Skip to content

Commit

Permalink
.
Browse files Browse the repository at this point in the history
  • Loading branch information
@liuchengxu
liuchengxu committed Jul 6, 2024
1 parent 77450cb commit 1c26524
Show file tree
Hide file tree
Showing 3 changed files with 108 additions and 27 deletions.
21 changes: 15 additions & 6 deletions .github/workflows/docker.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ on:
branches:
- main
- docker
- 'releases/**'
- 'release/**'
tags:
- '**'

Expand All @@ -20,10 +20,16 @@ jobs:
strategy:
matrix:
platform:
- arch: linux/amd64
# - arch: linux/amd64
# profile: production
# suffix: ubuntu-x86_64-${{ github.ref_name }}
# image-suffix: ''
# dockerfile-suffix: ''
- arch: linux/arm64
profile: production
suffix: ubuntu-x86_64-${{ github.ref_name }}
image-suffix: ''
suffix: ubuntu-aarch64-${{ github.ref_name }}
image-suffix: '-aarch64'
dockerfile-suffix: '.aarch64'

steps:
- name: Set up QEMU
Expand All @@ -44,7 +50,7 @@ jobs:
uses: docker/metadata-action@v3
with:
images: |
ghcr.io/subcoin-project/subcoin-node
ghcr.io/subcoin-project/subcoin
tags: |
type=ref,event=tag
type=ref,event=branch
Expand All @@ -57,11 +63,14 @@ jobs:
id: build
uses: docker/build-push-action@v6
with:
file: Dockerfile
file: Dockerfile${{ matrix.platform.dockerfile-suffix }}
platforms: ${{ matrix.platform.arch }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
SUBSTRATE_CLI_GIT_COMMIT_HASH=${{ github.sha }}
PROFILE=${{ matrix.platform.profile }}
- name: Image digest
run: echo ${{ steps.build.outputs.digest }}
42 changes: 21 additions & 21 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,53 +7,53 @@ ARG SUBSTRATE_CLI_GIT_COMMIT_HASH
# Incremental compilation here isn't helpful
ENV CARGO_INCREMENTAL=0

WORKDIR /subcoin
WORKDIR /src

RUN \
apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
ca-certificates \
protobuf-compiler \
clang \
cmake \
curl \
git \
llvm \
clang \
cmake \
protobuf-compiler \
make && \
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y

# Copy the source code
COPY . .

RUN /root/.cargo/bin/cargo build --locked --profile=$PROFILE
# Compile the binary and move it to /subcoin.
RUN /root/.cargo/bin/cargo build --bin subcoin \
--locked \
--profile=$PROFILE \
--target $(uname -p)-unknown-linux-gnu && \
mv target/*/*/subcoin /subcoin && \
rm -rf target

# This is the 2nd stage: a very small image where we copy the binary.
FROM docker.io/library/ubuntu:22.04
FROM ubuntu:22.04
LABEL description="Multistage Docker image for Subcoin Node" \
image.type="builder" \
image.authors="xuliuchengxlc@email.com" \
image.vendor="Subcoin Contributors" \
image.description="Multistage Docker image for Subnode Node" \
image.source="https://github.com/subcoin-project/subcoin" \
image.documentation="https://subcoin-project.github.io/subcoin"

ARG PROFILE=production
image.documentation="https://subcoin-project.github.io/subcoin" \
org.opencontainers.image.description="Multistage Docker image for Subcoin Node" \
org.opencontainers.image.source="https://github.com/subcoin-project/subcoin"

# Copy the node binary.
COPY --from=builder /subcoin/target/$PROFILE/subcoin /usr/local/bin
COPY --from=builder /subcoin /subcoin

RUN mkdir /node-data && chown nobody:nogroup /node-data

RUN useradd -m -u 1000 -U -s /bin/sh -d /node-dev node-dev && \
mkdir -p /chain-data /node-dev/.local/share && \
chown -R node-dev:node-dev /chain-data && \
ln -s /chain-data /node-dev/.local/share/subcoin && \
# unclutter and minimize the attack surface
rm -rf /usr/bin /usr/sbin && \
# check if executable works in this container
/usr/local/bin/subcoin --help
VOLUME ["/node-data"]

USER node-dev
USER nobody:nogroup

EXPOSE 30333 9933 9944 9615
VOLUME ["/chain-data"]

ENTRYPOINT ["/usr/local/bin/subcoin"]
ENTRYPOINT ["/subcoin"]
72 changes: 72 additions & 0 deletions Dockerfile.aarch64
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
# This is a base image to build Subcoin node
FROM ubuntu:22.04 AS builder

ARG PROFILE=production
ARG SUBSTRATE_CLI_GIT_COMMIT_HASH

# Incremental compilation here isn't helpful
ENV CARGO_INCREMENTAL=0

WORKDIR /src

RUN \
apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
ca-certificates \
clang \
cmake \
curl \
git \
llvm \
protobuf-compiler \
make && \
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y

# Copy the source code
COPY . .

ENV RUSTFLAGS="-C linker=aarch64-linux-gnu-gcc"
ENV PKG_CONFIG_ALLOW_CROSS=true

# Dependencies necessary for successful cross-compilation
RUN \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
g++-aarch64-linux-gnu \
gcc-aarch64-linux-gnu \
libc6-dev-arm64-cross

RUN /root/.cargo/bin/rustup target add aarch64-unknown-linux-gnu && \
/root/.cargo/bin/cargo install cross

# Compile the binary and move it to /subcoin.
RUN /root/.cargo/bin/cargo build --bin subcoin \
--locked \
--profile=$PROFILE \
--target aarch64-unknown-linux-gnu && \
mv target/*/*/subcoin /subcoin && \
rm -rf target

# This is the 2nd stage: a very small image where we copy the binary.
FROM arm64v8/ubuntu:22.04
LABEL description="Multistage Docker image for Subcoin Node" \
image.type="builder" \
image.authors="xuliuchengxlc@email.com" \
image.vendor="Subcoin Contributors" \
image.description="Multistage Docker image for Subnode Node" \
image.source="https://github.com/subcoin-project/subcoin" \
image.documentation="https://subcoin-project.github.io/subcoin" \
org.opencontainers.image.description="Multistage Docker image for Subcoin Node" \
org.opencontainers.image.source="https://github.com/subcoin-project/subcoin"

# Copy the node binary.
COPY --from=builder /subcoin /subcoin

RUN mkdir /node-data && chown nobody:nogroup /node-data

VOLUME ["/node-data"]

USER nobody:nogroup

EXPOSE 30333 9933 9944 9615

ENTRYPOINT ["/subcoin"]

0 comments on commit 1c26524

Please sign in to comment.