CICD: add container build

.github/workflows/container.yml

@@ -0,0 +1,57 @@
+name: container
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - rel/*
+      - feature/*
+    tags:
+      - "*"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Generate Container Metadata
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            docker.io/${{ github.repository_owner }}/algod
+          tags: |
+            type=sha,format=long,prefix=
+            type=ref,event=tag
+            type=ref,event=branch
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'rel/stable') }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build and Push
+        uses: docker/build-push-action@v3
+        with:
+          context: ./
+          file: ./Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          platforms: linux/amd64,linux/arm64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          build-args: |
+            SHA=${{ github.sha }}
+            URL=${{ github.server_url }}/${{ github.repository }}.git
+            BRANCH=${{ github.ref_name }}

Dockerfile

@@ -1,75 +1,64 @@
-ARG GO_VERSION=1.17.5
-FROM golang:$GO_VERSION-bullseye as builder
+FROM ubuntu:18.04 as builder
 
-ARG CHANNEL=nightly
-ARG URL=
-ARG BRANCH=
-ARG SHA=
+ARG GO_VERSION="1.17.13"
+
+ARG CHANNEL
+ARG URL
+ARG BRANCH
+ARG SHA
+ARG TARGETARCH
+
+ADD https://go.dev/dl/go${GO_VERSION}.linux-${TARGETARCH}.tar.gz /go.tar.gz
 
 # Basic dependencies.
-ENV HOME /node
-ENV DEBIAN_FRONTEND noninteractive
+ENV HOME="/node" DEBIAN_FRONTEND="noninteractive" GOPATH="/node"
+
 RUN apt-get update && \
-    apt-get install -y \
+    apt-get install -y --no-install-recommends \
+    ca-certificates \
     apt-utils \
     bsdmainutils \
     curl \
     git \
-    git-core \
-    python3
+    && rm -rf /var/lib/apt/lists/* && \
+    \
+    tar -C /usr/local -xzf /go.tar.gz && \
+    rm -rf /go.tar.gz
+
+ENV PATH="/usr/local/go/bin:${PATH}"
 
 COPY ./docker/files/ /node/files
 COPY ./installer/genesis /node/files/run/genesis
 COPY ./cmd/updater/update.sh /node/files/build/update.sh
-COPY ./installer/config.json.example /node/files/build/config.json
-
-RUN find /node/files
+COPY ./installer/config.json.example /node/files/run/config.json.example
 
 # Install algod binaries.
 RUN /node/files/build/install.sh \
-    -p "/node/bin" \
+    -p "${GOPATH}/bin" \
     -d "/node/data" \
     -c "${CHANNEL}" \
     -u "${URL}" \
     -b "${BRANCH}" \
     -s "${SHA}"
 
-# Copy binaries into a clean image
-# TODO: We don't need most of the binaries.
-#       Should we delete everything except goal/algod/algocfg/tealdbg?
 FROM debian:bullseye-slim as final
-COPY --from=builder "/node/bin/" "/node/bin"
-COPY --from=builder "/node/data/" "/node/dataTemplate"
-COPY --from=builder "/node/files/run" "/node/run"
 
-ENV BIN_DIR="/node/bin"
-ENV PATH="$BIN_DIR:${PATH}"
-ENV ALGOD_PORT=8080
-ENV ALGORAND_DATA="/algod/data"
-RUN mkdir -p "$ALGORAND_DATA"
-WORKDIR /node/data
+ENV PATH="/node/bin:${PATH}" ALGOD_PORT="8080" ALGORAND_DATA="/algod/data"
 
 # curl is needed to lookup the fast catchup url
-RUN apt-get update && apt-get install -y \
-    curl \
-    && rm -rf /var/lib/apt/lists/*
-
-# TODO: This works fine, but causes problems when mounting a volume
-# Use algorand user instead of root
-#RUN groupadd -r algorand && \
-#  useradd --no-log-init -r -g algorand algorand && \
-#  chown -R algorand.algorand /node && \
-#  chown -R algorand.algorand /algod
-#USER algorand
+RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates curl && \
+    rm -rf /var/lib/apt/lists/* && \
+    mkdir -p "$ALGORAND_DATA" && \
+    groupadd --system algorand && \
+    useradd --no-log-init --create-home --system --gid algorand algorand && \
+    chown -R algorand:algorand /algod
 
-# Algod REST API
-EXPOSE $ALGOD_PORT
+USER algorand
 
-# Algod Gossip Port
-EXPOSE 4160
+COPY --chown=algorand:algorand --from=builder "/node/bin/" "/node/bin/"
+COPY --chown=algorand:algorand --from=builder "/node/files/run/" "/node/run/"
 
-# Prometheus Metrics
-EXPOSE 9100
+# Expose Algod REST API, Algod Gossip, and Prometheus Metrics ports
+EXPOSE $ALGOD_PORT 4160 9100
 
 CMD ["/node/run/run.sh"]
-#CMD ["/bin/bash"]

docker/README.md

@@ -1,13 +1,12 @@
 # Algod Container
 
-General purpose algod docker container.
+General purpose algod container image.
 
-
-# Image Configuration
+## Image Configuration
 
 There are a number of special files and environment variables used to control how a container is started.
 
-## Default Configuration
+### Default Configuration
 
 By default the following config.json overrides are applied:
 
@@ -20,7 +19,7 @@ By default the following config.json overrides are applied:
 | IsIndexerActive | false |
 | EnableDeveloperAPI | true |
 
-## Environment Variables
+### Environment Variables
 
 The following environment variables can be supplied. Except when noted, it is possible to reconfigure deployments even after the data directory has been initialized.
 
@@ -34,10 +33,9 @@ The following environment variables can be supplied. Except when noted, it is po
 | TOKEN         | If set, overrides the REST API token. |
 | ADMIN_TOKEN   | If set, overrides the REST API admin token. |
 
+### Special Files
 
-## Special Files
-
-Configuration can be modified by specifying certian files. These can be changed each time you start the container if the data directory is a mounted volume.
+Configuration can be modified by specifying certain files. These can be changed each time you start the container if the data directory is a mounted volume.
 
 | File | Description |
 | ---- | ----------- |
@@ -47,10 +45,11 @@ Configuration can be modified by specifying certian files. These can be changed
 
 TODO: `/etc/template.json` for overriding the private network topology.
 
-# Example Configuration
+## Example Configuration
 
 The following command launches a container configured with one of the public networks:
-```
+
+```bash
 docker run --rm -it \
     -p 4190:8080 \
     -e NETWORK=mainnet \
@@ -63,21 +62,20 @@ docker run --rm -it \
 ```
 
 Explanation of parts:
+
 * `-p 4190:8080` maps the internal algod REST API to local port 4190
 * `-e NETWORK=` can be set to any of the supported public networks.
 * `-e FAST_CATCHUP=` causes fast catchup to start shortly after launching the network.
 * `-e TELEMETRY_NAME=` enables telemetry reporting to Algorand for network health analysis.
 * `-e TOKEN=` sets the REST API token to use.
-* `-v ${PWD}/data:/algod/data/` mounts a local volume to the data directory, which can be used to restart and upgrad the deployment.
-
+* `-v ${PWD}/data:/algod/data/` mounts a local volume to the data directory, which can be used to restart and upgrade the deployment.
 
-# Mounting the Data Directory
+## Mounting the Data Directory
 
 The data directory located at `/algod/data`. Mounting a volume at that location will allow you to shutdown and resume the node.
 
-## Private Network
+### Private Network
 
 Private networks work a little bit differently. They are configured with, potentially, several data directories. The default topology supplied with this container is installed to `/algod/`, and has a single node named `data`. This means the private network has a data directory at `/algod/data`, matching the production configuration.
 
 Because the root directory contains some metadata, if persistence of the private network is required, you should mount the volume `/algod/` instead of `/algod/data`. This will ensure the extra metadata is included when changing images.
-

docker/files/build/install.sh

@@ -82,7 +82,11 @@ fi
 git log -n 5
 
 ./scripts/configure_dev.sh
-make build
-./scripts/dev_install.sh -p "${BINDIR}" -d "${ALGORAND_DATA}"
+# make sure the makefile uses specific values for BUILD_NUMBER and BRANCH
+BUILD_NUMBER="" BRANCH="$BRANCH" make build
+
+shopt -s extglob
+
+cd "$BINDIR" && rm -vrf !(algocfg|algod|algoh|algokey|carpenter|catchupsrv|ddconfig.sh|diagcfg|find-nodes.sh|goal|kmd|msgpacktool|node_exporter|tealcut|tealdbg|update.sh|updater|COPYING)
 
 "$BINDIR"/algod -v

docker/files/run/run.sh

@@ -22,6 +22,9 @@ function apply_configuration() {
   if [ -f "/etc/algod.admin.token" ]; then
     cp /etc/algod.admin.token algod.admin.token
   fi
+  if [ -f "/etc/logging.config" ]; then
+    cp /etc/logging.config logging.config
+  fi
 
   # check for environment variable overrides.
   if [ "$TOKEN" != "" ]; then
@@ -57,8 +60,8 @@ function start_public_network() {
 
   apply_configuration
 
-  if [ $FAST_CATCHUP ]; then
-    catchup&
+  if [[ $FAST_CATCHUP ]]; then
+    catchup &
   fi
   # redirect output to stdout
   algod -o
@@ -82,13 +85,12 @@ function start_new_public_network() {
   fi
 
   mkdir -p "$ALGORAND_DATA"
-  mv dataTemplate/* "$ALGORAND_DATA"
-  rm -rf dataTemplate
 
-  cp "run/genesis/$NETWORK/genesis.json" "$ALGORAND_DATA/genesis.json"
   cd "$ALGORAND_DATA"
 
-  mv config.json.example config.json
+  cp "/node/run/genesis/$NETWORK/genesis.json" genesis.json
+  cp /node/run/config.json.example config.json
+
   configure_data_dir
 
   local ID

scripts/compute_branch.sh

@@ -1,18 +1,21 @@
 #!/usr/bin/env bash
 
-if [[ -n $(git status --porcelain) ]]; then
-    # If the branch isn't clean, default to HEAD to match old behavior.
-    BRANCH="HEAD"
-elif [ -z "${TRAVIS_BRANCH}" ]; then
-    # if there is no travis branch, set based on tag or branch
-    case "$(git describe --tags)" in
-      *"beta")    BRANCH="rel/beta" ;;
-      *"stable")  BRANCH="rel/stable" ;;
-      *"nightly") BRANCH="rel/nightly" ;;
-      *)          BRANCH=$(git rev-parse --abbrev-ref HEAD)
-    esac
-else
-    BRANCH="${TRAVIS_BRANCH}"
+BRANCH="${BRANCH:-}"
+if [ -n "$BRANCH" ]; then
+    if [[ -n $(git status --porcelain) ]]; then
+        # If the branch isn't clean, default to HEAD to match old behavior.
+        BRANCH="HEAD"
+    elif [ -z "${TRAVIS_BRANCH}" ]; then
+        # if there is no travis branch, set based on tag or branch
+        case "$(git describe --tags)" in
+        *"beta") BRANCH="rel/beta" ;;
+        *"stable") BRANCH="rel/stable" ;;
+        *"nightly") BRANCH="rel/nightly" ;;
+        *) BRANCH=$(git rev-parse --abbrev-ref HEAD) ;;
+        esac
+    else
+        BRANCH="${TRAVIS_BRANCH}"
+    fi
 fi
 
 echo "${BRANCH}"