From 98547ab5d2da99d2106c05b0cf665ab2a86b312e Mon Sep 17 00:00:00 2001 From: Luca Steeb Date: Wed, 11 Sep 2024 15:38:10 -0400 Subject: [PATCH] Add Docker-based CI/CD workflow for publishing (#3) --- .dockerignore | 3 ++ .github/workflows/publish.yml | 77 +++++++++++++++++++++++++++++++++++ Dockerfile | 37 +++++++++++++++++ 3 files changed, 117 insertions(+) create mode 100644 .dockerignore create mode 100644 .github/workflows/publish.yml create mode 100644 Dockerfile diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..5dd138b --- /dev/null +++ b/.dockerignore @@ -0,0 +1,3 @@ +.git/ +.idea/ +target/ diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..3117404 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,77 @@ +name: release + +on: + workflow_dispatch: + push: + branches: + - hotfix + tags: + - "v*" + +env: + CARGO_TERM_COLOR: always + REGISTRY: ghcr.io + +jobs: + publish: + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + attestations: write + id-token: write + + steps: + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Cache Docker layers + uses: actions/cache@v4 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.ref_name }}-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-${{ github.ref_name }} + ${{ runner.os }}-buildx- + + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ github.repository }} + + - name: Build and push Docker image + id: push + uses: docker/build-push-action@v6 + with: + context: . + file: ./Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ github.repository }} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true + + - # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..2aafea2 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,37 @@ +FROM rust:1-alpine AS chef +RUN rustup install 1.79.0 +RUN rustup component add cargo clippy rust-docs rust-std rustc rustfmt + +# Use apk for package management in Alpine +RUN apk add --no-cache build-base libressl-dev +RUN cargo install cargo-chef + +FROM chef AS planner + +WORKDIR /app +COPY . . +RUN cargo chef prepare --recipe-path recipe.json + +FROM chef AS builder + +WORKDIR /app +COPY --from=planner /app/recipe.json recipe.json +# Build dependencies - this is the caching Docker layer! +RUN cargo chef cook --release --recipe-path recipe.json +RUN cargo build --release + +# Build application +COPY . . +ENV PATH="/root/.cargo/bin:${PATH}" + +RUN cargo build --release + +FROM rust:1-alpine + +WORKDIR / + +COPY --from=builder /app/target/release/vrf_demo-rpc-server /usr/local/bin/server + +EXPOSE 3000 + +ENTRYPOINT [ "server" ]