Custom solana-validator dockerfile, ci flow for building docker images

Author: scheibinger

.github/ci-scripts/create-image-matrix.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+set -x
+
+echo "$CHANGED_FILES"
+
+CHANGED_DIRS=$(
+  for FILE in ${CHANGED_FILES}
+  do
+    # Finds directories with "Dockerfile" files in them
+    # in directories that have changed
+    DIR=$(dirname "$FILE")
+    if [ "$DIR" != "." ]
+    then
+      find "$DIR" -type d -exec test -e '{}'/Dockerfile \;  -print | sed -e 's/^images\///'
+    fi
+  done | uniq | jq -c --slurp --raw-input 'split("\n")[:-1] | unique | { "image": . }'
+)
+
+echo "dirs=${CHANGED_DIRS}" >> "$GITHUB_OUTPUT"

.github/ci-scripts/test-create-image-matrix.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+set -x
+
+export CHANGED_FILES="README.md
+images/solana-validator/Dockerfile
+havoc/chaos_listener.go
+havoc/.gitignore
+havoc/utils.go"
+
+export GITHUB_OUTPUT="/dev/stdout"
+
+./.github/ci-scripts/create-image-matrix.sh

.github/workflows/images-pull-request.yaml

@@ -0,0 +1,64 @@
+name: pull-request
+on: pull_request
+
+jobs:
+  #  hadolint:
+  #    name: Lint Dockerfiles
+  #    runs-on: ubuntu-latest
+  #    steps:
+  #      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+  #      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf #v3.1.0
+  #        with:
+  #          recursive: true
+
+  chkmodified:
+    name: Check modified
+    runs-on: ubuntu-latest
+    outputs:
+      dockerfile_dirs: ${{ steps.list_dockerfile_dirs.outputs.dirs }}
+    steps:
+      - name: Checkout the repo
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+
+      - name: Get changed files
+        id: get_changed_files
+        uses: tj-actions/changed-files@0874344d6ebbaa00a27da73276ae7162fadcaf69 # v44.3.0
+        with:
+          fetch_depth: 1000
+
+      - name: List changed directories with Docker files
+        id: list_dockerfile_dirs
+        run: .github/ci-scripts/create-image-matrix.sh
+        env:
+          CHANGED_FILES: ${{ steps.get_changed_files.outputs.all_modified_files }}
+          ECR_REPO_TYPE: public
+
+  build-public:
+    needs: chkmodified
+    runs-on: ubuntu-latest
+    environment: ecr-prod-publish
+    permissions:
+      id-token: write
+      contents: read
+    strategy:
+      matrix: ${{ fromJson(needs.chkmodified.outputs.dockerfile_dirs) }}
+      fail-fast: false
+
+    steps:
+      - name: Build
+        uses: smartcontractkit/.github/actions/cicd-build-publish-docker@crib-626/multiplatform # v0.1.0
+        with:
+          # general inputs
+          ecr-repo-name: ${{ matrix.image }}
+          publish: 'false'
+          dockerfile: ./images/${{ matrix.image }}/Dockerfile
+          context: ./images/${{ matrix.image }}/
+          registry-type: 'public'
+          registry-alias: 'w0i8p0z9'
+          multi-platform: 'true'
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            type=sha,prefix=pr=,event=pr
+          # aws inputs
+          aws-role-arn: ${{ secrets.AWS_OIDC_PUBLISH_ECR_ROLE_ARN }}
+          aws-account-number: ${{ secrets.AWS_PROD_ACCOUNT_NUMBER }}

images/solana-validator/Dockerfile

@@ -0,0 +1,43 @@
+# Base image
+FROM debian:bookworm AS base
+
+ARG AGAVE_VERSION=2.0.24
+ARG RUST_VERSION=stable
+
+RUN rm /bin/sh && ln -s /bin/bash /bin/sh
+
+WORKDIR /app
+
+RUN mkdir -p "/app/bin"
+
+ENV PATH="/app/bin:${PATH}"
+
+# Builder image
+FROM base AS builder
+
+RUN apt update && \
+    apt-get install -y \
+    build-essential \
+    pkg-config \
+    protobuf-compiler \
+    clang cmake curl libudev-dev  && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --default-toolchain $RUST_VERSION -y
+ENV PATH="/root/.cargo/bin:${PATH}"
+
+RUN curl https://codeload.github.com/anza-xyz/agave/tar.gz/refs/tags/v$AGAVE_VERSION | tar xvz
+RUN mv /app/agave-$AGAVE_VERSION /app/agave
+
+WORKDIR /app/agave
+RUN cargo build --bin solana-test-validator --release
+RUN cp target/release/solana-test-validator /app/bin/
+
+# Final app image
+FROM base AS final
+
+RUN apt update && \
+    apt-get install -y bzip2 && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY --from=builder /app/bin/* /app/bin

images/solana-validator/README.md

@@ -0,0 +1,8 @@
+# Solana validator
+
+Customized Solana validator image for testing, built from agave sources.
+
+## Why
+
+Agave doesn't provide arm64 images, this customized dockerfile supports both amd64 and arm64.
+Arm64 is required to test locally on MacBook Apple chips, as well as in AWS graviton instances.