GHW for building and publishing docker images (#1391)

* add ghw and scripts for docker image deployment

* debug

* add permissions for content

* fix path to the bin folder

* add tags

* rename env

* fix path to docker file

* make polkadot-parachain executable

* fix typo

* fix more typos

* test

* revert back  use of  working directory

* mke bin executable in the artifacts folder

* use cd instead of working directory

* change path to cash

* fix path to cash

* change cache key

* delete old flows

* addressed PR comments

* fix path

* reorg docker files

cumulus/docker/docker-compose.yml

@@ -1,129 +0,0 @@
-version: '3.7'
-services:
-  node_alice:
-    image: "polkadot:${BRANCH:-cumulus-branch}"
-    ports:
-      - "30333:30333"
-      - "9933:9933"
-      - "9944:9944"
-    volumes:
-      - "polkadot-data-alice:/data"
-      - type: bind
-        source: ./test/parachain/chain-specs/polkadot_chainspec.json
-        target: /chainspec.json
-        read_only: true
-    command: >
-      polkadot
-      --chain=/chainspec.json
-      --base-path=/data
-      --port 30333
-      --rpc-port 9933
-      --ws-port 9944
-      --rpc-external
-      --rpc-cors all
-      --ws-external
-      --alice
-    networks:
-      testing_net:
-        ipv4_address: 172.28.1.1
-        aliases:
-          - alice
-
-  node_bob:
-    image: "polkadot:${BRANCH:-cumulus-branch}"
-    ports:
-      - "30344:30333"
-      - "9935:9933"
-      - "9945:9944"
-    volumes:
-      - "polkadot-data-bob:/data"
-      - type: bind
-        source: ./test/parachain/chain-specs/polkadot_chainspec.json
-        target: /chainspec.json
-        read_only: true
-    command: >
-      polkadot
-      --chain=/chainspec.json
-      --base-path=/data
-      --port 30333
-      --rpc-port 9933
-      --ws-port 9944
-      --rpc-external
-      --ws-external
-      --rpc-cors all
-      --bob
-    networks:
-      testing_net:
-        ipv4_address: 172.28.1.2
-        aliases:
-          - bob
-
-  genesis_state:
-    build:
-      context: .
-      dockerfile: ./docker/test-parachain-collator.dockerfile
-    image: "ctpc:latest"
-    volumes:
-      - "genesis-state:/data"
-    command: >
-      polkadot-parachain
-      export-genesis-state
-      /data/genesis-state
-
-  collator:
-    build:
-      context: .
-      dockerfile: ./docker/test-parachain-collator.dockerfile
-      target: collator
-    image: "ctpc:collator"
-    volumes:
-      - "collator-data:/data"
-    depends_on:
-      - node_alice
-      - node_bob
-    command: >
-      inject_bootnodes.sh
-      --base-path=/data
-    networks:
-      testing_net:
-
-  runtime:
-    build:
-      context: .
-      dockerfile: ./docker/test-parachain-collator.dockerfile
-      target: runtime
-    image: "ctpc:runtime"
-    volumes:
-      - "parachain-runtime:/runtime"
-
-
-  registrar:
-    build:
-      context: .
-      dockerfile: ./docker/parachain-registrar.dockerfile
-    image: para-reg:latest
-    volumes:
-      - "genesis-state:/genesis"
-      - "parachain-runtime:/runtime"
-    depends_on:
-      - node_alice
-      - runtime
-      - genesis_state
-    networks:
-      testing_net:
-
-
-volumes:
-  polkadot-data-alice:
-  polkadot-data-bob:
-  collator-data:
-  genesis-state:
-  parachain-runtime:
-
-
-networks:
-  testing_net:
-    ipam:
-      driver: default
-      config:
-        - subnet: 172.28.0.0/16

cumulus/docker/injected.Dockerfile

@@ -1,36 +0,0 @@
-FROM docker.io/parity/base-bin
-
-# metadata
-ARG VCS_REF
-ARG BUILD_DATE
-ARG IMAGE_NAME
-
-LABEL io.parity.image.authors="devops-team@parity.io" \
-	io.parity.image.vendor="Parity Technologies" \
-	io.parity.image.title="${IMAGE_NAME}" \
-	io.parity.image.description="Cumulus, the Polkadot collator." \
-	io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/scripts/docker/Dockerfile" \
-	io.parity.image.revision="${VCS_REF}" \
-	io.parity.image.created="${BUILD_DATE}" \
-	io.parity.image.documentation="https://github.com/paritytech/cumulus/"
-
-# show backtraces
-ENV RUST_BACKTRACE 1
-
-USER root
-
-RUN	mkdir -p /specs
-
-# add polkadot-parachain binary to the docker image
-COPY ./release-artifacts/* /usr/local/bin
-COPY ./parachains/chain-specs/*.json /specs/
-
-USER parity
-
-# check if executable works in this container
-RUN /usr/local/bin/polkadot-parachain --version
-
-EXPOSE 30333 9933 9944 9615
-VOLUME ["/polkadot", "/specs"]
-
-ENTRYPOINT ["/usr/local/bin/polkadot-parachain"]

cumulus/docker/parachain-registrar.dockerfile

@@ -1,27 +0,0 @@
-FROM node:latest AS pjs
-
-# It would be great to depend on a more stable tag, but we need some
-# as-yet-unreleased features.
-RUN yarn global add @polkadot/api-cli@0.10.0-beta.14
-
-ENTRYPOINT [ "polkadot-js-api" ]
-CMD [ "--version" ]
-
-# To use the pjs build stage to access the blockchain from the host machine:
-#
-#   docker build -f docker/parachain-registrar.dockerfile --target pjs -t parachain-registrar:pjs .
-#   alias pjs='docker run --rm --net cumulus_testing_net parachain-registrar:pjs --ws ws://172.28.1.1:9944'
-#
-# Then, as long as the chain is running, you can use the polkadot-js-api CLI like:
-#
-#   pjs query.sudo.key
-
-FROM pjs
-RUN apt-get update && apt-get install curl netcat -y && \
-    curl -sSo /wait-for-it.sh https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh && \
-    chmod +x /wait-for-it.sh
-# the only thing left to do is to actually run the transaction.
-COPY ./docker/scripts/register_para.sh /usr/bin
-# unset the previous stage's entrypoint
-ENTRYPOINT []
-CMD [ "/usr/bin/register_para.sh" ]

cumulus/docker/polkadot-parachain-debug_unsigned_injected.Dockerfile

@@ -1,49 +0,0 @@
-FROM docker.io/library/ubuntu:20.04
-
-# metadata
-ARG VCS_REF
-ARG BUILD_DATE
-ARG IMAGE_NAME
-
-LABEL io.parity.image.authors="devops-team@parity.io" \
-	io.parity.image.vendor="Parity Technologies" \
-	io.parity.image.title="${IMAGE_NAME}" \
-	io.parity.image.description="Cumulus, the Polkadot collator." \
-	io.parity.image.source="https://github.com/paritytech/cumulus/blob/${VCS_REF}/scripts/docker/polkadot-parachain-debug_unsigned_injected.Dockerfile" \
-	io.parity.image.revision="${VCS_REF}" \
-	io.parity.image.created="${BUILD_DATE}" \
-	io.parity.image.documentation="https://github.com/paritytech/cumulus/"
-
-# show backtraces
-ENV RUST_BACKTRACE 1
-
-# install tools and dependencies
-RUN apt-get update && \
-	DEBIAN_FRONTEND=noninteractive apt-get install -y \
-	libssl1.1 \
-	ca-certificates \
-	curl && \
-	# apt cleanup
-	apt-get autoremove -y && \
-	apt-get clean && \
-	find /var/lib/apt/lists/ -type f -not -name lock -delete; \
-	# add user and link ~/.local/share/polkadot-parachain to /data
-	useradd -m -u 10000 -U -s /bin/sh -d /polkadot-parachain polkadot-parachain && \
-	mkdir -p /data /polkadot-parachain/.local/share && \
-	chown -R polkadot-parachain:polkadot-parachain /data && \
-	ln -s /data /polkadot-parachain/.local/share/polkadot-parachain && \
-	mkdir -p /specs
-
-# add polkadot-parachain binary to the docker image
-COPY ./artifacts/polkadot-parachain /usr/local/bin
-COPY ./parachains/chain-specs/*.json /specs/
-
-USER polkadot-parachain
-
-# check if executable works in this container
-RUN /usr/local/bin/polkadot-parachain --version
-
-EXPOSE 30333 9933 9944
-VOLUME ["/polkadot-parachain"]
-
-ENTRYPOINT ["/usr/local/bin/polkadot-parachain"]

cumulus/docker/polkadot-parachain_builder.Containerfile

@@ -1,36 +0,0 @@
-# This file is sourced from https://github.com/paritytech/polkadot/blob/master/scripts/ci/dockerfiles/polkadot/polkadot_builder.Dockerfile
-# This is the build stage for polkadot-parachain. Here we create the binary in a temporary image.
-FROM docker.io/paritytech/ci-linux:production as builder
-
-WORKDIR /cumulus
-COPY . /cumulus
-
-RUN cargo build --release --locked -p polkadot-parachain
-
-# This is the 2nd stage: a very small image where we copy the Polkadot binary."
-FROM docker.io/library/ubuntu:20.04
-
-LABEL io.parity.image.type="builder" \
-    io.parity.image.authors="devops-team@parity.io" \
-    io.parity.image.vendor="Parity Technologies" \
-    io.parity.image.description="Multistage Docker image for polkadot-parachain" \
-    io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/scripts/ci/dockerfiles/polkadot/polkadot-parachain_builder.Dockerfile" \
-    io.parity.image.documentation="https://github.com/paritytech/cumulus"
-
-COPY --from=builder /cumulus/target/release/polkadot-parachain /usr/local/bin
-
-RUN useradd -m -u 1000 -U -s /bin/sh -d /cumulus polkadot-parachain && \
-    mkdir -p /data /cumulus/.local/share && \
-    chown -R polkadot-parachain:polkadot-parachain /data && \
-    ln -s /data /cumulus/.local/share/polkadot-parachain && \
-# unclutter and minimize the attack surface
-    rm -rf /usr/bin /usr/sbin && \
-# check if executable works in this container
-    /usr/local/bin/polkadot-parachain --version
-
-USER polkadot-parachain
-
-EXPOSE 30333 9933 9944 9615
-VOLUME ["/data"]
-
-ENTRYPOINT ["/usr/local/bin/polkadot-parachain"]

cumulus/docker/scripts/build-injected-image.sh

@@ -1,10 +0,0 @@
-#!/usr/bin/env bash
-
-OWNER=${OWNER:-parity}
-IMAGE_NAME=${IMAGE_NAME:-polkadot-parachain}
-
-docker build --no-cache \
-    --build-arg IMAGE_NAME=$IMAGE_NAME \
-    -t $OWNER/$IMAGE_NAME \
-    -f ./docker/injected.Dockerfile \
-    . && docker images

cumulus/docker/test-parachain-collator.dockerfile

@@ -1,46 +0,0 @@
-# This file is sourced from https://github.com/paritytech/polkadot/blob/master/scripts/ci/dockerfiles/polkadot/polkadot_builder.Dockerfile
-FROM docker.io/paritytech/ci-linux:production as builder
-
-WORKDIR /cumulus
-COPY . /cumulus
-
-RUN cargo build --release --locked -p polkadot-parachain
-
-# the collator stage is normally built once, cached, and then ignored, but can
-# be specified with the --target build flag. This adds some extra tooling to the
-# image, which is required for a launcher script. The script simply adds two
-# arguments to the list passed in:
-#
-#   --bootnodes /ip4/127.0.0.1/tcp/30333/p2p/PEER_ID
-#
-# with the appropriate ip and ID for both Alice and Bob
-FROM debian:buster-slim as collator
-RUN apt-get update && apt-get install jq curl bash -y && \
-    curl -sSo /wait-for-it.sh https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh && \
-    chmod +x /wait-for-it.sh && \
-    curl -sL https://deb.nodesource.com/setup_12.x | bash - && \
-    apt-get install -y nodejs && \
-    npm install --global yarn && \
-    yarn global add @polkadot/api-cli@0.10.0-beta.14
-COPY --from=builder \
-    /paritytech/cumulus/target/release/polkadot-parachain /usr/bin
-COPY ./docker/scripts/inject_bootnodes.sh /usr/bin
-CMD ["/usr/bin/inject_bootnodes.sh"]
-COPY ./docker/scripts/healthcheck.sh /usr/bin/
-HEALTHCHECK --interval=300s --timeout=75s --start-period=30s --retries=3 \
-    CMD ["/usr/bin/healthcheck.sh"]
-
-# the runtime stage is normally built once, cached, and ignored, but can be
-# specified with the --target build flag. This just preserves one of the builder's
-# outputs, which can then be moved into a volume at runtime
-FROM debian:buster-slim as runtime
-COPY --from=builder \
-    /paritytech/cumulus/target/release/wbuild/cumulus-test-parachain-runtime/cumulus_test_parachain_runtime.compact.wasm \
-    /var/opt/
-CMD ["cp", "-v", "/var/opt/cumulus_test_parachain_runtime.compact.wasm", "/runtime/"]
-
-FROM debian:buster-slim
-COPY --from=builder \
-    /paritytech/cumulus/target/release/polkadot-parachain /usr/bin
-
-CMD ["/usr/bin/polkadot-parachain"]

cumulus/docker/test-parachain_injected.Dockerfile

@@ -1,49 +0,0 @@
-FROM docker.io/library/ubuntu:20.04
-
-# metadata
-ARG VCS_REF
-ARG BUILD_DATE
-ARG IMAGE_NAME
-
-LABEL io.parity.image.authors="devops-team@parity.io" \
-	io.parity.image.vendor="Parity Technologies" \
-	io.parity.image.title="${IMAGE_NAME}" \
-	io.parity.image.description="Test parachain for Zombienet" \
-	io.parity.image.source="https://github.com/paritytech/cumulus/blob/${VCS_REF}/docker/test-parachain_injected.Dockerfile" \
-	io.parity.image.revision="${VCS_REF}" \
-	io.parity.image.created="${BUILD_DATE}" \
-	io.parity.image.documentation="https://github.com/paritytech/cumulus/"
-
-# show backtraces
-ENV RUST_BACKTRACE 1
-
-# install tools and dependencies
-RUN apt-get update && \
-	DEBIAN_FRONTEND=noninteractive apt-get install -y \
-	libssl1.1 \
-	ca-certificates \
-	curl && \
-	# apt cleanup
-	apt-get autoremove -y && \
-	apt-get clean && \
-	find /var/lib/apt/lists/ -type f -not -name lock -delete; \
-	# add user and link ~/.local/share/test-parachain to /data
-	useradd -m -u 10000 -U -s /bin/sh -d /test-parachain test-parachain && \
-	mkdir -p /data /test-parachain/.local/share && \
-	chown -R test-parachain:test-parachain /data && \
-	ln -s /data /test-parachain/.local/share/test-parachain && \
-	mkdir -p /specs
-
-# add test-parachain binary to the docker image
-COPY ./artifacts/test-parachain /usr/local/bin
-COPY ./parachains/chain-specs/*.json /specs/
-
-USER test-parachain
-
-# check if executable works in this container
-RUN /usr/local/bin/test-parachain --version
-
-EXPOSE 30333 9933 9944
-VOLUME ["/test-parachain"]
-
-ENTRYPOINT ["/usr/local/bin/test-parachain"]