diff --git a/.dockerignore b/.dockerignore index 9d3e837d..b265dd17 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,7 +1,5 @@ **/node_modules/ **/target/ .git/ -**/Dockerfile -**/docker-compose.yml .dockerignore .gitignore diff --git a/.github/docker-config.json b/.github/docker-config.json deleted file mode 100644 index 39f14f5d..00000000 --- a/.github/docker-config.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "dsigner_legacy_http": { - "image_name": "dsigner", - "description": "threshold signing daemon" - } -} diff --git a/.github/workflows/build-and-push-docker-images.yml b/.github/workflows/build-and-push-docker-images.yml index ec7e8b0a..2329dd8b 100644 --- a/.github/workflows/build-and-push-docker-images.yml +++ b/.github/workflows/build-and-push-docker-images.yml @@ -1,4 +1,4 @@ -name: build-and-push-docker-images +name: build-and-push-docker on: push: branches: @@ -8,26 +8,16 @@ on: pull_request: workflow_dispatch: inputs: - test_mode: - description: 'Enable test mode (uses candyland-test registry and draft releases)' - required: false - type: boolean - default: false docker_push: description: 'Enable docker push' required: false type: boolean default: true - release_push: - description: 'Enable release push' - required: false - type: boolean - default: true + env: - # If test_mode is true, or we're on a branch with a test-build- prefix then use a test registry and a draft release - TEST_MODE: ${{ github.event.inputs.test_mode == 'true' || startsWith(github.ref, 'refs/heads/test-build-') }} - DOCKER_REGISTRY: ${{ (github.event.inputs.test_mode == 'true' || startsWith(github.ref, 'refs/heads/test-build-')) && 'europe-west1-docker.pkg.dev/randamu-prod/candyland-test' || 'europe-west1-docker.pkg.dev/randamu-prod/candyland' }} + DOCKER_REGISTRY: 'europe-west1-docker.pkg.dev/randamu-prod/candyland' + DOCKER_PUSH: ${{ github.event.inputs.docker_push == 'true' }} SERVICE_ACCOUNT: github@randamu-prod.iam.gserviceaccount.com IMAGE_MAINTAINER: "Randamu" @@ -35,115 +25,25 @@ env: AUTHOR: "Randu Mohammed" jobs: - build-binaries: - uses: ./.github/workflows/build-all-binaries.yml - secrets: inherit - - generate-matrix: - needs: build-binaries + docker-build-and-push: + name: "Docker build and push" runs-on: ["randamu-self-hosted-default"] - outputs: - matrix: ${{ steps.set-matrix.outputs.matrix }} + steps: - name: Checkout code uses: actions/checkout@v5 - - - name: Download binaries metadata - uses: actions/download-artifact@v4 - with: - name: binaries-metadata-${{ github.sha }} - path: . - - - name: Upload binaries for docker jobs - uses: actions/upload-artifact@v4 with: - name: binaries-for-docker-${{ github.sha }} - path: target/release/ - retention-days: 1 - overwrite: true - - - name: Generate build matrix - id: set-matrix - run: | - CONFIG_FILE=".github/docker-config.json" - - # Load config if exists - if [ -f "$CONFIG_FILE" ]; then - CONFIG=$(cat "$CONFIG_FILE") - else - CONFIG='{}' - fi - - # Generate matrix from binaries.json (slurp to read all objects into array) - MATRIX=$(jq -sc --argjson config "$CONFIG" 'map({ - binary_name: .name, - binary_path: ( .path | sub("/home/runner/_work/dcipher/dcipher/"; "") ), - image_name: ($config[.name].image_name // .name), - description: ($config[.name].description // "Dcipher service") - })' binaries.json) - - echo "matrix=$MATRIX" >> $GITHUB_OUTPUT - echo "Generated matrix:" - echo "$MATRIX" | jq . - - - name: Upload Docker build context - uses: actions/upload-artifact@v4 - with: - name: docker-context-${{ github.sha }} - path: | - Dockerfile - .github/docker-config.json - .dockerignore - retention-days: 1 - overwrite: true - - docker: - name: "Docker: ${{ matrix.app.image_name }}" - needs: generate-matrix - runs-on: ["randamu-self-hosted-default"] - strategy: - fail-fast: false - matrix: - app: ${{ fromJson(needs.generate-matrix.outputs.matrix) }} - steps: - - name: Download Docker build context - uses: actions/download-artifact@v4 - with: - name: docker-context-${{ github.sha }} - path: . - - - name: Download pre-built binaries - uses: actions/download-artifact@v4 - with: - name: binaries-${{ github.sha }} - path: target/release - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.DOCKER_REGISTRY }}/${{ matrix.app.image_name }} - labels: | - maintainer=${{ env.IMAGE_MAINTAINER }} - org.opencontainers.image.vendor=${{ env.IMAGE_VENDOR }} - org.opencontainers.image.title=${{ matrix.app.image_name }} - org.opencontainers.image.description=${{ matrix.app.description }} - flavor: | - latest=false - tags: | - type=sha,prefix= - type=ref,event=branch,suffix=-latest,enable=${{ startsWith(github.ref, 'refs/heads/') }} - type=semver,pattern={{version}},event=tag,enable=${{ startsWith(github.ref, 'refs/tags/') }} - type=raw,value=main-latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} - type=ref,event=pr - type=ref,event=branch + submodules: 'recursive' - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: buildkitd-config-inline: | + debug = true [registry."docker.io"] mirrors = ["mirror.gcr.io"] + [worker.oci] + max-parallelism = 8 driver-opts: | image=mirror.gcr.io/moby/buildkit:buildx-stable-1 network=host @@ -155,18 +55,45 @@ jobs: username: _json_key password: ${{ secrets.GCP_SERVICE_ACCOUNT_TOKEN }} - - name: Build and push - uses: docker/build-push-action@v6 + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push docker images + uses: docker/bake-action@v6 + env: + TAG: ${{ github.event_name == 'pull_request' && github.head_ref || github.ref_name }} + SHA: ${{ github.sha }} + REGISTRY: ${{ env.DOCKER_REGISTRY }} with: - context: . - file: ./Dockerfile - push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') || env.TEST_MODE == 'true' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - build-args: | - BINARY_PATH=${{ matrix.app.binary_path }} - BINARY_NAME=${{ matrix.app.binary_name }} - cache-from: | - type=registry,ref=${{ env.DOCKER_REGISTRY }}/${{ matrix.app.image_name }}-cache:${{ steps.meta.outputs.version }} - type=registry,ref=${{ env.DOCKER_REGISTRY }}/${{ matrix.app.image_name }}-cache:main - cache-to: type=registry,ref=${{ env.DOCKER_REGISTRY }}/${{ matrix.app.image_name }}-cache:${{ steps.meta.outputs.version }},mode=max + files: docker-bake.hcl + source: . + push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') || env.DOCKER_PUSH == 'true' }} + set: | + rust-binary-common.cache-from=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:base-external + rust-binary-common.cache-to=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:base-external,mode=max + rust-base-internal.cache-from=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:base-external + rust-base-internal.cache-from=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:base-internal + rust-base-internal.cache-to=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:base-internal,mode=max + *.cache-from=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:base-internal + adkg-cli.cache-from=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:adkg-cli + adkg-cli.cache-to=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:adkg-cli,mode=max + blocklock-agent.cache-from=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:blocklock-agent + blocklock-agent.cache-to=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:blocklock-agent,mode=max + monitoring.cache-from=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:monitoring + monitoring.cache-to=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:monitoring,mode=max + onlyswaps-smoketest.cache-from=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:onlyswaps-smoketest + onlyswaps-smoketest.cache-to=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:onlyswaps-smoketest,mode=max + onlyswaps-solver.cache-from=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:onlyswaps-solver + onlyswaps-solver.cache-to=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:onlyswaps-solver,mode=max + onlyswaps-state-api.cache-from=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:onlyswaps-state-api + onlyswaps-state-api.cache-to=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:onlyswaps-state-api,mode=max + onlyswaps-verifier.cache-from=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:onlyswaps-verifier + onlyswaps-verifier.cache-to=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:onlyswaps-verifier,mode=max + randomness-agent.cache-from=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:randomness-agent + randomness-agent.cache-to=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:randomness-agent,mode=max + dsigner-legacy-http.cache-from=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:dsigner-legacy-http + dsigner-legacy-http.cache-to=type=registry,ref=${{ env.DOCKER_REGISTRY }}/buildkit-cache:dsigner-legacy-http,mode=max diff --git a/bin/Dockerfile.base b/bin/Dockerfile.base new file mode 100644 index 00000000..d4fc9fd8 --- /dev/null +++ b/bin/Dockerfile.base @@ -0,0 +1,55 @@ +FROM lukemathwalker/cargo-chef:latest-rust-1.92 AS chef +RUN apt-get update \ + && apt-get install -y protobuf-compiler \ + && rm -rf /var/lib/apt/lists/* +WORKDIR /app + +RUN cargo install cargo-chef sccache --locked + +ENV RUSTC_WRAPPER=sccache \ + SCCACHE_DIR=/sccache + +FROM chef AS external-planner +# Copy workspace root files +COPY Cargo.toml Cargo.lock ./ + +# Copy all workspace member Cargo.toml files (cache only busts when deps change) +# bin/* +COPY bin/adkg-cli/Cargo.toml bin/adkg-cli/Cargo.toml +COPY bin/blocklock-agent/Cargo.toml bin/blocklock-agent/Cargo.toml +COPY bin/dsigner/Cargo.toml bin/dsigner/Cargo.toml +COPY bin/gen-keys/Cargo.toml bin/gen-keys/Cargo.toml +COPY bin/monitoring/Cargo.toml bin/monitoring/Cargo.toml +COPY bin/onlyswaps-smoketest/Cargo.toml bin/onlyswaps-smoketest/Cargo.toml +COPY bin/onlyswaps-solver/Cargo.toml bin/onlyswaps-solver/Cargo.toml +COPY bin/onlyswaps-state-api/Cargo.toml bin/onlyswaps-state-api/Cargo.toml +COPY bin/onlyswaps-verifier/Cargo.toml bin/onlyswaps-verifier/Cargo.toml +COPY bin/randomness-agent/Cargo.toml bin/randomness-agent/Cargo.toml +# crates/* +COPY crates/adkg/Cargo.toml crates/adkg/Cargo.toml +COPY crates/agent-utils/Cargo.toml crates/agent-utils/Cargo.toml +COPY crates/config/Cargo.toml crates/config/Cargo.toml +COPY crates/dcipher-agents/Cargo.toml crates/dcipher-agents/Cargo.toml +COPY crates/generated/Cargo.toml crates/generated/Cargo.toml +COPY crates/network/Cargo.toml crates/network/Cargo.toml +COPY crates/omnievent/Cargo.toml crates/omnievent/Cargo.toml +COPY crates/onlyswaps-client/Cargo.toml crates/onlyswaps-client/Cargo.toml +COPY crates/signer/Cargo.toml crates/signer/Cargo.toml +COPY crates/superalloy/Cargo.toml crates/superalloy/Cargo.toml +COPY crates/utils/Cargo.toml crates/utils/Cargo.toml + +# Create stub source files for each workspace member so cargo metadata works +RUN find bin crates -name Cargo.toml -execdir sh -c 'mkdir -p src && echo "fn main() {}" > src/main.rs && touch src/lib.rs' \; + +RUN mkdir -p bin/dsigner/examples/dsigner_legacy_http && echo "fn main() {}" > bin/dsigner/examples/dsigner_legacy_http/main.rs +RUN mkdir -p bin/dsigner/examples/dsigner_grpc && echo "fn main() {}" > bin/dsigner/examples/dsigner_grpc/main.rs + +RUN cargo chef prepare --recipe-path external.json + +FROM chef AS rust-base-internal +COPY --from=external-planner /app/external.json external.json +# Caches all external crates.io deps +RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ + --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ + --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \ + cargo chef cook --release --recipe-path external.json \ No newline at end of file diff --git a/bin/adkg-cli/Dockerfile b/bin/adkg-cli/Dockerfile new file mode 100644 index 00000000..e94e7ac0 --- /dev/null +++ b/bin/adkg-cli/Dockerfile @@ -0,0 +1,43 @@ +# This ARG is overridden by Bake contexts to 'target:rust-base-internal' +# If built via 'docker build', it defaults to the slow but working chef image. +ARG base_stage_alias=lukemathwalker/cargo-chef:latest-rust-1.92 +FROM ${base_stage_alias} AS builder +RUN apt-get update \ + && apt-get install -y protobuf-compiler \ + && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y protobuf-compiler + +RUN cargo install cargo-chef sccache --locked + +ENV RUSTC_WRAPPER=sccache \ + SCCACHE_DIR=/sccache + +WORKDIR /app + +COPY Cargo.toml Cargo.lock ./ +COPY crates/adkg ./crates/adkg +COPY crates/config ./crates/config +COPY crates/network ./crates/network +COPY crates/utils ./crates/utils +COPY crates/omnievent ./crates/omnievent +COPY crates/superalloy ./crates/superalloy +COPY modules/dcipher-proto ./modules/dcipher-proto +COPY bin/adkg-cli ./bin/adkg-cli + +RUN cargo chef prepare --recipe-path internal.json --bin adkg-cli +RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ + --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ + --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \ + cargo chef cook --release --recipe-path internal.json --bin adkg-cli + +# Build application +RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ + --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ + --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \ + cargo build --release -p adkg-cli --bin adkg-cli + +# We do not need the Rust toolchain to run the binary! +FROM debian:bookworm-slim AS runtime +WORKDIR /app +COPY --from=builder /app/target/release/adkg-cli /usr/local/bin/adkg-cli +CMD ["adkg-cli"] diff --git a/bin/blocklock-agent/Dockerfile b/bin/blocklock-agent/Dockerfile new file mode 100644 index 00000000..ba58a7ca --- /dev/null +++ b/bin/blocklock-agent/Dockerfile @@ -0,0 +1,40 @@ +# This ARG is overridden by Bake contexts to 'target:rust-base-internal' +# If built via 'docker build', it defaults to the slow but working chef image. +ARG base_stage_alias=lukemathwalker/cargo-chef:latest-rust-1.92 +FROM ${base_stage_alias} AS builder +RUN apt-get update \ + && apt-get install -y protobuf-compiler \ + && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y protobuf-compiler + +RUN cargo install cargo-chef sccache --locked + +ENV RUSTC_WRAPPER=sccache \ + SCCACHE_DIR=/sccache + +WORKDIR /app + +COPY Cargo.toml Cargo.lock ./ +COPY bin/blocklock-agent/ ./bin/blocklock-agent +COPY crates/dcipher-agents ./crates/dcipher-agents +COPY crates/generated ./crates/generated +COPY crates/utils ./crates/utils +COPY crates/config ./crates/config +COPY crates/omnievent ./crates/omnievent +COPY crates/network ./crates/network +COPY crates/signer ./crates/signer +COPY crates/superalloy ./crates/superalloy +COPY modules/dcipher-proto ./modules/dcipher-proto + + +RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ + --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ + --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \ + cargo build --release -p blocklock-agent --example blocklock + +# We do not need the Rust toolchain to run the binary! +FROM debian:bookworm-slim AS runtime +RUN apt-get update && apt-get install -y libssl3 dnsutils +WORKDIR /app +COPY --from=builder /app/target/release/examples/blocklock /usr/local/bin +ENTRYPOINT ["/usr/local/bin/blocklock"] diff --git a/bin/dsigner/examples/dsigner_legacy_http/Dockerfile b/bin/dsigner/examples/dsigner_legacy_http/Dockerfile new file mode 100644 index 00000000..9f4d9eec --- /dev/null +++ b/bin/dsigner/examples/dsigner_legacy_http/Dockerfile @@ -0,0 +1,46 @@ +# This ARG is overridden by Bake contexts to 'target:rust-base-internal' +# If built via 'docker build', it defaults to the slow but working chef image. +ARG base_stage_alias=lukemathwalker/cargo-chef:latest-rust-1.92 +FROM ${base_stage_alias} AS builder +RUN apt-get update \ + && apt-get install -y protobuf-compiler \ + && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y protobuf-compiler + +RUN cargo install cargo-chef sccache --locked + +ENV RUSTC_WRAPPER=sccache \ + SCCACHE_DIR=/sccache + +WORKDIR /app + +RUN cargo chef prepare --recipe-path recipe.json --bin dsigner +# --bin sadly doesn't support binaries of kind "example" +RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ + --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ + --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \ + cargo chef cook --release --recipe-path recipe.json --all-targets + +# Build application +COPY Cargo.toml Cargo.lock ./ + +COPY bin/dsigner/ ./bin/dsigner +COPY crates/config ./crates/config +COPY crates/network ./crates/network +COPY crates/signer ./crates/signer +COPY crates/superalloy ./crates/superalloy +COPY crates/utils ./crates/utils +COPY crates/omnievent ./crates/omnievent +COPY modules/dcipher-proto ./modules/dcipher-proto + +RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ + --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ + --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \ + cargo build --release --example dsigner_legacy_http --all-features -p dsigner + +# We do not need the Rust toolchain to run the binary! +FROM debian:bookworm-slim AS runtime +RUN apt-get update && apt-get install -y libssl3 dnsutils +WORKDIR /app +COPY --from=builder /app/target/release/examples/dsigner_legacy_http /usr/local/bin +ENTRYPOINT ["/usr/local/bin/dsigner_legacy_http"] diff --git a/bin/monitoring/Dockerfile b/bin/monitoring/Dockerfile new file mode 100644 index 00000000..af118b6b --- /dev/null +++ b/bin/monitoring/Dockerfile @@ -0,0 +1,42 @@ +# This ARG is overridden by Bake contexts to 'rust-base-internal' +# If built via 'docker build', it defaults to the slow but working chef image. +ARG base_stage_alias=lukemathwalker/cargo-chef:latest-rust-1.92 +FROM ${base_stage_alias} AS builder +RUN apt-get update \ + && apt-get install -y protobuf-compiler \ + && rm -rf /var/lib/apt/lists/* + +RUN cargo install cargo-chef sccache --locked + +ENV RUSTC_WRAPPER=sccache \ + SCCACHE_DIR=/sccache + +# External crates are already cooked in rust-base-internal, we just need to copy source and build +WORKDIR /app + +COPY Cargo.toml Cargo.lock ./ +COPY crates/agent-utils ./crates/agent-utils +COPY crates/config ./crates/config +COPY crates/generated ./crates/generated +COPY crates/utils ./crates/utils +COPY crates/omnievent ./crates/omnievent +COPY crates/superalloy ./crates/superalloy +COPY modules/dcipher-proto ./modules/dcipher-proto +COPY bin/monitoring/ ./bin/monitoring + +RUN cargo chef prepare --recipe-path internal.json --bin monitoring +RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ + --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ + --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \ + cargo chef cook --release --recipe-path internal.json --bin monitoring + +RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ + --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ + --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \ + cargo build --release -p monitoring --bin monitoring + +FROM debian:bookworm-slim AS runtime +RUN apt-get update && apt-get install -y libssl3 dnsutils +WORKDIR /app +COPY --from=builder /app/target/release/monitoring /usr/local/bin +ENTRYPOINT ["/usr/local/bin/monitoring"] \ No newline at end of file diff --git a/bin/onlyswaps-smoketest/Dockerfile b/bin/onlyswaps-smoketest/Dockerfile new file mode 100644 index 00000000..f93d4e31 --- /dev/null +++ b/bin/onlyswaps-smoketest/Dockerfile @@ -0,0 +1,44 @@ +# This ARG is overridden by Bake contexts to 'rust-base-internal' +# If built via 'docker build', it defaults to the slow but working chef image. +ARG base_stage_alias=lukemathwalker/cargo-chef:latest-rust-1.92 +FROM ${base_stage_alias} AS builder +RUN apt-get update \ + && apt-get install -y protobuf-compiler \ + && rm -rf /var/lib/apt/lists/* +WORKDIR /app + +RUN cargo install cargo-chef sccache --locked + +ENV RUSTC_WRAPPER=sccache \ + SCCACHE_DIR=/sccache + +# Build application +COPY Cargo.toml Cargo.lock ./ + +COPY bin/onlyswaps-smoketest/ ./bin/onlyswaps-smoketest +COPY crates/agent-utils ./crates/agent-utils +COPY crates/config ./crates/config +COPY crates/generated ./crates/generated +COPY crates/onlyswaps-client ./crates/onlyswaps-client +COPY crates/superalloy ./crates/superalloy +COPY crates/omnievent ./crates/omnievent +COPY crates/utils ./crates/utils +COPY modules/dcipher-proto ./modules/dcipher-proto + +RUN cargo chef prepare --recipe-path recipe.json --bin onlyswaps-smoketest +RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ + --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ + --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \ + cargo chef cook --release --recipe-path recipe.json --bin onlyswaps-smoketest + +RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ + --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ + --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \ + cargo build --release -p onlyswaps-smoketest + +# We do not need the Rust toolchain to run the binary! +FROM debian:bookworm-slim AS runtime +RUN apt-get update && apt-get install -y libssl3 dnsutils +WORKDIR /app +COPY --from=builder /app/target/release/onlyswaps-smoketest /usr/local/bin +ENTRYPOINT ["/usr/local/bin/onlyswaps-smoketest"] diff --git a/bin/onlyswaps-solver/Dockerfile b/bin/onlyswaps-solver/Dockerfile new file mode 100644 index 00000000..701ac860 --- /dev/null +++ b/bin/onlyswaps-solver/Dockerfile @@ -0,0 +1,51 @@ +# This ARG is overridden by Bake contexts to 'target:rust-base-internal' +# If built via 'docker build', it defaults to the slow but working chef image. +ARG base_stage_alias=lukemathwalker/cargo-chef:latest-rust-1.92 +FROM ${base_stage_alias} AS builder +RUN apt-get update \ + && apt-get install -y protobuf-compiler \ + && rm -rf /var/lib/apt/lists/* +WORKDIR /app + +RUN cargo install cargo-chef sccache --locked + +ENV RUSTC_WRAPPER=sccache \ + SCCACHE_DIR=/sccache + +# Build application +COPY Cargo.toml Cargo.lock ./ + +COPY bin/onlyswaps-solver/ ./bin/onlyswaps-solver +COPY crates/agent-utils ./crates/agent-utils +COPY crates/config ./crates/config +COPY crates/onlyswaps-client ./crates/onlyswaps-client +COPY crates/omnievent ./crates/omnievent +COPY crates/generated ./crates/generated +COPY crates/utils ./crates/utils +COPY crates/superalloy ./crates/superalloy +COPY modules/dcipher-proto ./modules/dcipher-proto + +RUN cargo chef prepare --recipe-path recipe.json --bin onlyswaps-solver +RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ + --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ + --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \ + cargo chef cook --release --recipe-path recipe.json --bin onlyswaps-solver + +RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ + --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ + --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \ + cargo build --release -p onlyswaps-solver --bin onlyswaps-solver --all-features + +# We do not need the Rust toolchain to run the binary! +FROM debian:bookworm-slim AS runtime +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + openssl \ + curl && \ + rm -rf /var/lib/apt/lists/* +WORKDIR /app +COPY --from=builder /app/target/release/onlyswaps-solver /usr/local/bin +# probably want to use a real config :) +COPY ./bin/onlyswaps-solver/config-default.toml /app/config.toml +ENTRYPOINT ["/usr/local/bin/onlyswaps-solver", "--config", "/app/config.toml"] diff --git a/bin/onlyswaps-state-api/Dockerfile b/bin/onlyswaps-state-api/Dockerfile new file mode 100644 index 00000000..68ca7cc6 --- /dev/null +++ b/bin/onlyswaps-state-api/Dockerfile @@ -0,0 +1,43 @@ +# This ARG is overridden by Bake contexts to 'target:rust-base-internal' +# If built via 'docker build', it defaults to the slow but working chef image. +ARG base_stage_alias=lukemathwalker/cargo-chef:latest-rust-1.92 +FROM ${base_stage_alias} AS builder +RUN apt-get update \ + && apt-get install -y protobuf-compiler \ + && rm -rf /var/lib/apt/lists/* +WORKDIR /app + +RUN cargo install cargo-chef sccache --locked + +ENV RUSTC_WRAPPER=sccache \ + SCCACHE_DIR=/sccache + +# Build application +COPY Cargo.toml Cargo.lock ./ + +COPY bin/onlyswaps-state-api/ ./bin/onlyswaps-state-api +COPY crates/agent-utils ./crates/agent-utils +COPY crates/config ./crates/config +COPY crates/generated ./crates/generated +COPY crates/omnievent ./crates/omnievent +COPY crates/superalloy ./crates/superalloy +COPY crates/utils ./crates/utils +COPY modules/dcipher-proto ./modules/dcipher-proto + +RUN cargo chef prepare --recipe-path recipe.json --bin onlyswaps-state-api +RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ + --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ + --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \ + cargo chef cook --release --recipe-path recipe.json --bin onlyswaps-state-api + +RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ + --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ + --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \ + cargo build --release -p onlyswaps-state-api --bin onlyswaps-state-api + +# We do not need the Rust toolchain to run the binary! +FROM debian:bookworm-slim AS runtime +RUN apt-get update && apt-get install -y libssl3 dnsutils +WORKDIR /app +COPY --from=builder /app/target/release/onlyswaps-state-api /usr/local/bin +ENTRYPOINT ["/usr/local/bin/onlyswaps-state-api"] diff --git a/bin/onlyswaps-verifier/Dockerfile b/bin/onlyswaps-verifier/Dockerfile new file mode 100644 index 00000000..5bb7e5c6 --- /dev/null +++ b/bin/onlyswaps-verifier/Dockerfile @@ -0,0 +1,46 @@ +# This ARG is overridden by Bake contexts to 'target:rust-base-internal' +# If built via 'docker build', it defaults to the slow but working chef image. +ARG base_stage_alias=lukemathwalker/cargo-chef:latest-rust-1.92 +FROM ${base_stage_alias} AS builder + +RUN apt-get update \ + && apt-get install -y protobuf-compiler \ + && rm -rf /var/lib/apt/lists/* +WORKDIR /app + +RUN cargo install cargo-chef sccache --locked + +ENV RUSTC_WRAPPER=sccache \ + SCCACHE_DIR=/sccache + +# Build application +COPY Cargo.toml Cargo.lock ./ + +COPY bin/onlyswaps-verifier/ ./bin/onlyswaps-verifier +COPY crates/agent-utils ./crates/agent-utils +COPY crates/config ./crates/config +COPY crates/generated ./crates/generated +COPY crates/network ./crates/network +COPY crates/omnievent ./crates/omnievent +COPY crates/signer ./crates/signer +COPY crates/superalloy ./crates/superalloy +COPY crates/utils ./crates/utils +COPY modules/dcipher-proto ./modules/dcipher-proto + +RUN cargo chef prepare --recipe-path recipe.json --bin onlyswaps-verifier +RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ + --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ + --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \ + cargo chef cook --release --recipe-path recipe.json --bin onlyswaps-verifier + +RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ + --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ + --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \ + cargo build --release -p onlyswaps-verifier --bin onlyswaps-verifier + +# We do not need the Rust toolchain to run the binary! +FROM debian:bookworm-slim AS runtime +RUN apt-get update && apt-get install -y libssl3 dnsutils +WORKDIR /app +COPY --from=builder /app/target/release/onlyswaps-verifier /usr/local/bin +ENTRYPOINT ["/usr/local/bin/onlyswaps-verifier", "start"] diff --git a/bin/randomness-agent/Dockerfile b/bin/randomness-agent/Dockerfile new file mode 100644 index 00000000..a770ca3d --- /dev/null +++ b/bin/randomness-agent/Dockerfile @@ -0,0 +1,45 @@ +# This ARG is overridden by Bake contexts to 'target:rust-base-internal' +# If built via 'docker build', it defaults to the slow but working chef image. +ARG base_stage_alias=lukemathwalker/cargo-chef:latest-rust-1.92 +FROM ${base_stage_alias} AS builder +RUN apt-get update \ + && apt-get install -y protobuf-compiler \ + && rm -rf /var/lib/apt/lists/* +WORKDIR /app + +RUN cargo install cargo-chef sccache --locked + +ENV RUSTC_WRAPPER=sccache \ + SCCACHE_DIR=/sccache + +# Build application +COPY Cargo.toml Cargo.lock ./ + +COPY bin/randomness-agent/ ./bin/randomness-agent +COPY crates/config ./crates/config +COPY crates/dcipher-agents ./crates/dcipher-agents +COPY crates/generated ./crates/generated +COPY crates/network ./crates/network +COPY crates/signer ./crates/signer +COPY crates/superalloy ./crates/superalloy +COPY crates/utils ./crates/utils +COPY crates/omnievent ./crates/omnievent +COPY modules/dcipher-proto ./modules/dcipher-proto + +RUN cargo chef prepare --recipe-path recipe.json --bin randomness-agent +RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ + --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ + --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \ + cargo chef cook --release --recipe-path recipe.json + +RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ + --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ + --mount=type=cache,target=$SCCACHE_DIR,sharing=locked \ + cargo build --release -p randomness-agent --example randomness + +# We do not need the Rust toolchain to run the binary! +FROM debian:bookworm-slim AS runtime +RUN apt-get update && apt-get install -y libssl3 dnsutils +WORKDIR /app +COPY --from=builder /app/target/release/examples/randomness /usr/local/bin +ENTRYPOINT ["/usr/local/bin/randomness"] diff --git a/crates/adkg/src/scheme.rs b/crates/adkg/src/scheme.rs index e9222279..8a853fad 100644 --- a/crates/adkg/src/scheme.rs +++ b/crates/adkg/src/scheme.rs @@ -26,7 +26,7 @@ use utils::serialize::SerializationError; use utils::serialize::fq::{FqDeserialize, FqSerialize}; use utils::serialize::point::{PointDeserializeCompressed, PointSerializeCompressed}; -pub const ADKG_VERSION: &str = "v0.1"; +pub const ADKG_VERSION: &str = "v0.2"; #[derive(Clone, Debug, Serialize, Deserialize)] pub struct AdkgSchemeConfig { diff --git a/docker-bake.hcl b/docker-bake.hcl new file mode 100644 index 00000000..08589f7a --- /dev/null +++ b/docker-bake.hcl @@ -0,0 +1,167 @@ +# Docker Buildx Bake file for building all bin binaries + +variable "TAG" { + default = "latest" +} + +variable "SHA" { + default = "" +} + +variable "REGISTRY" { + default = "" +} + +# Sanitize TAG by replacing / with - (branch names like "docker/bake" become "docker-bake") +sanitized_tag = replace(TAG, "/", "-") + +# Helper function to generate image tags +function "image_tags" { + params = [name] + result = REGISTRY != "" ? ( + SHA != "" ? [ + "${REGISTRY}/${name}:${sanitized_tag}", + "${REGISTRY}/${name}:${substr(SHA, 0, 7)}" + ] : [ + "${REGISTRY}/${name}:${sanitized_tag}" + ] + ) : ( + SHA != "" ? [ + "${name}:${sanitized_tag}", + "${name}:${SHA}", + "${name}:${substr(SHA, 0, 7)}" + ] : [ + "${name}:${sanitized_tag}" + ] + ) +} + +target "docker-metadata-action" {} + +# --- CI CACHE TARGETS --- + +target "rust-base-internal" { + context = "." + dockerfile = "bin/Dockerfile.base" + target = "rust-base-internal" +} + +# --- COMMON CONFIGURATION --- + +target "rust-binary-common" { + inherits = ["docker-metadata-action"] + context = "." + # This creates a proper dependency: binary targets wait for rust-base-internal to build first + contexts = { + rust-base-internal = "target:rust-base-internal" + } + args = { + base_stage_alias = "rust-base-internal" + } +} + +# --- BINARY TARGETS --- + +target "adkg-cli" { + inherits = ["rust-binary-common"] + dockerfile = "bin/adkg-cli/Dockerfile" + tags = image_tags("adkg-cli") + labels = { + "org.opencontainers.image.title" = "adkg-cli" + "org.opencontainers.image.description" = "ADKG CLI tool" + } +} + +target "blocklock-agent" { + inherits = ["rust-binary-common"] + dockerfile = "bin/blocklock-agent/Dockerfile" + tags = image_tags("blocklock-agent") + labels = { + "org.opencontainers.image.title" = "blocklock-agent" + "org.opencontainers.image.description" = "Blocklock Agent" + } +} + +target "monitoring" { + inherits = ["rust-binary-common"] + dockerfile = "bin/monitoring/Dockerfile" + tags = image_tags("monitoring") + labels = { + "org.opencontainers.image.title" = "monitoring" + "org.opencontainers.image.description" = "Monitoring service" + } +} + +target "onlyswaps-smoketest" { + inherits = ["rust-binary-common"] + dockerfile = "bin/onlyswaps-smoketest/Dockerfile" + tags = image_tags("onlyswaps-smoketest") + labels = { + "org.opencontainers.image.title" = "onlyswaps-smoketest" + "org.opencontainers.image.description" = "OnlySwaps Smoketest" + } +} + +target "onlyswaps-solver" { + inherits = ["rust-binary-common"] + dockerfile = "bin/onlyswaps-solver/Dockerfile" + tags = image_tags("onlyswaps-solver") + labels = { + "org.opencontainers.image.title" = "onlyswaps-solver" + "org.opencontainers.image.description" = "OnlySwaps Solver" + } +} + +target "onlyswaps-state-api" { + inherits = ["rust-binary-common"] + dockerfile = "bin/onlyswaps-state-api/Dockerfile" + tags = image_tags("onlyswaps-state-api") + labels = { + "org.opencontainers.image.title" = "onlyswaps-state-api" + "org.opencontainers.image.description" = "OnlySwaps State API" + } +} + +target "onlyswaps-verifier" { + inherits = ["rust-binary-common"] + dockerfile = "bin/onlyswaps-verifier/Dockerfile" + tags = image_tags("onlyswaps-verifier") + labels = { + "org.opencontainers.image.title" = "onlyswaps-verifier" + "org.opencontainers.image.description" = "OnlySwaps Verifier" + } +} + +target "randomness-agent" { + inherits = ["rust-binary-common"] + dockerfile = "bin/randomness-agent/Dockerfile" + tags = image_tags("randomness-agent") + labels = { + "org.opencontainers.image.title" = "randomness-agent" + "org.opencontainers.image.description" = "Randomness Agent" + } +} + +target "dsigner-legacy-http" { + inherits = ["rust-binary-common"] + dockerfile = "bin/dsigner/examples/dsigner_legacy_http/Dockerfile" + tags = image_tags("dsigner-legacy-http") + labels = { + "org.opencontainers.image.title" = "dsigner-legacy-http" + "org.opencontainers.image.description" = "DSigner Legacy HTTP" + } +} + +group "default" { + targets = [ + "adkg-cli", + "blocklock-agent", + "monitoring", + "onlyswaps-smoketest", + "onlyswaps-solver", + "onlyswaps-state-api", + "onlyswaps-verifier", + "randomness-agent", + "dsigner-legacy-http", + ] +} \ No newline at end of file