[CI] Docker image updates (#1799)

e1a5c6b6 · s3krit · GitHub · 2128d594 · e1a5c6b6 · e1a5c6b6
Unverified Commit e1a5c6b6 authored Oct 19, 2020 by s3krit Committed by GitHub Oct 19, 2020
--- a/.github/workflows/publish-docker-release.yml
+++ b/.github/workflows/publish-docker-release.yml
+name: Publish Docker image for new releases
+
+on:
+  release:
+    types:
+      - published
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+      - name: Login to Dockerhub
+        with:
+         path: /tmp/.buildx-cache
+         key: ${{ runner.os }}-buildx-${{ github.sha }}
+         restore-keys: |
+           ${{ runner.os }}-buildx-
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Build and push
+        id:   docker_build
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          file: scripts/docker/Dockerfile.release
+          tags: |
+            parity/polkadot:latest
+            parity/polkadot:${{ github.event.release.tag_name }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -212,12 +212,18 @@ generate-impl-guide:
    - EXTRATAG="$(cat ./artifacts/EXTRATAG)"
    - echo "Polkadot version = ${VERSION} (EXTRATAG ${EXTRATAG})"

-publish-docker-release:
+publish-docker:
  <<:                              *publish-build
  image:                           docker:stable
  services:
    - docker:dind
  <<:                              *collect-artifacts
+  # Don't run on releases - this is handled by the Github Action here:
+  # .github/workflows/publish-docker-release.yml
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "web"
+    - if: $CI_PIPELINE_SOURCE == "schedule"
+    - if: $CI_COMMIT_REF_NAME == "master"
  variables:
    DOCKER_HOST:                   tcp://localhost:2375
    DOCKER_DRIVER:                 overlay2

--- a/doc/docker.md
+++ b/doc/docker.md
 ### The easiest way

-The easiest/faster option is to use the latest image.
+The easiest/faster option to run Polkadot in docker is to use the latest
+release images. These are small images that use the latest official release of
+the polkadot binary, pulled from our package repository.

 Let´s first check the version we have. The first time you run this command, the polkadot docker image will be downloaded. This takes a bit of time and bandwidth, be patient:

 ```bash
-docker run --rm -it chevdor/polkadot:latest polkadot --version
+docker run --rm -it parity/polkadot:latest polkadot --version
 ```

 You can also pass any argument/flag that polkadot supports:

 ```bash
-docker run --rm -it chevdor/polkadot:latest polkadot --chain westend --name "PolkaDocker"
+docker run --rm -it parity/polkadot:latest polkadot --chain westend --name "PolkaDocker"
 ```

 Once you are done experimenting and picking the best node name :) you can start polkadot as daemon, exposes the polkadot ports and mount a volume that will keep your blockchain data locally:

 ```bash
-docker run -d -p 30333:30333 -p 9933:9933 -v /my/local/folder:/data chevdor/polkadot:latest polkadot --chain westend
+docker run -d -p 30333:30333 -p 9933:9933 -v /my/local/folder:/data parity/polkadot:latest polkadot --chain westend
 ```

 Additionally if you want to have custom node name you can add the `--name "YourName"` at the end

 ```bash
-docker run -d -p 30333:30333 -p 9933:9933 -v /my/local/folder:/data chevdor/polkadot:latest polkadot --chain westend --name "PolkaDocker"
+docker run -d -p 30333:30333 -p 9933:9933 -v /my/local/folder:/data parity/polkadot:latest polkadot --chain westend --name "PolkaDocker"
 ```

 ```bash
-docker run -d -p 30333:30333 -p 9933:9933 -v /my/local/folder:/data chevdor/polkadot:latest polkadot --rpc-external --chain westend
+docker run -d -p 30333:30333 -p 9933:9933 -v /my/local/folder:/data parity/polkadot:latest polkadot --rpc-external --chain westend
 ```

-if you want to connect to rpc port 9933, then must add polkadot startup parameter: `--rpc-external`.
+If you want to connect to rpc port 9933, then must add polkadot startup parameter: `--rpc-external`.

 **Note:** The `--chain westend` argument is important and you need to add it to the command line. If you are running older node versions (pre 0.3) you don't need it.

@@ -68,7 +70,7 @@ If you run into issues with polkadot when using docker, please run the following
 (replace the tag with the appropriate one if you do not use latest):

 ```bash
-docker run --rm -it chevdor/polkadot:latest polkadot --version
+docker run --rm -it parity/polkadot:latest polkadot --version
 ```

 This will show you the polkadot version as well as the git commit ref that was used to build your container.

--- a/docker/Dockerfile
+++ b/docker/Dockerfile
-FROM phusion/baseimage:0.11 as builder
-LABEL maintainer "chevdor@gmail.com"
+FROM paritytech/ci-linux:production as builder
 LABEL description="This is the build stage for Polkadot. Here we create the binary."

 ARG PROFILE=release
@@ -7,27 +6,16 @@ WORKDIR /polkadot

 COPY . /polkadot

-RUN apt-get update && \
-	apt-get upgrade -y && \
-	apt-get install -y cmake pkg-config libssl-dev git clang
-RUN curl https://sh.rustup.rs -sSf | sh -s -- -y && \
-        export PATH=$PATH:$HOME/.cargo/bin && \
-        scripts/init.sh && \
-        cargo build --$PROFILE
+RUN cargo build --$PROFILE

 # ===== SECOND STAGE ======

-FROM phusion/baseimage:0.11
-LABEL maintainer "chevdor@gmail.com"
+FROM debian:buster-slim
 LABEL description="This is the 2nd stage: a very small image where we copy the Polkadot binary."
 ARG PROFILE=release
 COPY --from=builder /polkadot/target/$PROFILE/polkadot /usr/local/bin

-RUN mv /usr/share/ca* /tmp && \
-	rm -rf /usr/share/*  && \
-	mv /tmp/ca-certificates /usr/share/ && \
-	rm -rf /usr/lib/python* && \
-	useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \
+RUN useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \
 	mkdir -p /polkadot/.local/share/polkadot && \
 	chown -R polkadot:polkadot /polkadot/.local && \
 	ln -s /polkadot/.local/share/polkadot /data && \

--- a/docker/build.sh
+++ b/docker/build.sh
@@ -9,12 +9,12 @@ cd $PROJECT_ROOT

 # Find the current version from Cargo.toml
 VERSION=`grep "^version" ./Cargo.toml | egrep -o "([0-9\.]+)"`
-GITUSER=chevdor
+GITUSER=parity
 GITREPO=polkadot

 # Build the image
 echo "Building ${GITUSER}/${GITREPO}:latest docker image, hang on!"
-time docker build -f ./docker/Dockerfile --build-arg PROFILE=release -t ${GITUSER}/${GITREPO}:latest .
+time docker build -f ./docker/Dockerfile --build-arg RUSTC_WRAPPER= --build-arg PROFILE=release -t ${GITUSER}/${GITREPO}:latest .

 # Show the list of available images for this repo
 echo "Image is ready"

--- a/scripts/docker/Dockerfile
+++ b/scripts/docker/Dockerfile
-FROM debian:stretch-slim
+FROM debian:buster-slim

 # metadata
 ARG VCS_REF

--- a/scripts/docker/release.Dockerfile
+++ b/scripts/docker/release.Dockerfile
+FROM debian:buster-slim
+
+# metadata
+ARG VCS_REF
+ARG BUILD_DATE
+
+LABEL io.parity.image.authors="devops-team@parity.io" \
+	io.parity.image.vendor="Parity Technologies" \
+	io.parity.image.title="parity/polkadot" \
+	io.parity.image.description="polkadot: a platform for web3" \
+	io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/scripts/docker/Dockerfile" \
+	io.parity.image.revision="${VCS_REF}" \
+	io.parity.image.created="${BUILD_DATE}" \
+	io.parity.image.documentation="https://github.com/paritytech/polkadot/"
+
+# show backtraces
+ENV RUST_BACKTRACE 1
+
+# install tools and dependencies
+RUN apt-get update && \
+		DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \
+		DEBIAN_FRONTEND=noninteractive apt-get install -y \
+			libssl1.1 \
+			ca-certificates \
+			curl \
+			gnupg && \
+		gpg --recv-keys --keyserver hkps://keys.mailvelope.com 9D4B2B6EB8F97156D19669A9FF0812D491B96798 && \
+		gpg --export 9D4B2B6EB8F97156D19669A9FF0812D491B96798 > /usr/share/keyrings/parity.gpg && \
+		echo 'deb [signed-by=/usr/share/keyrings/parity.gpg] https://releases.parity.io/deb release main' > /etc/apt/sources.list.d/parity.list && \
+		apt update && \
+		apt install polkadot && \
+# apt cleanup
+		apt-get autoremove -y && \
+		apt-get clean && \
+		find /var/lib/apt/lists/ -type f -not -name lock -delete
+
+USER polkadot
+
+# check if executable works in this container
+RUN /usr/bin/polkadot --version
+
+EXPOSE 30333 9933 9944
+VOLUME ["/polkadot"]
+
+ENTRYPOINT ["/usr/bin/polkadot"]
+