adjust docker file

allora-network · Jan 9, 2024 · 0c97be2 · 0c97be2
1 parent fa83b6b
commit 0c97be2
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 42 deletions.
diff --git a/.github/workflows/deploy_aws_staging.yml → .github/workflows/build_push_ecr.yml b/.github/workflows/deploy_aws_staging.yml → .github/workflows/build_push_ecr.yml
@@ -40,22 +40,6 @@ jobs:
           IMAGE_TAG: ${{ github.sha }}
         run: |
           # Build a docker container and push it to ECR so that it can be deployed to ECS.
-          docker build -f docker/Dockerfile --build-arg "ghcr_token=${{ secrets.GHCR_TOKEN }}" -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+          docker build -f docker/Dockerfile --build-arg "GH_TOKEN=${{ secrets.GHCR_TOKEN }}" -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
           docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
           echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> "$GITHUB_OUTPUT"
-
-      # - name: Fill in the new image ID in the Amazon ECS task definition
-      #   id: compute-node-task-def
-      #   uses: aws-actions/amazon-ecs-render-task-definition@v1
-      #   with:
-      #     task-definition: infra/staging-task-def.json
-      #     container-name: upshot-compute-node
-      #     image: ${{ steps.compute-node-build-image.outputs.image }}
-
-      # - name: upshot-compute-node - Deploy Amazon ECS task definition
-      #   uses: aws-actions/amazon-ecs-deploy-task-definition@v1
-      #   with:
-      #     task-definition: ${{ steps.compute-node-task-def.outputs.task-definition }}
-      #     service: upshot-compute-node
-      #     cluster: upshot-backend-staging
-      #     # wait-for-service-stability: true
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -8,68 +8,72 @@ RUN go mod download && \
     make all
 
 ###########################
-FROM --platform=linux/amd64 debian:bookworm-slim
-
-ARG ghcr_token
+FROM --platform=linux/amd64 python:3.12-slim-bookworm
 
 WORKDIR /app
 
 ## curl, unzip other utilities
+#! libssl-dev - BLS_RUNTIME dependency
+#! gh - to doenaload release from priv repo
 RUN apt update && \
     apt -y dist-upgrade && \
     apt install -y --no-install-recommends \
       tzdata \
       curl \
       unzip \
-      pv \
       ca-certificates \
-      gnupg2 \
-      python3 \
-      python3-pip && \
+      libssl-dev \
+      gh && \
     rm -rf /var/cache/apt/*
 
 # gomplete for updating config with env vars
-RUN curl -o ./gomplate -sSL https://github.com/hairyhenderson/gomplate/releases/download/v3.10.0/gomplate_linux-amd64 && \
-    chmod 755 gomplate
+RUN GOMPLATE_VER=v3.11.6 && \
+    curl -o /usr/local/bin/gomplate -sSL https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VER}/gomplate_linux-amd64 && \
+    chmod 755 /usr/local/bin/gomplate
 
 # get the runtime
-RUN curl -o ./runtime.tar.gz -sSL https://github.com/blocklessnetwork/runtime/releases/download/v0.3.1/blockless-runtime.ubuntu-20.04.x86_64.tar.gz && \
+ARG GH_TOKEN
+RUN BLS_RUNTIME_VER=v0.3.1 && \
+    curl -o ./runtime.tar.gz -sSL https://github.com/blocklessnetwork/bls-runtime/releases/download/${BLS_RUNTIME_VER}/blockless-runtime.linux-latest.x86_64.tar.gz && \
     mkdir /app/runtime && \
     tar -xvkf ./runtime.tar.gz -C /app/runtime && \
     rm ./runtime.tar.gz
 
-
+ARG GH_TOKEN
 # get the upshot-extension
-RUN curl -L -s -H "Authorization: token ${ghcr_token}" -H 'Accept:application/octet-stream' \
-      "https://api.github.com/repos/upshot-tech/upshot-blockless-extension/releases/assets/142012669" \
-      -o upshot-extension.tar.gz && \
+RUN BLS_EXTENSION_VER="dev.3" && \
+    gh release download \
+      --repo "upshot-tech/upshot-blockless-extension" \
+      --pattern '*linux-amd64.tar.gz' \
+      --output upshot-extension.tar.gz && \
     mkdir /app/runtime/extensions && \
     tar -xvkf ./upshot-extension.tar.gz -C /app/runtime/extensions && \
     rm ./upshot-extension.tar.gz
 
-# libssl 1.1
-RUN curl -o ./libssl.deb -sSL http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.0g-2ubuntu4_amd64.deb && \
-    dpkg -i ./libssl.deb && \
-    rm ./libssl.deb
-
-# Install AWS CLI so we can use to backup to IPFS s3 compatible storage providers
-RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \
-    unzip awscliv2.zip -d /usr/src && \
-    rm -f awscliv2.zip && \
-    /usr/src/aws/install --bin-dir /usr/bin
-
 ## setup
 RUN mkdir /app/keys
 COPY --from=builder /src/dist/upshot-node upshot-node
 COPY --from=builder /src/dist/upshot-keys upshot-keys
 
+# Smoke test
+RUN /app/runtime/bls-runtime --help && \
+    /app/runtime/extensions/upshot-blockless-extension --help
+
+# TODO: to decrease number of installed tools, => size of the image and Increase security posture
+#       should move aws cli into another image
+# Install AWS CLI so we can use to backup to IPFS s3 compatible storage providers
+RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
+  && unzip awscliv2.zip -d /usr/src && rm -f awscliv2.zip \
+  && /usr/src/aws/install --bin-dir /usr/bin
+
 ## run script
 COPY ./docker/run.sh ./run.sh
 RUN chmod +x ./run.sh
 
 ENV AWS_ACCESS_KEY_ID=
 ENV AWS_SECRET_ACCESS_KEY=
 ENV S3_HOST="${S3_HOST:-https://s3.filebase.com}"
+
 ENV KEY_PATH=""
 ENV KEY_PASSWORD=""
 ENV CHAIN_RPC_NODE="http://0.0.0.0:26657"