zecfoundation
/
zebra
mirror of https://github.com/ZcashFoundation/zebra.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

ref(build)!: use official lightwallted image for CI (#8323)

This commit is contained in:
Gustavo Valverde 2024-02-29 15:50:50 +00:00 committed by GitHub
parent 6a6f2865d3
commit 56fca2c9ee
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 1 additions and 232 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/chore-delete-gcp-resources.yml vendored
View File

@ -136,6 +136,5 @@ jobs:
with:
args: >-
-repo=us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra/zebrad-test
-repo=us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra/lightwalletd
-grace=${{ env.DELETE_IMAGE_HOURS }}
-keep=${{ env.KEEP_LATEST_IMAGE_COUNT }}

20
.github/workflows/sub-build-lightwalletd.patch.yml vendored
View File

@ -1,20 +0,0 @@
name: Build lightwalletd
# When the real job doesn't run because the files aren't changed,
# run a fake CI job to satisfy the branch protection rules.
on:
pull_request:
paths-ignore:
- 'zebra-rpc/**'
- 'zebrad/tests/acceptance.rs'
- 'zebrad/src/config.rs'
- 'zebrad/src/commands/start.rs'
- 'docker/zcash-lightwalletd/Dockerfile'
- '.github/workflows/sub-build-lightwalletd.yml'
jobs:
build:
name: Build lightwalletd Docker
runs-on: ubuntu-latest
steps:
- run: 'echo "No build required"'

149
.github/workflows/sub-build-lightwalletd.yml vendored
View File

@ -1,149 +0,0 @@
# TODO: we should stop using this build approach with lightwalletd and move to using our
# reusable workflow to building all the docker images of our repo
name: Build lightwalletd
# Ensures that only one workflow task will run at a time. Previous builds, if
# already in process, will get cancelled. Only the latest commit will be allowed
# to run, cancelling any workflows in between
#
# Cancelling old jobs is the most efficient approach, because the workflow is quick.
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
on:
workflow_dispatch:
# Update the lightwalletd image when related changes merge to the `zebra/main` branch
push:
branches:
- 'main'
paths:
# rebuild lightwalletd whenever the related Zebra code changes
#
# TODO: this code isn't compiled in this docker image
# rebuild whenever the actual code at lightwalletd/master changes
- 'zebra-rpc/**'
- 'zebrad/tests/acceptance.rs'
- 'zebrad/src/config.rs'
- 'zebrad/src/commands/start.rs'
# these workflow definitions actually change the docker image
- 'docker/zcash-lightwalletd/Dockerfile'
- '.github/workflows/sub-build-lightwalletd.yml'
# Update the lightwalletd image when each related PR changes
pull_request:
paths:
# rebuild lightwalletd whenever the related Zebra code changes
# (this code isn't actually compiled in this docker image)
- 'zebra-rpc/**'
- 'zebrad/tests/acceptance.rs'
- 'zebrad/src/config.rs'
- 'zebrad/src/commands/start.rs'
# these workflow definitions actually change the docker image
- 'docker/zcash-lightwalletd/Dockerfile'
- '.github/workflows/sub-build-lightwalletd.yml'
env:
IMAGE_NAME: lightwalletd
jobs:
build:
name: Build lightwalletd Docker
runs-on: ubuntu-latest
permissions:
contents: 'read'
id-token: 'write'
steps:
- uses: actions/checkout@v4.1.1
with:
# Note: check service.proto when modifying lightwalletd repo
repository: zcash/lightwalletd
ref: 'v0.4.16'
persist-credentials: false
- uses: actions/checkout@v4.1.1
with:
path: zebra
persist-credentials: false
- name: Inject slug/short variables
uses: rlespinasse/github-slug-action@v4
with:
short-length: 7
# Automatic tag management and OCI Image Format Specification for labels
- name: Docker meta
id: meta
uses: docker/metadata-action@v5.5.1
with:
# list of Docker images to use as base name for tags
images: |
us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra/${{ env.IMAGE_NAME }}
# generate Docker tags based on the following events/attributes
# set latest tag for default branch
tags: |
type=schedule
# semver and ref,tag automatically add a "latest" tag, but only on stable releases
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=ref,event=tag
type=ref,event=branch
type=ref,event=pr
type=sha
# edge is the latest commit on the default branch.
type=edge,enable={{is_default_branch}}
- name: Set up QEMU
id: qemu
uses: docker/setup-qemu-action@v3
with:
image: tonistiigi/binfmt:latest
platforms: all
# Setup Docker Buildx to allow use of docker cache layers from GH
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
# Setup gcloud CLI
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2.1.1
with:
retries: '3'
workload_identity_provider: '${{ vars.GCP_WIF }}'
service_account: '${{ vars.GCP_ARTIFACTS_SA }}'
token_format: 'access_token'
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2.1.0
- name: Login to Google Artifact Registry
uses: docker/login-action@v3.0.0
with:
registry: us-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
# Build and push image to Google Artifact Registry
- name: Build & push
id: docker_build
uses: docker/build-push-action@v5.1.0
with:
target: build
context: .
file: ./zebra/docker/zcash-lightwalletd/Dockerfile
platforms: |
linux/amd64
linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
push: true
cache-from: |
type=registry,ref=us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra-caching/${{ env.IMAGE_NAME }}:${{ env.GITHUB_REF_SLUG_URL }}-cache
type=registry,ref=us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra-caching/${{ env.IMAGE_NAME }}:main-cache
cache-to: |
type=registry,ref=us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra-caching/${{ env.IMAGE_NAME }}:${{ env.GITHUB_REF_SLUG_URL }}-cache,mode=max

2
docker/Dockerfile
View File

@ -98,7 +98,7 @@ ENV CARGO_HOME="/opt/zebrad/.cargo/"
# An entrypoint.sh is only available in this step for easier test handling with variables.
FROM deps AS tests
COPY --from=us-docker.pkg.dev/zfnd-dev-zebra/zebra/lightwalletd:edge /opt/lightwalletd /usr/local/bin
COPY --from=electriccoinco/lightwalletd:latest /usr/local/bin/lightwalletd /usr/local/bin/
# cargo uses timestamps for its cache, so they need to be in this order:
# unmodified source files < previous build cache < modified source files

61
docker/zcash-lightwalletd/Dockerfile
View File

@ -1,61 +0,0 @@
ARG ZCASHD_CONF_PATH=/etc/zcash.conf
ARG LWD_GRPC_PORT=9067
ARG LWD_HTTP_PORT=9068
##
## Build
##
FROM golang:1.17 AS build
# Create and change to the app directory.
WORKDIR /app
# Retrieve application dependencies.
# This allows the container build to reuse cached dependencies.
# Expecting to copy go.mod and if present go.sum.
COPY go.mod ./
COPY go.sum ./
# Do not use `go get` as it updates the requirements listed in your go.mod file.
# `go mod download` does not add new requirements or update existing requirements.
RUN go mod download
# Copy local code to the container image.
COPY . ./
# Build and install the binary.
RUN go build -v -o /opt/lightwalletd
ARG ZCASHD_CONF_PATH
RUN set -ex; \
{ \
echo "rpcuser=zcashrpc"; \
echo "rpcpassword=`head /dev/urandom | tr -dc A-Za-z0-9 | head -c 13 ; echo ''`" \
echo "rpcbind=127.0.0.1"; \
echo "rpcport=8232"; \
} > "${ZCASHD_CONF_PATH}"
ENTRYPOINT ["/opt/lightwalletd"]
CMD ["--no-tls-very-insecure", "--grpc-bind-addr=0.0.0.0:9067", "--http-bind-addr=0.0.0.0:9068", "--log-file=/dev/stdout", "--log-level=7"]
##
## Deploy
##
FROM debian:bookworm-slim as runtime
ARG ZCASHD_CONF_PATH
# Maintain backward compatibility with mainstream repo using this ARGs in docker-compose
ARG LWD_GRPC_PORT
ARG LWD_HTTP_PORT
WORKDIR /
COPY --from=build /opt/lightwalletd /usr/local/bin
COPY --from=build $ZCASHD_CONF_PATH ./
EXPOSE 9067
EXPOSE 9068
ENTRYPOINT ["lightwalletd"]
CMD ["--no-tls-very-insecure", "--grpc-bind-addr=0.0.0.0:9067", "--http-bind-addr=0.0.0.0:9068", "--log-file=/dev/stdout", "--log-level=7"]