From 393724a2e9f021113edeb91c654476788030a3c0 Mon Sep 17 00:00:00 2001 From: Jens Schedel Date: Wed, 11 Dec 2024 11:01:14 +0100 Subject: [PATCH 1/2] Fix name of Dockerfiles Signed-off-by: Jens Schedel --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index d488b63..fb94202 100644 --- a/Makefile +++ b/Makefile @@ -19,10 +19,10 @@ all: bullseye buster ubuntu16 ubuntu18 ubuntu20 controller bullseye: - docker build -f "build/Dockerfile.bullseye" -t indy-node-container/indy_node:bullseye ./build + docker build -f "build/Dockerfile.debian11" -t indy-node-container/indy_node:bullseye ./build buster: - docker build -f "build/Dockerfile.buster" -t indy-node-container/indy_node:buster ./build + docker build -f "build/Dockerfile.debian10" -t indy-node-container/indy_node:buster ./build ubuntu16: docker build -f "build/Dockerfile.ubuntu16" -t indy-node-container/indy_node:ubuntu16 ./build From a00c5bfc8ad8086093c20c5d7fb64f47b366c9fe Mon Sep 17 00:00:00 2001 From: Jens Schedel Date: Wed, 11 Dec 2024 10:59:01 +0100 Subject: [PATCH 2/2] Remove obsolete images for Debian Buster, Ubuntu 16 and Ubuntu 18 Signed-off-by: Jens Schedel --- .github/workflows/build-all.yml | 2 +- .github/workflows/trivy-all.yml | 2 +- Makefile | 44 ++----------------- README.md | 17 +++----- build/Dockerfile.debian10 | 76 --------------------------------- build/Dockerfile.ubuntu16 | 25 ----------- build/Dockerfile.ubuntu18 | 71 ------------------------------ run/.env | 2 +- run/README.md | 2 +- test/.env | 4 +- test/init-test-network.sh | 2 +- 11 files changed, 17 insertions(+), 230 deletions(-) delete mode 100644 build/Dockerfile.debian10 delete mode 100644 build/Dockerfile.ubuntu16 delete mode 100644 build/Dockerfile.ubuntu18 diff --git a/.github/workflows/build-all.yml b/.github/workflows/build-all.yml index bbaefab..da276ca 100644 --- a/.github/workflows/build-all.yml +++ b/.github/workflows/build-all.yml @@ -17,7 +17,7 @@ jobs: pull-requests: read outputs: repo_owner: ${{ steps.repo_owner.outputs.lowercase }} - os_matrix: "{\"os_version\":[\"debian10\",\"debian11\",\"ubuntu16\",\"ubuntu18\",\"ubuntu20\"]}" + os_matrix: "{\"os_version\":[\"debian11\",\"ubuntu20\"]}" steps: - name: Check out the repo uses: actions/checkout@v4 diff --git a/.github/workflows/trivy-all.yml b/.github/workflows/trivy-all.yml index 415d8e5..e16fb1f 100644 --- a/.github/workflows/trivy-all.yml +++ b/.github/workflows/trivy-all.yml @@ -25,7 +25,7 @@ jobs: needs: workflow_setup strategy: matrix: - os_version: [ debian10, debian11, ubuntu16, ubuntu18, ubuntu20 ] + os_version: [ debian11, ubuntu20 ] steps: - name: Checkout code uses: actions/checkout@v4 diff --git a/Makefile b/Makefile index fb94202..6c68ec5 100644 --- a/Makefile +++ b/Makefile @@ -13,23 +13,14 @@ # limitations under the License. -# The default make goal is ubuntu18 -.DEFAULT_GOAL := ubuntu18 +# The default make goal is ubuntu20 +.DEFAULT_GOAL := ubuntu20 -all: bullseye buster ubuntu16 ubuntu18 ubuntu20 controller +all: bullseye ubuntu20 controller bullseye: docker build -f "build/Dockerfile.debian11" -t indy-node-container/indy_node:bullseye ./build -buster: - docker build -f "build/Dockerfile.debian10" -t indy-node-container/indy_node:buster ./build - -ubuntu16: - docker build -f "build/Dockerfile.ubuntu16" -t indy-node-container/indy_node:ubuntu16 ./build - -ubuntu18: - docker build -f "build/Dockerfile.ubuntu18" -t indy-node-container/indy_node:ubuntu18 ./build - ubuntu20: docker build -f "build/Dockerfile.ubuntu20" -t indy-node-container/indy_node:ubuntu20 ./build @@ -40,22 +31,13 @@ controller: clean_bullseye: -docker image rm indy-node-container/indy_node:bullseye -clean_buster: - -docker image rm indy-node-container/indy_node:buster - -clean_ubuntu16: - -docker image rm indy-node-container/indy_node:ubuntu16 - -clean_ubuntu18: - -docker image rm indy-node-container/indy_node:ubuntu18 - clean_ubuntu20: -docker image rm indy-node-container/indy_node:ubuntu20 clean_controller: -docker image rm indy-node-container/indy_node_controller -clean: clean_bullseye clean_buster clean_ubuntu16 clean_ubuntu18 clean_ubuntu20 clean_controller +clean: clean_bullseye clean_ubuntu20 clean_controller # all check targets require a local trivy installation - see https://aquasecurity.github.io/trivy/ @@ -66,24 +48,6 @@ check_bullseye: # -xdg-open trivy-reports/bullseye.html -trivy image --ignore-unfixed --severity HIGH,CRITICAL indy-node-container/indy_node:bullseye -check_buster: - mkdir -p trivy-reports - -trivy image --ignore-unfixed --severity HIGH,CRITICAL --format template --template "@trivy/html.tpl" -o trivy-reports/buster.html indy-node-container/indy_node:buster -# -xdg-open trivy-reports/buster.html - -trivy image --ignore-unfixed --severity HIGH,CRITICAL indy-node-container/indy_node:buster - -check_ubuntu16: - mkdir -p trivy-reports - -trivy image --ignore-unfixed --severity HIGH,CRITICAL --format template --template "@trivy/html.tpl" -o trivy-reports/ubuntu16.html indy-node-container/indy_node:ubuntu16 -# -xdg-open trivy-reports/ubuntu16.html - -trivy image --ignore-unfixed --severity HIGH,CRITICAL indy-node-container/indy_node:ubuntu16 - -check_ubuntu18: - mkdir -p trivy-reports - -trivy image --ignore-unfixed --severity HIGH,CRITICAL --format template --template "@trivy/html.tpl" -o trivy-reports/ubuntu18.html indy-node-container/indy_node:ubuntu18 -# -xdg-open trivy-reports/ubuntu18.html - -trivy image --ignore-unfixed --severity HIGH,CRITICAL indy-node-container/indy_node:ubuntu18 - check_ubuntu20: mkdir -p trivy-reports -trivy image --ignore-unfixed --severity HIGH,CRITICAL --format template --template "@trivy/html.tpl" -o trivy-reports/ubuntu20.html indy-node-container/indy_node:ubuntu20 diff --git a/README.md b/README.md index 06b6c83..075a273 100644 --- a/README.md +++ b/README.md @@ -17,11 +17,6 @@ See [here](run/) for instructions how to setup and run the indy node images from Currently we are providing the following stable indy node images. All those images use the latest Indy Node 1.12 version. The images differ by base image and are tagged accordingly: -- [Ubuntu 16](https://github.com/hyperledger/indy-node-container/pkgs/container/indy-node-container%2Findy_node/39147763?tag=latest-ubuntu16) :warning: - - This image is **deprecated**. We will soon remove the image build from the CD pipeline. Please change to one of the other stable images. -- [Ubuntu 18](https://github.com/hyperledger/indy-node-container/pkgs/container/indy-node-container%2Findy_node/39147763?tag=latest-ubuntu18) -- [Debian Buster 10](https://github.com/hyperledger/indy-node-container/pkgs/container/indy-node-container%2Findy_node/37273284?tag=latest-buster) :warning: - - :warning: This image is **deprecated.** We will soon remove the image build from the CD pipeline. Please change to one of the other stable images. - [Debian Bullseye 11](https://github.com/hyperledger/indy-node-container/pkgs/container/indy-node-container%2Findy_node/37273284?tag=latest-bullseye) Additionally, we build an experimental image for Indy node 1.13 RC testing: @@ -35,17 +30,17 @@ See [here](run/) for instructions how to setup and run the images. To build the node image you can use `docker` from the project root like ```bash -docker build -f "build/Dockerfile.ubuntu18" -t indy-node-container/indy_node:ubuntu18 ./build +docker build -f "build/Dockerfile.ubuntu20" -t indy-node-container/indy_node:ubuntu20 ./build ``` or you can use `make` which provides some shortcuts ```bash -# make [bullseye|buster|ubuntu16|ubuntu18|ubuntu20|all|controller] (default is ubuntu18), e.g. -make ubuntu18 +# make [bullseye|ubuntu20|all|controller] (default is ubuntu20), e.g. +make ubuntu20 # make clean removes images -# make [clean|clean_bullseye|clean_buster|clean_ubuntu16|clean_ubuntu18|clean_ubuntu20|clean_controller], e.g. this removes all images +# make [clean|clean_bullseye|clean_ubuntu20|clean_controller], e.g. this removes all images make clean ``` @@ -54,8 +49,8 @@ Please note that `make` generates different tags than the Github action (see [pa If you have [trivy](https://aquasecurity.github.io/trivy) installed, you can use the make check_* targets to run a trivy check against the local images: ```bash -#make [check_bullseye|check_buster|check_ubuntu16|check_ubuntu18|check_ubuntu20|check_controller], e.g. -make check_ubuntu18 +#make [check_bullseye|check_ubuntu20|check_controller], e.g. +make check_ubuntu20 ``` Trivy HTML reports are created in `./trivy-reports`. diff --git a/build/Dockerfile.debian10 b/build/Dockerfile.debian10 deleted file mode 100644 index 3952f01..0000000 --- a/build/Dockerfile.debian10 +++ /dev/null @@ -1,76 +0,0 @@ -# This container is to run indy-node. -# This file is part of https://github.com/hyperledger/indy-node-container . -# Copyright 2021-2022 by all people listed in https://github.com/hyperledger/indy-node-container/blob/main/NOTICE , see -# https://github.com/hyperledger/indy-node-container/blob/main/LICENSE for the license information. -# -# version: 1.2+2022-02-24 - - -FROM python:3.6-slim-buster as base - -# Install environment -RUN apt-get update -y && apt-get upgrade -y && apt-get install -y \ - apt-transport-https \ - ca-certificates \ - software-properties-common \ - iproute2 \ - gnupg2 \ - && apt-get autoremove -y - -# get node 1.12.4 dependencies from Ubtuntu 16 + sovrin repos -RUN \ - add-apt-repository "deb http://archive.ubuntu.com/ubuntu xenial universe" && \ - add-apt-repository "deb http://archive.ubuntu.com/ubuntu xenial main" && \ - add-apt-repository "deb http://archive.ubuntu.com/ubuntu xenial-security main" && \ - apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CE7709D068DB5E88 40976EAF437D05B5 3B4FE6ACC0B21F32 && \ - add-apt-repository "deb https://repo.sovrin.org/deb xenial stable" - - -RUN apt-get update -y && \ - apt-get install -y --allow-downgrades \ -# libssl1.0.0 \ -# libsodium18 \ -# libindy-crypto=0.4.5 \ -# python3-indy-crypto=0.4.5 \ - indy-node=1.12.6 \ - # node depends on plenum - indy-plenum=1.12.6 \ - #plenum dependencies - python3-ujson=1.33-1build1 \ - python3-prompt-toolkit=0.57-1 \ - python3-pygments=2.2.0 \ - python3-rlp=0.5.1 \ - python3-sha3=0.2.1 \ - python3-leveldb=0~svn68-2build4 \ - python3-sortedcontainers=1.5.7 \ - python3-pip=8.1.1-2 \ - python3-portalocker=0.5.7 \ - python3-libnacl=1.6.1 \ - python3-six=1.11.0 \ - python3-intervaltree=2.1.0 \ - python3-msgpack=0.4.6-1build1 \ - python3-rocksdb=0.6.9 \ - python3-dateutil=2.6.1 \ - # meta dependencies of those python packages - python3-setuptools=38.5.2 \ - python-pip-whl=8.1.1-2 \ - # plenum in particular depends on python 3.5 - python3=3.5.1-3 \ - python3-minimal=3.5.1-3 \ - libpython3-stdlib=3.5.1-3 \ - dh-python=2.20151103ubuntu1.2 \ - python3-distro=1.3.0 \ - python3-base58=1.0.0 \ - python3-psutil=5.4.3 \ - python3-packaging=19.0 \ - # - && apt-get autoremove -y - - -WORKDIR /home/indy - -COPY init_and_run.sh ./ - -CMD ["./init_and_run.sh"] - -VOLUME ["/var/log/indy"] diff --git a/build/Dockerfile.ubuntu16 b/build/Dockerfile.ubuntu16 deleted file mode 100644 index 6bd54b9..0000000 --- a/build/Dockerfile.ubuntu16 +++ /dev/null @@ -1,25 +0,0 @@ -# This container is to run indy-node. -# This file is part of https://github.com/hyperledger/indy-node-container . -# Copyright 2021-2022 by all people listed in https://github.com/hyperledger/indy-node-container/blob/main/NOTICE , see -# https://github.com/hyperledger/indy-node-container/blob/main/LICENSE for the license information. -# -# version: 1.0+2021-09-02 - -FROM ubuntu:16.04 - -RUN apt-get update -y && apt-get install -y \ - apt-transport-https \ - ca-certificates - -RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CE7709D068DB5E88 -RUN bash -c 'echo "deb https://repo.sovrin.org/deb xenial stable" >> /etc/apt/sources.list' -RUN apt-get update -y && apt-get install -y \ - indy-node=1.12.6 \ - indy-plenum=1.12.6 \ - && rm -rf /var/lib/apt/lists/* - -COPY init_and_run.sh ./ - -CMD ["./init_and_run.sh"] - -VOLUME ["/var/log/indy"] diff --git a/build/Dockerfile.ubuntu18 b/build/Dockerfile.ubuntu18 deleted file mode 100644 index ca5aeb6..0000000 --- a/build/Dockerfile.ubuntu18 +++ /dev/null @@ -1,71 +0,0 @@ -# This container is to run indy-node. -# It has been created in the indy-node docker working group of the ID Union project. -# author: Sebastian Schmittner -# author: Guido Wischrop -# version: 1.2+2021-11-12 - - -FROM ubuntu:18.04 - - -# Install environment -RUN apt-get update -y && apt-get upgrade -y && apt-get install -y \ - apt-transport-https \ - ca-certificates \ - software-properties-common \ - iproute2 \ - && apt-get autoremove -y - -# get node 1.12.4 dependencies from Ubtuntu 16 + sovrin repos -RUN \ - add-apt-repository "deb http://archive.ubuntu.com/ubuntu xenial universe" && \ - add-apt-repository "deb http://archive.ubuntu.com/ubuntu xenial main" && \ - add-apt-repository "deb http://archive.ubuntu.com/ubuntu xenial-security main" && \ - apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CE7709D068DB5E88 && \ - add-apt-repository "deb https://repo.sovrin.org/deb xenial stable" - - -RUN apt-get update -y && \ - apt-get install -y --allow-downgrades \ -# libssl1.0.0 \ -# libsodium18 \ -# libindy-crypto=0.4.5 \ -# python3-indy-crypto=0.4.5 \ - indy-node=1.12.6 \ - # node depends on plenum - indy-plenum=1.12.6 \ - #plenum dependencies - python3-ujson=1.33-1build1 \ - python3-prompt-toolkit=0.57-1 \ - python3-pygments=2.2.0 \ - python3-rlp=0.5.1 \ - python3-sha3=0.2.1 \ - python3-leveldb=0~svn68-2build4 \ - python3-sortedcontainers=1.5.7 \ - python3-pip=9.0.1-2 \ - python3-portalocker=0.5.7 \ - python3-libnacl=1.6.1 \ - python3-six=1.11.0 \ - python3-intervaltree=2.1.0 \ - python3-msgpack=0.4.6-1build1 \ - python3-rocksdb=0.6.9 \ - python3-dateutil=2.6.1 \ - # meta dependencies of those python packages - python3-setuptools=38.5.2 \ - python-pip-whl=9.0.1-2 \ - # plenum in particular depends on python 3.5 - python3=3.5.1-3 \ - python3-minimal=3.5.1-3 \ - libpython3-stdlib=3.5.1-3 \ - dh-python=2.20151103ubuntu1.2 \ - # - && apt-get autoremove -y - - -WORKDIR /home/indy - -COPY init_and_run.sh ./ - -CMD ["./init_and_run.sh"] - -VOLUME ["/var/log/indy"] diff --git a/run/.env b/run/.env index e9374bc..3ff1f78 100644 --- a/run/.env +++ b/run/.env @@ -3,7 +3,7 @@ INDY_NETWORK_NAME=ssi4de INDY_NODE_NAME=GS1Germany # Choose one of the avaiable images -IMAGE=ghcr.io/hyperledger/indy-node-container/indy_node:latest-ubuntu18 +IMAGE=ghcr.io/hyperledger/indy-node-container/indy_node:latest-ubuntu20 # You likely want to keep these default values: SOCK=/var/run/docker.sock diff --git a/run/README.md b/run/README.md index baf41f6..a18aed1 100644 --- a/run/README.md +++ b/run/README.md @@ -172,6 +172,6 @@ Our current approach to handle pool restarts is to have the node controller runn If wou want to use the node controller, the variables `SOCK`, `NODE_CONTAINER_NAME`, `CONTROLLER_CONTAINER`, and `IMAGE_NAME_CONTROLLER` need to be set in the `.env` file. Appropriate default values are set in [the default file](/.env). -If the node controller container is running and has access to the docker socket of the host, the node will be restarted upon pool restart commands and will participate in a network upgrade. The decision mechanism for whether to accept or reject an upgrade based on available deb package versions is part of indy node server and hence unchanged. However, if an upgrade is accepted, the container will be stopped, pulled, and restarted. Use a tag like `latest-ubuntu18` and make sure that a new `latest` image is available before the network upgrade commences. +If the node controller container is running and has access to the docker socket of the host, the node will be restarted upon pool restart commands and will participate in a network upgrade. The decision mechanism for whether to accept or reject an upgrade based on available deb package versions is part of indy node server and hence unchanged. However, if an upgrade is accepted, the container will be stopped, pulled, and restarted. Use a tag like `latest-ubuntu20` and make sure that a new `latest` image is available before the network upgrade commences. diff --git a/test/.env b/test/.env index 0bb6d21..965e67f 100644 --- a/test/.env +++ b/test/.env @@ -1,7 +1,7 @@ INDY_NETWORK_NAME=idunion_local_test -IMAGE_NAME_NODE=ghcr.io/hyperledger/indy-node-container/indy_node:latest-buster +IMAGE_NAME_NODE=ghcr.io/hyperledger/indy-node-container/indy_node:latest-bookworm IMAGE_NAME_CONTROLLER=ghcr.io/hyperledger/indy-node-container/indy_node_controller -REFERENCE_IMAGE_NAME_NODE=ghcr.io/hyperledger/indy-node-container/indy_node:latest-ubuntu16 +REFERENCE_IMAGE_NAME_NODE=ghcr.io/hyperledger/indy-node-container/indy_node:latest-ubuntu20 INDY_NODE_IP_1=0.0.0.0 INDY_NODE_PORT_1=9701 diff --git a/test/init-test-network.sh b/test/init-test-network.sh index 6925b96..7c8e5e7 100755 --- a/test/init-test-network.sh +++ b/test/init-test-network.sh @@ -4,7 +4,7 @@ NODES=${NODES:-4} source .env if [ -z ${1+x} ]; then - IMAGE_NAME_NODE=ghcr.io/hyperledger/indy-node-container/indy_node:latest-buster + IMAGE_NAME_NODE=ghcr.io/hyperledger/indy-node-container/indy_node:latest-bookworm else IMAGE_NAME_NODE=$1 fi