diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e5f5f00a..8fe8d030 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,15 +6,14 @@ name: CI on: push: - branches: [ "**" ] + branches: ["**"] pull_request: - branches: [ "**" ] + branches: ["**"] env: DB_DEPLOYMENT: local jobs: - lint: name: Lint and Build runs-on: ubuntu-latest diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml index 5187ac1c..30fc66bc 100644 --- a/.github/workflows/docker-release.yml +++ b/.github/workflows/docker-release.yml @@ -63,8 +63,10 @@ jobs: - name: Build cross-architecture binaries run: make build-arch build-test-genesis-block - - name: Set image prefix + - name: Set image build prefix and metadata run: | + echo "CREATED=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_ENV + echo "REVISION=$(git rev-parse HEAD)" >> $GITHUB_ENV if [ "$GITHUB_REPOSITORY_OWNER" == "hyperledger" ]; then echo "IMAGE_PREFIX=hyperledger" >> $GITHUB_ENV else @@ -88,9 +90,12 @@ jobs: BIN=committer ARCHBIN_PATH=archbin PORTS=4001 2114 9001 2119 5001 2115 6001 2116 7001 2117 + VERSION=${{ env.VERSION }} + CREATED=${{ env.CREATED }} + REVISION=${{ env.REVISION }} cache-from: type=registry,ref=docker.io/${{ env.IMAGE_PREFIX }}/fabric-x-committer:buildcache cache-to: type=registry,ref=docker.io/${{ env.IMAGE_PREFIX }}/fabric-x-committer:buildcache,mode=max - + - name: Build and Push Multi-Platform Docker Image for Loadgen uses: docker/build-push-action@v6 with: @@ -107,6 +112,9 @@ jobs: BIN=loadgen ARCHBIN_PATH=archbin PORTS=8001 2118 + VERSION=${{ env.VERSION }} + CREATED=${{ env.CREATED }} + REVISION=${{ env.REVISION }} cache-from: type=registry,ref=docker.io/${{ env.IMAGE_PREFIX }}/fabric-x-loadgen:buildcache cache-to: type=registry,ref=docker.io/${{ env.IMAGE_PREFIX }}/fabric-x-loadgen:buildcache,mode=max @@ -124,5 +132,8 @@ jobs: ghcr.io/${{ env.GHCR_PREFIX }}/fabric-x-committer-test-node:latest build-args: | ARCHBIN_PATH=archbin + VERSION=${{ env.VERSION }} + CREATED=${{ env.CREATED }} + REVISION=${{ env.REVISION }} cache-from: type=registry,ref=docker.io/${{ env.IMAGE_PREFIX }}/fabric-x-committer-test-node:buildcache cache-to: type=registry,ref=docker.io/${{ env.IMAGE_PREFIX }}/fabric-x-committer-test-node:buildcache,mode=max diff --git a/Makefile b/Makefile index 409a2238..1e9fb2d0 100644 --- a/Makefile +++ b/Makefile @@ -21,7 +21,7 @@ ######################### go_cmd ?= go -version := 0.0.2 +version := latest project_dir := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) output_dir ?= $(project_dir)/bin arch_output_dir ?= $(project_dir)/archbin @@ -43,7 +43,7 @@ cmd ?= # An error will occur if neither container engine is installed. docker_cmd ?= $(shell command -v docker >/dev/null 2>&1 && echo docker || \ echo podman || { echo "Error: Neither Docker nor Podman is installed." >&2; exit 1; }) -image_namespace=icr.io/cbdc +image_namespace=docker.io/hyperledger # Set these parameters to compile to a specific os/arch # E.g., make build-local os=linux arch=amd64 diff --git a/docker/images/release/Dockerfile b/docker/images/release/Dockerfile index b40dffe3..0660bf38 100644 --- a/docker/images/release/Dockerfile +++ b/docker/images/release/Dockerfile @@ -1,13 +1,55 @@ +# # Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # -FROM registry.access.redhat.com/ubi9/ubi-micro:9.4 AS prod + +########################################### +# Stage 1: Production runtime image +########################################### +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.6 AS prod + ARG BIN ARG ARCHBIN_PATH -ARG PORTS ARG TARGETOS ARG TARGETARCH +ARG PORTS + +# Label args +ARG VERSION=1.0 +ARG CREATED +ARG REVISION=1.0 +# Add non-root user (10001) using BIN argument +RUN /usr/sbin/useradd -u 10001 -r -g root -s /sbin/nologin -c "Hyperledger Fabric-X ${BIN} user" ${BIN} && \ + mkdir -p /home/${BIN} && \ + chown -R 10001:0 /home/${BIN} && \ + chmod 0755 /home/${BIN} + +# Copy binaries COPY ${ARCHBIN_PATH}/${TARGETOS}-${TARGETARCH}/${BIN} /bin/${BIN} + +# Create fixed entrypoint since args are not replaced +# within ENTRYPOINT or CMD +RUN ln -s /bin/${BIN} /bin/entrypoint + +# Expose ports EXPOSE ${PORTS} + +# OCI metadata labels +LABEL org.opencontainers.image.created="${CREATED}" \ + org.opencontainers.image.description="Hyperledger Fabric-X ${BIN} packaged in a UBI image." \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="ubi9/ubi-minimal" \ + org.opencontainers.image.revision="${REVISION}" \ + org.opencontainers.image.source="https://github.com/hyperledger/fabric-x-committer" \ + org.opencontainers.image.title="fabric-x-${BIN}" \ + org.opencontainers.image.url="https://github.com/hyperledger/fabric-x-committer" \ + org.opencontainers.image.version="${VERSION}" + +# Use non-root user and set workdir using BIN argument +USER 10001 +WORKDIR /home/${BIN} + +# Default Entrypoint +ENTRYPOINT ["/bin/entrypoint"] diff --git a/docker/images/test_node/Dockerfile b/docker/images/test_node/Dockerfile index 50edfc36..79b56cf4 100644 --- a/docker/images/test_node/Dockerfile +++ b/docker/images/test_node/Dockerfile @@ -1,12 +1,18 @@ +# # Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # + +########################################### +# Stage 1: Production runtime image +########################################### FROM postgres:16.9-alpine3.21 AS node ARG ARCHBIN_PATH ARG TARGETOS ARG TARGETARCH +ARG VERSION ENV CONFIGS_PATH=/root/config ENV BINS_PATH=/root/bin @@ -33,6 +39,19 @@ COPY ./cmd/config/samples $CONFIGS_PATH COPY ./bin/sc-genesis-block.proto.bin $CONFIGS_PATH/ RUN chmod a+x ${BINS_PATH}/* +# Expose ports EXPOSE 7050 4001 2114 7001 2117 2110 +# OCI metadata labels +LABEL org.opencontainers.image.created="${CREATED}" \ + org.opencontainers.image.description="Hyperledger Fabric-X Committer Test Node." \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="postgres" \ + org.opencontainers.image.revision="${REVISION}" \ + org.opencontainers.image.source="https://github.com/hyperledger/fabric-x-committer" \ + org.opencontainers.image.title="fabric-x-committer-test-node" \ + org.opencontainers.image.url="https://github.com/hyperledger/fabric-x-committer" \ + org.opencontainers.image.version="${VERSION}" + +# Default CMD CMD ["run"] diff --git a/docker/test/common.go b/docker/test/common.go index c772f74c..91a8d9a3 100644 --- a/docker/test/common.go +++ b/docker/test/common.go @@ -50,9 +50,10 @@ func (p *startNodeParameters) asNode(node string) startNodeParameters { } const ( - channelName = "mychannel" - monitoredMetric = "loadgen_transaction_committed_total" - testNodeImage = "icr.io/cbdc/committer-test-node:0.0.2" + channelName = "mychannel" + monitoredMetric = "loadgen_transaction_committed_total" + containerPrefixName = "sc_test" + testNodeImage = "docker.io/hyperledger/committer-test-node:latest" ) func createAndStartContainerAndItsLogs( diff --git a/docker/test/container_release_image_test.go b/docker/test/container_release_image_test.go index 90c7f5c7..26b5766d 100644 --- a/docker/test/container_release_image_test.go +++ b/docker/test/container_release_image_test.go @@ -28,8 +28,8 @@ import ( ) const ( - committerReleaseImage = "icr.io/cbdc/committer:0.0.2" - loadgenReleaseImage = "icr.io/cbdc/loadgen:0.0.2" + committerReleaseImage = "docker.io/hyperledger/fabric-x-committer:latest" + loadgenReleaseImage = "docker.io/hyperledger/fabric-x-loadgen:latest" networkPrefixName = test.DockerNamesPrefix + "_network" genBlockFile = "sc-genesis-block.proto.bin" // containerConfigPath is the path to the config directory inside the container. @@ -179,16 +179,18 @@ func startCommitterNodeWithReleaseImage(ctx context.Context, t *testing.T, param t.Helper() configPath := filepath.Join(containerConfigPath, params.node) + containerUser := "0:0" + t.Logf("Starting %s as container with user %s.\n", committerReleaseImage, containerUser) createAndStartContainerAndItsLogs(ctx, t, createAndStartContainerParameters{ config: &container.Config{ Image: committerReleaseImage, Cmd: []string{ - "committer", fmt.Sprintf("start-%s", params.node), "--config", fmt.Sprintf("%s.yaml", configPath), }, Hostname: params.node, + User: containerUser, Env: []string{ "SC_COORDINATOR_SERVER_TLS_MODE=" + params.tlsMode, "SC_COORDINATOR_VERIFIER_TLS_MODE=" + params.tlsMode, @@ -225,16 +227,18 @@ func startLoadgenNodeWithReleaseImage( t.Helper() configPath := filepath.Join(containerConfigPath, params.node) + containerUser := "0:0" + t.Logf("Starting %s as container with user %s.\n", loadgenReleaseImage, containerUser) createAndStartContainerAndItsLogs(ctx, t, createAndStartContainerParameters{ config: &container.Config{ Image: loadgenReleaseImage, Cmd: []string{ - params.node, "start", "--config", fmt.Sprintf("%s.yaml", configPath), }, Hostname: params.node, + User: containerUser, ExposedPorts: nat.PortSet{ loadGenMetricsPort + "/tcp": {}, }, diff --git a/scripts/build-release-image.sh b/scripts/build-release-image.sh index 1750ce05..dd8b9dee 100755 --- a/scripts/build-release-image.sh +++ b/scripts/build-release-image.sh @@ -18,13 +18,16 @@ function build_image() { local image_name=$1 local bin=$2 local service_ports=$3 - local manifest_name=${namespace}/${image_name}:${version} + local manifest_name=${namespace}/fabric-x-${image_name}:${version} local cmd=( "${docker_cmd}" build -f "${dockerfile_release_dir}/Dockerfile" --build-arg BIN="${bin}" --build-arg PORTS="${service_ports}" --build-arg ARCHBIN_PATH="${arch_bin_dir}" + --build-arg VERSION="${version}" + --build-arg CREATED="$(date -u +%Y-%m-%dT%H:%M:%SZ)" + --build-arg REVISION="$(git rev-parse HEAD)" ) if [ "${multiplatform}" = true ]; then