diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 72afeafdebf..a424afe9628 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -2629,6 +2629,13 @@ jobs: - name: ghcr.io/hyperledger/cactus-fabric2-all-in-one run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v2.x + ghcr-daml-all-in-one: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4.1.1 + - name: ghcr.io/hyperledger/daml-all-in-one + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/daml-all-in-one/ -f ./tools/docker/daml-all-in-one/Dockerfile + ghcr-keychain-vault-server: runs-on: ubuntu-22.04 steps: diff --git a/.github/workflows/daml-all-in-one-publish.yaml b/.github/workflows/daml-all-in-one-publish.yaml new file mode 100644 index 00000000000..991b0fc78f3 --- /dev/null +++ b/.github/workflows/daml-all-in-one-publish.yaml @@ -0,0 +1,56 @@ +name: daml-all-in-one-publish + +on: + # Publish `v1.2.3` tags as releases. + push: + tags: + - v* + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +env: + IMAGE_NAME: cacti-daml-all-in-one + +jobs: + # Push image to GitHub Packages. + # See also https://docs.docker.com/docker-hub/builds/ + build-tag-push-container: + runs-on: ubuntu-22.04 + env: + DOCKER_BUILDKIT: 1 + DOCKERFILE_PATH: ./tools/docker/daml-all-in-one/Dockerfile + DOCKER_BUILD_DIR: ./tools/docker/daml-all-in-one/ + permissions: + packages: write + contents: read + + steps: + - uses: actions/checkout@v4.1.1 + + - name: Build image + run: docker build "$DOCKER_BUILD_DIR" --file "$DOCKERFILE_PATH" --tag "$IMAGE_NAME" --label "runnumber=${GITHUB_RUN_ID}" + + - name: Log in to registry + # This is where you will update the PAT to GITHUB_TOKEN + run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin + + - name: Push image + run: | + SHORTHASH=$(git rev-parse --short "$GITHUB_SHA") + TODAYS_DATE="$(date +%F)" + DOCKER_TAG="$TODAYS_DATE-$SHORTHASH" + IMAGE_ID="ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME" + # Change all uppercase to lowercase + IMAGE_ID=$(echo "$IMAGE_ID" | tr '[:upper:]' '[:lower:]') + # Strip git ref prefix from version + VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') + # Strip "v" prefix from tag name + [[ "${{ github.ref }}" == "refs/tags/*" ]] && VERSION="${VERSION//^v//}" + # Do not use the `latest` tag at all, tag with date + git short hash if there is no git tag + [ "$VERSION" == "main" ] && VERSION=$DOCKER_TAG + echo IMAGE_ID="$IMAGE_ID" + echo VERSION="$VERSION" + docker tag "$IMAGE_NAME" "$IMAGE_ID:$VERSION" + docker push "$IMAGE_ID:$VERSION" diff --git a/tools/docker/daml-all-in-one/Dockerfile b/tools/docker/daml-all-in-one/Dockerfile new file mode 100644 index 00000000000..59da60495d6 --- /dev/null +++ b/tools/docker/daml-all-in-one/Dockerfile @@ -0,0 +1,37 @@ +FROM ubuntu:22.04 + +RUN apt update +RUN apt install curl openjdk-21-jdk -y + +# Download and install DAML SDK 2.9.3 +RUN curl -L https://github.com/digital-asset/daml/releases/download/v2.9.3/daml-sdk-2.9.3-linux.tar.gz | tar -xz -C /opt && \ + cd /opt/sdk-2.9.3 && \ + ./install.sh + +ENV PATH="/root/.daml/bin:${PATH}" +RUN apt-get install xxd +RUN daml new quickstart --template quickstart-java +WORKDIR /quickstart + +# Create the config file for daml json-api +RUN echo '{"server": {"address": "0.0.0.0","port": 7575},"ledger-api": {"address": "0.0.0.0","port": 6865}}' > json-api-app.conf + +# Run the auto generation of Authorization Bearer Token +RUN apt-get update && apt-get install -y openssl +COPY generate-jwt-token.sh /quickstart/generate-jwt-token.sh +RUN chmod +x /quickstart/generate-jwt-token.sh +RUN /quickstart/generate-jwt-token.sh + +RUN apt-get update && apt-get install -y supervisor +RUN mkdir -p /var/log/supervisor +COPY supervisord.conf /etc/supervisord.conf + +EXPOSE 9001 + +ENTRYPOINT ["/usr/bin/supervisord"] +CMD ["--configuration","/etc/supervisord.conf", "--nodaemon"] + +COPY healthcheck.sh /quickstart/healthcheck.sh +RUN chmod +x /quickstart/healthcheck.sh + +HEALTHCHECK --interval=30s --timeout=60s --start-period=100s --retries=100 CMD /quickstart/healthcheck.sh \ No newline at end of file diff --git a/tools/docker/daml-all-in-one/Readme.md b/tools/docker/daml-all-in-one/Readme.md new file mode 100644 index 00000000000..3a256b25de2 --- /dev/null +++ b/tools/docker/daml-all-in-one/Readme.md @@ -0,0 +1,30 @@ +# DAML All in One Image + +An all in one DAML docker image with the `sample ledger contracts`. +- This docker image is for `testing` and `development` only. +- **Do NOT use in production!** + +## Build an image locally + +To build the daml-all-in-one image locally, use: +```sh +docker build ./tools/docker/daml-all-in-one/ -t daml-all-in-one +``` + +## Running daml-all-in-one container: + +```sh +docker run --privileged -p 6865:6865 -p 7575:7575 daml-all-in-one +``` + +The following ports are open on the container: + +```yaml +- 6865:6865 # DAML Navigator +- 7575:7575 # DAML API entrypoint + +``` +## Logs of DAML via supervisord web UI: + +Navigate your browser to http://localhost:9001 + diff --git a/tools/docker/daml-all-in-one/generate-jwt-token.sh b/tools/docker/daml-all-in-one/generate-jwt-token.sh new file mode 100644 index 00000000000..c34fbb83560 --- /dev/null +++ b/tools/docker/daml-all-in-one/generate-jwt-token.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +#This will generate the Auth Bearer Token identical on how will it be generated at https://jwt.io/ +header=$(echo -n '{"alg":"HS256","typ":"JWT"}' | base64 | sed s/\+/-/g | sed 's/\//_/g' | sed -E s/=+$//) +payload=$(echo -n '{"https://daml.com/ledger-api": {"ledgerId": "sandbox", "applicationId": "foobar","actAs":["Alice"]}}' | openssl base64 -e -A | sed s/\+/-/ | sed -E s/=+$//) +hmac_signature=$(echo -n '$header.$payload' | openssl dgst -sha256 -hmac secret -binary | openssl base64 -e -A | sed s/\+/-/ | sed -E s/=+$//) + +export jwt=$header.$payload.$hmac_signature +echo $jwt > jwt diff --git a/tools/docker/daml-all-in-one/healthcheck.sh b/tools/docker/daml-all-in-one/healthcheck.sh new file mode 100644 index 00000000000..23dc352e648 --- /dev/null +++ b/tools/docker/daml-all-in-one/healthcheck.sh @@ -0,0 +1,6 @@ +#!/bin/bash +jwt_content=$(cat jwt) +set -e +curl -X GET http://localhost:7575/v1/query -H "Content-Type: application/json" -H "Authorization: Bearer $jwt_content" + +echo "DAML API Success!" \ No newline at end of file diff --git a/tools/docker/daml-all-in-one/supervisord.conf b/tools/docker/daml-all-in-one/supervisord.conf new file mode 100644 index 00000000000..288cce07598 --- /dev/null +++ b/tools/docker/daml-all-in-one/supervisord.conf @@ -0,0 +1,28 @@ +[supervisord] +logfile_maxbytes = 50MB +logfile_backups=10 +loglevel = info + +[program:daml] +# command=daml build && && daml sandbox --wall-clock-time --dar ./.daml/dist/quickstart-0.0.1.dar && daml json-api --config json-api-app.conf +command = bash -c 'daml build && daml sandbox --wall-clock-time --dar ./.daml/dist/quickstart-0.0.1.dar || { echo "Command failed" >&2; exit 1; }' +autostart=true +autorestart=true +stderr_logfile=/var/log/daml.err.log +stdout_logfile=/var/log/daml.out.log + + + +[program:jsonapi] +# command=daml build && && daml sandbox --wall-clock-time --dar ./.daml/dist/quickstart-0.0.1.dar && daml json-api --config json-api-app.conf +command = daml json-api --config json-api-app.conf +autostart=true +autorestart=true +stderr_logfile=/var/log/daml.err.log +stdout_logfile=/var/log/daml.out.log + +[inet_http_server] +port = 0.0.0.0:9001 + + +