-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #5394 from filecoin-project/nonsense/circleci-aws-…
…ecr-integration add job to build Lotus docker image and push it to AWS ECR private (or public) repo
- Loading branch information
Showing
2 changed files
with
188 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,7 @@ | ||
| version: 2.1 | ||
| orbs: | ||
| go: gotest/[email protected] | ||
| aws-cli: circleci/[email protected] | ||
|
|
||
| executors: | ||
| golang: | ||
|
|
@@ -447,6 +448,114 @@ jobs: | |
| name: Publish release | ||
| command: ./scripts/publish-release.sh | ||
|
|
||
| build-and-push-image: | ||
| description: build and push docker images to public AWS ECR registry | ||
| executor: aws-cli/default | ||
| parameters: | ||
| profile-name: | ||
| type: string | ||
| default: "default" | ||
| description: AWS profile name to be configured. | ||
|
|
||
| aws-access-key-id: | ||
| type: env_var_name | ||
| default: AWS_ACCESS_KEY_ID | ||
| description: > | ||
| AWS access key id for IAM role. Set this to the name of | ||
| the environment variable you will set to hold this | ||
| value, i.e. AWS_ACCESS_KEY. | ||
| aws-secret-access-key: | ||
| type: env_var_name | ||
| default: AWS_SECRET_ACCESS_KEY | ||
| description: > | ||
| AWS secret key for IAM role. Set this to the name of | ||
| the environment variable you will set to hold this | ||
| value, i.e. AWS_SECRET_ACCESS_KEY. | ||
| region: | ||
| type: env_var_name | ||
| default: AWS_REGION | ||
| description: > | ||
| Name of env var storing your AWS region information, | ||
| defaults to AWS_REGION | ||
| account-url: | ||
| type: env_var_name | ||
| default: AWS_ECR_ACCOUNT_URL | ||
| description: > | ||
| Env var storing Amazon ECR account URL that maps to an AWS account, | ||
| e.g. {awsAccountNum}.dkr.ecr.us-west-2.amazonaws.com | ||
| defaults to AWS_ECR_ACCOUNT_URL | ||
| dockerfile: | ||
| type: string | ||
| default: Dockerfile | ||
| description: Name of dockerfile to use. Defaults to Dockerfile. | ||
|
|
||
| path: | ||
| type: string | ||
| default: . | ||
| description: Path to the directory containing your Dockerfile and build context. Defaults to . (working directory). | ||
|
|
||
| extra-build-args: | ||
| type: string | ||
| default: "" | ||
| description: > | ||
| Extra flags to pass to docker build. For examples, see | ||
| https://docs.docker.com/engine/reference/commandline/build | ||
| repo: | ||
| type: string | ||
| description: Name of an Amazon ECR repository | ||
|
|
||
| tag: | ||
| type: string | ||
| default: "latest" | ||
| description: A comma-separated string containing docker image tags to build and push (default = latest) | ||
|
|
||
| steps: | ||
| - aws-cli/setup: | ||
| profile-name: <<parameters.profile-name>> | ||
| aws-access-key-id: <<parameters.aws-access-key-id>> | ||
| aws-secret-access-key: <<parameters.aws-secret-access-key>> | ||
| aws-region: <<parameters.region>> | ||
|
|
||
| - run: | ||
| name: Log into Amazon ECR | ||
| command: | | ||
| aws ecr-public get-login-password --region $<<parameters.region>> --profile <<parameters.profile-name>> | docker login --username AWS --password-stdin $<<parameters.account-url>> | ||
| - checkout | ||
|
|
||
| - setup_remote_docker: | ||
| version: 19.03.13 | ||
| docker_layer_caching: false | ||
|
|
||
| - run: | ||
| name: Build docker image | ||
| command: | | ||
| registry_id=$(echo $<<parameters.account-url>> | sed "s;\..*;;g") | ||
| docker_tag_args="" | ||
| IFS="," read -ra DOCKER_TAGS \<<< "<< parameters.tag >>" | ||
| for tag in "${DOCKER_TAGS[@]}"; do | ||
| docker_tag_args="$docker_tag_args -t $<<parameters.account-url>>/<<parameters.repo>>:$tag" | ||
| done | ||
| docker build \ | ||
| <<#parameters.extra-build-args>><<parameters.extra-build-args>><</parameters.extra-build-args>> \ | ||
| -f <<parameters.path>>/<<parameters.dockerfile>> \ | ||
| $docker_tag_args \ | ||
| <<parameters.path>> | ||
| - run: | ||
| name: Push image to Amazon ECR | ||
| command: | | ||
| IFS="," read -ra DOCKER_TAGS \<<< "<< parameters.tag >>" | ||
| for tag in "${DOCKER_TAGS[@]}"; do | ||
| docker push $<<parameters.account-url>>/<<parameters.repo>>:${tag} | ||
| done | ||
| workflows: | ||
| version: 2.1 | ||
|
|
@@ -537,3 +646,8 @@ workflows: | |
| tags: | ||
| only: | ||
| - /^v\d+\.\d+\.\d+$/ | ||
| - build-and-push-image: | ||
| dockerfile: Dockerfile.lotus | ||
| path: . | ||
| repo: lotus-dev | ||
| tag: '${CIRCLE_SHA1:0:8}' | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,74 @@ | ||
| FROM golang:1.15.6 AS builder-deps | ||
| MAINTAINER Lotus Development Team | ||
|
|
||
| RUN apt-get update && apt-get install -y ca-certificates build-essential clang ocl-icd-opencl-dev ocl-icd-libopencl1 jq libhwloc-dev | ||
|
|
||
| ARG RUST_VERSION=nightly | ||
| ENV XDG_CACHE_HOME="/tmp" | ||
|
|
||
| ENV RUSTUP_HOME=/usr/local/rustup \ | ||
| CARGO_HOME=/usr/local/cargo \ | ||
| PATH=/usr/local/cargo/bin:$PATH | ||
|
|
||
| RUN wget "https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init"; \ | ||
| chmod +x rustup-init; \ | ||
| ./rustup-init -y --no-modify-path --profile minimal --default-toolchain $RUST_VERSION; \ | ||
| rm rustup-init; \ | ||
| chmod -R a+w $RUSTUP_HOME $CARGO_HOME; \ | ||
| rustup --version; \ | ||
| cargo --version; \ | ||
| rustc --version; | ||
|
|
||
|
|
||
| FROM builder-deps AS builder-local | ||
| MAINTAINER Lotus Development Team | ||
|
|
||
| COPY ./ /opt/filecoin | ||
| WORKDIR /opt/filecoin | ||
| RUN make clean deps | ||
|
|
||
|
|
||
| FROM builder-local AS builder | ||
| MAINTAINER Lotus Development Team | ||
|
|
||
| WORKDIR /opt/filecoin | ||
|
|
||
| ARG RUSTFLAGS="" | ||
| ARG GOFLAGS="" | ||
|
|
||
| RUN make deps lotus lotus-miner lotus-worker lotus-shed lotus-chainwatch lotus-stats | ||
|
|
||
|
|
||
| FROM ubuntu:20.04 AS base | ||
| MAINTAINER Lotus Development Team | ||
|
|
||
| # Base resources | ||
| COPY --from=builder /etc/ssl/certs /etc/ssl/certs | ||
| COPY --from=builder /lib/x86_64-linux-gnu/libdl.so.2 /lib/ | ||
| COPY --from=builder /lib/x86_64-linux-gnu/librt.so.1 /lib/ | ||
| COPY --from=builder /lib/x86_64-linux-gnu/libgcc_s.so.1 /lib/ | ||
| COPY --from=builder /lib/x86_64-linux-gnu/libutil.so.1 /lib/ | ||
| COPY --from=builder /usr/lib/x86_64-linux-gnu/libltdl.so.7 /lib/ | ||
| COPY --from=builder /usr/lib/x86_64-linux-gnu/libnuma.so.1 /lib/ | ||
| COPY --from=builder /usr/lib/x86_64-linux-gnu/libhwloc.so.5 /lib/ | ||
| COPY --from=builder /usr/lib/x86_64-linux-gnu/libOpenCL.so.1 /lib/ | ||
|
|
||
| RUN useradd -r -u 532 -U fc | ||
|
|
||
|
|
||
| FROM base AS lotus | ||
| MAINTAINER Lotus Development Team | ||
|
|
||
| COPY --from=builder /opt/filecoin/lotus /usr/local/bin/ | ||
| COPY --from=builder /opt/filecoin/lotus-shed /usr/local/bin/ | ||
|
|
||
| ENV FILECOIN_PARAMETER_CACHE /var/tmp/filecoin-proof-parameters | ||
| ENV LOTUS_PATH /var/lib/lotus | ||
|
|
||
| RUN mkdir /var/lib/lotus /var/tmp/filecoin-proof-parameters && chown fc /var/lib/lotus /var/tmp/filecoin-proof-parameters | ||
|
|
||
| USER fc | ||
|
|
||
| ENTRYPOINT ["/usr/local/bin/lotus"] | ||
|
|
||
| CMD ["-help"] |