +0100 Subject: [PATCH 10/13] comply with RFC3339 standard date format --- .github/workflows/build-docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index c40addb22f..b3ccb5d521 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -46,7 +46,7 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - run: echo "NOW=$(date -u +%y-%m-%d)" >> $GITHUB_ENV + - run: echo "NOW=$(date -u +%Y-%m-%d)" >> $GITHUB_ENV - name: Setup docker metadata id: meta From 48d68107d9a752c1dfdd1c5c55251fbd7638fcbf Mon Sep 17 00:00:00 2001 From: Guillermo Perez Date: Tue, 26 Dec 2023 21:09:49 +0100 Subject: [PATCH 11/13] Minor Docker enhancements # Description This PR: - Sets some additional RFC standard LABELS to our Docker container - Upload the container to both GitHub and DockerHub registries (PRs do not upload to DH) - Minor Dockerfile efficiencies. It's a follow up from #1656 --- .github/workflows/build-docker.yml | 19 +++++++++++++------ docker/centrifuge-chain/Dockerfile | 19 ++----------------- docker/scripts/check-node-ready | 27 --------------------------- 3 files changed, 15 insertions(+), 50 deletions(-) delete mode 100644 docker/scripts/check-node-ready diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index b3ccb5d521..403f1440dc 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -11,7 +11,8 @@ on: pull_request: paths: - ".github/workflows/build-docker.yml" - - "docker/" + - "docker/centrifuge-chain" + - "docker/scripts" - ".dockerignore" concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }}${{ github.event_name }} @@ -33,11 +34,11 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 #v3 - # - name: DockerHub Registry Login - # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d - # with: - # username: ${{ secrets.DOCKER_HUB_USERNAME }} - # password: ${{ secrets.DOCKER_HUB_TOKEN }} + - name: DockerHub Registry Login + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_TOKEN }} - name: Github Registry login uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d @@ -61,6 +62,12 @@ jobs: type=ref,event=tag,suffix=-{{sha}}-${{ env.NOW }},prefix=${{ matrix.target == 'test' && 'test-' || '' }} type=ref,event=pr,suffix=-{{sha}}-${{ env.NOW }},prefix=${{ matrix.target == 'test' && 'test-' || '' }}PR type=ref,event=branch,prefix=${{ matrix.target == 'test' && 'test-' || '' }},suffix=-{{sha}}-${{ env.NOW }} + labels: | + org.opencontainers.image.vendor="K/F Labs" \ + org.opencontainers.image.authors="protocol@k-f.co" \ + org.opencontainers.image.documentation="https://github.com/centrifuge/centrifuge-chain/blob/main/README.md" \ + org.opencontainers.image.base.name="ubuntu/jammy" \ + org.opencontainers.image.base.digest="ubuntu@sha256:6042500cf4b44023ea1894effe7890666b0c5c7871ed83a97c36c76ae560bb9b" - name: Configure GHA cache uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea #v6 diff --git a/docker/centrifuge-chain/Dockerfile b/docker/centrifuge-chain/Dockerfile index a9a7f08fe5..6f5d96b92d 100644 --- a/docker/centrifuge-chain/Dockerfile +++ b/docker/centrifuge-chain/Dockerfile @@ -29,23 +29,6 @@ FROM --platform=linux/amd64 docker.io/paritytech/ci-linux:production as builder FROM --platform=linux/amd64 docker.io/library/ubuntu:jammy ARG BUILD_DATE ARG VERSION - # Standard OCI labels - # https://github.com/opencontainers/image-spec/blob/main/annotations.md - LABEL io.centrifuge.image.vendor="Centrifuge" \ - org.opencontainers.image.created= \ - org.opencontainers.image.authors="protocol@k-f.co" \ - org.opencontainers.image.title="centrifugeio/centrifuge-chain" \ - org.opencontainers.image.description="Centrifuge, the layer 1 of RWA. This is the official Centrifuge (para)chain image" \ - org.opencontainers.image.source="https://github.com/centrifuge/centrifuge-chain/" \ - org.opencontainers.image.created="${BUILD_DATE}" \ - org.opencontainers.image.documentation="https://github.com/centrifuge/centrifuge-chain/blob/main/README.md" \ - org.opencontainers.image.version="$VERSION" \ - org.opencontainers.image.licenses="GPL-3" \ - org.opencontainers.image.base.name="ubuntu/jammy" \ - org.opencontainers.image.base.digest="ubuntu@sha256:6042500cf4b44023ea1894effe7890666b0c5c7871ed83a97c36c76ae560bb9b" - # org.opencontainers.image.url= \ - - RUN apt-get update && apt-get install -y curl jq RUN apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/* @@ -57,6 +40,8 @@ FROM --platform=linux/amd64 docker.io/library/ubuntu:jammy COPY --from=builder /centrifuge-chain/target/release/centrifuge-chain /usr/local/bin/ COPY docker/scripts /centrifuge/scripts + # The following will make everything under /centrifuge/scripts reachable from PATH + # by creating a symbolic link into /usr/local/bin RUN chmod +x /centrifuge/scripts/* && \ ln -s /centrifuge/scripts/* /usr/local/bin/ diff --git a/docker/scripts/check-node-ready b/docker/scripts/check-node-ready deleted file mode 100644 index f31db3a081..0000000000 --- a/docker/scripts/check-node-ready +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -# Contact port 9933 and store the response -response=$(curl -s http://localhost:9933/health) - -# Extract the number of peers and the syncing status from the response -peers=$(echo "$response" | jq '.peers') -isSyncing=$(echo "$response" | jq '.isSyncing') - -# Check that the number of peers is more than 0 -if [ "$peers" -gt 0 ]; then - echo "Node has peers." -else - echo "Error: Node has no peers. Check the logs" - exit 1 -fi - -# Check that syncing is false -if [ "$isSyncing" == "false" ]; then - echo "Node is synched." -else - echo "Error: Node is still syncing but has peers. Check again later" - exit 1 -fi - -echo "Health check passed." -exit 0 From 0ea1accfe8d2353126f8c63f5c955de876c5f5c9 Mon Sep 17 00:00:00 2001 From: Guillermo Perez Date: Tue, 26 Dec 2023 21:16:04 +0100 Subject: [PATCH 12/13] cleanup from old PR --- .github/workflows/build-docker.yml | 3 --- docker/centrifuge-chain/Dockerfile | 1 - 2 files changed, 4 deletions(-) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index 403f1440dc..6ce272695f 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -76,7 +76,6 @@ jobs: core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || ''); core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || ''); - - run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV - name: Build and push centrifugeio/centrifuge-chain uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 #v5 with: @@ -84,8 +83,6 @@ jobs: file: ./docker/centrifuge-chain/Dockerfile build-args: | FEATURES=${{ matrix.target == 'test' && 'fast-runtime' || '' }} - BUILD_DATE=${{ env.NOW }} - VERSION=${{env.VERSION}} # Always push, either to ghcr or Dockerhub push: true tags: ${{ steps.meta.outputs.tags }} diff --git a/docker/centrifuge-chain/Dockerfile b/docker/centrifuge-chain/Dockerfile index 6f5d96b92d..900e44d13e 100644 --- a/docker/centrifuge-chain/Dockerfile +++ b/docker/centrifuge-chain/Dockerfile @@ -59,7 +59,6 @@ WORKDIR /centrifuge # checks RUN ldd /usr/local/bin/centrifuge-chain && \ /usr/local/bin/centrifuge-chain --version -RUN set -e && command -v check-node-ready && command -v entrypoint.sh EXPOSE 30333 9933 9944 VOLUME ["/data"] From bca265ab5e68950d18e0eeab90ee88cbd7886733 Mon Sep 17 00:00:00 2001 From: Guillermo Perez Date: Tue, 9 Jan 2024 00:04:55 +0100 Subject: [PATCH 13/13] Update build-docker.yml with kf info --- .github/workflows/build-docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index 6ce272695f..92fc658045 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -63,7 +63,7 @@ jobs: type=ref,event=pr,suffix=-{{sha}}-${{ env.NOW }},prefix=${{ matrix.target == 'test' && 'test-' || '' }}PR type=ref,event=branch,prefix=${{ matrix.target == 'test' && 'test-' || '' }},suffix=-{{sha}}-${{ env.NOW }} labels: | - org.opencontainers.image.vendor="K/F Labs" \ + org.opencontainers.image.vendor="k-f dev AG" \ org.opencontainers.image.authors="protocol@k-f.co" \ org.opencontainers.image.documentation="https://github.com/centrifuge/centrifuge-chain/blob/main/README.md" \ org.opencontainers.image.base.name="ubuntu/jammy" \