diff --git a/.dockerignore b/.dockerignore index 9f970225ad..72d7d43e48 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1 +1,10 @@ -target/ \ No newline at end of file +/.changelog/ +/.git/ +/.gitignore +/.github +/ci/ +/docs/ +/e2e/ +/guide/ +/scripts/ +/target/ diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000000..45a2962c45 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,119 @@ +# Build Hermes Docker image, push to Docker Hub and GHCR.io. + +name: Docker + +on: + workflow_dispatch: + push: + tags: + - v[0-9]+.* + +env: + REGISTRY_IMAGE: informalsystems/hermes + +jobs: + docker-build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Docker meta + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY_IMAGE }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + - name: Build and push by digest + id: build + uses: docker/build-push-action@v4 + with: + context: . + file: ./ci/release/hermes.Dockerfile + platforms: ${{ matrix.platform }} + labels: ${{ steps.meta.outputs.labels }} + outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Export digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + + - name: Upload digest + uses: actions/upload-artifact@v3 + with: + name: digests + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + docker-merge: + runs-on: ubuntu-latest + needs: + - docker-build + steps: + - name: Download digests + uses: actions/download-artifact@v3 + with: + name: digests + path: /tmp/digests + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Docker meta + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY_IMAGE }} + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + docker buildx imagetools create --tag ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} \ + $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) + + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Push image to GHCR + run: | + docker buildx imagetools create \ + --tag ghcr.io/${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} \ + ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1abe31d4d2..b1f7b3a39c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,5 +1,4 @@ -# Uploads Hermes binary. -# Ref: https://github.com/marketplace/actions/build-and-upload-rust-binary-to-github-releases +# Create GitHub release and upload Hermes binaries. name: Release @@ -8,9 +7,6 @@ on: tags: - v[0-9]+.* -env: - REGISTRY_IMAGE: informalsystems/hermes - jobs: create-release: runs-on: ubuntu-latest @@ -62,113 +58,3 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # (optional) CARGO_PROFILE_RELEASE_LTO: true - - docker-build: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - platform: - - linux/amd64 - - linux/arm64 - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.REGISTRY_IMAGE }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v2 - - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - - - name: Get release version - run: echo "TAG=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV - - - name: Build and push by digest - id: build - uses: docker/build-push-action@v4 - with: - context: ./ci/release/ - file: ./ci/release/hermes.Dockerfile - build-args: TAG=v${{env.TAG}} - platforms: ${{ matrix.platform }} - labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Export digest - run: | - mkdir -p /tmp/digests - digest="${{ steps.build.outputs.digest }}" - touch "/tmp/digests/${digest#sha256:}" - - - name: Upload digest - uses: actions/upload-artifact@v3 - with: - name: digests - path: /tmp/digests/* - if-no-files-found: error - retention-days: 1 - - docker-merge: - runs-on: ubuntu-latest - needs: - - docker-build - steps: - - name: Download digests - uses: actions/download-artifact@v3 - with: - name: digests - path: /tmp/digests - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.REGISTRY_IMAGE }} - - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - - - name: Create manifest list and push - working-directory: /tmp/digests - run: | - docker buildx imagetools create --tag ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} \ - $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) - - - name: Inspect image - run: | - docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} - - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Push image to GHCR - run: | - docker buildx imagetools create \ - --tag ghcr.io/${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} \ - ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} diff --git a/ci/release/hermes.Dockerfile b/ci/release/hermes.Dockerfile index 2bb64194fe..5da3f2c6e1 100644 --- a/ci/release/hermes.Dockerfile +++ b/ci/release/hermes.Dockerfile @@ -1,8 +1,7 @@ +# Used for running Hermes in Docker containers # -# Used for running hermes in docker containers -# -# Usage: -# docker build . --build-arg TAG=v0.3.0 -t informalsystems/hermes:0.3.0 -f hermes.Dockerfile +# Usage: (from the root of the working copy) +# $ docker build . -t informalsystems/hermes -f ci/release/hermes.Dockerfile FROM rust:1-buster AS build-env @@ -10,9 +9,8 @@ ARG TAG WORKDIR /root -RUN git clone -b ${TAG} --depth 1 https://github.com/informalsystems/hermes \ - && cd hermes \ - && cargo build --release +COPY . . +RUN cargo build --release FROM ubuntu:latest LABEL maintainer="hello@informal.systems" @@ -27,4 +25,4 @@ WORKDIR /home/hermes USER hermes:hermes ENTRYPOINT ["/usr/bin/hermes"] -COPY --chown=0:0 --from=build-env /root/hermes/target/release/hermes /usr/bin/hermes +COPY --chown=hermes:hermes --from=build-env /root/target/release/hermes /usr/bin/hermes