diff --git a/Dockerfile b/Dockerfile index bea20404efd68ca40f8687bdfb1c1eecef80cf95..68ed1ceec187480ce56af025b69c9a92830d780b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,5 @@ # We use a multistage build to avoid bloating our deployment image with build dependencies FROM golang:1.10.3-alpine3.8 as builder -MAINTAINER Monax <support@monax.io> RUN apk add --no-cache --update git bash make @@ -14,21 +13,35 @@ RUN make build # This will be our base container image FROM alpine:3.8 -ARG REPO=/go/src/github.com/hyperledger/burrow - +# Variable arguments to populate labels +ARG VERSION +ARG VCS_REF=master +ARG BUILD_DATE + +# Fixed labels according to container label-schema +LABEL org.label-schema.schema-version="1.0" +LABEL org.label-schema.name = "Burrow" +LABEL org.label-schema.vendor="Hyperledger Burrow Authors" +LABEL org.label-schema.description="Hyperledger Burrow is a permissioned Ethereum smart-contract blockchain node." +LABEL org.label-schema.license="Apache-2.0" +LABEL org.label-schema.version=$VERSION +LABEL org.label-schema.vcs-url="https://github.com/hyperledger/burrow" +LABEL org.label-schema.vcs-ref=$VCS_REF +LABEL org.label-schema.build-date=$BUILD_DATE + +# Run burrow as burrow user; not as root user ENV USER burrow ENV BURROW_PATH /home/$USER RUN addgroup -g 101 -S $USER && adduser -S -D -u 1000 $USER $USER -WORKDIR $ BURROW_PATH -USER $USER:$USER +WORKDIR $BURROW_PATH # Copy binaries built in previous stage -COPY --from=builder $REPO/bin/* /usr/local/bin/ -#RUN chown $USER:$USER /usr/local/bin/burrow* +COPY --from=builder /go/src/github.com/hyperledger/burrow/bin/burrow /usr/local/bin/ -# Expose ports for 26656: tendermint-peer; 26658: info; 10997: GRPC +# Expose ports for 26656:peer; 26658:info; 10997:grpc EXPOSE 26656 EXPOSE 26658 EXPOSE 10997 +USER $USER:$USER ENTRYPOINT [ "burrow" ] diff --git a/scripts/build_tool.sh b/scripts/build_tool.sh index 1f1d0aa57d70af37e559f55cde60e6e56fb21b08..4340f3a8bddcbf9a1c3a908da16d75ac0b6fce5d 100755 --- a/scripts/build_tool.sh +++ b/scripts/build_tool.sh @@ -20,6 +20,11 @@ set -e +script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +# Grab date, commit, version +. "$script_dir/local_version.sh" > /dev/null + DOCKER_REPO=${DOCKER_REPO:-"hyperledger/burrow"} REPO=${REPO:-"$GOPATH/src/github.com/hyperledger/burrow"} @@ -27,15 +32,19 @@ function log() { echo "$*" >> /dev/stderr } -version=$("$REPO/scripts/local_version.sh") - if [[ "$1" ]] ; then # If argument provided, use it as the version tag log "Overriding detected version $version and tagging image as $1" version="$1" fi -docker build -t ${DOCKER_REPO}:${version} ${REPO} +# Gives RFC 3339 with T instead of space +date=$(date -Iseconds) + +docker build --build-arg VERSION=${version}\ + --build-arg VCS_REF=${commit}\ + --build-arg BUILD_DATE=${date}\ + -t ${DOCKER_REPO}:${version} ${REPO} # Quick smoke test echo "Emitting version from docker image as smoke test..." docker run ${DOCKER_REPO}:${version} -v diff --git a/scripts/local_version.sh b/scripts/local_version.sh index 21f4fc2413e8f03f6788548a1a9436b95bd636b5..eb4d2d20c759074a6931b8732b7286f601246612 100755 --- a/scripts/local_version.sh +++ b/scripts/local_version.sh @@ -19,6 +19,10 @@ function log() { echo "$*" >> /dev/stderr } +# Same as specified RFC3339 but contains the T +date=$(date -Idate) +commit=$(git rev-parse --short HEAD) + if [[ ${tag} =~ ${VERSION_REGEX} ]] ; then # Only label a build as a release version when the commit is tagged log "Building release version (tagged $tag)..." @@ -28,8 +32,6 @@ if [[ ${tag} =~ ${VERSION_REGEX} ]] ; then exit 1 fi else - date=$(date +"%Y%m%d") - commit=$(git rev-parse --short HEAD) version="$version-dev-$date-$commit" log "Building non-release version $version..." fi diff --git a/scripts/release.sh b/scripts/release.sh index fda4ec69688b1795465eded40de81fbfdf366efc..3b7829826b0c27a30c26b58c5700043601361d74 100755 --- a/scripts/release.sh +++ b/scripts/release.sh @@ -8,7 +8,8 @@ function release { notes="NOTES.md" echo "Building and releasing $tag..." echo "Pushing docker image..." - docker login -u ${DOCKER_USER} -p ${DOCKER_PASS} && docker push ${DOCKER_REPO} + echo ${DOCKER_PASS} | docker login --username ${DOCKER_USER} ${DOCKER_REPO} --password-stdin + echo "Building and pushing binaries" [[ -e "$notes" ]] && goreleaser --release-notes "$notes" || goreleaser }