CICD to build evmapp image and push it

HorizenOfficial · May 24, 2023 · 51e8636 · 51e8636
1 parent 06c1c4b
commit 51e8636
Show file tree

Hide file tree

Showing 5 changed files with 595 additions and 0 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -0,0 +1,26 @@
+os: linux
+dist: jammy
+language: generic
+addons:
+  apt:
+    packages:
+      - libxml-xpath-perl
+services:
+  - docker
+
+git:
+  depth: false
+
+env:
+  global:
+    - DOCKER_IMAGE_NAME=evmapp
+    - PROD_RELEASE_BRANCH=main
+    - DEV_RELEASE_BRANCH=development
+
+before_script: source ci/setup_env.sh
+
+jobs:
+  include:
+    - name: "Evmapp Docker Image Build"
+      script: ci/docker.sh
+      if: tag IS present
diff --git a/ci/docker.sh b/ci/docker.sh
@@ -0,0 +1,81 @@
+#!/bin/bash
+set -eEuo pipefail
+
+workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." &> /dev/null && pwd )"
+docker_image_name="${DOCKER_IMAGE_NAME:-evmapp}"
+aws_ecr_region='us-east-1'
+docker_hub_org='horizenlabs'
+pom_version="${POM_VERSION:-}"
+
+AWS_ACCOUNT_NUMBER="${AWS_ACCOUNT_NUMBER:-}"
+AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-}"
+AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-}"
+
+DOCKER_USERNAME="${DOCKER_USERNAME:-}"
+DOCKER_PASSWORD="${DOCKER_PASSWORD:-}"
+
+
+# Functions
+function fn_die() {
+  echo -e "$1" >&2
+  exit "${2:-1}"
+}
+
+# Building only dev or prod releases
+docker_tag=""
+if [ "${IS_A_RELEASE}" = "true" ]; then
+  docker_tag="${TRAVIS_TAG}"
+
+  arg_sc_committish="${ARG_SC_COMMITTISH:-${TRAVIS_TAG}}"
+  arg_sc_version="${ARG_SC_VERSION:-${pom_version}}"
+
+  if [ -z "${arg_sc_committish}" ] || [ -z "${arg_sc_version}" ]; then
+    fn_die "Error: ARG_SC_VERSION and/or ARG_SC_COMMITTISH variables are empty for release build. Docker image will not be built.  Exiting ..."
+  fi
+fi
+
+# Building docker image
+if [ -n "${docker_tag}" ]; then
+  echo "" && echo "=== Building Docker Image: ${docker_image_name}:${docker_tag} ===" && echo ""
+
+  docker build -f "${workdir}"/ci/docker/Dockerfile -t "${docker_image_name}:${docker_tag}" \
+    --build-arg ARG_SC_COMMITTISH="${arg_sc_committish}" \
+    --build-arg ARG_SC_VERSION="${arg_sc_version}" \
+    .
+
+  # Installing awscli for publishing to AWS ECR
+  if ! [ -x "$(command -v aws)" ]; then curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" ; unzip awscliv2.zip ; sudo ./aws/install ; fi
+  export PATH=$PATH:/$HOME/.local/bin
+
+  # Publishing to AWS ECR
+  echo "" && echo "=== Publishing Docker images on ECR ===" && echo ""
+  if [ -z "${AWS_ACCOUNT_NUMBER}" ] || [ -z "${AWS_ACCESS_KEY_ID}" ] || [ -z "${AWS_SECRET_ACCESS_KEY}" ]; then
+    echo "Warning: AWS_ACCOUNT_NUMBER and/or AWS_ACCESS_KEY_ID and/or AWS_SECRET_ACCESS_KEY is(are) empty. Docker image is NOT going to be published on AWS ECR !!!"
+  else
+    aws ecr get-login-password --region "${aws_ecr_region}" | docker login --username AWS --password-stdin "${AWS_ACCOUNT_NUMBER}.dkr.ecr.${aws_ecr_region}.amazonaws.com"
+    docker tag "${docker_image_name}:${docker_tag}" "${AWS_ACCOUNT_NUMBER}.dkr.ecr.${aws_ecr_region}.amazonaws.com/${docker_image_name}:${docker_tag}"
+    docker push "${AWS_ACCOUNT_NUMBER}.dkr.ecr.${aws_ecr_region}.amazonaws.com/${docker_image_name}:${docker_tag}"
+  fi
+
+  sleep 5
+
+  # Publishing to DockerHub
+  echo "" && echo "=== Publishing Docker images on DockerHub===" && echo ""
+  if [ -z "${DOCKER_USERNAME}" ] || [ -z "${DOCKER_PASSWORD}" ]; then
+    echo "Warning: DOCKER_USERNAME and/or DOCKER_USERNAME is(are) empty. Docker image is NOT going to be published on DockerHub !!!"
+  else
+    echo "${DOCKER_PASSWORD}" | docker login -u "${DOCKER_USERNAME}" --password-stdin
+    docker tag "${docker_image_name}:${docker_tag}" "index.docker.io/${docker_hub_org}/${docker_image_name}:${docker_tag}"
+    docker push "index.docker.io/${docker_hub_org}/${docker_image_name}:${docker_tag}"
+  fi
+else
+  echo "" && echo "=== The build did NOT satisfy RELEASE build requirements. Docker image is not being created ===" && echo ""
+fi
+
+
+######
+# The END
+######
+echo "" && echo "=== Done ===" && echo ""
+
+exit 0
diff --git a/ci/docker/Dockerfile b/ci/docker/Dockerfile
@@ -0,0 +1,132 @@
+## Build stage
+
+# Global ARGS
+
+ARG FROM_IMAGE_BUILD=zencash/sc-ci-base:focal_jdk-11_latest
+
+ARG FROM_IMAGE_RUN=eclipse-temurin:11-jre-focal
+
+FROM $FROM_IMAGE_BUILD as builder
+
+MAINTAINER [email protected]
+
+# Scoped ARGS
+
+ARG ARG_SC_COMMITTISH
+
+ARG ARG_SC_GITHUB_REPO=https://github.com/HorizenOfficial/eon.git
+
+ENV SC_COMMITTISH=${ARG_SC_COMMITTISH} \
+    SC_GITHUB_REPO=${ARG_SC_GITHUB_REPO} \
+    REPO_DEST='/EON'
+
+SHELL ["/bin/bash", "-c"]
+
+RUN set -euo pipefail && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends dist-upgrade \
+    && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y software-properties-common \
+    && add-apt-repository -y ppa:ethereum/ethereum && apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y gcc libc6-dev solc \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends git \
+    && git clone ${SC_GITHUB_REPO} ${REPO_DEST} && cd ${REPO_DEST} \
+    && git checkout ${SC_COMMITTISH} && mvn install -DskipTests
+
+## EVMAPP stage
+
+FROM ${FROM_IMAGE_RUN} AS evmapp
+
+MAINTAINER [email protected]
+
+# Scoped ARGS
+
+ARG ARG_SC_VERSION
+
+ARG ARG_SC_JAR_NAME=eon
+
+ARG ARG_SC_MAIN_CLASS=io.horizen.eon.EonApp
+
+ARG ARG_SC_CONF_PATH=/sidechain/config/sc_settings.conf
+
+ARG ARG_GOSU_VERSION=1.14
+
+ARG ARG_TINI_VERSION=v0.19.0
+
+ENV SC_VERSION=${ARG_SC_VERSION} \
+    SC_JAR_NAME=${ARG_SC_JAR_NAME} \
+    SC_MAIN_CLASS=${ARG_SC_MAIN_CLASS} \
+    SC_CONF_PATH=${ARG_SC_CONF_PATH} \
+    GOSU_VERSION=${ARG_GOSU_VERSION} \
+    TINI_VERSION=${ARG_TINI_VERSION} \
+    REPO_DEST='/EON'
+
+WORKDIR /sidechain
+
+SHELL ["/bin/bash", "-c"]
+
+COPY --from=builder ${REPO_DEST}/target/*.jar /sidechain/
+
+COPY --from=builder ${REPO_DEST}/target/lib /sidechain/lib
+
+COPY ci/docker/entrypoint.sh /usr/local/bin/entrypoint.sh
+
+RUN set -euo pipefail && chmod +x /usr/local/bin/entrypoint.sh \
+    && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install apt-utils \
+    && DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends dist-upgrade \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ca-certificates \
+      curl \
+      dnsutils \
+      gettext-base \
+      libjemalloc2 \
+      jq \
+      netcat-openbsd \
+      apache2-utils \
+    && savedAptMark="$(apt-mark showmanual)" \
+    && if ! command -v gosu &> /dev/null; then \
+      if ! command -v gpg2 &> /dev/null; then \
+        DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends gnupg2 dirmngr; \
+      fi \
+      && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
+      && curl -sSfL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" > /usr/local/bin/gosu \
+      && curl -sSfL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" > /usr/local/bin/gosu.asc \
+      && export GNUPGHOME="$(mktemp -d)" \
+      && ( gpg2 --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 || \
+       gpg2 --batch --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 || \
+       gpg2 --batch --keyserver pgp.mit.edu --recv-key B42F6819007F00F88E364FD4036A9C25BF357DD4 ) \
+      && gpg2 --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
+      && ( gpgconf --kill dirmngr || true ) \
+      && ( gpgconf --kill gpg-agent || true ) \
+      && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \
+      && unset GNUPGHOME \
+      && chmod +x /usr/local/bin/gosu \
+      && gosu --version; \
+    fi \
+    && if ! command -v tini &> /dev/null; then \
+      if ! command -v gpg2 &> /dev/null; then \
+        DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends gnupg2 dirmngr; \
+      fi \
+      && curl -sSfL "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini" > /usr/local/bin/tini \
+      && curl -sSfL "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc" > /usr/local/bin/tini.asc \
+      && export GNUPGHOME="$(mktemp -d)" \
+      && ( gpg2 --batch --keyserver hkps://keys.openpgp.org --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 || \
+       gpg2 --batch --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 || \
+       gpg2 --batch --keyserver pgp.mit.edu --recv-key 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 ) \
+      && gpg2 --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \
+      && ( gpgconf --kill dirmngr || true ) \
+      && ( gpgconf --kill gpg-agent || true ) \
+      && rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc \
+      && unset GNUPGHOME \
+      && chmod +x /usr/local/bin/tini \
+      && tini --version; \
+    fi \
+    && apt-mark auto '.*' &> /dev/null && [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark &> /dev/null \
+    && DEBIAN_FRONTEND=noninteractive apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
+    && rm -rf /var/{lib/apt/lists/*,cache/apt/archives/*.deb} /tmp/*
+
+VOLUME ["/sidechain/datadir/"]
+
+VOLUME ["/sidechain/logs/"]
+
+ENTRYPOINT ["/usr/local/bin/tini", "--", "/usr/local/bin/entrypoint.sh"]
+
+# This is a placeholder CMD, the actual CMD is constructed in entrypoint.sh based on ENV vars like this:
+# "java -cp '/sidechain/${ARG_SC_JAR_NAME}-${SC_VERSION}.jar:/sidechain/lib/*' $SC_MAIN_CLASS $SC_CONF_PATH"
+CMD ["/usr/bin/true"]