Merge pull request #437 from iotaledger/feat/clean-dockerfile

Production Dockerfile & automated Featurenet deployment
iotaledger · Oct 17, 2023 · b071ddf · b071ddf
2 parents 0be4fe5 + 87a0a71
commit b071ddf
Show file tree

Hide file tree

Showing 7 changed files with 164 additions and 40 deletions.
diff --git a/.github/workflows/feature-network-deploy.yml b/.github/workflows/feature-network-deploy.yml
@@ -0,0 +1,77 @@
+name: Feature network deploy
+on:
+  push:
+    branches:
+      - develop
+  workflow_dispatch:
+    inputs:
+      snapshotUrl:
+        description: 'Custom snapshot URL:'
+        required: false
+        default: ""
+
+jobs:
+  deploy:
+    environment: feature
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_BUILDKIT: 1
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Cache Docker layers
+        uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: '${{ secrets.IOTALEDGER_DOCKER_USERNAME }}'
+          password: '${{ secrets.IOTALEDGER_DOCKER_PASSWORD }}'
+
+      - name: Publish to Docker Hub
+        uses: docker/build-push-action@v3
+        with:
+          tags: iotaledger/iota-core:feature
+          push: true
+          build-args: |
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new
+
+      - # Temp fix
+        # https://github.com/docker/build-push-action/issues/252
+        # https://github.com/moby/buildkit/issues/1896
+        name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
+      - name: Install SSH Key
+        env:
+          SSH_DEPLOY_KEY: ${{ secrets.SSH_DEPLOY_KEY }}
+        run: |
+          mkdir -p ~/.ssh/
+          echo "$SSH_DEPLOY_KEY" > ~/.ssh/id_ed25519
+          sudo chmod 600 ~/.ssh/id_ed25519
+          echo '
+               Host *
+                 StrictHostKeyChecking no
+                 UserKnownHostsFile=/dev/null
+               ' > ~/.ssh/config
+
+      - name: Ansible deploy
+        env:
+          CUSTOM_SNAPSHOT_URL: '${{ github.event.inputs.snapshotUrl }}'
+          DEFAULT_SNAPSHOT_URL: 'https://0x0.st/HJXh.bin'
+          NETWORK_ENVIRONMENT: '${{ secrets.NETWORK_ENVIRONMENT }}'
+          IOTA_CORE_DOCKER_IMAGE_REPO: 'iotaledger/iota-core'
+          IOTA_CORE_DOCKER_IMAGE_TAG: 'feature'
+        run: ./deploy/ansible/run.sh feature.yml
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,5 @@
-ARG WITH_GO_WORK=0
 # https://hub.docker.com/_/golang
-FROM golang:1.21-bullseye AS base
+FROM golang:1.21-bookworm AS build
 
 ARG BUILD_TAGS=rocksdb
 
@@ -13,53 +12,28 @@ RUN mkdir /scratch /app
 
 WORKDIR /scratch
 
-FROM base AS env-with-go-work-0
-
-# Here we assume our build context is the parent directory of iota-core
-COPY . ./iota-core
-
-# We don't want go.work files to interfere in this build environment
-RUN rm -f /scratch/iota-core/go.work /scratch/iota-core/go.work.sum
-
-FROM base AS env-with-go-work-1
-
-COPY ./iota-core ./iota-core
-COPY ./iota.go ./iota.go
-COPY ./hive.go ./hive.go
-COPY ./inx/go ./inx/go
-COPY ./inx-app ./inx-app
-COPY ./go.work ./
-COPY ./go.work.sum ./
-
-FROM env-with-go-work-${WITH_GO_WORK} AS build
-
-WORKDIR /scratch/iota-core
+COPY . .
 
 # Ensure ca-certificates are up to date
 RUN update-ca-certificates
 
-ENV GOCACHE=/go/cache
-
 # Download go modules
-RUN --mount=type=cache,target=/go go mod download
-# Do not verify modules if we have local modules coming from go.work
-RUN --mount=type=cache,target=/go if [ "${WITH_GO_WORK}" = "0" ]; then go mod verify; fi
+RUN go mod download
+RUN go mod verify
 
 # Build the binary
-RUN --mount=type=cache,target=/go go build -o /app/iota-core -tags="$BUILD_TAGS" -ldflags='-w -s'
+RUN go build -o /app/iota-core -tags="$BUILD_TAGS" -ldflags='-w -s'
 
 # Copy the assets
 RUN cp ./config_defaults.json /app/config.json
 RUN cp ./peering.json /app/peering.json
 
-RUN mkdir -p /app/data/peerdb
-
 ############################
 # Runtime Image
 ############################
-# https://console.cloud.google.com/gcr/images/distroless/global/cc-debian11
+# https://console.cloud.google.com/gcr/images/distroless/global/cc-debian12
 # using distroless cc "nonroot" image, which includes everything in the base image (glibc, libssl and openssl)
-FROM gcr.io/distroless/cc-debian11:nonroot
+FROM gcr.io/distroless/cc-debian12:nonroot
 
 # Copy the app dir into distroless image
 COPY --chown=nonroot:nonroot --from=build /app /app

diff --git a/Dockerfile.dev b/Dockerfile.dev
@@ -0,0 +1,70 @@
+ARG WITH_GO_WORK=0
+# https://hub.docker.com/_/golang
+FROM golang:1.21-bookworm AS base
+
+ARG BUILD_TAGS=rocksdb
+
+LABEL org.label-schema.description="IOTA core node"
+LABEL org.label-schema.name="iotaledger/iota-core"
+LABEL org.label-schema.schema-version="1.0"
+LABEL org.label-schema.vcs-url="https://github.com/iotaledger/iota-core"
+
+RUN mkdir /scratch /app
+
+WORKDIR /scratch
+
+FROM base AS env-with-go-work-0
+
+# Here we assume our build context is the parent directory of iota-core
+COPY . ./iota-core
+
+# We don't want go.work files to interfere in this build environment
+RUN rm -f /scratch/iota-core/go.work /scratch/iota-core/go.work.sum
+
+FROM base AS env-with-go-work-1
+
+COPY ./iota-core ./iota-core
+COPY ./iota.go ./iota.go
+COPY ./hive.go ./hive.go
+COPY ./inx/go ./inx/go
+COPY ./inx-app ./inx-app
+COPY ./go.work ./
+COPY ./go.work.sum ./
+
+FROM env-with-go-work-${WITH_GO_WORK} AS build
+
+WORKDIR /scratch/iota-core
+
+# Ensure ca-certificates are up to date
+RUN update-ca-certificates
+
+ENV GOCACHE=/go/cache
+
+# Download go modules
+RUN --mount=type=cache,target=/go go mod download
+# Do not verify modules if we have local modules coming from go.work
+RUN --mount=type=cache,target=/go if [ "${WITH_GO_WORK}" = "0" ]; then go mod verify; fi
+
+# Build the binary
+RUN --mount=type=cache,target=/go go build -o /app/iota-core -tags="$BUILD_TAGS" -ldflags='-w -s'
+
+# Copy the assets
+RUN cp ./config_defaults.json /app/config.json
+RUN cp ./peering.json /app/peering.json
+
+RUN mkdir -p /app/data/peerdb
+
+############################
+# Runtime Image
+############################
+# https://console.cloud.google.com/gcr/images/distroless/global/cc-debian12
+# using distroless cc "nonroot" image, which includes everything in the base image (glibc, libssl and openssl)
+FROM gcr.io/distroless/cc-debian12:nonroot
+
+# Copy the app dir into distroless image
+COPY --chown=nonroot:nonroot --from=build /app /app
+
+WORKDIR /app
+USER nonroot
+
+ENTRYPOINT ["/app/iota-core"]
diff --git a/deploy/ansible/roles/iota-core-node/tasks/main.yml b/deploy/ansible/roles/iota-core-node/tasks/main.yml
@@ -9,9 +9,9 @@
     state: directory
     mode: '0755'
 
-- name: Copy snapshot file
-  copy:
-    src: "{{ snapshot_path }}"
+- name: Download snapshot file
+  get_url:
+    url: "{{ customSnapshotUrl if customSnapshotUrl else defaultSnapshotUrl }}"
     dest: /opt/iota-core/snapshot.bin
     mode: '0644'
 

diff --git a/deploy/ansible/run.sh b/deploy/ansible/run.sh
@@ -1,3 +1,5 @@
+eval "$NETWORK_ENVIRONMENT"
+
 export ANSIBLE_STRATEGY=free
 export ANSIBLE_PIPELINING=true
 export ANSIBLE_PERSISTENT_CONTROL_PATH_DIR="/tmp/"
@@ -6,7 +8,8 @@ ARGS=("$@")
 ansible-playbook -u root -i deploy/ansible/hosts/"${1:-feature.yml}" \
   --forks 20 --ssh-common-args "-o ControlMaster=auto -o ControlPersist=5m" \
   --extra-vars \
-"snapshot_path=$SNAPSHOT_PATH
+"customSnapshotUrl=$CUSTOM_SNAPSHOT_URL
+defaultSnapshotUrl=$DEFAULT_SNAPSHOT_URL
 iota_core_docker_image_repo=$IOTA_CORE_DOCKER_IMAGE_REPO
 iota_core_docker_image_tag=$IOTA_CORE_DOCKER_IMAGE_TAG
 wireguard_server_private_key=$WIREGUARD_SERVER_PRIVKEY

diff --git a/tools/docker-network/run.sh b/tools/docker-network/run.sh
@@ -26,12 +26,12 @@ echo "Build iota-core"
 
 # Setup necessary environment variables.
 export DOCKER_BUILD_CONTEXT="../../"
-export DOCKERFILE_PATH="./Dockerfile"
+export DOCKERFILE_PATH="./Dockerfile.dev"
 
 if [[ "$WITH_GO_WORK" -eq 1 ]]
 then
   export DOCKER_BUILD_CONTEXT="../../../"
-  export DOCKERFILE_PATH="./iota-core/Dockerfile"
+  export DOCKERFILE_PATH="./iota-core/Dockerfile.dev"
 fi
 
 # Allow docker compose to build and cache an image

diff --git a/tools/genesis-snapshot/presets/presets.go b/tools/genesis-snapshot/presets/presets.go
@@ -150,7 +150,7 @@ var Feature = []options.Option[snapshotcreator.Options]{
 		iotago.NewV3ProtocolParameters(
 			iotago.WithNetworkOptions("feature", "rms"),
 			iotago.WithSupplyOptions(10_000_000_000, 100, 1, 10, 100, 100, 100),
-			iotago.WithTimeProviderOptions(1689848996, 10, 13),
+			iotago.WithTimeProviderOptions(1697406181, 10, 13),
 			iotago.WithLivenessOptions(30, 30, 10, 20, 30),
 			// increase/decrease threshold = fraction * slotDurationInSeconds * schedulerRate
 			iotago.WithCongestionControlOptions(500, 500, 500, 800000, 500000, 100000, 1000, 100),