From 0c97be27c35914a482436cc7724d3ec6a241a867 Mon Sep 17 00:00:00 2001 From: vladupshot <154623109+vladupshot@users.noreply.github.com> Date: Wed, 10 Jan 2024 10:57:22 +1300 Subject: [PATCH] adjust docker file --- ...loy_aws_staging.yml => build_push_ecr.yml} | 18 +------ docker/Dockerfile | 54 ++++++++++--------- 2 files changed, 30 insertions(+), 42 deletions(-) rename .github/workflows/{deploy_aws_staging.yml => build_push_ecr.yml} (62%) diff --git a/.github/workflows/deploy_aws_staging.yml b/.github/workflows/build_push_ecr.yml similarity index 62% rename from .github/workflows/deploy_aws_staging.yml rename to .github/workflows/build_push_ecr.yml index 844054a..934dcba 100644 --- a/.github/workflows/deploy_aws_staging.yml +++ b/.github/workflows/build_push_ecr.yml @@ -40,22 +40,6 @@ jobs: IMAGE_TAG: ${{ github.sha }} run: | # Build a docker container and push it to ECR so that it can be deployed to ECS. - docker build -f docker/Dockerfile --build-arg "ghcr_token=${{ secrets.GHCR_TOKEN }}" -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . + docker build -f docker/Dockerfile --build-arg "GH_TOKEN=${{ secrets.GHCR_TOKEN }}" -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> "$GITHUB_OUTPUT" - - # - name: Fill in the new image ID in the Amazon ECS task definition - # id: compute-node-task-def - # uses: aws-actions/amazon-ecs-render-task-definition@v1 - # with: - # task-definition: infra/staging-task-def.json - # container-name: upshot-compute-node - # image: ${{ steps.compute-node-build-image.outputs.image }} - - # - name: upshot-compute-node - Deploy Amazon ECS task definition - # uses: aws-actions/amazon-ecs-deploy-task-definition@v1 - # with: - # task-definition: ${{ steps.compute-node-task-def.outputs.task-definition }} - # service: upshot-compute-node - # cluster: upshot-backend-staging - # # wait-for-service-stability: true diff --git a/docker/Dockerfile b/docker/Dockerfile index 6b4f44d..2d883ad 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -8,61 +8,64 @@ RUN go mod download && \ make all ########################### -FROM --platform=linux/amd64 debian:bookworm-slim - -ARG ghcr_token +FROM --platform=linux/amd64 python:3.12-slim-bookworm WORKDIR /app ## curl, unzip other utilities +#! libssl-dev - BLS_RUNTIME dependency +#! gh - to doenaload release from priv repo RUN apt update && \ apt -y dist-upgrade && \ apt install -y --no-install-recommends \ tzdata \ curl \ unzip \ - pv \ ca-certificates \ - gnupg2 \ - python3 \ - python3-pip && \ + libssl-dev \ + gh && \ rm -rf /var/cache/apt/* # gomplete for updating config with env vars -RUN curl -o ./gomplate -sSL https://github.com/hairyhenderson/gomplate/releases/download/v3.10.0/gomplate_linux-amd64 && \ - chmod 755 gomplate +RUN GOMPLATE_VER=v3.11.6 && \ + curl -o /usr/local/bin/gomplate -sSL https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VER}/gomplate_linux-amd64 && \ + chmod 755 /usr/local/bin/gomplate # get the runtime -RUN curl -o ./runtime.tar.gz -sSL https://github.com/blocklessnetwork/runtime/releases/download/v0.3.1/blockless-runtime.ubuntu-20.04.x86_64.tar.gz && \ +ARG GH_TOKEN +RUN BLS_RUNTIME_VER=v0.3.1 && \ + curl -o ./runtime.tar.gz -sSL https://github.com/blocklessnetwork/bls-runtime/releases/download/${BLS_RUNTIME_VER}/blockless-runtime.linux-latest.x86_64.tar.gz && \ mkdir /app/runtime && \ tar -xvkf ./runtime.tar.gz -C /app/runtime && \ rm ./runtime.tar.gz - +ARG GH_TOKEN # get the upshot-extension -RUN curl -L -s -H "Authorization: token ${ghcr_token}" -H 'Accept:application/octet-stream' \ - "https://api.github.com/repos/upshot-tech/upshot-blockless-extension/releases/assets/142012669" \ - -o upshot-extension.tar.gz && \ +RUN BLS_EXTENSION_VER="dev.3" && \ + gh release download \ + --repo "upshot-tech/upshot-blockless-extension" \ + --pattern '*linux-amd64.tar.gz' \ + --output upshot-extension.tar.gz && \ mkdir /app/runtime/extensions && \ tar -xvkf ./upshot-extension.tar.gz -C /app/runtime/extensions && \ rm ./upshot-extension.tar.gz -# libssl 1.1 -RUN curl -o ./libssl.deb -sSL http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.0g-2ubuntu4_amd64.deb && \ - dpkg -i ./libssl.deb && \ - rm ./libssl.deb - -# Install AWS CLI so we can use to backup to IPFS s3 compatible storage providers -RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \ - unzip awscliv2.zip -d /usr/src && \ - rm -f awscliv2.zip && \ - /usr/src/aws/install --bin-dir /usr/bin - ## setup RUN mkdir /app/keys COPY --from=builder /src/dist/upshot-node upshot-node COPY --from=builder /src/dist/upshot-keys upshot-keys +# Smoke test +RUN /app/runtime/bls-runtime --help && \ + /app/runtime/extensions/upshot-blockless-extension --help + +# TODO: to decrease number of installed tools, => size of the image and Increase security posture +# should move aws cli into another image +# Install AWS CLI so we can use to backup to IPFS s3 compatible storage providers +RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \ + && unzip awscliv2.zip -d /usr/src && rm -f awscliv2.zip \ + && /usr/src/aws/install --bin-dir /usr/bin + ## run script COPY ./docker/run.sh ./run.sh RUN chmod +x ./run.sh @@ -70,6 +73,7 @@ RUN chmod +x ./run.sh ENV AWS_ACCESS_KEY_ID= ENV AWS_SECRET_ACCESS_KEY= ENV S3_HOST="${S3_HOST:-https://s3.filebase.com}" + ENV KEY_PATH="" ENV KEY_PASSWORD="" ENV CHAIN_RPC_NODE="http://0.0.0.0:26657"