From 75711ab08b4a6f0909a67f818c48435b3e4aa1af Mon Sep 17 00:00:00 2001 From: Anushka Date: Wed, 19 Nov 2025 16:39:08 +0530 Subject: [PATCH 01/15] Adding support for production grade image in Dockerfile Signed-off-by: Anushka --- docker/images/release/Dockerfile | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/docker/images/release/Dockerfile b/docker/images/release/Dockerfile index b40dffe3..805b0489 100644 --- a/docker/images/release/Dockerfile +++ b/docker/images/release/Dockerfile @@ -2,12 +2,32 @@ # # SPDX-License-Identifier: Apache-2.0 # -FROM registry.access.redhat.com/ubi9/ubi-micro:9.4 AS prod +FROM registry.access.redhat.com/ubi9/ubi-micro:9.5 AS prod ARG BIN ARG ARCHBIN_PATH -ARG PORTS ARG TARGETOS ARG TARGETARCH +ARG PORTS + +# --- Create a non-root user (UBI-micro does not include useradd) --- +USER 10001 + +# --- Create working directory --- +WORKDIR /app -COPY ${ARCHBIN_PATH}/${TARGETOS}-${TARGETARCH}/${BIN} /bin/${BIN} +# --- Copy the architecture-specific binary --- +COPY ${ARCHBIN_PATH}/${TARGETOS}-${TARGETARCH}/${BIN} /usr/local/bin/${BIN} + +# --- Expose ports for Kubernetes/OpenShift --- EXPOSE ${PORTS} + +# --- Container metadata (OCI labels) --- +LABEL name="${BIN}" \ + vendor="IBM" \ + maintainer="ZRL Decentralized Trust Group" \ + description="Production-grade ${BIN} microservice running on UBI-micro" \ + summary="Minimal, secure UBI-micro image for ${BIN}" \ + license="Apache-2.0" + +# --- Set runtime entrypoint --- +ENTRYPOINT ["/usr/local/bin/${BIN}"] From 47374d5cd842392220aa144fb1e375994e1119fc Mon Sep 17 00:00:00 2001 From: Anushka Date: Wed, 19 Nov 2025 22:04:15 +0530 Subject: [PATCH 02/15] Modifying the binary path in Dockerfile Signed-off-by: Anushka --- docker/images/release/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/images/release/Dockerfile b/docker/images/release/Dockerfile index 805b0489..0a641653 100644 --- a/docker/images/release/Dockerfile +++ b/docker/images/release/Dockerfile @@ -16,7 +16,7 @@ USER 10001 WORKDIR /app # --- Copy the architecture-specific binary --- -COPY ${ARCHBIN_PATH}/${TARGETOS}-${TARGETARCH}/${BIN} /usr/local/bin/${BIN} +COPY ${ARCHBIN_PATH}/${TARGETOS}-${TARGETARCH}/${BIN} /bin/${BIN} # --- Expose ports for Kubernetes/OpenShift --- EXPOSE ${PORTS} @@ -30,4 +30,4 @@ LABEL name="${BIN}" \ license="Apache-2.0" # --- Set runtime entrypoint --- -ENTRYPOINT ["/usr/local/bin/${BIN}"] +ENTRYPOINT [/bin/${BIN}] From 6629ad1e4f893ae6c84272585ddc7ce2900ab4ff Mon Sep 17 00:00:00 2001 From: Anushka Date: Wed, 19 Nov 2025 22:14:34 +0530 Subject: [PATCH 03/15] Reverting to ubi-micro 9.4 Signed-off-by: Anushka --- docker/images/release/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/images/release/Dockerfile b/docker/images/release/Dockerfile index 0a641653..dc443316 100644 --- a/docker/images/release/Dockerfile +++ b/docker/images/release/Dockerfile @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 # -FROM registry.access.redhat.com/ubi9/ubi-micro:9.5 AS prod +FROM registry.access.redhat.com/ubi9/ubi-micro:9.4 AS prod ARG BIN ARG ARCHBIN_PATH ARG TARGETOS From 4c4fd12f9e14e19599d4bfd0e2393bd905f90043 Mon Sep 17 00:00:00 2001 From: Anushka Date: Wed, 19 Nov 2025 22:41:10 +0530 Subject: [PATCH 04/15] Modified the entrypoint Signed-off-by: Anushka --- docker/images/release/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/images/release/Dockerfile b/docker/images/release/Dockerfile index dc443316..2932a4b6 100644 --- a/docker/images/release/Dockerfile +++ b/docker/images/release/Dockerfile @@ -30,4 +30,4 @@ LABEL name="${BIN}" \ license="Apache-2.0" # --- Set runtime entrypoint --- -ENTRYPOINT [/bin/${BIN}] +ENTRYPOINT ["/bin/${BIN}"] From 8731dcfa0d19965981b12ef2ec7262d507aa834b Mon Sep 17 00:00:00 2001 From: Anushka Date: Wed, 19 Nov 2025 22:52:22 +0530 Subject: [PATCH 05/15] Modified the entrypoint Signed-off-by: Anushka --- docker/images/release/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/images/release/Dockerfile b/docker/images/release/Dockerfile index 2932a4b6..68afa2be 100644 --- a/docker/images/release/Dockerfile +++ b/docker/images/release/Dockerfile @@ -30,4 +30,4 @@ LABEL name="${BIN}" \ license="Apache-2.0" # --- Set runtime entrypoint --- -ENTRYPOINT ["/bin/${BIN}"] +ENTRYPOINT /bin/${BIN} From 507b9e365dfc943b1a7bd9756d5aa026994f4fe0 Mon Sep 17 00:00:00 2001 From: pco Date: Tue, 23 Dec 2025 08:40:24 +0100 Subject: [PATCH 06/15] improved Dockerfile and scripts to build image Signed-off-by: pco --- .github/workflows/docker-release.yml | 5 ++- Makefile | 4 +- docker/images/release/Dockerfile | 49 ++++++++++++++------- docker/images/test_node/Dockerfile | 16 +++++++ docker/test/common.go | 2 +- docker/test/container_release_image_test.go | 4 +- scripts/build-release-image.sh | 3 +- 7 files changed, 59 insertions(+), 24 deletions(-) diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml index 5187ac1c..89cab10b 100644 --- a/.github/workflows/docker-release.yml +++ b/.github/workflows/docker-release.yml @@ -88,9 +88,10 @@ jobs: BIN=committer ARCHBIN_PATH=archbin PORTS=4001 2114 9001 2119 5001 2115 6001 2116 7001 2117 + VERSION=${{ env.VERSION }} cache-from: type=registry,ref=docker.io/${{ env.IMAGE_PREFIX }}/fabric-x-committer:buildcache cache-to: type=registry,ref=docker.io/${{ env.IMAGE_PREFIX }}/fabric-x-committer:buildcache,mode=max - + - name: Build and Push Multi-Platform Docker Image for Loadgen uses: docker/build-push-action@v6 with: @@ -107,6 +108,7 @@ jobs: BIN=loadgen ARCHBIN_PATH=archbin PORTS=8001 2118 + VERSION=${{ env.VERSION }} cache-from: type=registry,ref=docker.io/${{ env.IMAGE_PREFIX }}/fabric-x-loadgen:buildcache cache-to: type=registry,ref=docker.io/${{ env.IMAGE_PREFIX }}/fabric-x-loadgen:buildcache,mode=max @@ -124,5 +126,6 @@ jobs: ghcr.io/${{ env.GHCR_PREFIX }}/fabric-x-committer-test-node:latest build-args: | ARCHBIN_PATH=archbin + VERSION=${{ env.VERSION }} cache-from: type=registry,ref=docker.io/${{ env.IMAGE_PREFIX }}/fabric-x-committer-test-node:buildcache cache-to: type=registry,ref=docker.io/${{ env.IMAGE_PREFIX }}/fabric-x-committer-test-node:buildcache,mode=max diff --git a/Makefile b/Makefile index e90a53fa..5c65a55a 100644 --- a/Makefile +++ b/Makefile @@ -21,7 +21,7 @@ ######################### go_cmd ?= go -version := 0.0.2 +version := latest project_dir := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) output_dir ?= $(project_dir)/bin arch_output_dir ?= $(project_dir)/archbin @@ -43,7 +43,7 @@ cmd ?= # An error will occur if neither container engine is installed. docker_cmd ?= $(shell command -v docker >/dev/null 2>&1 && echo docker || \ echo podman || { echo "Error: Neither Docker nor Podman is installed." >&2; exit 1; }) -image_namespace=icr.io/cbdc +image_namespace=docker.io/hyperledger # Set these parameters to compile to a specific os/arch # E.g., make build-local os=linux arch=amd64 diff --git a/docker/images/release/Dockerfile b/docker/images/release/Dockerfile index 68afa2be..32821cda 100644 --- a/docker/images/release/Dockerfile +++ b/docker/images/release/Dockerfile @@ -1,33 +1,48 @@ +# # Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # -FROM registry.access.redhat.com/ubi9/ubi-micro:9.4 AS prod + +########################################### +# Stage 1: Production runtime image +########################################### +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.6 AS prod + ARG BIN ARG ARCHBIN_PATH ARG TARGETOS ARG TARGETARCH ARG PORTS +ARG VERSION=1.0 -# --- Create a non-root user (UBI-micro does not include useradd) --- -USER 10001 - -# --- Create working directory --- -WORKDIR /app +# Add non-root user (10001) using BIN argument +RUN /usr/sbin/useradd -u 10001 -r -g root -s /sbin/nologin -c "Hyperledger Fabric-X ${BIN} user" ${BIN} && \ + mkdir -p /home/${BIN} && \ + chown -R 10001:0 /home/${BIN} && \ + chmod 0755 /home/${BIN} -# --- Copy the architecture-specific binary --- +# Copy binaries COPY ${ARCHBIN_PATH}/${TARGETOS}-${TARGETARCH}/${BIN} /bin/${BIN} -# --- Expose ports for Kubernetes/OpenShift --- +# Create fixed entrypoint since args are not replaced +# within ENTRYPOINT or CMD +RUN ln -s /bin/${BIN} /bin/entrypoint + +# Expose ports EXPOSE ${PORTS} -# --- Container metadata (OCI labels) --- +# OCI metadata labels LABEL name="${BIN}" \ - vendor="IBM" \ - maintainer="ZRL Decentralized Trust Group" \ - description="Production-grade ${BIN} microservice running on UBI-micro" \ - summary="Minimal, secure UBI-micro image for ${BIN}" \ - license="Apache-2.0" - -# --- Set runtime entrypoint --- -ENTRYPOINT /bin/${BIN} + maintainer="IBM Research ZRL Decentralized Trust Group" \ + version="${VERSION}" \ + description="Hyperledger Fabric-X ${BIN} packaged in a UBI image" \ + license="Apache-2.0" \ + vendor="IBM" + +# Use non-root user and set workdir using BIN argument +USER 10001 +WORKDIR /home/${BIN} + +# Default Entrypoint +ENTRYPOINT ["/bin/entrypoint"] diff --git a/docker/images/test_node/Dockerfile b/docker/images/test_node/Dockerfile index 611a3b6a..9887909d 100644 --- a/docker/images/test_node/Dockerfile +++ b/docker/images/test_node/Dockerfile @@ -1,12 +1,18 @@ +# # Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # + +########################################### +# Stage 1: Production runtime image +########################################### FROM postgres:16.9-alpine3.21 AS node ARG ARCHBIN_PATH ARG TARGETOS ARG TARGETARCH +ARG VERSION ENV CONFIGS_PATH=/root/config ENV BINS_PATH=/root/bin @@ -48,6 +54,16 @@ COPY ./cmd/config/samples $CONFIGS_PATH COPY ./bin/sc-genesis-block.proto.bin $CONFIGS_PATH/ RUN chmod a+x ${BINS_PATH}/* +# Expose ports EXPOSE 7050 4001 2114 7001 2117 2110 +# OCI metadata labels +LABEL name="fabric-x-committer-test-node" \ + maintainer="IBM Research ZRL Decentralized Trust Group" \ + version="${VERSION}" \ + description="Preconfigured Hyperledger Fabric-X Committer Node" \ + license="Apache-2.0" \ + vendor="IBM" + +# Default CMD CMD ["run"] diff --git a/docker/test/common.go b/docker/test/common.go index ea4e5cf6..da204bc2 100644 --- a/docker/test/common.go +++ b/docker/test/common.go @@ -32,7 +32,7 @@ type createAndStartContainerParameters struct { } const ( - testNodeImage = "icr.io/cbdc/committer-test-node:0.0.2" + testNodeImage = "docker.io/hyperledger/committer-test-node:0.0.2" channelName = "mychannel" monitoredMetric = "loadgen_transaction_committed_total" ) diff --git a/docker/test/container_release_image_test.go b/docker/test/container_release_image_test.go index d7f49b81..598e2987 100644 --- a/docker/test/container_release_image_test.go +++ b/docker/test/container_release_image_test.go @@ -44,8 +44,8 @@ func (p *startNodeParameters) asNode(node string) startNodeParameters { } const ( - committerReleaseImage = "icr.io/cbdc/committer:0.0.2" - loadgenReleaseImage = "icr.io/cbdc/loadgen:0.0.2" + committerReleaseImage = "docker.io/hyperledger/committer:0.0.2" + loadgenReleaseImage = "docker.io/hyperledger/loadgen:0.0.2" containerPrefixName = "sc_test" networkPrefixName = containerPrefixName + "_network" genBlockFile = "sc-genesis-block.proto.bin" diff --git a/scripts/build-release-image.sh b/scripts/build-release-image.sh index 1750ce05..21e6844e 100755 --- a/scripts/build-release-image.sh +++ b/scripts/build-release-image.sh @@ -18,13 +18,14 @@ function build_image() { local image_name=$1 local bin=$2 local service_ports=$3 - local manifest_name=${namespace}/${image_name}:${version} + local manifest_name=${namespace}/fabric-x-${image_name}:${version} local cmd=( "${docker_cmd}" build -f "${dockerfile_release_dir}/Dockerfile" --build-arg BIN="${bin}" --build-arg PORTS="${service_ports}" --build-arg ARCHBIN_PATH="${arch_bin_dir}" + --build-arg VERSION="${version}" ) if [ "${multiplatform}" = true ]; then From 749fae43523be6c6ac8dbd74119917b61d0dad9b Mon Sep 17 00:00:00 2001 From: pco Date: Tue, 23 Dec 2025 08:51:12 +0100 Subject: [PATCH 07/15] use `:latest` as tag in docker test Signed-off-by: pco --- docker/test/common.go | 2 +- docker/test/container_release_image_test.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docker/test/common.go b/docker/test/common.go index da204bc2..0cc57bd0 100644 --- a/docker/test/common.go +++ b/docker/test/common.go @@ -32,7 +32,7 @@ type createAndStartContainerParameters struct { } const ( - testNodeImage = "docker.io/hyperledger/committer-test-node:0.0.2" + testNodeImage = "docker.io/hyperledger/committer-test-node:latest" channelName = "mychannel" monitoredMetric = "loadgen_transaction_committed_total" ) diff --git a/docker/test/container_release_image_test.go b/docker/test/container_release_image_test.go index 598e2987..9c0c0c57 100644 --- a/docker/test/container_release_image_test.go +++ b/docker/test/container_release_image_test.go @@ -44,8 +44,8 @@ func (p *startNodeParameters) asNode(node string) startNodeParameters { } const ( - committerReleaseImage = "docker.io/hyperledger/committer:0.0.2" - loadgenReleaseImage = "docker.io/hyperledger/loadgen:0.0.2" + committerReleaseImage = "docker.io/hyperledger/committer:latest" + loadgenReleaseImage = "docker.io/hyperledger/loadgen:latest" containerPrefixName = "sc_test" networkPrefixName = containerPrefixName + "_network" genBlockFile = "sc-genesis-block.proto.bin" From b3b1c687e739804305a797958bbc640fdefab05f Mon Sep 17 00:00:00 2001 From: pco Date: Tue, 23 Dec 2025 08:59:26 +0100 Subject: [PATCH 08/15] fixed name for committer and loadgen images Signed-off-by: pco --- docker/test/container_release_image_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/test/container_release_image_test.go b/docker/test/container_release_image_test.go index 9c0c0c57..e138cc32 100644 --- a/docker/test/container_release_image_test.go +++ b/docker/test/container_release_image_test.go @@ -44,8 +44,8 @@ func (p *startNodeParameters) asNode(node string) startNodeParameters { } const ( - committerReleaseImage = "docker.io/hyperledger/committer:latest" - loadgenReleaseImage = "docker.io/hyperledger/loadgen:latest" + committerReleaseImage = "docker.io/hyperledger/fabric-x-committer:latest" + loadgenReleaseImage = "docker.io/hyperledger/fabric-x-loadgen:latest" containerPrefixName = "sc_test" networkPrefixName = containerPrefixName + "_network" genBlockFile = "sc-genesis-block.proto.bin" From 5fd0841a2c0800db18bc58ec7fd0a3a01d5e56fa Mon Sep 17 00:00:00 2001 From: pco Date: Tue, 23 Dec 2025 09:09:55 +0100 Subject: [PATCH 09/15] remove `ZRL` Signed-off-by: pco --- docker/images/test_node/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/images/test_node/Dockerfile b/docker/images/test_node/Dockerfile index 9887909d..e3642008 100644 --- a/docker/images/test_node/Dockerfile +++ b/docker/images/test_node/Dockerfile @@ -59,7 +59,7 @@ EXPOSE 7050 4001 2114 7001 2117 2110 # OCI metadata labels LABEL name="fabric-x-committer-test-node" \ - maintainer="IBM Research ZRL Decentralized Trust Group" \ + maintainer="IBM Research Decentralized Trust Group" \ version="${VERSION}" \ description="Preconfigured Hyperledger Fabric-X Committer Node" \ license="Apache-2.0" \ From f1e704ecce9916c75e4ff73395d41a2f09bff1e1 Mon Sep 17 00:00:00 2001 From: pco Date: Tue, 23 Dec 2025 09:17:17 +0100 Subject: [PATCH 10/15] removed bin as first param since specified as entrypoint Signed-off-by: pco --- docker/test/container_release_image_test.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker/test/container_release_image_test.go b/docker/test/container_release_image_test.go index e138cc32..9d4e127e 100644 --- a/docker/test/container_release_image_test.go +++ b/docker/test/container_release_image_test.go @@ -199,7 +199,6 @@ func startCommitterNodeWithReleaseImage(ctx context.Context, t *testing.T, param config: &container.Config{ Image: committerReleaseImage, Cmd: []string{ - "committer", fmt.Sprintf("start-%s", params.node), "--config", fmt.Sprintf("%s.yaml", configPath), @@ -245,7 +244,6 @@ func startLoadgenNodeWithReleaseImage( config: &container.Config{ Image: loadgenReleaseImage, Cmd: []string{ - params.node, "start", "--config", fmt.Sprintf("%s.yaml", configPath), From 9e15c6f149d565a86cfa71a57e85dc86355d398c Mon Sep 17 00:00:00 2001 From: pco Date: Tue, 23 Dec 2025 09:30:28 +0100 Subject: [PATCH 11/15] run container as host user Signed-off-by: pco --- docker/test/container_release_image_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker/test/container_release_image_test.go b/docker/test/container_release_image_test.go index 9d4e127e..fcca8857 100644 --- a/docker/test/container_release_image_test.go +++ b/docker/test/container_release_image_test.go @@ -204,6 +204,7 @@ func startCommitterNodeWithReleaseImage(ctx context.Context, t *testing.T, param fmt.Sprintf("%s.yaml", configPath), }, Hostname: params.node, + User: fmt.Sprintf("%d:%d", os.Getuid(), os.Getgid()), Env: []string{ "SC_COORDINATOR_SERVER_TLS_MODE=" + params.tlsMode, "SC_COORDINATOR_VERIFIER_TLS_MODE=" + params.tlsMode, @@ -249,6 +250,7 @@ func startLoadgenNodeWithReleaseImage( fmt.Sprintf("%s.yaml", configPath), }, Hostname: params.node, + User: fmt.Sprintf("%d:%d", os.Getuid(), os.Getgid()), ExposedPorts: nat.PortSet{ loadGenMetricsPort + "/tcp": {}, }, From a47956492663f7dc1049296422d783a2cb935590 Mon Sep 17 00:00:00 2001 From: pco Date: Tue, 23 Dec 2025 10:34:43 +0100 Subject: [PATCH 12/15] adding logs for debugging Signed-off-by: pco --- .github/workflows/ci.yml | 11 ++++++++--- docker/test/container_release_image_test.go | 8 ++++++-- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e5f5f00a..979b9638 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,15 +6,14 @@ name: CI on: push: - branches: [ "**" ] + branches: ["**"] pull_request: - branches: [ "**" ] + branches: ["**"] env: DB_DEPLOYMENT: local jobs: - lint: name: Lint and Build runs-on: ubuntu-latest @@ -37,6 +36,12 @@ jobs: # Fetch main to only show new lint issues. git fetch -u origin main:main make lint + # (TODO remove) Debug statements + echo "DEBUG STATEMENTS" + id -u + id -g + ls -la cmd/config/samples + echo "DONE DEBUG STATEMENTS" - name: Build run: make build diff --git a/docker/test/container_release_image_test.go b/docker/test/container_release_image_test.go index fcca8857..0f91bfdc 100644 --- a/docker/test/container_release_image_test.go +++ b/docker/test/container_release_image_test.go @@ -195,6 +195,8 @@ func startCommitterNodeWithReleaseImage(ctx context.Context, t *testing.T, param t.Helper() configPath := filepath.Join(containerConfigPath, params.node) + containerUser := fmt.Sprintf("%d:%d", os.Getuid(), os.Getgid()) + t.Logf("Starting %s as container with user %s.\n", committerReleaseImage, containerUser) createAndStartContainerAndItsLogs(ctx, t, createAndStartContainerParameters{ config: &container.Config{ Image: committerReleaseImage, @@ -204,7 +206,7 @@ func startCommitterNodeWithReleaseImage(ctx context.Context, t *testing.T, param fmt.Sprintf("%s.yaml", configPath), }, Hostname: params.node, - User: fmt.Sprintf("%d:%d", os.Getuid(), os.Getgid()), + User: containerUser, Env: []string{ "SC_COORDINATOR_SERVER_TLS_MODE=" + params.tlsMode, "SC_COORDINATOR_VERIFIER_TLS_MODE=" + params.tlsMode, @@ -241,6 +243,8 @@ func startLoadgenNodeWithReleaseImage( t.Helper() configPath := filepath.Join(containerConfigPath, params.node) + containerUser := fmt.Sprintf("%d:%d", os.Getuid(), os.Getgid()) + t.Logf("Starting %s as container with user %s.\n", loadgenReleaseImage, containerUser) createAndStartContainerAndItsLogs(ctx, t, createAndStartContainerParameters{ config: &container.Config{ Image: loadgenReleaseImage, @@ -250,7 +254,7 @@ func startLoadgenNodeWithReleaseImage( fmt.Sprintf("%s.yaml", configPath), }, Hostname: params.node, - User: fmt.Sprintf("%d:%d", os.Getuid(), os.Getgid()), + User: containerUser, ExposedPorts: nat.PortSet{ loadGenMetricsPort + "/tcp": {}, }, From 49586b740aa3c1f407aaedca010a41484dc6703c Mon Sep 17 00:00:00 2001 From: pco Date: Tue, 23 Dec 2025 10:48:36 +0100 Subject: [PATCH 13/15] run containers with root user to access config under `/root/config` Signed-off-by: pco --- docker/test/container_release_image_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/test/container_release_image_test.go b/docker/test/container_release_image_test.go index 0f91bfdc..e2cb778a 100644 --- a/docker/test/container_release_image_test.go +++ b/docker/test/container_release_image_test.go @@ -195,7 +195,7 @@ func startCommitterNodeWithReleaseImage(ctx context.Context, t *testing.T, param t.Helper() configPath := filepath.Join(containerConfigPath, params.node) - containerUser := fmt.Sprintf("%d:%d", os.Getuid(), os.Getgid()) + containerUser := "0:0" t.Logf("Starting %s as container with user %s.\n", committerReleaseImage, containerUser) createAndStartContainerAndItsLogs(ctx, t, createAndStartContainerParameters{ config: &container.Config{ @@ -243,7 +243,7 @@ func startLoadgenNodeWithReleaseImage( t.Helper() configPath := filepath.Join(containerConfigPath, params.node) - containerUser := fmt.Sprintf("%d:%d", os.Getuid(), os.Getgid()) + containerUser := "0:0" t.Logf("Starting %s as container with user %s.\n", loadgenReleaseImage, containerUser) createAndStartContainerAndItsLogs(ctx, t, createAndStartContainerParameters{ config: &container.Config{ From eb8c4fd2f9dd3d210ee8e1e492f1bd2525c401d7 Mon Sep 17 00:00:00 2001 From: pco Date: Tue, 23 Dec 2025 10:49:38 +0100 Subject: [PATCH 14/15] removed debug logs Signed-off-by: pco --- .github/workflows/ci.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 979b9638..8fe8d030 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,12 +36,6 @@ jobs: # Fetch main to only show new lint issues. git fetch -u origin main:main make lint - # (TODO remove) Debug statements - echo "DEBUG STATEMENTS" - id -u - id -g - ls -la cmd/config/samples - echo "DONE DEBUG STATEMENTS" - name: Build run: make build From 370b548f045554252a7a43032026b7d2a9edaeb2 Mon Sep 17 00:00:00 2001 From: pco Date: Fri, 9 Jan 2026 16:12:25 +0100 Subject: [PATCH 15/15] use same labels as Hyperledger-Fabric Signed-off-by: pco --- .github/workflows/docker-release.yml | 10 +++++++++- docker/images/release/Dockerfile | 19 +++++++++++++------ docker/images/test_node/Dockerfile | 15 +++++++++------ scripts/build-release-image.sh | 2 ++ 4 files changed, 33 insertions(+), 13 deletions(-) diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml index 89cab10b..30fc66bc 100644 --- a/.github/workflows/docker-release.yml +++ b/.github/workflows/docker-release.yml @@ -63,8 +63,10 @@ jobs: - name: Build cross-architecture binaries run: make build-arch build-test-genesis-block - - name: Set image prefix + - name: Set image build prefix and metadata run: | + echo "CREATED=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_ENV + echo "REVISION=$(git rev-parse HEAD)" >> $GITHUB_ENV if [ "$GITHUB_REPOSITORY_OWNER" == "hyperledger" ]; then echo "IMAGE_PREFIX=hyperledger" >> $GITHUB_ENV else @@ -89,6 +91,8 @@ jobs: ARCHBIN_PATH=archbin PORTS=4001 2114 9001 2119 5001 2115 6001 2116 7001 2117 VERSION=${{ env.VERSION }} + CREATED=${{ env.CREATED }} + REVISION=${{ env.REVISION }} cache-from: type=registry,ref=docker.io/${{ env.IMAGE_PREFIX }}/fabric-x-committer:buildcache cache-to: type=registry,ref=docker.io/${{ env.IMAGE_PREFIX }}/fabric-x-committer:buildcache,mode=max @@ -109,6 +113,8 @@ jobs: ARCHBIN_PATH=archbin PORTS=8001 2118 VERSION=${{ env.VERSION }} + CREATED=${{ env.CREATED }} + REVISION=${{ env.REVISION }} cache-from: type=registry,ref=docker.io/${{ env.IMAGE_PREFIX }}/fabric-x-loadgen:buildcache cache-to: type=registry,ref=docker.io/${{ env.IMAGE_PREFIX }}/fabric-x-loadgen:buildcache,mode=max @@ -127,5 +133,7 @@ jobs: build-args: | ARCHBIN_PATH=archbin VERSION=${{ env.VERSION }} + CREATED=${{ env.CREATED }} + REVISION=${{ env.REVISION }} cache-from: type=registry,ref=docker.io/${{ env.IMAGE_PREFIX }}/fabric-x-committer-test-node:buildcache cache-to: type=registry,ref=docker.io/${{ env.IMAGE_PREFIX }}/fabric-x-committer-test-node:buildcache,mode=max diff --git a/docker/images/release/Dockerfile b/docker/images/release/Dockerfile index 32821cda..0660bf38 100644 --- a/docker/images/release/Dockerfile +++ b/docker/images/release/Dockerfile @@ -14,7 +14,11 @@ ARG ARCHBIN_PATH ARG TARGETOS ARG TARGETARCH ARG PORTS + +# Label args ARG VERSION=1.0 +ARG CREATED +ARG REVISION=1.0 # Add non-root user (10001) using BIN argument RUN /usr/sbin/useradd -u 10001 -r -g root -s /sbin/nologin -c "Hyperledger Fabric-X ${BIN} user" ${BIN} && \ @@ -33,12 +37,15 @@ RUN ln -s /bin/${BIN} /bin/entrypoint EXPOSE ${PORTS} # OCI metadata labels -LABEL name="${BIN}" \ - maintainer="IBM Research ZRL Decentralized Trust Group" \ - version="${VERSION}" \ - description="Hyperledger Fabric-X ${BIN} packaged in a UBI image" \ - license="Apache-2.0" \ - vendor="IBM" +LABEL org.opencontainers.image.created="${CREATED}" \ + org.opencontainers.image.description="Hyperledger Fabric-X ${BIN} packaged in a UBI image." \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="ubi9/ubi-minimal" \ + org.opencontainers.image.revision="${REVISION}" \ + org.opencontainers.image.source="https://github.com/hyperledger/fabric-x-committer" \ + org.opencontainers.image.title="fabric-x-${BIN}" \ + org.opencontainers.image.url="https://github.com/hyperledger/fabric-x-committer" \ + org.opencontainers.image.version="${VERSION}" # Use non-root user and set workdir using BIN argument USER 10001 diff --git a/docker/images/test_node/Dockerfile b/docker/images/test_node/Dockerfile index aaee4e36..79b56cf4 100644 --- a/docker/images/test_node/Dockerfile +++ b/docker/images/test_node/Dockerfile @@ -43,12 +43,15 @@ RUN chmod a+x ${BINS_PATH}/* EXPOSE 7050 4001 2114 7001 2117 2110 # OCI metadata labels -LABEL name="fabric-x-committer-test-node" \ - maintainer="IBM Research Decentralized Trust Group" \ - version="${VERSION}" \ - description="Preconfigured Hyperledger Fabric-X Committer Node" \ - license="Apache-2.0" \ - vendor="IBM" +LABEL org.opencontainers.image.created="${CREATED}" \ + org.opencontainers.image.description="Hyperledger Fabric-X Committer Test Node." \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="postgres" \ + org.opencontainers.image.revision="${REVISION}" \ + org.opencontainers.image.source="https://github.com/hyperledger/fabric-x-committer" \ + org.opencontainers.image.title="fabric-x-committer-test-node" \ + org.opencontainers.image.url="https://github.com/hyperledger/fabric-x-committer" \ + org.opencontainers.image.version="${VERSION}" # Default CMD CMD ["run"] diff --git a/scripts/build-release-image.sh b/scripts/build-release-image.sh index 21e6844e..dd8b9dee 100755 --- a/scripts/build-release-image.sh +++ b/scripts/build-release-image.sh @@ -26,6 +26,8 @@ function build_image() { --build-arg PORTS="${service_ports}" --build-arg ARCHBIN_PATH="${arch_bin_dir}" --build-arg VERSION="${version}" + --build-arg CREATED="$(date -u +%Y-%m-%dT%H:%M:%SZ)" + --build-arg REVISION="$(git rev-parse HEAD)" ) if [ "${multiplatform}" = true ]; then