From 7c6d2a1da5ed99d83671ea309e92afc22f09e3dc Mon Sep 17 00:00:00 2001 From: Fraccaroli Gianmarco Date: Fri, 17 May 2024 15:57:17 +0200 Subject: [PATCH] Better docker + CI (#23) * wip * wip * wip * wip --- .github/workflows/checks.yml | 72 ++++++++++++++++++++++++++++++++ .github/workflows/docker.yml | 80 ++++++++++++++++++++++++++++++++++++ chain/Dockerfile | 23 ++++++----- governance/Dockerfile | 22 ++++++---- justfile | 13 +++--- pos/Dockerfile | 22 ++++++---- rewards/Dockerfile | 22 ++++++---- rust-toolchain.toml | 2 +- seeder/Dockerfile | 22 ++++++---- webserver/Dockerfile | 22 ++++++---- 10 files changed, 239 insertions(+), 61 deletions(-) create mode 100644 .github/workflows/checks.yml create mode 100644 .github/workflows/docker.yml diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml new file mode 100644 index 00000000..30533bed --- /dev/null +++ b/.github/workflows/checks.yml @@ -0,0 +1,72 @@ +name: Build and format + +on: + pull_request: + branches: + - main + +concurrency: + group: ${{ github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} + +jobs: + clippy: + name: Clippy + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: taiki-e/install-action@just + - name: Install Protoc + uses: heliaxdev/setup-protoc@v2 + with: + version: "25.0" + repo-token: ${{ secrets.GITHUB_TOKEN }} + - uses: actions-rust-lang/setup-rust-toolchain@v1 + with: + cache: true + cache-workspaces: true + - run: just clippy + + format: + name: Format + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: taiki-e/install-action@just + - name: Install Protoc + uses: heliaxdev/setup-protoc@v2 + with: + version: "25.0" + repo-token: ${{ secrets.GITHUB_TOKEN }} + - uses: actions-rust-lang/setup-rust-toolchain@v1 + with: + toolchain: nightly + components: rustfmt + cache: true + cache-workspaces: true + - run: just fmt + + build: + name: Build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: taiki-e/install-action@just + - name: Install Protoc + uses: heliaxdev/setup-protoc@v2 + with: + version: "25.0" + repo-token: ${{ secrets.GITHUB_TOKEN }} + - uses: actions-rust-lang/setup-rust-toolchain@v1 + with: + cache: true + cache-workspaces: true + - run: just build + + dependencies: + name: Dependencies + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Machete + uses: bnjbvr/cargo-machete@main \ No newline at end of file diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 00000000..075bb0f5 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,80 @@ +name: Build docker images + +on: + push: + branches: + - main + tags: + - 'v[0-9]+.[0-9]+.[0-9]+' + merge_group: + + +env: + GIT_LFS_SKIP_SMUDGE: 1 + REGISTRY_URL: ghcr.io + + +jobs: + build-docker: + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + attestations: write + + strategy: + fail-fast: true + matrix: + docker: + [ + { image: namada-indexer-chain, context: chain }, + { image: namada-indexer-governance, context: governance }, + { image: namada-indexer-pos, context: pos }, + { image: namada-indexer-rewards, context: rewards }, + { image: namada-indexer-seeder, context: seeder }, + { image: namada-indexer-webserver, context: webserver }, + ] + + steps: + - name: Checkout repo + uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Docker meta + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ secrets.REGISTRY_URL }}/${{ matrix.docker.image }} + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=raw,value=latest + - name: Build and Push + id: push + uses: docker/build-push-action@v5 + with: + context: . + file: ${{ matrix.docker.context }}/Dockerfile + push: false # ${{ github.ref == 'refs/heads/main' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + - name: Generate artifact attestation + if: ${{ github.ref == 'refs/heads/main' }} + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ secrets.REGISTRY_URL }}/${{ matrix.docker.image }} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true \ No newline at end of file diff --git a/chain/Dockerfile b/chain/Dockerfile index 75980bca..4da6c38f 100644 --- a/chain/Dockerfile +++ b/chain/Dockerfile @@ -1,21 +1,24 @@ -FROM rust:1.78-bookworm AS builder +FROM lukemathwalker/cargo-chef:latest-rust-1.78-bookworm AS chef +WORKDIR /app -RUN apt-get update && apt-get install -y protobuf-compiler build-essential clang-tools-14 +FROM chef AS planner +COPY . . +RUN cargo chef prepare --recipe-path recipe.json -COPY . /app +FROM chef AS builder +COPY --from=planner /app/recipe.json recipe.json -WORKDIR /app +RUN apt-get update && apt-get install -y protobuf-compiler build-essential clang-tools-14 -RUN DEBIAN_FRONTEND=noninteractive apt-get update +RUN cargo chef cook --release --recipe-path recipe.json +COPY . . RUN cargo build --release --package chain -FROM debian:bookworm-slim - -RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y ca-certificates libpq5 - +FROM debian:bookworm-slim AS runtime +WORKDIR /app COPY --from=builder /app/target/release/chain /app/chain -COPY --from=builder /app/artifacts/checksums.json /app/checksums.json + WORKDIR /app CMD ["./chain"] \ No newline at end of file diff --git a/governance/Dockerfile b/governance/Dockerfile index 5396df25..330d2a5c 100644 --- a/governance/Dockerfile +++ b/governance/Dockerfile @@ -1,20 +1,24 @@ -FROM rust:1.78-bookworm AS builder +FROM lukemathwalker/cargo-chef:latest-rust-1.78-bookworm AS chef +WORKDIR /app -RUN apt-get update && apt-get install -y protobuf-compiler build-essential clang-tools-14 +FROM chef AS planner +COPY . . +RUN cargo chef prepare --recipe-path recipe.json -COPY . /app +FROM chef AS builder +COPY --from=planner /app/recipe.json recipe.json -WORKDIR /app +RUN apt-get update && apt-get install -y protobuf-compiler build-essential clang-tools-14 -RUN DEBIAN_FRONTEND=noninteractive apt-get update +RUN cargo chef cook --release --recipe-path recipe.json +COPY . . RUN cargo build --release --package governance -FROM debian:bookworm-slim - -RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y ca-certificates libpq5 - +FROM debian:bookworm-slim AS runtime +WORKDIR /app COPY --from=builder /app/target/release/governance /app/governance + WORKDIR /app CMD ["./governance"] \ No newline at end of file diff --git a/justfile b/justfile index 575e18b1..d6066fcd 100644 --- a/justfile +++ b/justfile @@ -1,17 +1,20 @@ build: - cargo build + cargo build --all check: - cargo check + cargo check --all fmt: - cargo +nightly fmt + cargo +nightly fmt --all clippy: cargo clippy clippy-fix: - cargo clippy --fix --allow-dirty --allow-staged + cargo clippy --all --fix --allow-dirty --allow-staged docker-up: - docker compose up \ No newline at end of file + docker compose up + +clean: + cargo clean \ No newline at end of file diff --git a/pos/Dockerfile b/pos/Dockerfile index cdcd5bf1..0af75d27 100644 --- a/pos/Dockerfile +++ b/pos/Dockerfile @@ -1,20 +1,24 @@ -FROM rust:1.78-bookworm AS builder +FROM lukemathwalker/cargo-chef:latest-rust-1.78-bookworm AS chef +WORKDIR /app -RUN apt-get update && apt-get install -y protobuf-compiler build-essential clang-tools-14 +FROM chef AS planner +COPY . . +RUN cargo chef prepare --recipe-path recipe.json -COPY . /app +FROM chef AS builder +COPY --from=planner /app/recipe.json recipe.json -WORKDIR /app +RUN apt-get update && apt-get install -y protobuf-compiler build-essential clang-tools-14 -RUN DEBIAN_FRONTEND=noninteractive apt-get update +RUN cargo chef cook --release --recipe-path recipe.json +COPY . . RUN cargo build --release --package pos -FROM debian:bookworm-slim - -RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y ca-certificates libpq5 - +FROM debian:bookworm-slim AS runtime +WORKDIR /app COPY --from=builder /app/target/release/pos /app/pos + WORKDIR /app CMD ["./pos"] \ No newline at end of file diff --git a/rewards/Dockerfile b/rewards/Dockerfile index 7c6a20a0..8e96c903 100644 --- a/rewards/Dockerfile +++ b/rewards/Dockerfile @@ -1,20 +1,24 @@ -FROM rust:1.78-bookworm AS builder +FROM lukemathwalker/cargo-chef:latest-rust-1.78-bookworm AS chef +WORKDIR /app -RUN apt-get update && apt-get install -y protobuf-compiler build-essential clang-tools-14 +FROM chef AS planner +COPY . . +RUN cargo chef prepare --recipe-path recipe.json -COPY . /app +FROM chef AS builder +COPY --from=planner /app/recipe.json recipe.json -WORKDIR /app +RUN apt-get update && apt-get install -y protobuf-compiler build-essential clang-tools-14 -RUN DEBIAN_FRONTEND=noninteractive apt-get update +RUN cargo chef cook --release --recipe-path recipe.json +COPY . . RUN cargo build --release --package rewards -FROM debian:bookworm-slim - -RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y ca-certificates libpq5 - +FROM debian:bookworm-slim AS runtime +WORKDIR /app COPY --from=builder /app/target/release/rewards /app/rewards + WORKDIR /app CMD ["./rewards"] \ No newline at end of file diff --git a/rust-toolchain.toml b/rust-toolchain.toml index 239183c8..a24a79d2 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -1,4 +1,4 @@ [toolchain] channel = "1.78.0" -components = ["rustc", "cargo", "rust-std", "rust-docs", "rls", "rust-src", "rust-analysis"] +components = ["rustc", "cargo", "rust-std", "rust-docs", "rls", "rust-src", "rust-analysis", "clippy", "rustfmt"] targets = [] \ No newline at end of file diff --git a/seeder/Dockerfile b/seeder/Dockerfile index 828687ef..52f06af5 100644 --- a/seeder/Dockerfile +++ b/seeder/Dockerfile @@ -1,20 +1,24 @@ -FROM rust:1.78-bookworm AS builder +FROM lukemathwalker/cargo-chef:latest-rust-1.78-bookworm AS chef +WORKDIR /app -RUN apt-get update && apt-get install -y protobuf-compiler build-essential clang-tools-14 +FROM chef AS planner +COPY . . +RUN cargo chef prepare --recipe-path recipe.json -COPY . /app +FROM chef AS builder +COPY --from=planner /app/recipe.json recipe.json -WORKDIR /app +RUN apt-get update && apt-get install -y protobuf-compiler build-essential clang-tools-14 -RUN DEBIAN_FRONTEND=noninteractive apt-get update +RUN cargo chef cook --release --recipe-path recipe.json +COPY . . RUN cargo build --release --package seeder -FROM debian:bookworm-slim - -RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y ca-certificates libpq5 - +FROM debian:bookworm-slim AS runtime +WORKDIR /app COPY --from=builder /app/target/release/seeder /app/seeder + WORKDIR /app CMD ["./seeder"] \ No newline at end of file diff --git a/webserver/Dockerfile b/webserver/Dockerfile index a156d3bb..ce001cfc 100644 --- a/webserver/Dockerfile +++ b/webserver/Dockerfile @@ -1,20 +1,24 @@ -FROM rust:1.78-bookworm AS builder +FROM lukemathwalker/cargo-chef:latest-rust-1.78-bookworm AS chef +WORKDIR /app -RUN apt-get update && apt-get install -y protobuf-compiler build-essential clang-tools-14 +FROM chef AS planner +COPY . . +RUN cargo chef prepare --recipe-path recipe.json -COPY . /app +FROM chef AS builder +COPY --from=planner /app/recipe.json recipe.json -WORKDIR /app +RUN apt-get update && apt-get install -y protobuf-compiler build-essential clang-tools-14 -RUN DEBIAN_FRONTEND=noninteractive apt-get update +RUN cargo chef cook --release --recipe-path recipe.json +COPY . . RUN cargo build --release --package webserver -FROM debian:bookworm-slim - -RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y ca-certificates libpq5 - +FROM debian:bookworm-slim AS runtime +WORKDIR /app COPY --from=builder /app/target/release/webserver /app/webserver + WORKDIR /app CMD ["./webserver"] \ No newline at end of file