Skip to content
Open
Show file tree
Hide file tree
Changes from 12 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 0 additions & 6 deletions .github/docker-config.json

This file was deleted.

175 changes: 50 additions & 125 deletions .github/workflows/build-and-push-docker-images.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: build-and-push-docker-images
name: build-and-push-docker
on:
push:
branches:
Expand All @@ -8,165 +8,90 @@ on:
pull_request:
workflow_dispatch:
inputs:
test_mode:
description: 'Enable test mode (uses candyland-test registry and draft releases)'
required: false
type: boolean
default: false
docker_push:
description: 'Enable docker push'
required: false
type: boolean
default: true
release_push:
description: 'Enable release push'
required: false
type: boolean
default: true


env:
# If test_mode is true, or we're on a branch with a test-build- prefix then use a test registry and a draft release
TEST_MODE: ${{ github.event.inputs.test_mode == 'true' || startsWith(github.ref, 'refs/heads/test-build-') }}
DOCKER_REGISTRY: ${{ (github.event.inputs.test_mode == 'true' || startsWith(github.ref, 'refs/heads/test-build-')) && 'europe-west1-docker.pkg.dev/randamu-prod/candyland-test' || 'europe-west1-docker.pkg.dev/randamu-prod/candyland' }}
DOCKER_REGISTRY: 'europe-west1-docker.pkg.dev/randamu-prod/candyland'
DOCKER_PUSH: ${{ github.event.inputs.docker_push == 'true' }}

SERVICE_ACCOUNT: github@randamu-prod.iam.gserviceaccount.com
IMAGE_MAINTAINER: "Randamu"
IMAGE_VENDOR: "Randamu"
AUTHOR: "Randu Mohammed"

jobs:
build-binaries:
uses: ./.github/workflows/build-all-binaries.yml
secrets: inherit

generate-matrix:
needs: build-binaries
docker-build-and-push:
name: "Docker build and push"
runs-on: ["randamu-self-hosted-default"]
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}

steps:
- name: Checkout code
uses: actions/checkout@v5

- name: Download binaries metadata
uses: actions/download-artifact@v4
with:
name: binaries-metadata-${{ github.sha }}
path: .

- name: Upload binaries for docker jobs
uses: actions/upload-artifact@v4
with:
name: binaries-for-docker-${{ github.sha }}
path: target/release/
retention-days: 1
overwrite: true

- name: Generate build matrix
id: set-matrix
run: |
CONFIG_FILE=".github/docker-config.json"

# Load config if exists
if [ -f "$CONFIG_FILE" ]; then
CONFIG=$(cat "$CONFIG_FILE")
else
CONFIG='{}'
fi

# Generate matrix from binaries.json (slurp to read all objects into array)
MATRIX=$(jq -sc --argjson config "$CONFIG" 'map({
binary_name: .name,
binary_path: ( .path | sub("/home/runner/_work/dcipher/dcipher/"; "") ),
image_name: ($config[.name].image_name // .name),
description: ($config[.name].description // "Dcipher service")
})' binaries.json)

echo "matrix=$MATRIX" >> $GITHUB_OUTPUT
echo "Generated matrix:"
echo "$MATRIX" | jq .

- name: Upload Docker build context
uses: actions/upload-artifact@v4
with:
name: docker-context-${{ github.sha }}
path: |
Dockerfile
.github/docker-config.json
.dockerignore
retention-days: 1
overwrite: true

docker:
name: "Docker: ${{ matrix.app.image_name }}"
needs: generate-matrix
runs-on: ["randamu-self-hosted-default"]
strategy:
fail-fast: false
matrix:
app: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
steps:
- name: Download Docker build context
uses: actions/download-artifact@v4
with:
name: docker-context-${{ github.sha }}
path: .

- name: Download pre-built binaries
uses: actions/download-artifact@v4
with:
name: binaries-${{ github.sha }}
path: target/release

- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.DOCKER_REGISTRY }}/${{ matrix.app.image_name }}
labels: |
maintainer=${{ env.IMAGE_MAINTAINER }}
org.opencontainers.image.vendor=${{ env.IMAGE_VENDOR }}
org.opencontainers.image.title=${{ matrix.app.image_name }}
org.opencontainers.image.description=${{ matrix.app.description }}
flavor: |
latest=false
tags: |
type=sha,prefix=
type=ref,event=branch,suffix=-latest,enable=${{ startsWith(github.ref, 'refs/heads/') }}
type=semver,pattern={{version}},event=tag,enable=${{ startsWith(github.ref, 'refs/tags/') }}
type=raw,value=main-latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
type=ref,event=pr
type=ref,event=branch
submodules: 'recursive'

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-config-inline: |
debug = true
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]
[worker.oci]
max-parallelism = 8
driver-opts: |
image=mirror.gcr.io/moby/buildkit:buildx-stable-1
network=host

- name: Cache Docker layers
uses: actions/cache@v5
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-

- name: Setup local cache directory, to reuse across images
run: |
mkdir -p /tmp/buildkit-cache

- name: Login to Artifact Registry
uses: docker/login-action@v3
with:
registry: europe-west1-docker.pkg.dev
username: _json_key
password: ${{ secrets.GCP_SERVICE_ACCOUNT_TOKEN }}

- name: Build and push
uses: docker/build-push-action@v6
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build and push docker images
uses: docker/bake-action@v6
env:
TAG: ${{ github.event_name == 'pull_request' && github.head_ref || github.ref_name }}
SHA: ${{ github.sha }}
REGISTRY: ${{ env.DOCKER_REGISTRY }}
with:
context: .
file: ./Dockerfile
push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') || env.TEST_MODE == 'true' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
BINARY_PATH=${{ matrix.app.binary_path }}
BINARY_NAME=${{ matrix.app.binary_name }}
cache-from: |
type=registry,ref=${{ env.DOCKER_REGISTRY }}/${{ matrix.app.image_name }}-cache:${{ steps.meta.outputs.version }}
type=registry,ref=${{ env.DOCKER_REGISTRY }}/${{ matrix.app.image_name }}-cache:main
cache-to: type=registry,ref=${{ env.DOCKER_REGISTRY }}/${{ matrix.app.image_name }}-cache:${{ steps.meta.outputs.version }},mode=max
files: docker-bake.hcl
source: .
push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') || env.DOCKER_PUSH == 'true' }}
set: |
*.cache-from=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache
*.cache-to=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache,mode=max
*.cache-from=type=local,src=/tmp/.buildx-cache
*.cache-to=type=local,dest=/tmp/.buildx-cache-new,mode=max
Comment thread
AnomalRoil marked this conversation as resolved.
Outdated

# This step prevents the cache from growing infinitely
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
33 changes: 33 additions & 0 deletions bin/adkg-cli/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
FROM lukemathwalker/cargo-chef:latest-rust-1.92 AS chef
RUN apt-get update \
&& apt-get install -y protobuf-compiler \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app

FROM chef AS planner
COPY . .
RUN cargo chef prepare --recipe-path recipe.json --bin adkg-cli

FROM chef AS builder
COPY --from=planner /app/recipe.json recipe.json
# Build dependencies - this is the caching Docker layer!
RUN cargo chef cook --release --recipe-path recipe.json --bin adkg-cli
# Copy local dependencies
COPY Cargo.toml Cargo.lock ./
COPY bin/adkg-cli/ ./bin/adkg-cli
COPY crates/adkg ./crates/adkg
COPY crates/config ./crates/config
COPY crates/network ./crates/network
COPY crates/utils ./crates/utils
COPY crates/omnievent ./crates/omnievent
COPY crates/superalloy ./crates/superalloy
COPY modules/dcipher-proto ./modules/dcipher-proto

# Build application
RUN cargo build --release -p adkg-cli --bin adkg-cli

# We do not need the Rust toolchain to run the binary!
FROM debian:bookworm-slim AS runtime
WORKDIR /app
COPY --from=builder /app/target/release/adkg-cli /usr/local/bin/adkg-cli
CMD ["adkg-cli"]
41 changes: 41 additions & 0 deletions bin/blocklock-agent/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
FROM lukemathwalker/cargo-chef:latest-rust-1.92 AS chef
RUN apt-get update \
&& apt-get install -y protobuf-compiler \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app

FROM chef AS planner
WORKDIR /app

COPY . .
RUN cargo chef prepare --recipe-path recipe.json --bin blocklock-agent

FROM chef AS builder
WORKDIR /app

COPY --from=planner /app/recipe.json recipe.json
# Build dependencies - this is the caching Docker layer!
RUN cargo chef cook --release --recipe-path recipe.json -p blocklock-agent --examples

# Copy minimum dependencies to benefit from caching
COPY Cargo.toml Cargo.lock ./
COPY bin/blocklock-agent/ ./bin/blocklock-agent
COPY crates/dcipher-agents ./crates/dcipher-agents
COPY crates/generated ./crates/generated
COPY crates/utils ./crates/utils
COPY crates/config ./crates/config
COPY crates/network ./crates/network
COPY crates/signer ./crates/signer
COPY crates/superalloy ./crates/superalloy
COPY crates/omnievent ./crates/omnievent
COPY modules/dcipher-proto ./modules/dcipher-proto

# Build application
RUN cargo build --release -p blocklock-agent --example blocklock

# We do not need the Rust toolchain to run the binary!
FROM debian:bookworm-slim AS runtime
RUN apt-get update && apt-get install -y libssl3 dnsutils
WORKDIR /app
COPY --from=builder /app/target/release/examples/blocklock /usr/local/bin
ENTRYPOINT ["/usr/local/bin/blocklock"]
39 changes: 39 additions & 0 deletions bin/dsigner/examples/dsigner_legacy_http/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
FROM lukemathwalker/cargo-chef:latest-rust-1.92 AS chef
RUN apt-get update \
&& apt-get install -y protobuf-compiler \
&& rm -rf /var/lib/apt/lists/*
RUN apt-get update && apt-get install -y protobuf-compiler

WORKDIR /app

FROM chef AS planner
COPY . .
RUN cargo chef prepare --recipe-path recipe.json --bin dsigner

FROM chef AS builder
COPY --from=planner /app/recipe.json recipe.json

# Build dependencies - this is the caching Docker layer!
# --bin sadly doesn't support binaries of kind "example"
RUN cargo chef cook --release --recipe-path recipe.json --all-targets

# Build application
COPY Cargo.toml Cargo.lock ./

COPY bin/dsigner/ ./bin/dsigner
COPY crates/config ./crates/config
COPY crates/network ./crates/network
COPY crates/signer ./crates/signer
COPY crates/superalloy ./crates/superalloy
COPY crates/utils ./crates/utils
COPY crates/omnievent ./crates/omnievent
COPY modules/dcipher-proto ./modules/dcipher-proto

RUN cargo build --release --example dsigner_legacy_http --all-features -p dsigner

# We do not need the Rust toolchain to run the binary!
FROM debian:bookworm-slim AS runtime
RUN apt-get update && apt-get install -y libssl3 dnsutils
WORKDIR /app
COPY --from=builder /app/target/release/examples/dsigner_legacy_http /usr/local/bin
ENTRYPOINT ["/usr/local/bin/dsigner_legacy_http"]
36 changes: 36 additions & 0 deletions bin/monitoring/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
FROM lukemathwalker/cargo-chef:latest-rust-1.92 AS chef
RUN apt-get update \
&& apt-get install -y protobuf-compiler \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app

FROM chef AS planner
COPY . .
RUN cargo chef prepare --recipe-path recipe.json --bin monitoring

FROM chef AS builder
COPY --from=planner /app/recipe.json recipe.json

# Build dependencies - this is the caching Docker layer!
RUN cargo chef cook --release --recipe-path recipe.json --bin monitoring

# Build application
COPY Cargo.toml Cargo.lock ./

COPY bin/monitoring/ ./bin/monitoring
COPY crates/agent-utils ./crates/agent-utils
COPY crates/config ./crates/config
COPY crates/generated ./crates/generated
COPY crates/utils ./crates/utils
COPY crates/omnievent ./crates/omnievent
COPY crates/superalloy ./crates/superalloy
COPY modules/dcipher-proto ./modules/dcipher-proto

RUN cargo build --release -p monitoring --bin monitoring

# We do not need the Rust toolchain to run the binary!
FROM debian:bookworm-slim AS runtime
RUN apt-get update && apt-get install -y libssl3 dnsutils
WORKDIR /app
COPY --from=builder /app/target/release/monitoring /usr/local/bin
ENTRYPOINT ["/usr/local/bin/monitoring"]
Loading
Loading