lukechilds
/
docker-bitcoind
mirror of https://github.com/lukechilds/docker-bitcoind.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Improve build system

master
Luke Childs 2 years ago
parent
6ebb1895a7
commit
8fad1387ca
2 changed files with 55 additions and 83 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 74
      .github/workflows/ci.yml
  2. 64
      Dockerfile

74
.github/workflows/ci.yml
View File

@ -1,19 +1,18 @@
name: Docker CI name: Docker CI
on: push on:
push:
branches:
- master
env: env:
DOCKER_BUILDKIT: 1 DOCKER_BUILDKIT: 1
LATEST_TAG: 24.0.1 LATEST_TAG: 24.0.1
jobs: jobs:
build: build:
name: Build name: Build and push to Docker Hub
runs-on: ubuntu-18.04 runs-on: ubuntu-18.04
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
arch:
- amd64
- arm64v8
- arm32v7
version: version:
- "24.0.1" - "24.0.1"
- "23.1" - "23.1"
@ -42,59 +41,14 @@ jobs:
- "0.13.0" - "0.13.0"
steps: steps:
- uses: actions/checkout@v1 - uses: actions/checkout@v1
- name: Register Docker QEMU
if: matrix.arch != 'amd64'
run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- name: Build bitcoind
run: docker build --build-arg ARCH=${{matrix.arch}} --build-arg VERSION=${{matrix.version}} -t bitcoind:v${{matrix.version}}-${{matrix.arch}} .
- name: Log image data
run: docker images bitcoind
- name: Log OS details
run: docker run --entrypoint sh bitcoind:v${{matrix.version}}-${{matrix.arch}} '-c' 'uname -a && . /etc/os-release && echo $PRETTY_NAME'
- name: Check bitcoind -version
run: (docker run bitcoind:v${{matrix.version}}-${{matrix.arch}} -version | tee /dev/stderr | grep -q ${{matrix.version}}) 2>&1
- name: Save image tarballs
run: mkdir -p images && docker save bitcoind:v${{matrix.version}}-${{matrix.arch}} | gzip > "images/bitcoind-v${{matrix.version}}-${{matrix.arch}}.tgz"
- name: Print sha256sum of built image
run: sha256sum images/*
- name: Upload image tarballs
uses: actions/upload-artifact@v1.0.0
with:
name: images
path: images/
publish:
name: Publish
if: github.ref == 'refs/heads/master'
runs-on: ubuntu-18.04
needs: build
steps:
- name: Download image tarballs
uses: actions/download-artifact@v1.0.0
with:
name: images
- name: Print sha256sum of all images
run: sha256sum images/*
- name: Load image tarballs
run: for image in images/*; do docker load -i $image; done
- name: Set image namespace
run: docker images bitcoind --format "{{.Tag}}" | while read -r tag; do docker tag "bitcoind:${tag}" "lukechilds/bitcoind:${tag}"; done
- name: Log image data
run: docker images lukechilds/bitcoind
- name: Login to Docker Hub - name: Login to Docker Hub
run: echo "${{secrets.DOCKER_TOKEN}}" | docker login -u=lukechilds --password-stdin run: echo "${{ secrets.DOCKER_TOKEN }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
- name: Create and push multi-arch manifests
env: - name: Run Docker buildx
DOCKER_CLI_EXPERIMENTAL: enabled # To enable manifests
run: | run: |
versions=$(docker images lukechilds/bitcoind --format "{{.Tag}}" | grep amd64 | cut -d- -f1) docker buildx build \
for version in $versions; do --platform linux/amd64,linux/arm64,linux/arm/v7 \
tags=$(docker images lukechilds/bitcoind --format "{{.Tag}}" | grep $version- | sed 's/^/lukechilds\/bitcoind\:&/') --build-arg VERSION=${{matrix.version}} \
if [[ "${version}" = "v${LATEST_TAG}" ]]; then --tag ${{ secrets.DOCKER_USERNAME }}/bitcoind:v$VERSION \
docker manifest create lukechilds/bitcoind:latest $tags --push .
docker manifest push lukechilds/bitcoind:latest
fi
docker manifest create "lukechilds/bitcoind:${version}" $tags
docker manifest push "lukechilds/bitcoind:${version}"
docker manifest inspect "lukechilds/bitcoind:${version}"
echo
done

64
Dockerfile
View File

@ -1,4 +1,3 @@
ARG ARCH="amd64"
ARG VERSION="0.19.1" ARG VERSION="0.19.1"
ARG LEGACY_BITCOIN_CORE_RELEASE_KEY="01EA5486DE18A882D4C2684590C8019E36C2E964" ARG LEGACY_BITCOIN_CORE_RELEASE_KEY="01EA5486DE18A882D4C2684590C8019E36C2E964"
@ -12,34 +11,53 @@ ARG PIETER_WUILLE="133EAC179436F14A5CF1B794860FEB804E669320"
ARG SJORS_PROVOOST="ED9BDF7AD6A55E232E84524257FF9BDBCC301009" ARG SJORS_PROVOOST="ED9BDF7AD6A55E232E84524257FF9BDBCC301009"
ARG KEYS="${LEGACY_BITCOIN_CORE_RELEASE_KEY} ${ANDREW_CHOW} ${JON_ATACK} ${JONAS_SCHNELLI} ${MATT_CORALLO} ${LUKE_DASHJR} ${PETER_TODD} ${PIETER_WUILLE} ${SJORS_PROVOOST}" ARG KEYS="${LEGACY_BITCOIN_CORE_RELEASE_KEY} ${ANDREW_CHOW} ${JON_ATACK} ${JONAS_SCHNELLI} ${MATT_CORALLO} ${LUKE_DASHJR} ${PETER_TODD} ${PIETER_WUILLE} ${SJORS_PROVOOST}"
FROM $ARCH/debian:stable-slim # Build stage
FROM --platform=$BUILDPLATFORM debian:stable-slim as builder
LABEL maintainer="Luke Childs <lukechilds123@gmail.com>" LABEL maintainer="Luke Childs <lukechilds123@gmail.com>"
ARG TARGETARCH
ARG ARCH ARG ARCH
ARG VERSION ARG VERSION
ARG KEYS ARG KEYS
RUN cd /tmp && \ WORKDIR /build
if [ "${ARCH}" = "amd64" ]; then TARBALL_ARCH=x86_64-linux-gnu; fi && \
if [ "${ARCH}" = "arm64v8" ]; then TARBALL_ARCH=aarch64-linux-gnu; fi && \ RUN echo "Installing build deps"
if [ "${ARCH}" = "arm32v7" ]; then TARBALL_ARCH=arm-linux-gnueabihf; fi && \ RUN apt-get update
TARBALL="bitcoin-${VERSION}-${TARBALL_ARCH}.tar.gz" && \ RUN apt-get install -y wget pgp
apt-get update && \
apt-get install -y wget gpg && \ RUN echo "Deriving tarball name from \$TARGETARCH"
wget https://bitcoincore.org/bin/bitcoin-core-${VERSION}/${TARBALL} && \ RUN [ "${TARGETARCH}" = "amd64" ] && echo "bitcoin-${VERSION}-x86_64-linux-gnu.tar.gz" > /tarball-name || true
# This file only exists after v22 RUN [ "${TARGETARCH}" = "arm64" ] && echo "bitcoin-${VERSION}-aarch64-linux-gnu.tar.gz" > /tarball-name || true
wget https://bitcoincore.org/bin/bitcoin-core-${VERSION}/SHA256SUMS || true && \ RUN [ "${TARGETARCH}" = "arm" ] && echo "bitcoin-${VERSION}-arm-linux-gnueabihf.tar.gz" > /tarball-name || true
wget https://bitcoincore.org/bin/bitcoin-core-${VERSION}/SHA256SUMS.asc && \ RUN echo "Tarball name: $(cat /tarball-name)"
gpg --keyserver keyserver.ubuntu.com --recv-keys $KEYS && \
gpg --verify SHA256SUMS.asc 2>&1 >/dev/null | grep "^gpg: Good signature from" || { echo "No valid signature"; exit 1; } && \ RUN echo "Downloading release assets"
if [ -f SHA256SUMS ]; then CHECKSUM_FILE="SHA256SUMS"; else CHECKSUM_FILE="SHA256SUMS.asc"; fi && \ RUN wget https://bitcoincore.org/bin/bitcoin-core-${VERSION}/$(cat /tarball-name)
grep $TARBALL $CHECKSUM_FILE | sha256sum -c && \ RUN wget https://bitcoincore.org/bin/bitcoin-core-${VERSION}/SHA256SUMS.asc
# sha256sum -c --ignore-missing "${CHECKSUM_FILE}" \ # This file only exists after v22 so allow it to fail
tar -zxvf $TARBALL --strip-components=1 && \ RUN wget https://bitcoincore.org/bin/bitcoin-core-${VERSION}/SHA256SUMS || true
mv bin/bitcoind /usr/local/bin/ && \ RUN echo "Downloaded release assets:" && ls
mv bin/bitcoin-cli /usr/local/bin/ && \
apt-get purge -y wget gpg && \ RUN echo "Verifying PGP signatures"
apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* RUN gpg --keyserver keyserver.ubuntu.com --recv-keys $KEYS
RUN gpg --verify SHA256SUMS.asc 2>&1 >/dev/null | grep "^gpg: Good signature from" || { echo "No valid signature"; exit 1; }
RUN echo "PGP signature verification passed"
RUN echo "Verifying checksums"
RUN [ -f SHA256SUMS ] && cp SHA256SUMS /sha256sums || cp SHA256SUMS.asc /sha256sums
RUN grep $(cat /tarball-name) /sha256sums | sha256sum -c
RUN echo "Chucksums verified ok"
RUN echo "Extracting release assets"
RUN tar -zxvf $(cat /tarball-name) --strip-components=1
# Final image
FROM debian:stable-slim
COPY --from=builder /build/bin/bitcoind /bin
COPY --from=builder /build/bin/bitcoin-cli /bin
ENV HOME /data ENV HOME /data
VOLUME /data/.bitcoin VOLUME /data/.bitcoin

Write Preview
Loading…
Cancel
Save