fix: reintroduce gaia docker builds (cosmos#3199)

* Set UID and GUID to 1025 in Dockerfile This is for compatibility with interchaintest, since it will chown files to that UID/GUID * Reenable docker builds. They execute on the main branch, releases, and on workflow dispatch. Also get rid of the Dockerfile and use just the e2e one * add changelog entry * Only run docker build on GIT_DIFF * Nightly docker builds, plus add a DOCKER_README
fastfadingviolets · Jul 16, 2024 · f25c0c6 · f25c0c6
1 parent f4db77a
commit f25c0c6
Show file tree

Hide file tree

Showing 6 changed files with 73 additions and 50 deletions.
diff --git a/.changelog/unreleased/improvements/3199-add-docker-build.md b/.changelog/unreleased/improvements/3199-add-docker-build.md
@@ -0,0 +1,2 @@
+- Reintroduce docker builds for gaia and make them compatible with
+  interchaintest ([\#3199](https://github.com/cosmos/gaia/pull/3199))
diff --git a/.github/workflows/docker-push.yml b/.github/workflows/docker-push.yml
@@ -2,8 +2,11 @@
 name: Create and publish a Docker image
 
 on:
-  push:
-    branches: ['release']
+  schedule:
+    - cron: "0 0 * * *"
+  release:
+    types: [published]
+  workflow_dispatch:
 
 env:
   REGISTRY: ghcr.io
@@ -20,6 +23,19 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      - uses: technote-space/[email protected]
+        id: git_diff
+        with:
+          PATTERNS: |
+            **/*.go
+            go.mod
+            go.sum
+            **/go.mod
+            **/go.sum
+            **/Makefile
+            Makefile
+            Dockerfile
+
       - name: Log in to the Container registry
         uses: docker/[email protected]
         with:
@@ -32,20 +48,14 @@ jobs:
         uses: docker/[email protected]
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          flavor: "latest=false"
 
-      - name: Build and push Docker image
-        uses: docker/build-push-action@v5.4.0
+      - name: Build and push docker image
+        uses: docker/build-push-action@v6.1.0
         with:
           context: .
+          file: Dockerfile
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-
-      - name: Build and push e2e docker image
-        uses: docker/[email protected]
-        with:
-          context: .
-          file: Dockerfile.e2e
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}-e2e
-          labels: ${{ steps.meta.outputs.labels }}
+        if: env.GIT_DIFF
diff --git a/DOCKER_README.md b/DOCKER_README.md
@@ -0,0 +1,42 @@
+# Gaia Docker image
+
+There's a `gaia` docker image built on a nightly basis, as well as for every
+release tag, and pushed to `ghcr.io/cosmos/gaia`. It's built from the
+[`Dockerfile`](./Dockerfile) in this directory.
+
+The images contain statically compiled `gaiad` binaries running on an `alpine`
+container. By default, `gaiad` runs as user `nonroot`, with UID/GUID `1025`.
+The image exposes ports `26656,26657,1317,9090`. This is how the `gaiad` is
+compiled:
+
+```Dockerfile
+RUN LEDGER_ENABLED=false LINK_STATICALLY=true BUILD_TAGS=muslc make build
+```
+
+Since the image has an entrypoint of `gaiad start`, you can use it to start a
+node by mounting in a `.gaia` config directory. So, for instance, you can start
+a `v17.3.0` node running a chain configured at `$HOME/.gaia` by running:
+
+```bash
+docker run --rm -it -v "$HOME/.gaia:/opt/gaia" ghcr.io/cosmos/gaia:v17.3.0 --home /opt/gaia
+```
+
+Of course, you can also use the images to just run generic gaia commands:
+
+```bash
+docker run --rm -it --entrypoint gaiad -v "$HOME/.gaia:/opt/gaia" ghcr.io/cosmos/gaia:v17.3.0 q tendermint-validator-set --home /opt/gaia
+```
+
+## Building
+
+The images are built by workflow
+[docker-push.yml](./.github/workflows/docker-push.yml). This workflow is
+invoked on release as well as every night, and may be invoked manually by
+people to build an arbitrary branch. It uses the `docker/metadata-action` to
+decide how to tag the image, according to the following rules:
+
+* If invoked via schedule, the image is tagged `nightly` and `main` (since it's a build of the `main` branch)
+* If invoked from a release, including an rc, it is tagged with the release tag
+* If invoked manually on a branch, it is tagged with the branch name
+
+**NOTE:** To avoid surprising users, there is no `latest` tag generated.
diff --git a/Dockerfile b/Dockerfile
@@ -1,9 +1,10 @@
+# Info on how to use this docker image can be found in DOCKER_README.md
 ARG IMG_TAG=latest
 
 # Compile the gaiad binary
 FROM golang:1.22-alpine AS gaiad-builder
 WORKDIR /src/app/
-ENV PACKAGES="curl make git libc-dev bash file gcc linux-headers eudev-dev python3"
+ENV PACKAGES="curl make git libc-dev bash file gcc linux-headers eudev-dev"
 RUN apk add --no-cache $PACKAGES
 
 # See https://github.com/CosmWasm/wasmvm/releases
@@ -18,13 +19,14 @@ COPY go.mod go.sum* ./
 RUN go mod download
 
 COPY . .
-RUN LEDGER_ENABLED=true LINK_STATICALLY=true BUILD_TAGS=muslc make build
+RUN LEDGER_ENABLED=false LINK_STATICALLY=true BUILD_TAGS=muslc make build
 RUN echo "Ensuring binary is statically linked ..."  \
     && file /src/app/build/gaiad | grep "statically linked"
 
 FROM alpine:$IMG_TAG
 RUN apk add --no-cache build-base
-RUN adduser -D nonroot
+RUN addgroup -g 1025 nonroot
+RUN adduser -D nonroot -u 1025 -G nonroot
 ARG IMG_TAG
 COPY --from=gaiad-builder  /src/app/build/gaiad /usr/local/bin/
 EXPOSE 26656 26657 1317 9090

diff --git a/Makefile b/Makefile
@@ -285,7 +285,7 @@ endif
 .PHONY: run-tests $(TEST_TARGETS)
 
 docker-build-debug:
-	@docker build -t cosmos/gaiad-e2e -f e2e.Dockerfile .
+	@docker build -t cosmos/gaiad-e2e -f Dockerfile .
 
 # TODO: Push this to the Cosmos Dockerhub so we don't have to keep building it
 # in CI.

diff --git a/e2e.Dockerfile b/e2e.Dockerfile