From 878c023843afdb2da83517129363cf4d2bd330f4 Mon Sep 17 00:00:00 2001
From: "F. Eugene Aumson" <feuGeneA@users.noreply.github.com>
Date: Fri, 16 Aug 2024 16:32:29 +0000
Subject: [PATCH] dockerize signature aggregator

---
 .github/workflows/build_docker_images.yml   | 61 +++++++++++++++++++++
 scripts/build_signature_aggregator_image.sh | 26 +++++++++
 scripts/constants.sh                        |  5 ++
 signature-aggregator/Dockerfile             | 36 ++++++++++++
 4 files changed, 128 insertions(+)
 create mode 100644 .github/workflows/build_docker_images.yml
 create mode 100755 scripts/build_signature_aggregator_image.sh
 create mode 100644 signature-aggregator/Dockerfile

diff --git a/.github/workflows/build_docker_images.yml b/.github/workflows/build_docker_images.yml
new file mode 100644
index 00000000..04b1235c
--- /dev/null
+++ b/.github/workflows/build_docker_images.yml
@@ -0,0 +1,61 @@
+name: Build Docker Images
+
+on:
+  release:
+    types: [published]
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - "**"
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository and submodules
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Set variables
+        run: |
+          source ./scripts/versions.sh
+          echo GO_VERSION=$GO_VERSION >> $GITHUB_ENV
+
+          # set docker tags:
+          repo=avaplatform/signature-aggregator
+          if [ "${{ github.event_name }}" == "release" ]; then
+            docker_tags=${repo}:${{ github.event.release.tag_name }},${repo}:latest
+          else
+            # strip slashes from branch name:
+            branch=$(echo ${{ github.ref_name }} | sed 's/\//-/g')
+            docker_tags=${repo}:${branch}
+          fi
+          echo DOCKER_TAGS=${docker_tags} >> $GITHUB_ENV
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build Docker images
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          build-args: |
+            GO_VERSION=${{ env.GO_VERSION }}
+            SIGNATURE_AGGREGATOR_API_PORT=8080
+            SIGNATURE_AGGREGATOR_METRICS_PORT=8081
+          file: signature-aggregator/Dockerfile
+          push: true
+          tags: ${{ env.DOCKER_TAGS }}
+          secrets: |
+            github_access_token=${{ secrets.ACTIONS_PAT }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/scripts/build_signature_aggregator_image.sh b/scripts/build_signature_aggregator_image.sh
new file mode 100755
index 00000000..5ab7b9cb
--- /dev/null
+++ b/scripts/build_signature_aggregator_image.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+# Use this script to build the approver docker image in your local working copy
+# of the repository. Be prepared to repeatedly hit your YubiKey during the `go
+# mod download` step of the image build, just like you need to do for a
+# non-Docker build.
+
+set -o errexit
+set -o nounset
+set -o xtrace
+
+REPO_PATH=$(git rev-parse --show-toplevel)
+source "$REPO_PATH/scripts/versions.sh"
+source "$REPO_PATH/scripts/constants.sh"
+
+docker_repo=avaplatform/signature-aggregator
+
+docker --debug build \
+	--build-arg="GO_VERSION=${GO_VERSION}" \
+	--build-arg="API_PORT=${SIGNATURE_AGGREGATOR_API_PORT}" \
+	--build-arg="METRICS_PORT=${SIGNATURE_AGGREGATOR_METRICS_PORT}" \
+	--file "$REPO_PATH/signature-aggregator/Dockerfile" \
+	--ssh default \
+	--tag "${docker_repo}:$(git rev-parse HEAD)" \
+	--tag "${docker_repo}:$(git rev-parse --abbrev-ref HEAD | sed 's/\//-/g')" \
+	.
diff --git a/scripts/constants.sh b/scripts/constants.sh
index ee1a483b..ab13dfc2 100755
--- a/scripts/constants.sh
+++ b/scripts/constants.sh
@@ -19,6 +19,11 @@ SIGNATURE_AGGREGATOR_PATH=$(
 relayer_path="$RELAYER_PATH/build/awm-relayer"
 signature_aggregator_path="$SIGNATURE_AGGREGATOR_PATH/build/signature-aggregator"
 
+# these are duplicated here from signature-aggregator/config so they can be
+# used as arguments to the docker image build.
+export SIGNATURE_AGGREGATOR_API_PORT=8080
+export SIGNATURE_AGGREGATOR_METRICS_PORT=8081
+
 # Set the PATHS
 GOPATH="$(go env GOPATH)"
 
diff --git a/signature-aggregator/Dockerfile b/signature-aggregator/Dockerfile
new file mode 100644
index 00000000..ae2928ec
--- /dev/null
+++ b/signature-aggregator/Dockerfile
@@ -0,0 +1,36 @@
+ARG GO_VERSION
+
+FROM golang:${GO_VERSION}-bullseye AS build_env
+
+WORKDIR /go/src
+
+# Pre-download all of the Go dependencies
+COPY go.mod .
+COPY go.sum .
+#RUN --mount=type=ssh go mod graph | grep ledger > go.mod.graph
+RUN go mod download
+
+# Pre-download all of the non-Go dependencies:
+#COPY scripts/signature-aggregator/install_build_dependencies.sh approver/scripts/install_build_dependencies.sh
+#RUN approver/scripts/install_build_dependencies.sh
+
+FROM build_env AS build
+COPY .git ./.git
+COPY scripts/constants.sh scripts/
+COPY scripts/versions.sh scripts/
+COPY peers peers
+COPY utils utils
+COPY types types
+COPY config config
+COPY scripts/build_signature_aggregator.sh scripts/
+COPY signature-aggregator ./signature-aggregator
+FROM build AS built
+RUN git submodule update --init --recursive && bash ./scripts/build_signature_aggregator.sh
+
+FROM debian:11-slim AS execution
+WORKDIR /app
+RUN apt-get update && apt-get install -y ca-certificates
+COPY --from=built /go/src/signature-aggregator/build/signature-aggregator /app/signature-aggregator
+EXPOSE ${API_PORT}
+EXPOSE ${METRICS_PORT}
+ENTRYPOINT [ "/app/signature-aggregator" ]