diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 00000000..27973798 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,86 @@ +# This action enables building container images for subcoin node. +name: Docker build + +on: + workflow_dispatch: + push: + branches: + - main + - 'release/**' + tags: + - '**' + +jobs: + container-linux: + runs-on: ubuntu-22.04 + permissions: + contents: write + packages: write + strategy: + matrix: + platform: + - arch: linux/amd64 + profile: production + suffix: ubuntu-x86_64-${{ github.ref_name }} + image-suffix: '' + dockerfile-suffix: '' + # TODO: https://github.com/subcoin-project/subcoin/issues/13 + # - arch: linux/arm64 + # profile: production + # suffix: ubuntu-aarch64-${{ github.ref_name }} + # image-suffix: '-aarch64' + # dockerfile-suffix: '.aarch64' + + steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Cache Docker layers + uses: actions/cache@v4 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Log into registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ github.token }} + + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v3 + with: + images: | + ghcr.io/subcoin-project/subcoin + tags: | + type=ref,event=tag + type=ref,event=branch + type=sha + flavor: | + latest=false + suffix=${{ matrix.platform.image-suffix }} + + - name: Build and push image + id: build + uses: docker/build-push-action@v6 + with: + file: Dockerfile${{ matrix.platform.dockerfile-suffix }} + platforms: ${{ matrix.platform.arch }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + SUBSTRATE_CLI_GIT_COMMIT_HASH=${{ github.sha }} + PROFILE=${{ matrix.platform.profile }} + + - name: Image digest + run: echo ${{ steps.build.outputs.digest }} diff --git a/Cargo.toml b/Cargo.toml index 2ccc6410..90efb3f9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -118,12 +118,10 @@ subcoin-service = { path = "crates/subcoin-service" } subcoin-test-service = { path = "crates/subcoin-test-service" } [profile.release] -debug = true panic = "abort" [profile.production] inherits = "release" -debug = false # Sacrifice compile speed for execution speed by using optimization flags: lto = "fat" # https://doc.rust-lang.org/rustc/linker-plugin-lto.html codegen-units = 1 # https://doc.rust-lang.org/rustc/codegen-options/index.html#codegen-units diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..c4577af6 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,53 @@ +# This is a base image to build Subcoin node +FROM ubuntu:22.04 AS builder + +ARG PROFILE=production +ARG SUBSTRATE_CLI_GIT_COMMIT_HASH + +# Incremental compilation here isn't helpful +ENV CARGO_INCREMENTAL=0 + +WORKDIR /src + +RUN apt-get update && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ + ca-certificates \ + clang \ + cmake \ + curl \ + git \ + llvm \ + protobuf-compiler \ + make && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y + +# Copy the source code +COPY . . + +# Compile the binary and move it to /subcoin. +RUN /root/.cargo/bin/cargo build \ + --locked \ + --bin subcoin \ + --profile=$PROFILE \ + --target $(uname -p)-unknown-linux-gnu && \ + mv target/*/*/subcoin /subcoin && \ + rm -rf target + +# This is the 2nd stage: a very small image where we copy the binary. +FROM ubuntu:22.04 + +LABEL org.opencontainers.image.source="https://github.com/subcoin-project/subcoin" +LABEL org.opencontainers.image.description="Multistage Docker image for Subcoin Node" + +# Copy the node binary. +COPY --from=builder /subcoin /subcoin + +RUN mkdir /node-data && chown nobody:nogroup /node-data + +VOLUME ["/node-data"] + +USER nobody:nogroup + +EXPOSE 30333 9933 9944 9615 + +ENTRYPOINT ["/subcoin"]