Docker improvements, new entrypoint script & better Docker tags (#1628)

* Add entrypoint and other small fixes * try removing the "Free space" step * add missing directive on dockerignore * Docker tags fixes * update CI files dockerignore and dependabot * Dockerfile cleanup * make the latest Docker tag implicit --------- Co-authored-by: William Freudenberger <w.freude@icloud.com>
centrifuge · Nov 30, 2023 · 36343f5 · 36343f5
1 parent 52638b6
commit 36343f5
Show file tree

Hide file tree

Showing 5 changed files with 73 additions and 41 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,7 +1,8 @@
 **/target/
 .github/
 !scripts/install_toolchain.sh
-docker-compos
 .gitignore
 docker
-README.md
+!docker/scripts
+README.md
+flake*
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -4,4 +4,4 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "monthly"
diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
@@ -22,17 +22,6 @@ jobs:
       - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4
         with:
           fetch-depth: 0
-      - name: Free space
-      # https://github.com/actions/runner-images/issues/2840#issuecomment-1284059930
-        run: |
-          sudo rm -rf /usr/share/dotnet
-          # sudo rm -rf "/usr/local/share/boost"
-          sudo rm -rf "$AGENT_TOOLSDIRECTORY"
-
-      - name: check available docker space
-        run: |
-          docker volume ls
-          df -h
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 #v3
@@ -51,10 +40,10 @@ jobs:
           images: centrifugeio/centrifuge-chain
           tags: |
             type=semver,pattern={{raw}},prefix=${{ matrix.target == 'test' && 'test-' || '' }}
-            type=edge,event=pr,suffix={{sha}}-${{ env.NOW }},prefix=${{ matrix.target == 'test' && 'test-' || '' }}
-            type=ref,event=tag,suffix={{sha}}-${{ env.NOW }},prefix=${{ matrix.target == 'test' && 'test-' || '' }}
-            type=ref,event=pr,suffix={{sha}}-${{ env.NOW }},prefix=${{ matrix.target == 'test' && 'test-' || '' }}
-            type=ref,event=branch,prefix=${{ matrix.target == 'test' && 'test-' || '' }}-{{branch}},suffix={{sha}}-${{ env.NOW }}
+            type=raw,value=latest,enable=${{ github.event_name == 'release' }}
+            type=ref,event=tag,suffix=-{{sha}}-${{ env.NOW }},prefix=${{ matrix.target == 'test' && 'test-' || '' }}
+            type=ref,event=pr,suffix=-{{sha}}-${{ env.NOW }},prefix=${{ matrix.target == 'test' && 'test-' || '' }}PR
+            type=ref,event=branch,prefix=${{ matrix.target == 'test' && 'test-' || '' }},suffix=-{{sha}}-${{ env.NOW }}
 
       - name: Configure GHA cache
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea #v6

diff --git a/docker/centrifuge-chain/Dockerfile b/docker/centrifuge-chain/Dockerfile
@@ -1,23 +1,11 @@
 # Inspired by
 # https://github.com/paritytech/polkadot-sdk/blob/master/docker/dockerfiles/polkadot/polkadot_injected_release.Dockerfile
 
-FROM --platform=linux/amd64 docker.io/library/rust:bookworm as builder
+FROM --platform=linux/amd64 docker.io/paritytech/ci-linux:production as builder
   # Defaults
 	ENV RUST_BACKTRACE 1
-	ENV DEBIAN_FRONTEND=noninteractive
-
-	RUN apt-get update && \
-		# apt-get dist-upgrade -y -o Dpkg::Options::="--force-confold" && \
-		apt-get install -y \
-			cmake \
-			pkg-config \
-			libssl-dev \
-			git \
-			clang \
-			libclang-dev \
-			protobuf-compiler \
-			curl
-
+
+  # RustUp
 	COPY ./scripts scripts
 	COPY rust-toolchain.toml ./
 	# RUN rustup update && rustup default
@@ -28,11 +16,11 @@ FROM --platform=linux/amd64 docker.io/library/rust:bookworm as builder
 	ARG RUSTC_WRAPPER=''
 	ARG SCCACHE_GHA_ENABLED="false"
 
-	COPY . centrifuge-chain
+	COPY . /centrifuge-chain
 	WORKDIR /centrifuge-chain
 	ARG FEATURES=""
 	RUN	FEATURES=$(echo ${FEATURES} | tr -d '"') \
-		cargo build "--release" --features=${FEATURES}
+		cargo build --locked --release --features=${FEATURES}
 
 
 # ===== SECOND STAGE ======
@@ -41,12 +29,11 @@ FROM --platform=linux/amd64 docker.io/library/rust:bookworm as builder
 # happen to make sure the binary is what we want.
 FROM --platform=linux/amd64 docker.io/library/ubuntu:jammy
 
-	LABEL io.centrifuge.image.authors="guillermo@k-f.co" \
+	LABEL io.centrifuge.image.authors="protocol@k-f.co" \
 		io.centrifuge.image.vendor="Centrifuge" \
 		io.centrifuge.image.title="centrifugeio/centrifuge-chain" \
-		io.centrifuge.image.description="Centrifuge, the layer 1 of RWA. This is the official Centrifuge image with an injected binary." \
+		io.centrifuge.image.description="Centrifuge, the layer 1 of RWA. This is the official Centrifuge (para)chain image" \
 		io.centrifuge.image.source="https://github.com/centrifuge/centrifuge-chain/blob/main/docker/centrifuge-chain/Dockerfile" \
-		# io.centrifuge.image.revision="${VCS_REF}" \
 		io.centrifuge.image.created="${BUILD_DATE}"
 
 	# Add chain resources to image
@@ -65,16 +52,19 @@ FROM --platform=linux/amd64 docker.io/library/ubuntu:jammy
 		chown -R centrifuge:centrifuge /usr/local/bin/centrifuge-chain && \
 		chown -R centrifuge:centrifuge /centrifuge/
 
+	COPY ./docker/scripts/entrypoint.sh /centrifuge/entrypoint.sh
+	RUN chown -R centrifuge:centrifuge /centrifuge/entrypoint.sh && chmod +x /centrifuge/entrypoint.sh
+
 # Running as an non-root is a good security practice
 # in some cases the container can be forced to run as root overriding the next line
 # but by default we want to enforce this.
 USER centrifuge
+
 # checks
 RUN ldd /usr/local/bin/centrifuge-chain && \
 	/usr/local/bin/centrifuge-chain --version
-ENV RUST_BACKTRACE 1
+
 EXPOSE 30333 9933 9944
 VOLUME ["/data"]
-
-ENTRYPOINT ["/usr/local/bin/centrifuge-chain"]
+ENTRYPOINT ["/centrifuge/entrypoint.sh"]
 CMD ["--help"]
diff --git a/docker/scripts/entrypoint.sh b/docker/scripts/entrypoint.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+if [ "$1" == "--help" ]; then
+    echo "No arguments detected, printing help and exiting..."
+    centrifuge-chain "$@"
+    exit 0
+fi
+
+# Fix to account for Polkadot's renaming of their DB folder from
+# relay-chain to polkadot. Probably not needed after all nodes are upgraded
+# beyond Polkadot 0.9.42+
+BASE_PATH=""
+for ARG in "$@"
+do
+    if [[ $ARG == --base-path=* ]]; then
+        BASE_PATH="${ARG#*=}"
+        break
+    fi
+done
+if [ -z "$BASE_PATH" ]
+then
+    BASE_PATH="/data"
+fi
+
+if [ -d "${BASE_PATH}/relay-chain" ]
+then
+    relay_chain_size=$(du -s "${BASE_PATH}/relay-chain" | cut -f1)
+
+    echo "Detected relay-chain folder. Renaming to polkadot..."
+    if [ -d "${BASE_PATH}/polkadot" ]
+    then
+        if [ -d "${BASE_PATH}/polkadot" ]
+        then
+            polkadot_size=$(du -s "${BASE_PATH}/polkadot" | cut -f1)
+            if [ "$polkadot_size" -ge "$relay_chain_size" ]
+            then
+                echo -e "\e[1;31m${BASE_PATH}/polkadot\e[0m folder is larger than or equal to \e[1;31m${BASE_PATH}/relay-chain\e[0m"
+                echo "This is unexpected. Manual check required."
+                echo "HINT: Delete one of the two folders to preserve that DB"
+                exit 1
+            else
+                echo "${BASE_PATH}/polkadot is smaller than ${BASE_PATH}/relay-chain"
+                echo "Creating backup of ${BASE_PATH}/polkadot before replacing it..."
+                mv "${BASE_PATH}/polkadot" "${BASE_PATH}/polkadot.bak"
+                rm -rf "${BASE_PATH}/polkadot"            
+            fi
+        fi    
+    fi
+    mv -f "${BASE_PATH}/relay-chain" "${BASE_PATH}/polkadot"
+fi
+
+# Start the chain
+centrifuge-chain "$@"