GHW for building and publishing docker images (#1391)

* add ghw and scripts for docker image deployment * debug * add permissions for content * fix path to the bin folder * add tags * rename env * fix path to docker file * make polkadot-parachain executable * fix typo * fix more typos * test * revert back use of working directory * mke bin executable in the artifacts folder * use cd instead of working directory * change path to cash * fix path to cash * change cache key * delete old flows * addressed PR comments * fix path * reorg docker files
2026-04-30 13:07:56 +00:00 · 2023-09-06 16:11:10 +02:00
parent 4c077b209b
commit eeb368ed9c
55 changed files with 783 additions and 676 deletions
@@ -0,0 +1,9 @@
+# Self built Docker image
+
+The Polkadot repo contains several options to build Docker images for Polkadot.
+
+This folder contains a self-contained image that does not require a Linux pre-built binary.
+
+Instead, building the image is possible on any host having docker installed and will
+build Polkadot inside Docker. That also means that no Rust toolchain is required on the host
+machine for the build to succeed.
@@ -0,0 +1,50 @@
+version: '3'
+services:
+  node_alice:
+    ports:
+      - "30333:30333"
+      - "9933:9933"
+      - "9944:9944"
+      - "9615:9615"
+    image: parity/polkadot:latest
+    volumes:
+      - "polkadot-data-alice:/data"
+    command: |
+      --chain=polkadot-local
+      --alice
+      -d /data
+      --node-key 0000000000000000000000000000000000000000000000000000000000000001
+    networks:
+      testing_net:
+        ipv4_address: 172.28.1.1
+
+  node_bob:
+    ports:
+      - "30344:30333"
+      - "9935:9933"
+      - "9945:9944"
+      - "29615:9615"
+    image: parity/polkadot:latest
+    volumes:
+      - "polkadot-data-bob:/data"
+    links:
+      - "node_alice:alice"
+    command: |
+      --chain=polkadot-local
+      --bob
+      -d /data
+      --bootnodes '/ip4/172.28.1.1/tcp/30333/p2p/QmRpheLN4JWdAnY7HGJfWFNbfkQCb6tFf4vvA6hgjMZKrR'
+    networks:
+      testing_net:
+        ipv4_address: 172.28.1.2
+
+volumes:
+  polkadot-data-alice:
+  polkadot-data-bob:
+
+networks:
+  testing_net:
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.28.0.0/16
@@ -0,0 +1,22 @@
+version: '3'
+services:
+  polkadot:
+    image: parity/polkadot:latest
+
+    ports:
+      - "127.0.0.1:30333:30333/tcp"
+      - "127.0.0.1:9933:9933/tcp"
+      - "127.0.0.1:9944:9944/tcp"
+      - "127.0.0.1:9615:9615/tcp"
+
+    volumes:
+      - "polkadot-data:/data"
+
+    command: |
+      --unsafe-rpc-external
+      --unsafe-ws-external
+      --rpc-cors all
+      --prometheus-external
+
+volumes:
+  polkadot-data:
@@ -0,0 +1,7 @@
+# Polkadot official Docker image
+
+## [Polkadot](https://polkadot.network/)
+
+## [GitHub](https://github.com/paritytech/polkadot)
+
+## [Polkadot Wiki](https://wiki.polkadot.network/)
@@ -0,0 +1,36 @@
+# This is the build stage for Polkadot. Here we create the binary in a temporary image.
+FROM docker.io/paritytech/ci-linux:production as builder
+
+WORKDIR /polkadot
+COPY . /polkadot
+
+RUN cargo build --locked --release
+
+# This is the 2nd stage: a very small image where we copy the Polkadot binary."
+FROM docker.io/parity/base-bin:latest
+
+LABEL description="Multistage Docker image for Polkadot: a platform for web3" \
+	io.parity.image.type="builder" \
+	io.parity.image.authors="chevdor@gmail.com, devops-team@parity.io" \
+	io.parity.image.vendor="Parity Technologies" \
+	io.parity.image.description="Polkadot: a platform for web3" \
+	io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/docker/dockerfiles/polkadot/polkadot_builder.Dockerfile" \
+	io.parity.image.documentation="https://github.com/paritytech/polkadot/"
+
+COPY --from=builder /polkadot/target/release/polkadot /usr/local/bin
+
+RUN useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \
+	mkdir -p /data /polkadot/.local/share && \
+	chown -R polkadot:polkadot /data && \
+	ln -s /data /polkadot/.local/share/polkadot && \
+# unclutter and minimize the attack surface
+	rm -rf /usr/bin /usr/sbin && \
+# check if executable works in this container
+	/usr/local/bin/polkadot --version
+
+USER polkadot
+
+EXPOSE 30333 9933 9944 9615
+VOLUME ["/data"]
+
+ENTRYPOINT ["/usr/local/bin/polkadot"]
@@ -0,0 +1,53 @@
+FROM docker.io/library/ubuntu:20.04
+
+# metadata
+ARG VCS_REF
+ARG BUILD_DATE
+ARG POLKADOT_VERSION
+ARG POLKADOT_GPGKEY=9D4B2B6EB8F97156D19669A9FF0812D491B96798
+ARG GPG_KEYSERVER="keyserver.ubuntu.com"
+
+LABEL io.parity.image.authors="devops-team@parity.io" \
+	io.parity.image.vendor="Parity Technologies" \
+	io.parity.image.title="parity/polkadot" \
+	io.parity.image.description="Polkadot: a platform for web3. This is the official Parity image with an injected binary." \
+	io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/scripts/ci/dockerfiles/polkadot/polkadot_injected_debian.Dockerfile" \
+	io.parity.image.revision="${VCS_REF}" \
+	io.parity.image.created="${BUILD_DATE}" \
+	io.parity.image.documentation="https://github.com/paritytech/polkadot/"
+
+# show backtraces
+ENV RUST_BACKTRACE 1
+
+# install tools and dependencies
+RUN apt-get update && \
+	DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+		libssl1.1 \
+		ca-certificates \
+		gnupg && \
+	useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \
+# add repo's gpg keys and install the published polkadot binary
+	gpg --keyserver ${GPG_KEYSERVER} --recv-keys ${POLKADOT_GPGKEY} && \
+	gpg --export ${POLKADOT_GPGKEY} > /usr/share/keyrings/parity.gpg && \
+	echo 'deb [signed-by=/usr/share/keyrings/parity.gpg] https://releases.parity.io/deb release main' > /etc/apt/sources.list.d/parity.list && \
+	apt-get update && \
+	apt-get install -y --no-install-recommends polkadot=${POLKADOT_VERSION#?} && \
+# apt cleanup
+	apt-get autoremove -y && \
+	apt-get clean && \
+	rm -rf /var/lib/apt/lists/* ; \
+	mkdir -p /data /polkadot/.local/share && \
+	chown -R polkadot:polkadot /data && \
+	ln -s /data /polkadot/.local/share/polkadot
+
+USER polkadot
+
+# check if executable works in this container
+RUN /usr/bin/polkadot --version
+RUN /usr/bin/polkadot-execute-worker --version
+RUN /usr/bin/polkadot-prepare-worker --version
+
+EXPOSE 30333 9933 9944
+VOLUME ["/polkadot"]
+
+ENTRYPOINT ["/usr/bin/polkadot"]
@@ -0,0 +1,48 @@
+FROM docker.io/library/ubuntu:20.04
+
+# metadata
+ARG VCS_REF
+ARG BUILD_DATE
+ARG IMAGE_NAME
+
+LABEL io.parity.image.authors="devops-team@parity.io" \
+	io.parity.image.vendor="Parity Technologies" \
+	io.parity.image.title="${IMAGE_NAME}" \
+	io.parity.image.description="Polkadot: a platform for web3" \
+	io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/docker/dockerfiles/polkadot/polkadot_injected_debug.Dockerfile" \
+	io.parity.image.revision="${VCS_REF}" \
+	io.parity.image.created="${BUILD_DATE}" \
+	io.parity.image.documentation="https://github.com/paritytech/polkadot/"
+
+# show backtraces
+ENV RUST_BACKTRACE 1
+
+# install tools and dependencies
+RUN apt-get update && \
+	DEBIAN_FRONTEND=noninteractive apt-get install -y \
+	libssl1.1 \
+	ca-certificates && \
+	# apt cleanup
+	apt-get autoremove -y && \
+	apt-get clean && \
+	find /var/lib/apt/lists/ -type f -not -name lock -delete; \
+	# add user and link ~/.local/share/polkadot to /data
+	useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \
+	mkdir -p /data /polkadot/.local/share && \
+	chown -R polkadot:polkadot /data && \
+	ln -s /data /polkadot/.local/share/polkadot
+
+# add polkadot binaries to docker image
+COPY ./artifacts/polkadot ./artifacts/polkadot-execute-worker ./artifacts/polkadot-prepare-worker /usr/local/bin
+
+USER polkadot
+
+# check if executable works in this container
+RUN /usr/local/bin/polkadot --version
+RUN /usr/local/bin/polkadot-execute-worker --version
+RUN /usr/local/bin/polkadot-prepare-worker --version
+
+EXPOSE 30333 9933 9944
+VOLUME ["/polkadot"]
+
+ENTRYPOINT ["/usr/local/bin/polkadot"]
@@ -0,0 +1,53 @@
+FROM docker.io/library/ubuntu:20.04
+
+# metadata
+ARG VCS_REF
+ARG BUILD_DATE
+ARG POLKADOT_VERSION
+ARG POLKADOT_GPGKEY=9D4B2B6EB8F97156D19669A9FF0812D491B96798
+ARG GPG_KEYSERVER="keyserver.ubuntu.com"
+
+LABEL io.parity.image.authors="devops-team@parity.io" \
+	io.parity.image.vendor="Parity Technologies" \
+	io.parity.image.title="parity/polkadot" \
+	io.parity.image.description="Polkadot: a platform for web3. This is the official Parity image with an injected binary." \
+	io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/docker/dockerfiles/polkadot/polkadot_injected_release.Dockerfile" \
+	io.parity.image.revision="${VCS_REF}" \
+	io.parity.image.created="${BUILD_DATE}" \
+	io.parity.image.documentation="https://github.com/paritytech/polkadot/"
+
+# show backtraces
+ENV RUST_BACKTRACE 1
+
+# install tools and dependencies
+RUN apt-get update && \
+	DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+		libssl1.1 \
+		ca-certificates \
+		gnupg && \
+	useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \
+# add repo's gpg keys and install the published polkadot binary
+	gpg --keyserver ${GPG_KEYSERVER} --recv-keys ${POLKADOT_GPGKEY} && \
+	gpg --export ${POLKADOT_GPGKEY} > /usr/share/keyrings/parity.gpg && \
+	echo 'deb [signed-by=/usr/share/keyrings/parity.gpg] https://releases.parity.io/deb release main' > /etc/apt/sources.list.d/parity.list && \
+	apt-get update && \
+	apt-get install -y --no-install-recommends polkadot=${POLKADOT_VERSION#?} && \
+# apt cleanup
+	apt-get autoremove -y && \
+	apt-get clean && \
+	rm -rf /var/lib/apt/lists/* ; \
+	mkdir -p /data /polkadot/.local/share && \
+	chown -R polkadot:polkadot /data && \
+	ln -s /data /polkadot/.local/share/polkadot
+
+USER polkadot
+
+# check if executable works in this container
+RUN /usr/bin/polkadot --version
+RUN /usr/local/bin/polkadot-execute-worker --version
+RUN /usr/local/bin/polkadot-prepare-worker --version
+
+EXPOSE 30333 9933 9944
+VOLUME ["/polkadot"]
+
+ENTRYPOINT ["/usr/bin/polkadot"]