diff --git a/.github/workflows/build_docker_images.yml b/.github/workflows/build_docker_images.yml new file mode 100644 index 00000000..04b1235c --- /dev/null +++ b/.github/workflows/build_docker_images.yml @@ -0,0 +1,61 @@ +name: Build Docker Images + +on: + release: + types: [published] + push: + branches: + - main + pull_request: + branches: + - "**" + +jobs: + check: + runs-on: ubuntu-latest + steps: + - name: Checkout repository and submodules + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Set variables + run: | + source ./scripts/versions.sh + echo GO_VERSION=$GO_VERSION >> $GITHUB_ENV + + # set docker tags: + repo=avaplatform/signature-aggregator + if [ "${{ github.event_name }}" == "release" ]; then + docker_tags=${repo}:${{ github.event.release.tag_name }},${repo}:latest + else + # strip slashes from branch name: + branch=$(echo ${{ github.ref_name }} | sed 's/\//-/g') + docker_tags=${repo}:${branch} + fi + echo DOCKER_TAGS=${docker_tags} >> $GITHUB_ENV + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Build Docker images + uses: docker/build-push-action@v5 + with: + context: . + build-args: | + GO_VERSION=${{ env.GO_VERSION }} + SIGNATURE_AGGREGATOR_API_PORT=8080 + SIGNATURE_AGGREGATOR_METRICS_PORT=8081 + file: signature-aggregator/Dockerfile + push: true + tags: ${{ env.DOCKER_TAGS }} + secrets: | + github_access_token=${{ secrets.ACTIONS_PAT }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/scripts/build_signature_aggregator_image.sh b/scripts/build_signature_aggregator_image.sh new file mode 100755 index 00000000..5ab7b9cb --- /dev/null +++ b/scripts/build_signature_aggregator_image.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +# Use this script to build the approver docker image in your local working copy +# of the repository. Be prepared to repeatedly hit your YubiKey during the `go +# mod download` step of the image build, just like you need to do for a +# non-Docker build. + +set -o errexit +set -o nounset +set -o xtrace + +REPO_PATH=$(git rev-parse --show-toplevel) +source "$REPO_PATH/scripts/versions.sh" +source "$REPO_PATH/scripts/constants.sh" + +docker_repo=avaplatform/signature-aggregator + +docker --debug build \ + --build-arg="GO_VERSION=${GO_VERSION}" \ + --build-arg="API_PORT=${SIGNATURE_AGGREGATOR_API_PORT}" \ + --build-arg="METRICS_PORT=${SIGNATURE_AGGREGATOR_METRICS_PORT}" \ + --file "$REPO_PATH/signature-aggregator/Dockerfile" \ + --ssh default \ + --tag "${docker_repo}:$(git rev-parse HEAD)" \ + --tag "${docker_repo}:$(git rev-parse --abbrev-ref HEAD | sed 's/\//-/g')" \ + . diff --git a/scripts/constants.sh b/scripts/constants.sh index ee1a483b..ab13dfc2 100755 --- a/scripts/constants.sh +++ b/scripts/constants.sh @@ -19,6 +19,11 @@ SIGNATURE_AGGREGATOR_PATH=$( relayer_path="$RELAYER_PATH/build/awm-relayer" signature_aggregator_path="$SIGNATURE_AGGREGATOR_PATH/build/signature-aggregator" +# these are duplicated here from signature-aggregator/config so they can be +# used as arguments to the docker image build. +export SIGNATURE_AGGREGATOR_API_PORT=8080 +export SIGNATURE_AGGREGATOR_METRICS_PORT=8081 + # Set the PATHS GOPATH="$(go env GOPATH)" diff --git a/signature-aggregator/Dockerfile b/signature-aggregator/Dockerfile new file mode 100644 index 00000000..ae2928ec --- /dev/null +++ b/signature-aggregator/Dockerfile @@ -0,0 +1,36 @@ +ARG GO_VERSION + +FROM golang:${GO_VERSION}-bullseye AS build_env + +WORKDIR /go/src + +# Pre-download all of the Go dependencies +COPY go.mod . +COPY go.sum . +#RUN --mount=type=ssh go mod graph | grep ledger > go.mod.graph +RUN go mod download + +# Pre-download all of the non-Go dependencies: +#COPY scripts/signature-aggregator/install_build_dependencies.sh approver/scripts/install_build_dependencies.sh +#RUN approver/scripts/install_build_dependencies.sh + +FROM build_env AS build +COPY .git ./.git +COPY scripts/constants.sh scripts/ +COPY scripts/versions.sh scripts/ +COPY peers peers +COPY utils utils +COPY types types +COPY config config +COPY scripts/build_signature_aggregator.sh scripts/ +COPY signature-aggregator ./signature-aggregator +FROM build AS built +RUN git submodule update --init --recursive && bash ./scripts/build_signature_aggregator.sh + +FROM debian:11-slim AS execution +WORKDIR /app +RUN apt-get update && apt-get install -y ca-certificates +COPY --from=built /go/src/signature-aggregator/build/signature-aggregator /app/signature-aggregator +EXPOSE ${API_PORT} +EXPOSE ${METRICS_PORT} +ENTRYPOINT [ "/app/signature-aggregator" ]