Publish RC container images (#7556)

* WIP * Add missing checkout * Add debuggin * Fix VAR name * Bug fix * Rework jobs * Revert "Rework jobs" This reverts commit 2bfa79fd3ae633c17403b838f9a5025f0f7fc3f3. * Add cache * Add temp default for testing * Add missing checkout * Fix patch * Comment out the GPG check for now * Rename polkadot_injected_release into a more appropriate polkadot_injected_debian * Refactoring / renaming * Introduce a generic image for binary injection * Flag files to be deleted and changes to be done * WIP * Fix multi binaries images * Add test build scripts * Remove old file, add polkadot build-injected script * Fix doc * Fix tagging * Add build of the injected container * Fix for docker * Remove the need for TTY * Handling container publishing * Fix owner and registry * Fix vars * Fix repo * Fix var naming * Fix case when there is no tag * Fix case with no tag * Handle error * Fix spacings * Fix tags * Remove unnecessary grep that may fail * Add final check * Clean up and introduce GPG check * Add doc * Add doc * Update doc/docker.md Co-authored-by: Mira Ressel <mira@parity.io> * type Co-authored-by: Mira Ressel <mira@parity.io> * Fix used VAR * Improve doc * ci: Update .build-push-image jobs to use the new build-injected.sh * ci: fix path to build-injected.sh script * Rename the release artifacts folder to prevent confusion due to a similar folder in the gitlab CI * ci: check out polkadot repo in .build-push-image This seems far cleaner than copying the entire scripts/ folder into our job artifacts. * feat(build-injected.sh): make PROJECT_ROOT configurable This lets us avoid a dependency on git in our CI image. * ci: build injected images with buildah * ci: pass full image names to zombienet * Add missing ignore --------- Co-authored-by: Mira Ressel <mira@parity.io>
2026-06-18 06:01:02 +00:00 · 2023-08-11 15:28:39 +02:00
parent cf66819a19
commit 693a29da1a
35 changed files with 663 additions and 325 deletions
@@ -0,0 +1,37 @@
+# staking-miner container image
+
+## Build using the Builder
+
+```
+./build.sh
+```
+
+## Build the injected Image
+
+You first need a valid Linux binary to inject. Let's assume this binary is located in `BIN_FOLDER`.
+
+```
+./build-injected.sh "$BIN_FOLDER"
+```
+
+## Test
+
+Here is how to test the image. We can generate a valid seed but the staking-miner will quickly notice that our
+account is not funded and "does not exist".
+
+You may pass any ENV supported by the binary and must provide at least a few such as `SEED` and `URI`:
+```
+ENV SEED=""
+ENV URI="wss://rpc.polkadot.io:443"
+ENV RUST_LOG="info"
+```
+
+```
+export SEED=$(subkey generate -n polkadot --output-type json  | jq -r .secretSeed)
+podman run --rm -it \
+    -e URI="wss://rpc.polkadot.io:443" \
+    -e RUST_LOG="info" \
+    -e SEED \
+    localhost/parity/staking-miner \
+        dry-run seq-phragmen
+```
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+# Sample call:
+# $0 /path/to/folder_with_staking-miner_binary
+# This script replace the former dedicated staking-miner "injected" Dockerfile
+# and shows how to use the generic binary_injected.dockerfile
+
+PROJECT_ROOT=`git rev-parse --show-toplevel`
+
+export BINARY=staking-miner
+export BIN_FOLDER=$1
+
+$PROJECT_ROOT/scripts/ci/dockerfiles/build-injected.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+# Sample call:
+# $0 /path/to/folder_with_staking-miner_binary
+# This script replace the former dedicated staking-miner "injected" Dockerfile
+# and shows how to use the generic binary_injected.dockerfile
+
+PROJECT_ROOT=`git rev-parse --show-toplevel`
+ENGINE=podman
+
+echo "Building the staking-miner using the Builder image"
+echo "PROJECT_ROOT=$PROJECT_ROOT"
+$ENGINE build -t staking-miner -f staking-miner_builder.Dockerfile "$PROJECT_ROOT"
@@ -4,17 +4,17 @@ FROM paritytech/ci-linux:production as builder
 ARG VCS_REF
 ARG BUILD_DATE
 ARG IMAGE_NAME="staking-miner"
-ARG PROFILE=release
+ARG PROFILE=production

 LABEL description="This is the build stage. Here we create the binary."

 WORKDIR /app
 COPY . /app
-RUN cargo build --locked --$PROFILE --package staking-miner
+RUN cargo build --locked --profile $PROFILE --package staking-miner

 # ===== SECOND STAGE ======

-FROM docker.io/library/ubuntu:20.04
+FROM docker.io/parity/base-bin:latest
 LABEL description="This is the 2nd stage: a very small image where we copy the binary."
 LABEL io.parity.image.authors="devops-team@parity.io" \
 	io.parity.image.vendor="Parity Technologies" \
@@ -28,13 +28,10 @@ LABEL io.parity.image.authors="devops-team@parity.io" \
 ARG PROFILE=release
 COPY --from=builder /app/target/$PROFILE/staking-miner /usr/local/bin

-RUN useradd -u 1000 -U -s /bin/sh miner && \
-	rm -rf /usr/bin /usr/sbin
-
 # show backtraces
 ENV RUST_BACKTRACE 1

-USER miner
+USER parity

 ENV SEED=""
 ENV URI="wss://rpc.polkadot.io"
@@ -1,43 +0,0 @@
-FROM docker.io/library/ubuntu:20.04
-
-# metadata
-ARG VCS_REF
-ARG BUILD_DATE
-ARG IMAGE_NAME="staking-miner"
-
-LABEL io.parity.image.authors="devops-team@parity.io" \
-	io.parity.image.vendor="Parity Technologies" \
-	io.parity.image.title="${IMAGE_NAME}" \
-	io.parity.image.description="${IMAGE_NAME} for substrate based chains" \
-	io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/scripts/ci/dockerfiles/${IMAGE_NAME}/${IMAGE_NAME}_injected.Dockerfile" \
-	io.parity.image.revision="${VCS_REF}" \
-	io.parity.image.created="${BUILD_DATE}" \
-	io.parity.image.documentation="https://github.com/paritytech/polkadot/"
-
-# show backtraces
-ENV RUST_BACKTRACE 1
-
-# install tools and dependencies
-RUN apt-get update && \
-	DEBIAN_FRONTEND=noninteractive apt-get install -y \
-		libssl1.1 \
-		ca-certificates && \
-# apt cleanup
-	apt-get autoremove -y && \
-	apt-get clean && \
-	find /var/lib/apt/lists/ -type f -not -name lock -delete; \
-	useradd -u 1000 -U -s /bin/sh miner
-
-# add binary to docker image
-COPY ./staking-miner /usr/local/bin
-
-USER miner
-
-ENV SEED=""
-ENV URI="wss://rpc.polkadot.io"
-ENV RUST_LOG="info"
-
-# check if the binary works in this container
-RUN /usr/local/bin/staking-miner --version
-
-ENTRYPOINT [ "/usr/local/bin/staking-miner" ]
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+TMP=$(mktemp -d)
+ENGINE=${ENGINE:-podman}
+
+# You need to build an injected image first
+
+# Fetch some binaries
+$ENGINE run --user root --rm -i \
+  -v "$TMP:/export" \
+  --entrypoint /bin/bash \
+  parity/staking-miner -c \
+  'cp "$(which staking-miner)" /export'
+
+echo "Checking binaries we got:"
+tree $TMP
+
+./build-injected.sh $TMP