diff --git a/.github/workflows/publish-ghcr.yaml.yml b/.github/workflows/publish-ghcr.yaml.yml index 57bae057..8e671098 100644 --- a/.github/workflows/publish-ghcr.yaml.yml +++ b/.github/workflows/publish-ghcr.yaml.yml @@ -4,15 +4,32 @@ on: push: branches: [master] -jobs: - build-andpush: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 +env: + GHCR_IMAGE: ghcr.io/${{ secrets.GHCR_USERNAME }}/${{ github.event.repository.name }} - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 +jobs: + build: + strategy: + fail-fast: false + matrix: + include: + - platform: linux/amd64 + runner: ubuntu-latest + - platform: linux/arm64 + runner: ubuntu-24.04-arm + runs-on: ${{ matrix.runner }} + name: Build Docker image for ${{ matrix.platform }} + steps: + - name: Prepare + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.GHCR_IMAGE }} - name: Log in to GHCR uses: docker/login-action@v3 @@ -21,18 +38,83 @@ jobs: username: ${{ secrets.GHCR_USERNAME }} password: ${{ secrets.GHCR_TOKEN }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Checkout code + uses: actions/checkout@v6 + + - name: Build and push by digest + id: build + uses: docker/build-push-action@v6 + with: + provenance: false # Disable provenance to avoid unknown/unknown + sbom: false # Disable sbom to avoid unknown/unknown + platforms: ${{ matrix.platform }} + labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.annotations }} + tags: ${{ env.GHCR_IMAGE }} + outputs: type=image,push-by-digest=true,name-canonical=true,push=true + + - name: Export digest + run: | + mkdir -p ${{ runner.temp }}/digests + digest="${{ steps.build.outputs.digest }}" + touch "${{ runner.temp }}/digests/${digest#sha256:}" + + - name: Upload digest + uses: actions/upload-artifact@v6 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: ${{ runner.temp }}/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + name: Merge Docker manifests + runs-on: ubuntu-latest + needs: + - build + steps: + - name: Download digests + uses: actions/download-artifact@v7 + with: + path: ${{ runner.temp }}/digests + pattern: digests-* + merge-multiple: true + + - name: Log in to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ secrets.GHCR_USERNAME }} + password: ${{ secrets.GHCR_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Checkout code + uses: actions/checkout@v6 + - name: Generate image tag id: vars run: echo "tag=$(awk -F'"' '/^version/{ print $2; exit; }' Cargo.toml)" >> $GITHUB_OUTPUT - - name: Build and push Docker image - uses: docker/build-push-action@v5 + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 with: - context: . - file: ./Dockerfile - push: true + images: ${{ env.GHCR_IMAGE }} tags: | - ghcr.io/${{ secrets.GHCR_USERNAME }}/grin:latest - ghcr.io/${{ secrets.GHCR_USERNAME }}/grin:${{ steps.vars.outputs.tag }} - cache-from: type=gha - cache-to: type=gha,mode=max \ No newline at end of file + type=raw,value=${{ steps.vars.outputs.tag }},enable=true + type=raw,value=latest,enable=true + + - name: Create manifest list and push + working-directory: ${{ runner.temp }}/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.GHCR_IMAGE }}@sha256:%s ' *) + + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ env.GHCR_IMAGE }}:${{ steps.meta.outputs.version }} \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 489018fe..a401987c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,17 +14,22 @@ FROM debian:trixie-slim COPY --from=builder /usr/src/grin/target/release/grin /usr/local/bin/grin RUN apt update && \ - apt install -y libncursesw5-dev + apt install -y libncursesw5-dev && \ + apt-get install -y ca-certificates && update-ca-certificates # Create mainnet config WORKDIR /root/.grin/main RUN grin server config RUN sed -i '/^run_tui /s/=.*$/= false/' grin-server.toml +RUN sed -i '/^api_http_addr /s/=.*$/= "0.0.0.0:3413"/' grin-server.toml # Create testnet config WORKDIR /root/.grin/test RUN grin --testnet server config RUN sed -i '/^run_tui /s/=.*$/= false/' grin-server.toml +RUN sed -i '/^api_http_addr /s/=.*$/= "0.0.0.0:13413"/' grin-server.toml + +VOLUME ["/root/.grin"] # Mainnet ports EXPOSE 3413 3414 @@ -36,5 +41,5 @@ EXPOSE 13413 13414 EXPOSE 3416 WORKDIR /root/.grin -ENTRYPOINT ["grin"] +ENTRYPOINT ["grin", "--no-tui"] CMD ["server", "run"] \ No newline at end of file