From 14f9d338822b0b85220c177066e213dfec80d0bb Mon Sep 17 00:00:00 2001 From: bonomat Date: Fri, 26 Nov 2021 09:46:22 +1100 Subject: [PATCH 1/3] Remove windows build from CI --- .github/workflows/build-release-binary.yml | 17 +---------------- .github/workflows/ci.yml | 2 +- bors.toml | 1 - 3 files changed, 2 insertions(+), 18 deletions(-) diff --git a/.github/workflows/build-release-binary.yml b/.github/workflows/build-release-binary.yml index c803fc5..4d9d8ce 100644 --- a/.github/workflows/build-release-binary.yml +++ b/.github/workflows/build-release-binary.yml @@ -26,10 +26,6 @@ jobs: target: x86_64-apple-darwin os: macos-latest archive_ext: tar - - bin: taker - target: x86_64-pc-windows-msvc - os: windows-latest - archive_ext: zip - bin: maker target: x86_64-unknown-linux-gnu os: ubuntu-latest @@ -46,10 +42,6 @@ jobs: target: x86_64-apple-darwin os: macos-latest archive_ext: tar - - bin: maker - target: x86_64-pc-windows-msvc - os: windows-latest - archive_ext: zip runs-on: ${{ matrix.os }} steps: - name: Checkout tagged commit @@ -105,7 +97,7 @@ jobs: python-version: '3.x' - id: create-archive-name - shell: python # Use python to have a prettier name for the archive on Windows. + shell: python # Use python to have a prettier name for the archive. run: | import platform os_info = platform.uname() @@ -129,13 +121,6 @@ jobs: shell: bash run: tar -C ./target/${{ matrix.target }}/release --create --file=${{ steps.create-archive-name.outputs.archive }} ${{ matrix.bin }} - - name: Pack windows archive - if: matrix.os == 'windows-latest' - shell: bash - run: | - cp target/${{ matrix.target }}/release/${{ matrix.bin }}.exe ./${{ matrix.bin }}.exe - 7z a -tzip ${{ steps.create-archive-name.outputs.archive }} ./${{ matrix.bin }}.exe - - name: Upload archive uses: actions/upload-release-asset@v1.0.2 env: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 706fe5f..a3ca689 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -90,7 +90,7 @@ jobs: test_daemons: strategy: matrix: - os: [ ubuntu-latest, macos-latest, windows-latest ] + os: [ ubuntu-latest, macos-latest ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v2.4.0 diff --git a/bors.toml b/bors.toml index 9aefe0d..737349f 100644 --- a/bors.toml +++ b/bors.toml @@ -6,7 +6,6 @@ status = [ "build_and_test_maker_frontend", "test_daemons (ubuntu-latest)", "test_daemons (macos-latest)", - "test_daemons (windows-latest)", "daemons_arm_build (armv7-unknown-linux-gnueabihf)", "daemons_arm_build (aarch64-unknown-linux-gnu)", ] From 6050be6b88f7a75926a1e59a272d3471ed39e333 Mon Sep 17 00:00:00 2001 From: bonomat Date: Fri, 26 Nov 2021 10:32:14 +1100 Subject: [PATCH 2/3] Armv7 is totally outdated Our assumption was that we need armv7 for running on an RPi. It turns out that Armv7 is totally outdated and only used on the old RPi 2 model B. The newer model RPi 2 model B v1.2 already uses Armv8 --- .cargo/config.toml | 2 -- .github/workflows/build-release-binary.yml | 27 ++++++---------------- .github/workflows/ci.yml | 19 ++++----------- .github/workflows/release-docker.yml | 7 +++--- Dockerfile | 8 ++----- bors.toml | 3 +-- rust-toolchain.toml | 2 +- 7 files changed, 19 insertions(+), 49 deletions(-) diff --git a/.cargo/config.toml b/.cargo/config.toml index 06ac229..3c32d25 100644 --- a/.cargo/config.toml +++ b/.cargo/config.toml @@ -1,4 +1,2 @@ -[target.armv7-unknown-linux-gnueabihf] -linker = "arm-linux-gnueabihf-gcc" [target.aarch64-unknown-linux-gnu] linker = "aarch64-linux-gnu-gcc" diff --git a/.github/workflows/build-release-binary.yml b/.github/workflows/build-release-binary.yml index 4d9d8ce..7b5761c 100644 --- a/.github/workflows/build-release-binary.yml +++ b/.github/workflows/build-release-binary.yml @@ -14,10 +14,6 @@ jobs: target: x86_64-unknown-linux-gnu os: ubuntu-latest archive_ext: tar - - bin: taker - target: armv7-unknown-linux-gnueabihf - os: ubuntu-latest - archive_ext: tar - bin: taker target: aarch64-unknown-linux-gnu os: ubuntu-latest @@ -30,10 +26,6 @@ jobs: target: x86_64-unknown-linux-gnu os: ubuntu-latest archive_ext: tar - - bin: maker - target: armv7-unknown-linux-gnueabihf - os: ubuntu-latest - archive_ext: tar - bin: maker target: aarch64-unknown-linux-gnu os: ubuntu-latest @@ -57,12 +49,6 @@ jobs: with: key: ${{ matrix.target }} - - name: Install compiler for armhf arch - if: matrix.target == 'armv7-unknown-linux-gnueabihf' - run: | - sudo apt-get update - sudo apt-get install gcc-arm-linux-gnueabihf - - name: Install compiler for aarch64 arch (armv8) if: matrix.target == 'aarch64-unknown-linux-gnu' run: | @@ -87,8 +73,8 @@ jobs: run: cargo build --target=${{ matrix.target }} --release --bin ${{ matrix.bin }} - name: Smoke test the binary - # armv7-* and aarch64-* is only cross-compiled, no smoke test - if: matrix.target != 'armv7-unknown-linux-gnueabihf' && matrix.target != 'aarch64-unknown-linux-gnu' + # aarch64-* is only cross-compiled, no smoke test + if: matrix.target != 'aarch64-unknown-linux-gnu' run: target/${{ matrix.target }}/release/${{ matrix.bin }} --help # Remove once python 3 is the default @@ -166,7 +152,7 @@ jobs: - name: Download release from github run: | - gh release download ${{ github.event.release.tag_name }} -p '${{matrix.bin}}*Linux_x86_64*' -p '${{matrix.bin}}*aarch64*' -p '${{matrix.bin}}*armv7*' + gh release download ${{ github.event.release.tag_name }} -p '${{matrix.bin}}*Linux_x86_64*' -p '${{matrix.bin}}*aarch64*' - name: Unpack archives run: | @@ -174,13 +160,14 @@ jobs: # # By providing `platform` to `docker buildx` the variable `TARGETPLATFORM` will be available # when building the image. This variable is either - # `linux/amd64/`, `linux/arm64/` or `linux/arm/v7`. Hence we need to extract into subfolders. + # `linux/amd64/`, `linux/arm64/`. Hence we need to extract into subfolders. 7z x ${{matrix.bin}}_${{ github.event.release.tag_name }}_Linux_aarch64.tar -olinux/arm64/ 7z x ${{matrix.bin}}_${{ github.event.release.tag_name }}_Linux_x86_64.tar -olinux/amd64/ - 7z x ${{matrix.bin}}_${{ github.event.release.tag_name }}_Linux_armv7.tar -olinux/arm/v7 + chmod a+x linux/amd64/* + chmod a+x linux/arm64/* - name: Build docker image for ${{matrix.bin}} run: | @@ -192,7 +179,7 @@ jobs: docker buildx build \ --push \ - --platform linux/amd64,linux/arm64,linux/arm/v7 \ + --platform linux/amd64,linux/arm64 \ --label "org.opencontainers.image.source https://github.com/${{ github.repository }}" \ --tag ghcr.io/${{ github.repository }}/${{matrix.bin}}:${VERSION} \ --build-arg BINARY_PATH=${{matrix.bin}} \ diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a3ca689..4a27778 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -125,32 +125,21 @@ jobs: daemons_arm_build: runs-on: ubuntu-latest - strategy: - matrix: - include: - - target: armv7-unknown-linux-gnueabihf - - target: aarch64-unknown-linux-gnu steps: - uses: actions/checkout@v2.4.0 - name: Setup rust toolchain run: rustup show - uses: Swatinem/rust-cache@v1.3.0 - - name: Install compiler for armhf arch - if: matrix.target == 'armv7-unknown-linux-gnueabihf' - run: | - sudo apt-get update - sudo apt-get install gcc-arm-linux-gnueabihf - name: Install compiler for aarch64 arch - if: matrix.target == 'aarch64-unknown-linux-gnu' run: | sudo apt-get update sudo apt-get install gcc-aarch64-linux-gnu - - run: cargo build --target=${{ matrix.target }} --bins + - run: cargo build --target=aarch64-unknown-linux-gnu --bins - name: Upload binaries uses: actions/upload-artifact@v2 with: - name: maker-and-taker-binaries-${{ matrix.target }} + name: maker-and-taker-binaries-aarch64-unknown-linux-gnu path: | - target/${{ matrix.target }}/debug/maker - target/${{ matrix.target }}/debug/taker + target/aarch64-unknown-linux-gnu/debug/maker + target/aarch64-unknown-linux-gnu/debug/taker diff --git a/.github/workflows/release-docker.yml b/.github/workflows/release-docker.yml index 9b23402..7113a1b 100644 --- a/.github/workflows/release-docker.yml +++ b/.github/workflows/release-docker.yml @@ -40,7 +40,7 @@ jobs: - name: Download release run: | - gh release download ${{ github.event.inputs.release_tag }} -p '${{matrix.bin}}*Linux_x86_64*' -p '${{matrix.bin}}*aarch64*' -p '${{matrix.bin}}*armv7*' + gh release download ${{ github.event.inputs.release_tag }} -p '${{matrix.bin}}*Linux_x86_64*' -p '${{matrix.bin}}*aarch64*' - name: Unpack archives run: | @@ -54,7 +54,8 @@ jobs: 7z x ${{matrix.bin}}_${{ github.event.inputs.release_tag }}_Linux_x86_64.tar -olinux/amd64/ - 7z x ${{matrix.bin}}_${{ github.event.inputs.release_tag }}_Linux_armv7.tar -olinux/arm/v7 + chmod a+x linux/amd64/* + chmod a+x linux/arm64/* - name: Build docker image for ${{matrix.bin}} run: | @@ -66,7 +67,7 @@ jobs: docker buildx build \ --push \ - --platform linux/amd64,linux/arm64,linux/arm/v7 \ + --platform linux/amd64,linux/arm64 \ --label "org.opencontainers.image.source https://github.com/${{ github.repository }}" \ --tag ghcr.io/${{ github.repository }}/${{matrix.bin}}:${VERSION} \ --build-arg BINARY_PATH=${{matrix.bin}} \ diff --git a/Dockerfile b/Dockerfile index f1a596c..6392298 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,15 +5,11 @@ LABEL org.opencontainers.image.source https://github.com/itchysats/itchysats ARG TARGETPLATFORM ARG BINARY_PATH -RUN echo "Copying $TARGETPLATFORM/$BINARY_PATH into container" - -COPY $TARGETPLATFORM/$BINARY_PATH binary - -RUN chmod a+x binary +COPY $TARGETPLATFORM/$BINARY_PATH /usr/bin/binary VOLUME data # HTTP Port and P2P Port EXPOSE 8000 9999 -ENTRYPOINT ["/binary", "--data-dir=/data", "--http-address=0.0.0.0:8000"] +ENTRYPOINT ["/usr/bin/binary", "--data-dir=/data", "--http-address=0.0.0.0:8000"] diff --git a/bors.toml b/bors.toml index 737349f..0f9e534 100644 --- a/bors.toml +++ b/bors.toml @@ -6,6 +6,5 @@ status = [ "build_and_test_maker_frontend", "test_daemons (ubuntu-latest)", "test_daemons (macos-latest)", - "daemons_arm_build (armv7-unknown-linux-gnueabihf)", - "daemons_arm_build (aarch64-unknown-linux-gnu)", + "daemons_arm_build", ] diff --git a/rust-toolchain.toml b/rust-toolchain.toml index aab8173..87a81ab 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -1,4 +1,4 @@ [toolchain] channel = "1.56" components = ["clippy"] -targets = ["armv7-unknown-linux-gnueabihf", "aarch64-unknown-linux-gnu"] +targets = ["aarch64-unknown-linux-gnu"] From 1cddd5210e82367a4db881caa083cc278620a7aa Mon Sep 17 00:00:00 2001 From: bonomat Date: Fri, 26 Nov 2021 10:53:12 +1100 Subject: [PATCH 3/3] Dockerfile changes - running the application inside the container as root is against best practices - using gcr.io/distroless/cc as smaller minimal image - add authors label --- Dockerfile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6392298..b95271b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,9 @@ -FROM debian:bullseye-slim +FROM gcr.io/distroless/cc -LABEL org.opencontainers.image.source https://github.com/itchysats/itchysats +USER 1000 + +LABEL "org.opencontainers.image.source"="https://github.com/itchysats/itchysats" +LABEL "org.opencontainers.image.authors"="hello@itchysats.network" ARG TARGETPLATFORM ARG BINARY_PATH