-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #13 from HorizenOfficial/ciCD
CICD to build evmapp image and push it
- Loading branch information
Showing
5 changed files
with
595 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
os: linux | ||
dist: jammy | ||
language: generic | ||
addons: | ||
apt: | ||
packages: | ||
- libxml-xpath-perl | ||
services: | ||
- docker | ||
|
||
git: | ||
depth: false | ||
|
||
env: | ||
global: | ||
- DOCKER_IMAGE_NAME=evmapp | ||
- PROD_RELEASE_BRANCH=main | ||
- DEV_RELEASE_BRANCH=development | ||
|
||
before_script: source ci/setup_env.sh | ||
|
||
jobs: | ||
include: | ||
- name: "Evmapp Docker Image Build" | ||
script: ci/docker.sh | ||
if: tag IS present |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
#!/bin/bash | ||
set -eEuo pipefail | ||
|
||
workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." &> /dev/null && pwd )" | ||
docker_image_name="${DOCKER_IMAGE_NAME:-evmapp}" | ||
aws_ecr_region='us-east-1' | ||
docker_hub_org='horizenlabs' | ||
pom_version="${POM_VERSION:-}" | ||
|
||
AWS_ACCOUNT_NUMBER="${AWS_ACCOUNT_NUMBER:-}" | ||
AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-}" | ||
AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-}" | ||
|
||
DOCKER_USERNAME="${DOCKER_USERNAME:-}" | ||
DOCKER_PASSWORD="${DOCKER_PASSWORD:-}" | ||
|
||
|
||
# Functions | ||
function fn_die() { | ||
echo -e "$1" >&2 | ||
exit "${2:-1}" | ||
} | ||
|
||
# Building only dev or prod releases | ||
docker_tag="" | ||
if [ "${IS_A_RELEASE}" = "true" ]; then | ||
docker_tag="${TRAVIS_TAG}" | ||
|
||
arg_sc_committish="${ARG_SC_COMMITTISH:-${TRAVIS_TAG}}" | ||
arg_sc_version="${ARG_SC_VERSION:-${pom_version}}" | ||
|
||
if [ -z "${arg_sc_committish}" ] || [ -z "${arg_sc_version}" ]; then | ||
fn_die "Error: ARG_SC_VERSION and/or ARG_SC_COMMITTISH variables are empty for release build. Docker image will not be built. Exiting ..." | ||
fi | ||
fi | ||
|
||
# Building docker image | ||
if [ -n "${docker_tag}" ]; then | ||
echo "" && echo "=== Building Docker Image: ${docker_image_name}:${docker_tag} ===" && echo "" | ||
|
||
docker build -f "${workdir}"/ci/docker/Dockerfile -t "${docker_image_name}:${docker_tag}" \ | ||
--build-arg ARG_SC_COMMITTISH="${arg_sc_committish}" \ | ||
--build-arg ARG_SC_VERSION="${arg_sc_version}" \ | ||
. | ||
|
||
# Installing awscli for publishing to AWS ECR | ||
if ! [ -x "$(command -v aws)" ]; then curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" ; unzip awscliv2.zip ; sudo ./aws/install ; fi | ||
export PATH=$PATH:/$HOME/.local/bin | ||
|
||
# Publishing to AWS ECR | ||
echo "" && echo "=== Publishing Docker images on ECR ===" && echo "" | ||
if [ -z "${AWS_ACCOUNT_NUMBER}" ] || [ -z "${AWS_ACCESS_KEY_ID}" ] || [ -z "${AWS_SECRET_ACCESS_KEY}" ]; then | ||
echo "Warning: AWS_ACCOUNT_NUMBER and/or AWS_ACCESS_KEY_ID and/or AWS_SECRET_ACCESS_KEY is(are) empty. Docker image is NOT going to be published on AWS ECR !!!" | ||
else | ||
aws ecr get-login-password --region "${aws_ecr_region}" | docker login --username AWS --password-stdin "${AWS_ACCOUNT_NUMBER}.dkr.ecr.${aws_ecr_region}.amazonaws.com" | ||
docker tag "${docker_image_name}:${docker_tag}" "${AWS_ACCOUNT_NUMBER}.dkr.ecr.${aws_ecr_region}.amazonaws.com/${docker_image_name}:${docker_tag}" | ||
docker push "${AWS_ACCOUNT_NUMBER}.dkr.ecr.${aws_ecr_region}.amazonaws.com/${docker_image_name}:${docker_tag}" | ||
fi | ||
|
||
sleep 5 | ||
|
||
# Publishing to DockerHub | ||
echo "" && echo "=== Publishing Docker images on DockerHub===" && echo "" | ||
if [ -z "${DOCKER_USERNAME}" ] || [ -z "${DOCKER_PASSWORD}" ]; then | ||
echo "Warning: DOCKER_USERNAME and/or DOCKER_USERNAME is(are) empty. Docker image is NOT going to be published on DockerHub !!!" | ||
else | ||
echo "${DOCKER_PASSWORD}" | docker login -u "${DOCKER_USERNAME}" --password-stdin | ||
docker tag "${docker_image_name}:${docker_tag}" "index.docker.io/${docker_hub_org}/${docker_image_name}:${docker_tag}" | ||
docker push "index.docker.io/${docker_hub_org}/${docker_image_name}:${docker_tag}" | ||
fi | ||
else | ||
echo "" && echo "=== The build did NOT satisfy RELEASE build requirements. Docker image is not being created ===" && echo "" | ||
fi | ||
|
||
|
||
###### | ||
# The END | ||
###### | ||
echo "" && echo "=== Done ===" && echo "" | ||
|
||
exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,132 @@ | ||
## Build stage | ||
|
||
# Global ARGS | ||
|
||
ARG FROM_IMAGE_BUILD=zencash/sc-ci-base:focal_jdk-11_latest | ||
|
||
ARG FROM_IMAGE_RUN=eclipse-temurin:11-jre-focal | ||
|
||
FROM $FROM_IMAGE_BUILD as builder | ||
|
||
MAINTAINER [email protected] | ||
|
||
# Scoped ARGS | ||
|
||
ARG ARG_SC_COMMITTISH | ||
|
||
ARG ARG_SC_GITHUB_REPO=https://github.com/HorizenOfficial/eon.git | ||
|
||
ENV SC_COMMITTISH=${ARG_SC_COMMITTISH} \ | ||
SC_GITHUB_REPO=${ARG_SC_GITHUB_REPO} \ | ||
REPO_DEST='/EON' | ||
|
||
SHELL ["/bin/bash", "-c"] | ||
|
||
RUN set -euo pipefail && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends dist-upgrade \ | ||
&& DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y software-properties-common \ | ||
&& add-apt-repository -y ppa:ethereum/ethereum && apt-get update \ | ||
&& DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y gcc libc6-dev solc \ | ||
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends git \ | ||
&& git clone ${SC_GITHUB_REPO} ${REPO_DEST} && cd ${REPO_DEST} \ | ||
&& git checkout ${SC_COMMITTISH} && mvn install -DskipTests | ||
|
||
## EVMAPP stage | ||
|
||
FROM ${FROM_IMAGE_RUN} AS evmapp | ||
|
||
MAINTAINER [email protected] | ||
|
||
# Scoped ARGS | ||
|
||
ARG ARG_SC_VERSION | ||
|
||
ARG ARG_SC_JAR_NAME=eon | ||
|
||
ARG ARG_SC_MAIN_CLASS=io.horizen.eon.EonApp | ||
|
||
ARG ARG_SC_CONF_PATH=/sidechain/config/sc_settings.conf | ||
|
||
ARG ARG_GOSU_VERSION=1.14 | ||
|
||
ARG ARG_TINI_VERSION=v0.19.0 | ||
|
||
ENV SC_VERSION=${ARG_SC_VERSION} \ | ||
SC_JAR_NAME=${ARG_SC_JAR_NAME} \ | ||
SC_MAIN_CLASS=${ARG_SC_MAIN_CLASS} \ | ||
SC_CONF_PATH=${ARG_SC_CONF_PATH} \ | ||
GOSU_VERSION=${ARG_GOSU_VERSION} \ | ||
TINI_VERSION=${ARG_TINI_VERSION} \ | ||
REPO_DEST='/EON' | ||
|
||
WORKDIR /sidechain | ||
|
||
SHELL ["/bin/bash", "-c"] | ||
|
||
COPY --from=builder ${REPO_DEST}/target/*.jar /sidechain/ | ||
|
||
COPY --from=builder ${REPO_DEST}/target/lib /sidechain/lib | ||
|
||
COPY ci/docker/entrypoint.sh /usr/local/bin/entrypoint.sh | ||
|
||
RUN set -euo pipefail && chmod +x /usr/local/bin/entrypoint.sh \ | ||
&& apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install apt-utils \ | ||
&& DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends dist-upgrade \ | ||
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ca-certificates \ | ||
curl \ | ||
dnsutils \ | ||
gettext-base \ | ||
libjemalloc2 \ | ||
jq \ | ||
netcat-openbsd \ | ||
apache2-utils \ | ||
&& savedAptMark="$(apt-mark showmanual)" \ | ||
&& if ! command -v gosu &> /dev/null; then \ | ||
if ! command -v gpg2 &> /dev/null; then \ | ||
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends gnupg2 dirmngr; \ | ||
fi \ | ||
&& dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \ | ||
&& curl -sSfL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" > /usr/local/bin/gosu \ | ||
&& curl -sSfL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" > /usr/local/bin/gosu.asc \ | ||
&& export GNUPGHOME="$(mktemp -d)" \ | ||
&& ( gpg2 --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 || \ | ||
gpg2 --batch --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 || \ | ||
gpg2 --batch --keyserver pgp.mit.edu --recv-key B42F6819007F00F88E364FD4036A9C25BF357DD4 ) \ | ||
&& gpg2 --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ | ||
&& ( gpgconf --kill dirmngr || true ) \ | ||
&& ( gpgconf --kill gpg-agent || true ) \ | ||
&& rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ | ||
&& unset GNUPGHOME \ | ||
&& chmod +x /usr/local/bin/gosu \ | ||
&& gosu --version; \ | ||
fi \ | ||
&& if ! command -v tini &> /dev/null; then \ | ||
if ! command -v gpg2 &> /dev/null; then \ | ||
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends gnupg2 dirmngr; \ | ||
fi \ | ||
&& curl -sSfL "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini" > /usr/local/bin/tini \ | ||
&& curl -sSfL "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc" > /usr/local/bin/tini.asc \ | ||
&& export GNUPGHOME="$(mktemp -d)" \ | ||
&& ( gpg2 --batch --keyserver hkps://keys.openpgp.org --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 || \ | ||
gpg2 --batch --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 || \ | ||
gpg2 --batch --keyserver pgp.mit.edu --recv-key 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 ) \ | ||
&& gpg2 --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ | ||
&& ( gpgconf --kill dirmngr || true ) \ | ||
&& ( gpgconf --kill gpg-agent || true ) \ | ||
&& rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc \ | ||
&& unset GNUPGHOME \ | ||
&& chmod +x /usr/local/bin/tini \ | ||
&& tini --version; \ | ||
fi \ | ||
&& apt-mark auto '.*' &> /dev/null && [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark &> /dev/null \ | ||
&& DEBIAN_FRONTEND=noninteractive apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ | ||
&& rm -rf /var/{lib/apt/lists/*,cache/apt/archives/*.deb} /tmp/* | ||
|
||
VOLUME ["/sidechain/datadir/"] | ||
|
||
VOLUME ["/sidechain/logs/"] | ||
|
||
ENTRYPOINT ["/usr/local/bin/tini", "--", "/usr/local/bin/entrypoint.sh"] | ||
|
||
# This is a placeholder CMD, the actual CMD is constructed in entrypoint.sh based on ENV vars like this: | ||
# "java -cp '/sidechain/${ARG_SC_JAR_NAME}-${SC_VERSION}.jar:/sidechain/lib/*' $SC_MAIN_CLASS $SC_CONF_PATH" | ||
CMD ["/usr/bin/true"] |
Oops, something went wrong.