From d9d7ddefbcd441854c43493324325ffc76e6f5b7 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Thu, 2 Apr 2026 16:51:34 +0200 Subject: [PATCH 1/7] Add docker images build --- .github/actions/build-push-image/action.yml | 4 + .github/workflows/release-build-binary.yml | 113 +++++++++++++++++- .../binary_injected_debug.Dockerfile | 57 +++++++++ 3 files changed, 169 insertions(+), 5 deletions(-) create mode 100644 docker/dockerfiles/binary_injected_debug.Dockerfile diff --git a/.github/actions/build-push-image/action.yml b/.github/actions/build-push-image/action.yml index 0233df507c166..5dc7e68ff12f5 100644 --- a/.github/actions/build-push-image/action.yml +++ b/.github/actions/build-push-image/action.yml @@ -1,4 +1,6 @@ name: "build and push image" +description: "Build a Docker image and push it to GCP and DockerHub registries" + inputs: dockerfile: description: "dockerfile to build" @@ -7,9 +9,11 @@ inputs: description: "image name (without registry)" required: true username: + description: "DockerHub username for authentication" required: false default: "" password: + description: "DockerHub password for authentication" required: false default: "" outputs: diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index eea5c389e15bb..4bc0573b91281 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -1,11 +1,16 @@ -name: Binary Build +name: Binary and Docker image build # This workflow can be used to build a binary like polkadot + workers, omninode or polkadot-parachain -# from any branch with release or profuction profile to be later used for testing. -# ⚠️ IT should not be used for release purposes! +# from any revision with release or profuction profile to be later used for testing. +# Also this workflow builds a Docker image for the binary and pushes it to dockerhub.io/paritypr registry +# ⚠️ IT should not be used for release purposes! on: workflow_dispatch: inputs: + revision: + description: The revision to build the binary from + required: true + type: string binary: required: true default: "polkadot" @@ -25,6 +30,8 @@ on: jobs: + preflight: + uses: ./.github/workflows/reusable-preflight.yml setup: # GitHub Actions allows using 'env' in a container context. # However, env variables don't work for forks: https://github.com/orgs/community/discussions/44322 @@ -53,14 +60,18 @@ jobs: echo "RUNNER=ubuntu-latest" >> $GITHUB_OUTPUT fi - build: + build-binary: needs: [setup] runs-on: ${{ needs.setup.outputs.RUNNER }} container: image: ${{ needs.setup.outputs.IMAGE }} steps: - name: Checkout + env: + INPUT_REVISION: ${{ inputs.revision }} uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + ref: ${{ env.INPUT_REVISION }} - name: Build binary env: @@ -82,7 +93,99 @@ jobs: fi - name: Upload ${{ inputs.binary }} artifacts - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: ${{ inputs.binary }} path: /artifacts/** + + build-docker-image: + needs: [preflight, build-binary] + runs-on: ${{ needs.preflight.outputs.RUNNER_DEFAULT }} + timeout-minutes: 60 + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Download artifacts + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 + with: + name: ${{ inputs.binary }} + path: artifacts-raw + + - name: Flatten artifacts + env: + INPUT_BINARY: ${{ inputs.binary }} + run: | + # build-linux-release.sh produces /artifacts// + # Debug Dockerfiles expect ./artifacts/ (flat structure) + mkdir -p artifacts + if [ "$INPUT_BINARY" = "polkadot" ]; then + for bin in polkadot polkadot-prepare-worker polkadot-execute-worker; do + cp "artifacts-raw/${bin}/${bin}" "artifacts/${bin}" + done + else + cp "artifacts-raw/${INPUT_BINARY}/${INPUT_BINARY}" "artifacts/${INPUT_BINARY}" + fi + # Copy entrypoint script (needed by binary_injected_debug.Dockerfile) + cp docker/scripts/entrypoint.sh artifacts/ + chmod a+x artifacts/* + ls -la artifacts/ + + - name: Prepare docker image tag + id: docker_tag + env: + INPUT_REVISION: ${{ inputs.revision }} + run: | + SHORT_SHA=$(echo "$INPUT_REVISION" | head -c 8) + echo "tag=${SHORT_SHA}" >> $GITHUB_OUTPUT + + - name: Build Docker image for polkadot + if: ${{ inputs.binary == 'polkadot' }} + run: | + # Create empty runtimes dir (debug Dockerfile expects it, but this workflow doesn't build runtimes) + mkdir -p artifacts/runtimes + docker build \ + --build-arg VCS_REF="${GITHUB_SHA}" \ + --build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')" \ + --build-arg IMAGE_NAME="polkadot" \ + -t "docker.io/paritypr/polkadot:${{ steps.docker_tag.outputs.tag }}" \ + -f docker/dockerfiles/polkadot/polkadot_injected_debug.Dockerfile \ + . + + - name: Build Docker image for polkadot-parachain + if: ${{ inputs.binary == 'polkadot-parachain' }} + run: | + docker build \ + --build-arg VCS_REF="${GITHUB_SHA}" \ + --build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')" \ + --build-arg IMAGE_NAME="polkadot-parachain" \ + -t "docker.io/paritypr/polkadot-parachain:${{ steps.docker_tag.outputs.tag }}" \ + -f docker/dockerfiles/polkadot-parachain/polkadot-parachain-debug_unsigned_injected.Dockerfile \ + . + + - name: Build Docker image for ${{ inputs.binary }} + if: ${{ inputs.binary != 'polkadot' && inputs.binary != 'polkadot-parachain' }} + env: + INPUT_BINARY: ${{ inputs.binary }} + run: | + docker build \ + --build-arg VCS_REF="${GITHUB_SHA}" \ + --build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')" \ + --build-arg IMAGE_NAME="${INPUT_BINARY}" \ + --build-arg BINARY="${INPUT_BINARY}" \ + -t "docker.io/paritypr/${INPUT_BINARY}:${{ steps.docker_tag.outputs.tag }}" \ + -f docker/dockerfiles/binary_injected_debug.Dockerfile \ + . + + - name: Login to DockerHub + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + with: + username: ${{ secrets.PARITYPR_DOCKERHUB_USERNAME }} + password: ${{ secrets.PARITYPR_DOCKERHUB_PASSWORD }} + + - name: Push Docker image + env: + INPUT_BINARY: ${{ inputs.binary }} + run: | + docker images | grep "${INPUT_BINARY}" + docker push --all-tags "docker.io/paritypr/${INPUT_BINARY}" diff --git a/docker/dockerfiles/binary_injected_debug.Dockerfile b/docker/dockerfiles/binary_injected_debug.Dockerfile new file mode 100644 index 0000000000000..b59d2f3ce2d70 --- /dev/null +++ b/docker/dockerfiles/binary_injected_debug.Dockerfile @@ -0,0 +1,57 @@ +FROM docker.io/library/ubuntu:20.04 + +# This file allows building a Generic debug container image +# based on one or multiple pre-built Linux binaries. +# Some defaults are set to polkadot but all can be overridden. + +SHELL ["/bin/bash", "-c"] + +# metadata +ARG VCS_REF +ARG BUILD_DATE +ARG IMAGE_NAME +ARG BINARY=polkadot + +ARG DOC_URL=https://github.com/paritytech/polkadot-sdk +ARG DESCRIPTION="Polkadot: a platform for web3" +ARG AUTHORS="devops-team@parity.io" +ARG VENDOR="Parity Technologies" + +LABEL io.parity.image.authors=${AUTHORS} \ + io.parity.image.vendor="${VENDOR}" \ + io.parity.image.revision="${VCS_REF}" \ + io.parity.image.title="${IMAGE_NAME}" \ + io.parity.image.created="${BUILD_DATE}" \ + io.parity.image.documentation="${DOC_URL}" \ + io.parity.image.description="${DESCRIPTION}" \ + io.parity.image.source="https://github.com/paritytech/polkadot-sdk/blob/${VCS_REF}/docker/dockerfiles/binary_injected_debug.Dockerfile" + +# show backtraces +ENV RUST_BACKTRACE 1 + +# install tools and dependencies +RUN apt-get update && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y \ + libssl1.1 \ + ca-certificates && \ + # apt cleanup + apt-get autoremove -y && \ + apt-get clean && \ + find /var/lib/apt/lists/ -type f -not -name lock -delete; \ + # add user + useradd -m -u 1000 -U -s /bin/sh -d /data polkadot && \ + mkdir -p /data && \ + chown -R polkadot:polkadot /data + +# add binary to docker image +COPY ./artifacts/* /usr/local/bin/ +RUN chmod -R a+rx "/usr/local/bin" + +USER polkadot +ENV BINARY=${BINARY} + +EXPOSE 30333 9933 9944 9615 +VOLUME ["/data"] + +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] +CMD ["--help"] From 516951a439ba82934be4a887042fc1329901b656 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Thu, 2 Apr 2026 16:54:03 +0200 Subject: [PATCH 2/7] Rename to test --- .github/workflows/release-build-binary.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index 4bc0573b91281..a4544212ef406 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -1,4 +1,4 @@ -name: Binary and Docker image build +name: Binary Build # This workflow can be used to build a binary like polkadot + workers, omninode or polkadot-parachain # from any revision with release or profuction profile to be later used for testing. # Also this workflow builds a Docker image for the binary and pushes it to dockerhub.io/paritypr registry From 5c456fea03379f581a932c0e12f61dfaa69c054d Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Thu, 2 Apr 2026 20:56:31 +0200 Subject: [PATCH 3/7] change polkadot and polakdot-parachain name to debug --- .github/workflows/release-build-binary.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index a4544212ef406..3ee5cdbdc4661 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -148,7 +148,7 @@ jobs: --build-arg VCS_REF="${GITHUB_SHA}" \ --build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')" \ --build-arg IMAGE_NAME="polkadot" \ - -t "docker.io/paritypr/polkadot:${{ steps.docker_tag.outputs.tag }}" \ + -t "docker.io/paritypr/polkadot-debug:${{ steps.docker_tag.outputs.tag }}" \ -f docker/dockerfiles/polkadot/polkadot_injected_debug.Dockerfile \ . @@ -159,7 +159,7 @@ jobs: --build-arg VCS_REF="${GITHUB_SHA}" \ --build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')" \ --build-arg IMAGE_NAME="polkadot-parachain" \ - -t "docker.io/paritypr/polkadot-parachain:${{ steps.docker_tag.outputs.tag }}" \ + -t "docker.io/paritypr/polkadot-parachain-debug:${{ steps.docker_tag.outputs.tag }}" \ -f docker/dockerfiles/polkadot-parachain/polkadot-parachain-debug_unsigned_injected.Dockerfile \ . From ea5ca67d9b7552f3c70d616f9353557a1bfbe6a9 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 6 Apr 2026 10:22:54 +0200 Subject: [PATCH 4/7] Update polkadot and polakdot-aprachain images names --- .github/workflows/release-build-binary.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index 3ee5cdbdc4661..cf7f131ee81f6 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -147,7 +147,7 @@ jobs: docker build \ --build-arg VCS_REF="${GITHUB_SHA}" \ --build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')" \ - --build-arg IMAGE_NAME="polkadot" \ + --build-arg IMAGE_NAME="polkadot-debug" \ -t "docker.io/paritypr/polkadot-debug:${{ steps.docker_tag.outputs.tag }}" \ -f docker/dockerfiles/polkadot/polkadot_injected_debug.Dockerfile \ . @@ -158,7 +158,7 @@ jobs: docker build \ --build-arg VCS_REF="${GITHUB_SHA}" \ --build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')" \ - --build-arg IMAGE_NAME="polkadot-parachain" \ + --build-arg IMAGE_NAME="polkadot-parachain-debug" \ -t "docker.io/paritypr/polkadot-parachain-debug:${{ steps.docker_tag.outputs.tag }}" \ -f docker/dockerfiles/polkadot-parachain/polkadot-parachain-debug_unsigned_injected.Dockerfile \ . From 4804c8937d882f926833f12a2f78f977e3cb9d57 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 6 Apr 2026 10:28:45 +0200 Subject: [PATCH 5/7] Use parity-default directly --- .github/workflows/release-build-binary.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index cf7f131ee81f6..6621f24d03fd3 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -29,9 +29,6 @@ on: description: "Features to enable when building the binary (must be a list of comma-separated features)" jobs: - - preflight: - uses: ./.github/workflows/reusable-preflight.yml setup: # GitHub Actions allows using 'env' in a container context. # However, env variables don't work for forks: https://github.com/orgs/community/discussions/44322 @@ -99,8 +96,8 @@ jobs: path: /artifacts/** build-docker-image: - needs: [preflight, build-binary] - runs-on: ${{ needs.preflight.outputs.RUNNER_DEFAULT }} + needs: [build-binary] + runs-on: parity-default timeout-minutes: 60 steps: - name: Checkout From 048de83d2475652e26da69ab15e65abb7ac523e6 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 6 Apr 2026 11:31:04 +0200 Subject: [PATCH 6/7] Fix image push --- .github/workflows/release-build-binary.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index 6621f24d03fd3..90721f75bbef3 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -184,5 +184,10 @@ jobs: env: INPUT_BINARY: ${{ inputs.binary }} run: | - docker images | grep "${INPUT_BINARY}" - docker push --all-tags "docker.io/paritypr/${INPUT_BINARY}" + if [ "$INPUT_BINARY" = "polkadot" ] || [ "$INPUT_BINARY" = "polkadot-parachain" ]; then + IMAGE_NAME="${INPUT_BINARY}-debug" + else + IMAGE_NAME="${INPUT_BINARY}" + fi + docker images | grep "${IMAGE_NAME}" + docker push --all-tags "docker.io/paritypr/${IMAGE_NAME}" From 94d4b6de98d479e7f25387d9a99ea261c5a28b94 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 6 Apr 2026 16:48:51 +0200 Subject: [PATCH 7/7] Rename flow --- .github/workflows/release-build-binary.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index 90721f75bbef3..186193cce10f4 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -1,4 +1,4 @@ -name: Binary Build +name: Binary and Docker image Build for testing # This workflow can be used to build a binary like polkadot + workers, omninode or polkadot-parachain # from any revision with release or profuction profile to be later used for testing. # Also this workflow builds a Docker image for the binary and pushes it to dockerhub.io/paritypr registry