Skip to content

Commit

Permalink
Merge pull request #13 from HorizenOfficial/ciCD
Browse files Browse the repository at this point in the history
CICD to build evmapp image and push it
  • Loading branch information
paolocappelletti authored May 26, 2023
2 parents 06c1c4b + 51e8636 commit 60bd143
Show file tree
Hide file tree
Showing 5 changed files with 595 additions and 0 deletions.
26 changes: 26 additions & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
os: linux
dist: jammy
language: generic
addons:
apt:
packages:
- libxml-xpath-perl
services:
- docker

git:
depth: false

env:
global:
- DOCKER_IMAGE_NAME=evmapp
- PROD_RELEASE_BRANCH=main
- DEV_RELEASE_BRANCH=development

before_script: source ci/setup_env.sh

jobs:
include:
- name: "Evmapp Docker Image Build"
script: ci/docker.sh
if: tag IS present
81 changes: 81 additions & 0 deletions ci/docker.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
#!/bin/bash
set -eEuo pipefail

workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." &> /dev/null && pwd )"
docker_image_name="${DOCKER_IMAGE_NAME:-evmapp}"
aws_ecr_region='us-east-1'
docker_hub_org='horizenlabs'
pom_version="${POM_VERSION:-}"

AWS_ACCOUNT_NUMBER="${AWS_ACCOUNT_NUMBER:-}"
AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-}"
AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-}"

DOCKER_USERNAME="${DOCKER_USERNAME:-}"
DOCKER_PASSWORD="${DOCKER_PASSWORD:-}"


# Functions
function fn_die() {
echo -e "$1" >&2
exit "${2:-1}"
}

# Building only dev or prod releases
docker_tag=""
if [ "${IS_A_RELEASE}" = "true" ]; then
docker_tag="${TRAVIS_TAG}"

arg_sc_committish="${ARG_SC_COMMITTISH:-${TRAVIS_TAG}}"
arg_sc_version="${ARG_SC_VERSION:-${pom_version}}"

if [ -z "${arg_sc_committish}" ] || [ -z "${arg_sc_version}" ]; then
fn_die "Error: ARG_SC_VERSION and/or ARG_SC_COMMITTISH variables are empty for release build. Docker image will not be built. Exiting ..."
fi
fi

# Building docker image
if [ -n "${docker_tag}" ]; then
echo "" && echo "=== Building Docker Image: ${docker_image_name}:${docker_tag} ===" && echo ""

docker build -f "${workdir}"/ci/docker/Dockerfile -t "${docker_image_name}:${docker_tag}" \
--build-arg ARG_SC_COMMITTISH="${arg_sc_committish}" \
--build-arg ARG_SC_VERSION="${arg_sc_version}" \
.

# Installing awscli for publishing to AWS ECR
if ! [ -x "$(command -v aws)" ]; then curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" ; unzip awscliv2.zip ; sudo ./aws/install ; fi
export PATH=$PATH:/$HOME/.local/bin

# Publishing to AWS ECR
echo "" && echo "=== Publishing Docker images on ECR ===" && echo ""
if [ -z "${AWS_ACCOUNT_NUMBER}" ] || [ -z "${AWS_ACCESS_KEY_ID}" ] || [ -z "${AWS_SECRET_ACCESS_KEY}" ]; then
echo "Warning: AWS_ACCOUNT_NUMBER and/or AWS_ACCESS_KEY_ID and/or AWS_SECRET_ACCESS_KEY is(are) empty. Docker image is NOT going to be published on AWS ECR !!!"
else
aws ecr get-login-password --region "${aws_ecr_region}" | docker login --username AWS --password-stdin "${AWS_ACCOUNT_NUMBER}.dkr.ecr.${aws_ecr_region}.amazonaws.com"
docker tag "${docker_image_name}:${docker_tag}" "${AWS_ACCOUNT_NUMBER}.dkr.ecr.${aws_ecr_region}.amazonaws.com/${docker_image_name}:${docker_tag}"
docker push "${AWS_ACCOUNT_NUMBER}.dkr.ecr.${aws_ecr_region}.amazonaws.com/${docker_image_name}:${docker_tag}"
fi

sleep 5

# Publishing to DockerHub
echo "" && echo "=== Publishing Docker images on DockerHub===" && echo ""
if [ -z "${DOCKER_USERNAME}" ] || [ -z "${DOCKER_PASSWORD}" ]; then
echo "Warning: DOCKER_USERNAME and/or DOCKER_USERNAME is(are) empty. Docker image is NOT going to be published on DockerHub !!!"
else
echo "${DOCKER_PASSWORD}" | docker login -u "${DOCKER_USERNAME}" --password-stdin
docker tag "${docker_image_name}:${docker_tag}" "index.docker.io/${docker_hub_org}/${docker_image_name}:${docker_tag}"
docker push "index.docker.io/${docker_hub_org}/${docker_image_name}:${docker_tag}"
fi
else
echo "" && echo "=== The build did NOT satisfy RELEASE build requirements. Docker image is not being created ===" && echo ""
fi


######
# The END
######
echo "" && echo "=== Done ===" && echo ""

exit 0
132 changes: 132 additions & 0 deletions ci/docker/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
## Build stage

# Global ARGS

ARG FROM_IMAGE_BUILD=zencash/sc-ci-base:focal_jdk-11_latest

ARG FROM_IMAGE_RUN=eclipse-temurin:11-jre-focal

FROM $FROM_IMAGE_BUILD as builder

MAINTAINER [email protected]

# Scoped ARGS

ARG ARG_SC_COMMITTISH

ARG ARG_SC_GITHUB_REPO=https://github.com/HorizenOfficial/eon.git

ENV SC_COMMITTISH=${ARG_SC_COMMITTISH} \
SC_GITHUB_REPO=${ARG_SC_GITHUB_REPO} \
REPO_DEST='/EON'

SHELL ["/bin/bash", "-c"]

RUN set -euo pipefail && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends dist-upgrade \
&& DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y software-properties-common \
&& add-apt-repository -y ppa:ethereum/ethereum && apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y gcc libc6-dev solc \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends git \
&& git clone ${SC_GITHUB_REPO} ${REPO_DEST} && cd ${REPO_DEST} \
&& git checkout ${SC_COMMITTISH} && mvn install -DskipTests

## EVMAPP stage

FROM ${FROM_IMAGE_RUN} AS evmapp

MAINTAINER [email protected]

# Scoped ARGS

ARG ARG_SC_VERSION

ARG ARG_SC_JAR_NAME=eon

ARG ARG_SC_MAIN_CLASS=io.horizen.eon.EonApp

ARG ARG_SC_CONF_PATH=/sidechain/config/sc_settings.conf

ARG ARG_GOSU_VERSION=1.14

ARG ARG_TINI_VERSION=v0.19.0

ENV SC_VERSION=${ARG_SC_VERSION} \
SC_JAR_NAME=${ARG_SC_JAR_NAME} \
SC_MAIN_CLASS=${ARG_SC_MAIN_CLASS} \
SC_CONF_PATH=${ARG_SC_CONF_PATH} \
GOSU_VERSION=${ARG_GOSU_VERSION} \
TINI_VERSION=${ARG_TINI_VERSION} \
REPO_DEST='/EON'

WORKDIR /sidechain

SHELL ["/bin/bash", "-c"]

COPY --from=builder ${REPO_DEST}/target/*.jar /sidechain/

COPY --from=builder ${REPO_DEST}/target/lib /sidechain/lib

COPY ci/docker/entrypoint.sh /usr/local/bin/entrypoint.sh

RUN set -euo pipefail && chmod +x /usr/local/bin/entrypoint.sh \
&& apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install apt-utils \
&& DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends dist-upgrade \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ca-certificates \
curl \
dnsutils \
gettext-base \
libjemalloc2 \
jq \
netcat-openbsd \
apache2-utils \
&& savedAptMark="$(apt-mark showmanual)" \
&& if ! command -v gosu &> /dev/null; then \
if ! command -v gpg2 &> /dev/null; then \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends gnupg2 dirmngr; \
fi \
&& dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
&& curl -sSfL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" > /usr/local/bin/gosu \
&& curl -sSfL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" > /usr/local/bin/gosu.asc \
&& export GNUPGHOME="$(mktemp -d)" \
&& ( gpg2 --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 || \
gpg2 --batch --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 || \
gpg2 --batch --keyserver pgp.mit.edu --recv-key B42F6819007F00F88E364FD4036A9C25BF357DD4 ) \
&& gpg2 --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
&& ( gpgconf --kill dirmngr || true ) \
&& ( gpgconf --kill gpg-agent || true ) \
&& rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \
&& unset GNUPGHOME \
&& chmod +x /usr/local/bin/gosu \
&& gosu --version; \
fi \
&& if ! command -v tini &> /dev/null; then \
if ! command -v gpg2 &> /dev/null; then \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends gnupg2 dirmngr; \
fi \
&& curl -sSfL "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini" > /usr/local/bin/tini \
&& curl -sSfL "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc" > /usr/local/bin/tini.asc \
&& export GNUPGHOME="$(mktemp -d)" \
&& ( gpg2 --batch --keyserver hkps://keys.openpgp.org --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 || \
gpg2 --batch --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 || \
gpg2 --batch --keyserver pgp.mit.edu --recv-key 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 ) \
&& gpg2 --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \
&& ( gpgconf --kill dirmngr || true ) \
&& ( gpgconf --kill gpg-agent || true ) \
&& rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc \
&& unset GNUPGHOME \
&& chmod +x /usr/local/bin/tini \
&& tini --version; \
fi \
&& apt-mark auto '.*' &> /dev/null && [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark &> /dev/null \
&& DEBIAN_FRONTEND=noninteractive apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
&& rm -rf /var/{lib/apt/lists/*,cache/apt/archives/*.deb} /tmp/*

VOLUME ["/sidechain/datadir/"]

VOLUME ["/sidechain/logs/"]

ENTRYPOINT ["/usr/local/bin/tini", "--", "/usr/local/bin/entrypoint.sh"]

# This is a placeholder CMD, the actual CMD is constructed in entrypoint.sh based on ENV vars like this:
# "java -cp '/sidechain/${ARG_SC_JAR_NAME}-${SC_VERSION}.jar:/sidechain/lib/*' $SC_MAIN_CLASS $SC_CONF_PATH"
CMD ["/usr/bin/true"]
Loading

0 comments on commit 60bd143

Please sign in to comment.