GHW for building and publishing docker images (#1391)

* add ghw and scripts for docker image deployment

* debug

* add permissions for content

* fix path to the bin folder

* add tags

* rename env

* fix path to docker file

* make polkadot-parachain executable

* fix typo

* fix more typos

* test

* revert back  use of  working directory

* mke bin executable in the artifacts folder

* use cd instead of working directory

* change path to cash

* fix path to cash

* change cache key

* delete old flows

* addressed PR comments

* fix path

* reorg docker files

docker/dockerfiles/polkadot-parachain/polkadot-parachain-debug_unsigned_injected.Dockerfile

@@ -0,0 +1,49 @@
+FROM docker.io/library/ubuntu:20.04
+
+# metadata
+ARG VCS_REF
+ARG BUILD_DATE
+ARG IMAGE_NAME
+
+LABEL io.parity.image.authors="devops-team@parity.io" \
+	io.parity.image.vendor="Parity Technologies" \
+	io.parity.image.title="${IMAGE_NAME}" \
+	io.parity.image.description="Cumulus, the Polkadot collator." \
+	io.parity.image.source="https://github.com/paritytech/cumulus/blob/${VCS_REF}/docker/dockerfiles/polkadot-parachain/polkadot-parachain-debug_unsigned_injected.Dockerfile" \
+	io.parity.image.revision="${VCS_REF}" \
+	io.parity.image.created="${BUILD_DATE}" \
+	io.parity.image.documentation="https://github.com/paritytech/cumulus/"
+
+# show backtraces
+ENV RUST_BACKTRACE 1
+
+# install tools and dependencies
+RUN apt-get update && \
+	DEBIAN_FRONTEND=noninteractive apt-get install -y \
+	libssl1.1 \
+	ca-certificates \
+	curl && \
+	# apt cleanup
+	apt-get autoremove -y && \
+	apt-get clean && \
+	find /var/lib/apt/lists/ -type f -not -name lock -delete; \
+	# add user and link ~/.local/share/polkadot-parachain to /data
+	useradd -m -u 10000 -U -s /bin/sh -d /polkadot-parachain polkadot-parachain && \
+	mkdir -p /data /polkadot-parachain/.local/share && \
+	chown -R polkadot-parachain:polkadot-parachain /data && \
+	ln -s /data /polkadot-parachain/.local/share/polkadot-parachain && \
+	mkdir -p /specs
+
+# add polkadot-parachain binary to the docker image
+COPY ./artifacts/polkadot-parachain /usr/local/bin
+COPY ./cumulus/parachains/chain-specs/*.json /specs/
+
+USER polkadot-parachain
+
+# check if executable works in this container
+RUN /usr/local/bin/polkadot-parachain --version
+
+EXPOSE 30333 9933 9944
+VOLUME ["/polkadot-parachain"]
+
+ENTRYPOINT ["/usr/local/bin/polkadot-parachain"]

docker/dockerfiles/polkadot-parachain/polkadot-parachain_builder.Containerfile

@@ -0,0 +1,36 @@
+# This file is sourced from https://github.com/paritytech/polkadot/blob/master/docker/dockerfiles/polkadot/polkadot_builder.Dockerfile
+# This is the build stage for polkadot-parachain. Here we create the binary in a temporary image.
+FROM docker.io/paritytech/ci-linux:production as builder
+
+WORKDIR /cumulus
+COPY . /cumulus
+
+RUN cargo build --release --locked -p polkadot-parachain
+
+# This is the 2nd stage: a very small image where we copy the Polkadot binary."
+FROM docker.io/library/ubuntu:20.04
+
+LABEL io.parity.image.type="builder" \
+    io.parity.image.authors="devops-team@parity.io" \
+    io.parity.image.vendor="Parity Technologies" \
+    io.parity.image.description="Multistage Docker image for polkadot-parachain" \
+    io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/docker/dockerfiles/polkadot-parachain/polkadot-parachain_builder.Dockerfile" \
+    io.parity.image.documentation="https://github.com/paritytech/cumulus"
+
+COPY --from=builder /cumulus/target/release/polkadot-parachain /usr/local/bin
+
+RUN useradd -m -u 1000 -U -s /bin/sh -d /cumulus polkadot-parachain && \
+    mkdir -p /data /cumulus/.local/share && \
+    chown -R polkadot-parachain:polkadot-parachain /data && \
+    ln -s /data /cumulus/.local/share/polkadot-parachain && \
+# unclutter and minimize the attack surface
+    rm -rf /usr/bin /usr/sbin && \
+# check if executable works in this container
+    /usr/local/bin/polkadot-parachain --version
+
+USER polkadot-parachain
+
+EXPOSE 30333 9933 9944 9615
+VOLUME ["/data"]
+
+ENTRYPOINT ["/usr/local/bin/polkadot-parachain"]

docker/dockerfiles/polkadot-parachain/polkadot-parachain_injected.Dockerfile

@@ -0,0 +1,38 @@
+FROM docker.io/parity/base-bin
+
+# metadata
+ARG VCS_REF
+ARG BUILD_DATE
+ARG IMAGE_NAME
+
+LABEL io.parity.image.authors="devops-team@parity.io" \
+	io.parity.image.vendor="Parity Technologies" \
+	io.parity.image.title="${IMAGE_NAME}" \
+	io.parity.image.description="Cumulus, the Polkadot collator." \
+	io.parity.image.source="https://github.com/paritytech/polkadot-sdk/blob/${VCS_REF}/docker/dockerfiles/polkadot-parachain/polkadot-parachain_injected.Dockerfile" \
+	io.parity.image.revision="${VCS_REF}" \
+	io.parity.image.created="${BUILD_DATE}" \
+	io.parity.image.documentation="https://github.com/paritytech/polkadot-sdk/"
+
+# show backtraces
+ENV RUST_BACKTRACE 1
+
+USER root
+
+RUN	mkdir -p /specs
+
+# add polkadot-parachain binary to the docker image
+COPY bin/* /usr/local/bin/
+COPY specs/* /specs/
+
+RUN chmod -R a+rx "/usr/local/bin"
+
+USER parity
+
+# check if executable works in this container
+RUN /usr/local/bin/polkadot-parachain --version
+
+EXPOSE 30333 9933 9944 9615
+VOLUME ["/polkadot", "/specs"]
+
+ENTRYPOINT ["/usr/local/bin/polkadot-parachain"]