From 1a089aa35497b1f680b0986bd3c618ba44ecce19 Mon Sep 17 00:00:00 2001 From: Kirill Azovtsev Date: Sun, 4 Aug 2024 00:20:28 +0300 Subject: [PATCH 1/8] new minideb Dockerfile --- .github/workflows/test.yml | 2 + housekeeping/docker/kagome-dev/Makefile | 29 ++- .../kagome-dev/minideb-testing.Dockerfile | 85 --------- .../docker/kagome-dev/minideb.Dockerfile | 172 ++++++++---------- 4 files changed, 108 insertions(+), 180 deletions(-) delete mode 100644 housekeeping/docker/kagome-dev/minideb-testing.Dockerfile diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 586753eb51..8ed4b5d3e0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -231,6 +231,8 @@ jobs: build_type: "Debug" - name: "Self-hosted: Minideb: Build Release" build_type: "Release" + - name: "Self-hosted: Minideb: Build RelWithDebInfo" + build_type: "RelWithDebInfo" name: "${{ matrix.options.name }}" steps: diff --git a/housekeeping/docker/kagome-dev/Makefile b/housekeeping/docker/kagome-dev/Makefile index 04396177c0..c13001f405 100644 --- a/housekeeping/docker/kagome-dev/Makefile +++ b/housekeeping/docker/kagome-dev/Makefile @@ -28,8 +28,9 @@ GITHUB_HUNTER_TOKEN ?= CTEST_OUTPUT_ON_FAILURE ?= 1 WERROR ?= OFF -# kagome_runtime_cache Variables +# kagome_runtime_cache and kagome_image_build Variables KAGOME_PACKAGE_VERSION ?= +KAGOME_RUNTIME_PACKAGE_VERSION ?= # upload_apt_package Variables ARTIFACTS_REPO ?= kagome-apt @@ -171,3 +172,29 @@ upload_apt_package_runtime: gcloud artifacts versions delete $$RUNTIME_VERSION --package=kagome-dev-runtime --quiet; \ fi; \ gcloud artifacts apt upload $(ARTIFACTS_REPO) --source=./pkg/kagome-dev-runtime_$${RUNTIME_VERSION}_$(PACKAGE_ARCHITECTURE).deb + +kagome_image_build: + $(MAKE) get_versions; \ + COMMIT_HASH=$$(grep 'full_commit_hash:' commit_hash.txt | cut -d ' ' -f 2); \ + BUILD_TYPE_LOWER=$$(echo $(BUILD_TYPE) | tr '[:upper:]' '[:lower:]'); \ + BUILD_TARGET=""; \ + if [ "$(BUILD_TYPE)" = "Debug" ] || [ "$(BUILD_TYPE)" = "RelWithDebInfo" ]; then \ + BUILD_TARGET="--target debug"; \ + fi; \ + docker build --platform $(PLATFORM) \ + -t $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${COMMIT_HASH} \ + -t $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:latest \ + --secret id=google_creds,src=$(GOOGLE_APPLICATION_CREDENTIALS) \ + -f minideb.Dockerfile \ + --build-arg BASE_IMAGE=$(MINIDEB_IMAGE) \ + --build-arg ARCHITECTURE=$(ARCHITECTURE) \ + --build-arg KAGOME_PACKAGE_VERSION=$(KAGOME_PACKAGE_VERSION) \ + --build-arg KAGOME_RUNTIME_PACKAGE_VERSION=$(KAGOME_RUNTIME_PACKAGE_VERSION) \ + --build-arg PROJECT_ID=$(PROJECT_ID) \ + $${BUILD_TARGET} . + +kagome_image_push: + BUILD_TYPE_LOWER=$$(echo $(BUILD_TYPE) | tr '[:upper:]' '[:lower:]'); \ + COMMIT_HASH=$$(grep 'full_commit_hash:' commit_hash.txt | cut -d ' ' -f 2); \ + docker push $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${COMMIT_HASH} ; \ + docker push $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:latest \ No newline at end of file diff --git a/housekeeping/docker/kagome-dev/minideb-testing.Dockerfile b/housekeeping/docker/kagome-dev/minideb-testing.Dockerfile deleted file mode 100644 index 4908de1f09..0000000000 --- a/housekeeping/docker/kagome-dev/minideb-testing.Dockerfile +++ /dev/null @@ -1,85 +0,0 @@ -# bookworm -ARG BASE_IMAGE=bitnami/minideb@sha256:6cc3baf349947d587a9cd4971e81ff3ffc0d17382f2b5b6de63d6542bff10c16 -ARG RUST_VERSION=1.79.0 - -FROM ${BASE_IMAGE} - -SHELL ["/bin/bash", "-c"] - -ENV KAGOME_IN_DOCKER=1 - -RUN install_packages \ - gpg \ - gpg-agent \ - wget \ - vim \ - python3 \ - python3-pip \ - python3-venv \ - software-properties-common \ - gdb \ - gdbserver \ - curl - -RUN install_packages \ - mold \ - build-essential \ - gcc-12 \ - g++-12 \ - llvm-16-dev \ - clang-tidy-16 \ - clang-format-16 \ - libclang-rt-16-dev \ - make \ - git \ - ccache \ - lcov \ - zlib1g-dev \ - libgmp10 \ - libnsl-dev \ - libseccomp-dev \ - unzip - -ARG RUST_VERSION -ENV RUST_VERSION=${RUST_VERSION} -ENV RUSTUP_HOME=/root/.rustup -ENV CARGO_HOME=/root/.cargo -ENV PATH="${CARGO_HOME}/bin:${PATH}" -RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain ${RUST_VERSION} && \ - rustup default ${RUST_VERSION} - -RUN python3 -m venv /venv -RUN /venv/bin/python3 -m pip install --no-cache-dir --upgrade pip -RUN /venv/bin/pip install --no-cache-dir cmake==3.25 scikit-build requests gitpython gcovr pyyaml - -ENV HUNTER_PYTHON_LOCATION=/venv/bin/python3 - -ENV LLVM_ROOT=/usr/lib/llvm-16 -ENV LLVM_DIR=/usr/lib/llvm-16/lib/cmake/llvm/ -ENV PATH=${LLVM_ROOT}/bin:${LLVM_ROOT}/share/clang:${PATH} -ENV CC=gcc-12 -ENV CXX=g++-12 - -RUN update-alternatives --install /usr/bin/python python /venv/bin/python3 90 && \ - update-alternatives --install /usr/bin/python python /usr/bin/python3 80 && \ - \ - update-alternatives --install /usr/bin/clang-tidy clang-tidy /usr/bin/clang-tidy-16 50 && \ - update-alternatives --install /usr/bin/clang-format clang-format /usr/bin/clang-format-16 50 && \ - update-alternatives --install /usr/bin/clang clang /usr/lib/llvm-16/bin/clang-16 50 && \ - update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang++-16 50 && \ - \ - update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 90 && \ - update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-12 90 && \ - update-alternatives --install /usr/bin/gcov gcov /usr/bin/gcov-12 90 - -RUN install -m 0755 -d /etc/apt/keyrings && \ - curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc && \ - chmod a+r /etc/apt/keyrings/docker.asc && \ - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \ - $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ - tee /etc/apt/sources.list.d/docker.list > /dev/null && \ - apt-get update && \ - install_packages \ - docker-ce \ - docker-ce-cli \ - containerd.io diff --git a/housekeeping/docker/kagome-dev/minideb.Dockerfile b/housekeeping/docker/kagome-dev/minideb.Dockerfile index 30c9ded838..c0e3dff403 100644 --- a/housekeeping/docker/kagome-dev/minideb.Dockerfile +++ b/housekeeping/docker/kagome-dev/minideb.Dockerfile @@ -1,100 +1,84 @@ -FROM bitnami/minideb@sha256:a0dd12fa3f8b98f82f6d9e71cf1b81d8fd50a03e44f152f0b2b876e544639ca5 -MAINTAINER Vladimir Shcherba +ARG AUTHOR="k.azovtsev@qdrvm.io " -SHELL ["/bin/bash", "-c"] +ARG BASE_IMAGE + +ARG PROJECT_ID + +ARG REGION=europe-north1 +ARG ARCHITECTURE=x86_64 + +ARG KAGOME_PACKAGE_VERSION +ARG KAGOME_RUNTIME_PACKAGE_VERSION -ENV KAGOME_IN_DOCKER=1 +FROM ${BASE_IMAGE} AS base -# add some required tools -RUN apt-get update && \ - apt-get install --no-install-recommends -y \ +ARG AUTHOR +ENV AUTHOR=${AUTHOR} +LABEL org.opencontainers.image.authors="${AUTHOR}" +LABEL org.opencontainers.image.description="Kagome image" + +RUN install_packages \ + bash \ + software-properties-common \ + curl \ + wget \ + nano \ gpg \ gpg-agent \ - wget \ - vim \ - python3 \ - python3-pip \ - python3-setuptools \ - software-properties-common \ + tini + +SHELL ["/bin/bash", "-c"] + +# Setup enterprise repository + +ARG REGION +ENV REGION=$REGION + +RUN curl -fsSL https://${REGION}-apt.pkg.dev/doc/repo-signing-key.gpg | \ + gpg --dearmor -o /usr/share/keyrings/${REGION}-apt-archive-keyring.gpg + +RUN curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | \ + gpg --dearmor -o /usr/share/keyrings/cloud-google-apt-archive-keyring.gpg + +RUN echo "deb [signed-by=/usr/share/keyrings/${REGION}-apt-archive-keyring.gpg] \ + http://packages.cloud.google.com/apt apt-transport-artifact-registry-stable main" | \ + tee -a /etc/apt/sources.list.d/artifact-registry.list + +RUN install_packages apt-transport-artifact-registry + +ARG PROJECT_ID +ENV PROJECT_ID=$PROJECT_ID + +RUN echo "deb [signed-by=/usr/share/keyrings/europe-north1-apt-archive-keyring.gpg] \ + ar+https://${REGION}-apt.pkg.dev/projects/${PROJECT_ID} kagome-apt main" | \ + tee -a /etc/apt/sources.list.d/kagome.list + +RUN sed -i 's|^\(\s*\)# *Service-Account-JSON ".*";|\1Service-Account-JSON "/root/.gcp/google_creds.json";|' \ + /etc/apt/apt.conf.d/90artifact-registry + +RUN mkdir -p /root/.gcp + +ARG KAGOME_PACKAGE_VERSION +ARG KAGOME_RUNTIME_PACKAGE_VERSION +ENV KAGOME_PACKAGE_VERSION=${KAGOME_PACKAGE_VERSION} +ENV KAGOME_RUNTIME_PACKAGE_VERSION=${KAGOME_RUNTIME_PACKAGE_VERSION} + +RUN --mount=type=secret,id=google_creds cat /run/secrets/google_creds > /root/.gcp/google_creds.json && \ + install_packages \ + kagome-dev=${KAGOME_PACKAGE_VERSION} \ + kagome-dev-runtime=${KAGOME_RUNTIME_PACKAGE_VERSION} && \ + rm /root/.gcp/google_creds.json && sed -i '1s/^/#/' /etc/apt/sources.list.d/kagome.list + +CMD ["/usr/bin/tini", "--", "/bin/bash", "-c"] + + +FROM base AS debug + +ARG AUTHOR +ENV AUTHOR=${AUTHOR} +LABEL org.opencontainers.image.authors="${AUTHOR}" +LABEL org.opencontainers.image.description="Kagome debug image" + +RUN install_packages \ gdb \ - gdbserver \ - curl && \ - rm -rf /var/lib/apt/lists/* - -# add repos for llvm and newer gcc and install docker -RUN curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && \ - echo \ - "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \ - bullseye stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \ - echo \ - "deb http://apt.llvm.org/bullseye/ llvm-toolchain-bullseye-15 main" | tee -a /etc/apt/sources.list.d/docker.list > /dev/null && \ - echo \ - "deb http://deb.debian.org/debian/ testing main" | tee -a /etc/apt/sources.list.d/docker.list > /dev/null && \ - wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - && \ - wget -q -O- https://github.com/rui314/mold/releases/download/v1.5.1/mold-1.5.1-x86_64-linux.tar.gz | tar -C /usr/local --strip-components=1 -xzf - && \ - apt-get update && apt-get install --no-install-recommends -y \ - build-essential \ - gcc-12 \ - g++-12 \ - llvm-16-dev \ - clang-tidy-16 \ - clang-format-16 \ - libclang-rt-16-dev \ - make \ - git \ - ccache \ - lcov \ - zlib1g-dev \ - libgmp10 \ - libnsl-dev \ - libseccomp-dev \ - unzip && \ - rm -rf /var/lib/apt/lists/* - -# install rustc -ENV RUST_VERSION=1.77.0 -ENV RUSTUP_HOME=/root/.rustup -ENV CARGO_HOME=/root/.cargo -ENV PATH="${CARGO_HOME}/bin:${PATH}" -RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain ${RUST_VERSION} && \ - rustup default ${RUST_VERSION} - - -# Prepare python venv -RUN apt update && \ - apt install --no-install-recommends -y \ - python3.11-venv -RUN python3 -m venv /venv - -# install cmake and dev dependencies -RUN /venv/bin/python3 -m pip install --no-cache-dir --upgrade pip -RUN /venv/bin/pip install --no-cache-dir cmake==3.25 scikit-build requests gitpython gcovr pyyaml - -ENV HUNTER_PYTHON_LOCATION=/venv/bin/python3 - -# set env -ENV LLVM_ROOT=/usr/lib/llvm-16 -ENV LLVM_DIR=/usr/lib/llvm-16/lib/cmake/llvm/ -ENV PATH=${LLVM_ROOT}/bin:${LLVM_ROOT}/share/clang:${PATH} -ENV CC=gcc-12 -ENV CXX=g++-12 - -# set default compilers and tools - -RUN update-alternatives --install /usr/bin/python python /venv/bin/python3 90 && \ - update-alternatives --install /usr/bin/python python /usr/bin/python3 80 && \ - \ - update-alternatives --install /usr/bin/clang-tidy clang-tidy /usr/bin/clang-tidy-16 50 && \ - update-alternatives --install /usr/bin/clang-format clang-format /usr/bin/clang-format-16 50 && \ - update-alternatives --install /usr/bin/clang clang /usr/lib/llvm-16/bin/clang-16 50 && \ - update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang++-16 50 && \ - \ - update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 90 && \ - update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-12 90 && \ - update-alternatives --install /usr/bin/gcov gcov /usr/bin/gcov-12 90 - -# Install Docker -RUN apt-get install --no-install-recommends -y \ - docker-ce \ - docker-ce-cli \ - containerd.io + gdbserver From a2e2b7346eac8ce83b73fa5cd263a777c6cf730e Mon Sep 17 00:00:00 2001 From: Kirill Azovtsev Date: Sun, 4 Aug 2024 00:35:30 +0300 Subject: [PATCH 2/8] docker steps into CI --- .github/workflows/test.yml | 19 +++++++++++++++++++ .github/workflows/zombie-tests.yaml | 19 +++++++++++++++++++ housekeeping/docker/kagome-dev/Makefile | 1 - .../docker/kagome-dev/minideb.Dockerfile | 5 +---- 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8ed4b5d3e0..70455385c2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -298,6 +298,25 @@ jobs: make upload_apt_package \ BUILD_TYPE=${{ matrix.options.build_type }} + - name: Set up Docker Buildx + if: env.package_exist == 'False' + uses: docker/setup-buildx-action@v3.6.1 + + - name: "Build Docker Image" + if: env.package_exist == 'False' + working-directory: ./housekeeping/docker/kagome-dev + run: make kagome_image_build \ + KAGOME_PACKAGE_VERSION=${{ env.package_version }} \ + DOCKER_REGISTRY_PATH=${DOCKER_REGISTRY_PATH} \ + BUILD_TYPE=${{ matrix.options.build_type }} + + - name: "Push Docker Image" + if: env.package_exist == 'False' + working-directory: ./housekeeping/docker/kagome-dev + run: make kagome_image_push \ + DOCKER_REGISTRY_PATH=${DOCKER_REGISTRY_PATH} \ + BUILD_TYPE=${{ matrix.options.build_type }} + - name: "Cleaning cache" if: env.package_exist == 'False' run: | diff --git a/.github/workflows/zombie-tests.yaml b/.github/workflows/zombie-tests.yaml index d9ae6ade3d..6c9d871ede 100644 --- a/.github/workflows/zombie-tests.yaml +++ b/.github/workflows/zombie-tests.yaml @@ -105,6 +105,25 @@ jobs: make upload_apt_package \ BUILD_TYPE=${{ github.event.inputs.build_type }} + - name: Set up Docker Buildx + if: env.package_exist == 'False' + uses: docker/setup-buildx-action@v3.6.1 + + - name: "Build Docker Image" + if: env.package_exist == 'False' + working-directory: ./housekeeping/docker/kagome-dev + run: make kagome_image_build \ + KAGOME_PACKAGE_VERSION=${{ env.package_version }} \ + DOCKER_REGISTRY_PATH=${DOCKER_REGISTRY_PATH} \ + BUILD_TYPE=${{ github.event.inputs.build_type }} + + - name: "Push Docker Image" + if: env.package_exist == 'False' + working-directory: ./housekeeping/docker/kagome-dev + run: make kagome_image_push \ + DOCKER_REGISTRY_PATH=${DOCKER_REGISTRY_PATH} \ + BUILD_TYPE=${{ github.event.inputs.build_type }} + - name: "Always Save Cache" id: cache-save if: always() && (steps.cache-restore.outputs.cache-hit != 'true' || env.package_exist != 'True') diff --git a/housekeeping/docker/kagome-dev/Makefile b/housekeeping/docker/kagome-dev/Makefile index c13001f405..14f8a018da 100644 --- a/housekeeping/docker/kagome-dev/Makefile +++ b/housekeeping/docker/kagome-dev/Makefile @@ -189,7 +189,6 @@ kagome_image_build: --build-arg BASE_IMAGE=$(MINIDEB_IMAGE) \ --build-arg ARCHITECTURE=$(ARCHITECTURE) \ --build-arg KAGOME_PACKAGE_VERSION=$(KAGOME_PACKAGE_VERSION) \ - --build-arg KAGOME_RUNTIME_PACKAGE_VERSION=$(KAGOME_RUNTIME_PACKAGE_VERSION) \ --build-arg PROJECT_ID=$(PROJECT_ID) \ $${BUILD_TARGET} . diff --git a/housekeeping/docker/kagome-dev/minideb.Dockerfile b/housekeeping/docker/kagome-dev/minideb.Dockerfile index c0e3dff403..1d0a1a99c8 100644 --- a/housekeeping/docker/kagome-dev/minideb.Dockerfile +++ b/housekeeping/docker/kagome-dev/minideb.Dockerfile @@ -8,7 +8,6 @@ ARG REGION=europe-north1 ARG ARCHITECTURE=x86_64 ARG KAGOME_PACKAGE_VERSION -ARG KAGOME_RUNTIME_PACKAGE_VERSION FROM ${BASE_IMAGE} AS base @@ -59,14 +58,12 @@ RUN sed -i 's|^\(\s*\)# *Service-Account-JSON ".*";|\1Service-Account-JSON "/roo RUN mkdir -p /root/.gcp ARG KAGOME_PACKAGE_VERSION -ARG KAGOME_RUNTIME_PACKAGE_VERSION ENV KAGOME_PACKAGE_VERSION=${KAGOME_PACKAGE_VERSION} -ENV KAGOME_RUNTIME_PACKAGE_VERSION=${KAGOME_RUNTIME_PACKAGE_VERSION} RUN --mount=type=secret,id=google_creds cat /run/secrets/google_creds > /root/.gcp/google_creds.json && \ install_packages \ kagome-dev=${KAGOME_PACKAGE_VERSION} \ - kagome-dev-runtime=${KAGOME_RUNTIME_PACKAGE_VERSION} && \ + kagome-dev-runtime && \ rm /root/.gcp/google_creds.json && sed -i '1s/^/#/' /etc/apt/sources.list.d/kagome.list CMD ["/usr/bin/tini", "--", "/bin/bash", "-c"] From 34273c438dfe3b007c7c30b8e23f0ab323f4981e Mon Sep 17 00:00:00 2001 From: Kirill Azovtsev Date: Sun, 4 Aug 2024 01:03:47 +0300 Subject: [PATCH 3/8] project_id added to CI --- .github/workflows/test.yml | 1 + .github/workflows/zombie-tests.yaml | 1 + housekeeping/docker/kagome-dev/Makefile | 8 ++++---- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 70455385c2..c41cc6e6c3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -38,6 +38,7 @@ env: ~/.hunter ~/.rustup DOCKER_REGISTRY_PATH: ${{ secrets.GCP_REGISTRY }}/${{ secrets.GCP_PROJECT }}/kagome-dev/ + PROJECT_ID: ${{ secrets.GCP_PROJECT }} CACHE_PATH: ./build/cache DEFAULT_BUILD_TYPE: Release CI: true diff --git a/.github/workflows/zombie-tests.yaml b/.github/workflows/zombie-tests.yaml index 6c9d871ede..9a279988bc 100644 --- a/.github/workflows/zombie-tests.yaml +++ b/.github/workflows/zombie-tests.yaml @@ -29,6 +29,7 @@ on: env: DOCKER_REGISTRY_PATH: ${{ secrets.GCP_REGISTRY }}/${{ secrets.GCP_PROJECT }}/kagome-dev/ + PROJECT_ID: ${{ secrets.GCP_PROJECT }} BUILD_DIR: build CTEST_OUTPUT_ON_FAILURE: 1 CI: true diff --git a/housekeeping/docker/kagome-dev/Makefile b/housekeeping/docker/kagome-dev/Makefile index 14f8a018da..48171a19ef 100644 --- a/housekeeping/docker/kagome-dev/Makefile +++ b/housekeeping/docker/kagome-dev/Makefile @@ -175,14 +175,14 @@ upload_apt_package_runtime: kagome_image_build: $(MAKE) get_versions; \ - COMMIT_HASH=$$(grep 'full_commit_hash:' commit_hash.txt | cut -d ' ' -f 2); \ + SHORT_COMMIT_HASH=$$(grep 'short_commit_hash:' commit_hash.txt | cut -d ' ' -f 2); \ BUILD_TYPE_LOWER=$$(echo $(BUILD_TYPE) | tr '[:upper:]' '[:lower:]'); \ BUILD_TARGET=""; \ if [ "$(BUILD_TYPE)" = "Debug" ] || [ "$(BUILD_TYPE)" = "RelWithDebInfo" ]; then \ BUILD_TARGET="--target debug"; \ fi; \ docker build --platform $(PLATFORM) \ - -t $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${COMMIT_HASH} \ + -t $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${SHORT_COMMIT_HASH} \ -t $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:latest \ --secret id=google_creds,src=$(GOOGLE_APPLICATION_CREDENTIALS) \ -f minideb.Dockerfile \ @@ -194,6 +194,6 @@ kagome_image_build: kagome_image_push: BUILD_TYPE_LOWER=$$(echo $(BUILD_TYPE) | tr '[:upper:]' '[:lower:]'); \ - COMMIT_HASH=$$(grep 'full_commit_hash:' commit_hash.txt | cut -d ' ' -f 2); \ - docker push $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${COMMIT_HASH} ; \ + SHORT_COMMIT_HASH=$$(grep 'short_commit_hash:' commit_hash.txt | cut -d ' ' -f 2); \ + docker push $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${SHORT_COMMIT_HASH} ; \ docker push $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:latest \ No newline at end of file From d633ea94a742964cdd5ee17e5c25360dbbbb6f04 Mon Sep 17 00:00:00 2001 From: Kirill Azovtsev Date: Sun, 4 Aug 2024 01:30:52 +0300 Subject: [PATCH 4/8] RUST_IMAGE=rust:1.80 --- zombienet/docker/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zombienet/docker/Makefile b/zombienet/docker/Makefile index 292317b0c8..31bfac1b15 100644 --- a/zombienet/docker/Makefile +++ b/zombienet/docker/Makefile @@ -8,7 +8,7 @@ PLATFORM ?= linux/amd64 ARCHITECTURE ?= amd64 # polkadot_builder Variables -RUST_IMAGE=rust:1.79-slim-bookworm +RUST_IMAGE=rust:1.80-slim-bookworm SCCACHE_VERSION ?= 0.7.4 # polkadot_binary Variables From 5f8b6e1b5aa4f6e411fa329799c8a732e51fda2e Mon Sep 17 00:00:00 2001 From: Kirill Azovtsev Date: Sun, 4 Aug 2024 01:41:44 +0300 Subject: [PATCH 5/8] cargo update fix --- zombienet/docker/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zombienet/docker/Makefile b/zombienet/docker/Makefile index 31bfac1b15..0364c49791 100644 --- a/zombienet/docker/Makefile +++ b/zombienet/docker/Makefile @@ -141,7 +141,7 @@ polkadot_binary: $(DOCKER_REGISTRY_PATH)polkadot_builder:$$POLKADOT_SDK_RELEASE \ -c "tail -f /dev/null"; \ docker exec -t $$CONTAINER_NAME /bin/bash -c \ - "cargo update $(CARGO_PACKETS) && \ + "cargo update && \ cargo build --release $(CARGO_PACKETS) && \ cp $(RESULT_BINARIES) /tmp/polkadot_binary/ && \ ./build_apt_package.sh \ From b27f2fd6dd78c976eaf297172a175f18caab48c6 Mon Sep 17 00:00:00 2001 From: Kirill Azovtsev Date: Sun, 4 Aug 2024 11:00:21 +0300 Subject: [PATCH 6/8] fix security issue with google creds in docker build step --- housekeeping/docker/kagome-dev/minideb.Dockerfile | 4 ++-- zombienet/docker/zombie_tester.Dockerfile | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/housekeeping/docker/kagome-dev/minideb.Dockerfile b/housekeeping/docker/kagome-dev/minideb.Dockerfile index 1d0a1a99c8..9c80c2affc 100644 --- a/housekeeping/docker/kagome-dev/minideb.Dockerfile +++ b/housekeeping/docker/kagome-dev/minideb.Dockerfile @@ -60,11 +60,11 @@ RUN mkdir -p /root/.gcp ARG KAGOME_PACKAGE_VERSION ENV KAGOME_PACKAGE_VERSION=${KAGOME_PACKAGE_VERSION} -RUN --mount=type=secret,id=google_creds cat /run/secrets/google_creds > /root/.gcp/google_creds.json && \ +RUN --mount=type=secret,id=google_creds,target=/root/.gcp/google_creds.json \ install_packages \ kagome-dev=${KAGOME_PACKAGE_VERSION} \ kagome-dev-runtime && \ - rm /root/.gcp/google_creds.json && sed -i '1s/^/#/' /etc/apt/sources.list.d/kagome.list + sed -i '1s/^/#/' /etc/apt/sources.list.d/kagome.list CMD ["/usr/bin/tini", "--", "/bin/bash", "-c"] diff --git a/zombienet/docker/zombie_tester.Dockerfile b/zombienet/docker/zombie_tester.Dockerfile index 407765756d..b4731e5da6 100644 --- a/zombienet/docker/zombie_tester.Dockerfile +++ b/zombienet/docker/zombie_tester.Dockerfile @@ -85,9 +85,9 @@ ARG POLKADOT_BINARY_PACKAGE_VERSION ENV POLKADOT_BINARY_PACKAGE_VERSION=$POLKADOT_BINARY_PACKAGE_VERSION RUN mkdir -p /root/.gcp -RUN --mount=type=secret,id=google_creds cat /run/secrets/google_creds > /root/.gcp/google_creds.json && \ +RUN --mount=type=secret,id=google_creds,target=/root/.gcp/google_creds.json \ install_packages polkadot-binary=${POLKADOT_BINARY_PACKAGE_VERSION} && \ - rm /root/.gcp/google_creds.json && sed -i '1s/^/#/' /etc/apt/sources.list.d/kagome.list + sed -i '1s/^/#/' /etc/apt/sources.list.d/kagome.list # WARNING: Setup always returns 2, even when successful RUN zombienet setup -y polkadot polkadot-parachain; \ From b3bf2761895ab3c06b23e335f4ec2fe7981d8f67 Mon Sep 17 00:00:00 2001 From: Kirill Azovtsev Date: Sun, 4 Aug 2024 11:32:06 +0300 Subject: [PATCH 7/8] additional tags for docker images --- .github/workflows/test.yml | 6 +++++- housekeeping/docker/kagome-dev/Makefile | 12 +++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c41cc6e6c3..ee5a656ae2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -41,6 +41,8 @@ env: PROJECT_ID: ${{ secrets.GCP_PROJECT }} CACHE_PATH: ./build/cache DEFAULT_BUILD_TYPE: Release + GIT_REF_NAME: ${{ github.ref_name }} + IS_MAIN_OR_TAG: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')) }} CI: true @@ -316,7 +318,9 @@ jobs: working-directory: ./housekeeping/docker/kagome-dev run: make kagome_image_push \ DOCKER_REGISTRY_PATH=${DOCKER_REGISTRY_PATH} \ - BUILD_TYPE=${{ matrix.options.build_type }} + BUILD_TYPE=${{ matrix.options.build_type }} \ + GIT_REF_NAME=${{ env.GIT_REF_NAME }} \ + IS_MAIN_OR_TAG=${{ env.IS_MAIN_OR_TAG }} - name: "Cleaning cache" if: env.package_exist == 'False' diff --git a/housekeeping/docker/kagome-dev/Makefile b/housekeeping/docker/kagome-dev/Makefile index 48171a19ef..f8ae0af6d7 100644 --- a/housekeeping/docker/kagome-dev/Makefile +++ b/housekeeping/docker/kagome-dev/Makefile @@ -36,6 +36,9 @@ KAGOME_RUNTIME_PACKAGE_VERSION ?= ARTIFACTS_REPO ?= kagome-apt REGION ?= europe-north1 +# CI Variables +IS_MAIN_OR_TAG ?= false +GIT_REF_NAME ?= export DOCKER_BUILDKIT=1 # BUILDKIT_PROGRESS - auto, plain, tty, rawjson @@ -196,4 +199,11 @@ kagome_image_push: BUILD_TYPE_LOWER=$$(echo $(BUILD_TYPE) | tr '[:upper:]' '[:lower:]'); \ SHORT_COMMIT_HASH=$$(grep 'short_commit_hash:' commit_hash.txt | cut -d ' ' -f 2); \ docker push $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${SHORT_COMMIT_HASH} ; \ - docker push $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:latest \ No newline at end of file + docker push $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:latest ; \ + if [ "$(IS_MAIN_OR_TAG)" = "true" ]; then \ + if [ -n "$(GIT_REF_NAME)" ]; then \ + docker tag $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${SHORT_COMMIT_HASH} \ + $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${GIT_REF_NAME} ; \ + docker push $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${GIT_REF_NAME} ; \ + fi \ + fi \ No newline at end of file From 71e71b29cd773b40f488b7496c47b47b36b29bfc Mon Sep 17 00:00:00 2001 From: Kirill Azovtsev Date: Sun, 4 Aug 2024 11:54:22 +0300 Subject: [PATCH 8/8] master or tag check --- housekeeping/docker/kagome-dev/Makefile | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/housekeeping/docker/kagome-dev/Makefile b/housekeeping/docker/kagome-dev/Makefile index f8ae0af6d7..4a560ff1c1 100644 --- a/housekeeping/docker/kagome-dev/Makefile +++ b/housekeeping/docker/kagome-dev/Makefile @@ -30,7 +30,7 @@ WERROR ?= OFF # kagome_runtime_cache and kagome_image_build Variables KAGOME_PACKAGE_VERSION ?= -KAGOME_RUNTIME_PACKAGE_VERSION ?= +#KAGOME_RUNTIME_PACKAGE_VERSION ?= # upload_apt_package Variables ARTIFACTS_REPO ?= kagome-apt @@ -201,9 +201,14 @@ kagome_image_push: docker push $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${SHORT_COMMIT_HASH} ; \ docker push $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:latest ; \ if [ "$(IS_MAIN_OR_TAG)" = "true" ]; then \ - if [ -n "$(GIT_REF_NAME)" ]; then \ + if [ "$(GIT_REF_NAME)" = "master" ]; then \ + MAIN_TAG="$${SHORT_COMMIT_HASH}-master"; \ docker tag $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${SHORT_COMMIT_HASH} \ - $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${GIT_REF_NAME} ; \ - docker push $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${GIT_REF_NAME} ; \ + $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${MAIN_TAG}; \ + docker push $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${MAIN_TAG}; \ + elif [ -n "$(GIT_REF_NAME)" ]; then \ + docker tag $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${SHORT_COMMIT_HASH} \ + $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${GIT_REF_NAME}; \ + docker push $(DOCKER_REGISTRY_PATH)kagome_$${BUILD_TYPE_LOWER}:$${GIT_REF_NAME}; \ fi \ - fi \ No newline at end of file + fi