diff --git a/.github/workflows/build-all.yml b/.github/workflows/build-all.yml index a9f468c..654757f 100644 --- a/.github/workflows/build-all.yml +++ b/.github/workflows/build-all.yml @@ -17,7 +17,7 @@ jobs: pull-requests: read outputs: repo_owner: ${{ steps.repo_owner.outputs.lowercase }} - os_matrix: "{\"os_version\":[\"debian10\",\"debian11\",\"ubuntu16\",\"ubuntu18\",\"ubuntu20\"]}" + os_matrix: "{\"os_version\":[\"debian11\",\"ubuntu20\"]}" steps: - name: Check out the repo uses: actions/checkout@v4 diff --git a/.github/workflows/trivy-all.yml b/.github/workflows/trivy-all.yml index 415d8e5..e16fb1f 100644 --- a/.github/workflows/trivy-all.yml +++ b/.github/workflows/trivy-all.yml @@ -25,7 +25,7 @@ jobs: needs: workflow_setup strategy: matrix: - os_version: [ debian10, debian11, ubuntu16, ubuntu18, ubuntu20 ] + os_version: [ debian11, ubuntu20 ] steps: - name: Checkout code uses: actions/checkout@v4 diff --git a/Makefile b/Makefile index d488b63..6c68ec5 100644 --- a/Makefile +++ b/Makefile @@ -13,22 +13,13 @@ # limitations under the License. -# The default make goal is ubuntu18 -.DEFAULT_GOAL := ubuntu18 +# The default make goal is ubuntu20 +.DEFAULT_GOAL := ubuntu20 -all: bullseye buster ubuntu16 ubuntu18 ubuntu20 controller +all: bullseye ubuntu20 controller bullseye: - docker build -f "build/Dockerfile.bullseye" -t indy-node-container/indy_node:bullseye ./build - -buster: - docker build -f "build/Dockerfile.buster" -t indy-node-container/indy_node:buster ./build - -ubuntu16: - docker build -f "build/Dockerfile.ubuntu16" -t indy-node-container/indy_node:ubuntu16 ./build - -ubuntu18: - docker build -f "build/Dockerfile.ubuntu18" -t indy-node-container/indy_node:ubuntu18 ./build + docker build -f "build/Dockerfile.debian11" -t indy-node-container/indy_node:bullseye ./build ubuntu20: docker build -f "build/Dockerfile.ubuntu20" -t indy-node-container/indy_node:ubuntu20 ./build @@ -40,22 +31,13 @@ controller: clean_bullseye: -docker image rm indy-node-container/indy_node:bullseye -clean_buster: - -docker image rm indy-node-container/indy_node:buster - -clean_ubuntu16: - -docker image rm indy-node-container/indy_node:ubuntu16 - -clean_ubuntu18: - -docker image rm indy-node-container/indy_node:ubuntu18 - clean_ubuntu20: -docker image rm indy-node-container/indy_node:ubuntu20 clean_controller: -docker image rm indy-node-container/indy_node_controller -clean: clean_bullseye clean_buster clean_ubuntu16 clean_ubuntu18 clean_ubuntu20 clean_controller +clean: clean_bullseye clean_ubuntu20 clean_controller # all check targets require a local trivy installation - see https://aquasecurity.github.io/trivy/ @@ -66,24 +48,6 @@ check_bullseye: # -xdg-open trivy-reports/bullseye.html -trivy image --ignore-unfixed --severity HIGH,CRITICAL indy-node-container/indy_node:bullseye -check_buster: - mkdir -p trivy-reports - -trivy image --ignore-unfixed --severity HIGH,CRITICAL --format template --template "@trivy/html.tpl" -o trivy-reports/buster.html indy-node-container/indy_node:buster -# -xdg-open trivy-reports/buster.html - -trivy image --ignore-unfixed --severity HIGH,CRITICAL indy-node-container/indy_node:buster - -check_ubuntu16: - mkdir -p trivy-reports - -trivy image --ignore-unfixed --severity HIGH,CRITICAL --format template --template "@trivy/html.tpl" -o trivy-reports/ubuntu16.html indy-node-container/indy_node:ubuntu16 -# -xdg-open trivy-reports/ubuntu16.html - -trivy image --ignore-unfixed --severity HIGH,CRITICAL indy-node-container/indy_node:ubuntu16 - -check_ubuntu18: - mkdir -p trivy-reports - -trivy image --ignore-unfixed --severity HIGH,CRITICAL --format template --template "@trivy/html.tpl" -o trivy-reports/ubuntu18.html indy-node-container/indy_node:ubuntu18 -# -xdg-open trivy-reports/ubuntu18.html - -trivy image --ignore-unfixed --severity HIGH,CRITICAL indy-node-container/indy_node:ubuntu18 - check_ubuntu20: mkdir -p trivy-reports -trivy image --ignore-unfixed --severity HIGH,CRITICAL --format template --template "@trivy/html.tpl" -o trivy-reports/ubuntu20.html indy-node-container/indy_node:ubuntu20 diff --git a/README.md b/README.md index 06b6c83..075a273 100644 --- a/README.md +++ b/README.md @@ -17,11 +17,6 @@ See [here](run/) for instructions how to setup and run the indy node images from Currently we are providing the following stable indy node images. All those images use the latest Indy Node 1.12 version. The images differ by base image and are tagged accordingly: -- [Ubuntu 16](https://github.com/hyperledger/indy-node-container/pkgs/container/indy-node-container%2Findy_node/39147763?tag=latest-ubuntu16) :warning: - - This image is **deprecated**. We will soon remove the image build from the CD pipeline. Please change to one of the other stable images. -- [Ubuntu 18](https://github.com/hyperledger/indy-node-container/pkgs/container/indy-node-container%2Findy_node/39147763?tag=latest-ubuntu18) -- [Debian Buster 10](https://github.com/hyperledger/indy-node-container/pkgs/container/indy-node-container%2Findy_node/37273284?tag=latest-buster) :warning: - - :warning: This image is **deprecated.** We will soon remove the image build from the CD pipeline. Please change to one of the other stable images. - [Debian Bullseye 11](https://github.com/hyperledger/indy-node-container/pkgs/container/indy-node-container%2Findy_node/37273284?tag=latest-bullseye) Additionally, we build an experimental image for Indy node 1.13 RC testing: @@ -35,17 +30,17 @@ See [here](run/) for instructions how to setup and run the images. To build the node image you can use `docker` from the project root like ```bash -docker build -f "build/Dockerfile.ubuntu18" -t indy-node-container/indy_node:ubuntu18 ./build +docker build -f "build/Dockerfile.ubuntu20" -t indy-node-container/indy_node:ubuntu20 ./build ``` or you can use `make` which provides some shortcuts ```bash -# make [bullseye|buster|ubuntu16|ubuntu18|ubuntu20|all|controller] (default is ubuntu18), e.g. -make ubuntu18 +# make [bullseye|ubuntu20|all|controller] (default is ubuntu20), e.g. +make ubuntu20 # make clean removes images -# make [clean|clean_bullseye|clean_buster|clean_ubuntu16|clean_ubuntu18|clean_ubuntu20|clean_controller], e.g. this removes all images +# make [clean|clean_bullseye|clean_ubuntu20|clean_controller], e.g. this removes all images make clean ``` @@ -54,8 +49,8 @@ Please note that `make` generates different tags than the Github action (see [pa If you have [trivy](https://aquasecurity.github.io/trivy) installed, you can use the make check_* targets to run a trivy check against the local images: ```bash -#make [check_bullseye|check_buster|check_ubuntu16|check_ubuntu18|check_ubuntu20|check_controller], e.g. -make check_ubuntu18 +#make [check_bullseye|check_ubuntu20|check_controller], e.g. +make check_ubuntu20 ``` Trivy HTML reports are created in `./trivy-reports`. diff --git a/build/Dockerfile.debian10 b/build/Dockerfile.debian10 deleted file mode 100644 index 3952f01..0000000 --- a/build/Dockerfile.debian10 +++ /dev/null @@ -1,76 +0,0 @@ -# This container is to run indy-node. -# This file is part of https://github.com/hyperledger/indy-node-container . -# Copyright 2021-2022 by all people listed in https://github.com/hyperledger/indy-node-container/blob/main/NOTICE , see -# https://github.com/hyperledger/indy-node-container/blob/main/LICENSE for the license information. -# -# version: 1.2+2022-02-24 - - -FROM python:3.6-slim-buster as base - -# Install environment -RUN apt-get update -y && apt-get upgrade -y && apt-get install -y \ - apt-transport-https \ - ca-certificates \ - software-properties-common \ - iproute2 \ - gnupg2 \ - && apt-get autoremove -y - -# get node 1.12.4 dependencies from Ubtuntu 16 + sovrin repos -RUN \ - add-apt-repository "deb http://archive.ubuntu.com/ubuntu xenial universe" && \ - add-apt-repository "deb http://archive.ubuntu.com/ubuntu xenial main" && \ - add-apt-repository "deb http://archive.ubuntu.com/ubuntu xenial-security main" && \ - apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CE7709D068DB5E88 40976EAF437D05B5 3B4FE6ACC0B21F32 && \ - add-apt-repository "deb https://repo.sovrin.org/deb xenial stable" - - -RUN apt-get update -y && \ - apt-get install -y --allow-downgrades \ -# libssl1.0.0 \ -# libsodium18 \ -# libindy-crypto=0.4.5 \ -# python3-indy-crypto=0.4.5 \ - indy-node=1.12.6 \ - # node depends on plenum - indy-plenum=1.12.6 \ - #plenum dependencies - python3-ujson=1.33-1build1 \ - python3-prompt-toolkit=0.57-1 \ - python3-pygments=2.2.0 \ - python3-rlp=0.5.1 \ - python3-sha3=0.2.1 \ - python3-leveldb=0~svn68-2build4 \ - python3-sortedcontainers=1.5.7 \ - python3-pip=8.1.1-2 \ - python3-portalocker=0.5.7 \ - python3-libnacl=1.6.1 \ - python3-six=1.11.0 \ - python3-intervaltree=2.1.0 \ - python3-msgpack=0.4.6-1build1 \ - python3-rocksdb=0.6.9 \ - python3-dateutil=2.6.1 \ - # meta dependencies of those python packages - python3-setuptools=38.5.2 \ - python-pip-whl=8.1.1-2 \ - # plenum in particular depends on python 3.5 - python3=3.5.1-3 \ - python3-minimal=3.5.1-3 \ - libpython3-stdlib=3.5.1-3 \ - dh-python=2.20151103ubuntu1.2 \ - python3-distro=1.3.0 \ - python3-base58=1.0.0 \ - python3-psutil=5.4.3 \ - python3-packaging=19.0 \ - # - && apt-get autoremove -y - - -WORKDIR /home/indy - -COPY init_and_run.sh ./ - -CMD ["./init_and_run.sh"] - -VOLUME ["/var/log/indy"] diff --git a/build/Dockerfile.ubuntu16 b/build/Dockerfile.ubuntu16 deleted file mode 100644 index 6bd54b9..0000000 --- a/build/Dockerfile.ubuntu16 +++ /dev/null @@ -1,25 +0,0 @@ -# This container is to run indy-node. -# This file is part of https://github.com/hyperledger/indy-node-container . -# Copyright 2021-2022 by all people listed in https://github.com/hyperledger/indy-node-container/blob/main/NOTICE , see -# https://github.com/hyperledger/indy-node-container/blob/main/LICENSE for the license information. -# -# version: 1.0+2021-09-02 - -FROM ubuntu:16.04 - -RUN apt-get update -y && apt-get install -y \ - apt-transport-https \ - ca-certificates - -RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CE7709D068DB5E88 -RUN bash -c 'echo "deb https://repo.sovrin.org/deb xenial stable" >> /etc/apt/sources.list' -RUN apt-get update -y && apt-get install -y \ - indy-node=1.12.6 \ - indy-plenum=1.12.6 \ - && rm -rf /var/lib/apt/lists/* - -COPY init_and_run.sh ./ - -CMD ["./init_and_run.sh"] - -VOLUME ["/var/log/indy"] diff --git a/build/Dockerfile.ubuntu18 b/build/Dockerfile.ubuntu18 deleted file mode 100644 index ca5aeb6..0000000 --- a/build/Dockerfile.ubuntu18 +++ /dev/null @@ -1,71 +0,0 @@ -# This container is to run indy-node. -# It has been created in the indy-node docker working group of the ID Union project. -# author: Sebastian Schmittner -# author: Guido Wischrop -# version: 1.2+2021-11-12 - - -FROM ubuntu:18.04 - - -# Install environment -RUN apt-get update -y && apt-get upgrade -y && apt-get install -y \ - apt-transport-https \ - ca-certificates \ - software-properties-common \ - iproute2 \ - && apt-get autoremove -y - -# get node 1.12.4 dependencies from Ubtuntu 16 + sovrin repos -RUN \ - add-apt-repository "deb http://archive.ubuntu.com/ubuntu xenial universe" && \ - add-apt-repository "deb http://archive.ubuntu.com/ubuntu xenial main" && \ - add-apt-repository "deb http://archive.ubuntu.com/ubuntu xenial-security main" && \ - apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CE7709D068DB5E88 && \ - add-apt-repository "deb https://repo.sovrin.org/deb xenial stable" - - -RUN apt-get update -y && \ - apt-get install -y --allow-downgrades \ -# libssl1.0.0 \ -# libsodium18 \ -# libindy-crypto=0.4.5 \ -# python3-indy-crypto=0.4.5 \ - indy-node=1.12.6 \ - # node depends on plenum - indy-plenum=1.12.6 \ - #plenum dependencies - python3-ujson=1.33-1build1 \ - python3-prompt-toolkit=0.57-1 \ - python3-pygments=2.2.0 \ - python3-rlp=0.5.1 \ - python3-sha3=0.2.1 \ - python3-leveldb=0~svn68-2build4 \ - python3-sortedcontainers=1.5.7 \ - python3-pip=9.0.1-2 \ - python3-portalocker=0.5.7 \ - python3-libnacl=1.6.1 \ - python3-six=1.11.0 \ - python3-intervaltree=2.1.0 \ - python3-msgpack=0.4.6-1build1 \ - python3-rocksdb=0.6.9 \ - python3-dateutil=2.6.1 \ - # meta dependencies of those python packages - python3-setuptools=38.5.2 \ - python-pip-whl=9.0.1-2 \ - # plenum in particular depends on python 3.5 - python3=3.5.1-3 \ - python3-minimal=3.5.1-3 \ - libpython3-stdlib=3.5.1-3 \ - dh-python=2.20151103ubuntu1.2 \ - # - && apt-get autoremove -y - - -WORKDIR /home/indy - -COPY init_and_run.sh ./ - -CMD ["./init_and_run.sh"] - -VOLUME ["/var/log/indy"] diff --git a/run/.env b/run/.env index e9374bc..3ff1f78 100644 --- a/run/.env +++ b/run/.env @@ -3,7 +3,7 @@ INDY_NETWORK_NAME=ssi4de INDY_NODE_NAME=GS1Germany # Choose one of the avaiable images -IMAGE=ghcr.io/hyperledger/indy-node-container/indy_node:latest-ubuntu18 +IMAGE=ghcr.io/hyperledger/indy-node-container/indy_node:latest-ubuntu20 # You likely want to keep these default values: SOCK=/var/run/docker.sock diff --git a/run/README.md b/run/README.md index de7b51f..4a74437 100644 --- a/run/README.md +++ b/run/README.md @@ -172,6 +172,6 @@ Our current approach to handle pool restarts is to have the node controller runn If wou want to use the node controller, the variables `SOCK`, `NODE_CONTAINER_NAME`, `CONTROLLER_CONTAINER`, and `IMAGE_NAME_CONTROLLER` need to be set in the `.env` file. Appropriate default values are set in [the default file](/.env). -If the node controller container is running and has access to the docker socket of the host, the node will be restarted upon pool restart commands and will participate in a network upgrade. The decision mechanism for whether to accept or reject an upgrade based on available deb package versions is part of indy node server and hence unchanged. However, if an upgrade is accepted, the container will be stopped, pulled, and restarted. Use a tag like `latest-ubuntu18` and make sure that a new `latest` image is available before the network upgrade commences. +If the node controller container is running and has access to the docker socket of the host, the node will be restarted upon pool restart commands and will participate in a network upgrade. The decision mechanism for whether to accept or reject an upgrade based on available deb package versions is part of indy node server and hence unchanged. However, if an upgrade is accepted, the container will be stopped, pulled, and restarted. Use a tag like `latest-ubuntu20` and make sure that a new `latest` image is available before the network upgrade commences. diff --git a/test/.env b/test/.env index 0bb6d21..965e67f 100644 --- a/test/.env +++ b/test/.env @@ -1,7 +1,7 @@ INDY_NETWORK_NAME=idunion_local_test -IMAGE_NAME_NODE=ghcr.io/hyperledger/indy-node-container/indy_node:latest-buster +IMAGE_NAME_NODE=ghcr.io/hyperledger/indy-node-container/indy_node:latest-bookworm IMAGE_NAME_CONTROLLER=ghcr.io/hyperledger/indy-node-container/indy_node_controller -REFERENCE_IMAGE_NAME_NODE=ghcr.io/hyperledger/indy-node-container/indy_node:latest-ubuntu16 +REFERENCE_IMAGE_NAME_NODE=ghcr.io/hyperledger/indy-node-container/indy_node:latest-ubuntu20 INDY_NODE_IP_1=0.0.0.0 INDY_NODE_PORT_1=9701 diff --git a/test/init-test-network.sh b/test/init-test-network.sh index 6925b96..7c8e5e7 100755 --- a/test/init-test-network.sh +++ b/test/init-test-network.sh @@ -4,7 +4,7 @@ NODES=${NODES:-4} source .env if [ -z ${1+x} ]; then - IMAGE_NAME_NODE=ghcr.io/hyperledger/indy-node-container/indy_node:latest-buster + IMAGE_NAME_NODE=ghcr.io/hyperledger/indy-node-container/indy_node:latest-bookworm else IMAGE_NAME_NODE=$1 fi