From bea835706cbaf6015bdfadb2774b81b1d46599ab Mon Sep 17 00:00:00 2001
From: illuminatus <trevor.benson@gmail.com>
Date: Mon, 15 Apr 2024 16:39:40 -0700
Subject: [PATCH] Container supports UPDATE_CHECK (#1754)

Implements the UPDATE_CHECK logic for containers.

* Containers are now built with static versions of the configuration
files, by default they should always start and work with the built in
configs for any network.
* To restore the original behavior and update configs and scripts from
cardano-community master branch every time the container starts set the
`UPDATE_CHECK=Y` environment variable for the container.

closes #1750
---
 docs/docker/tips.md                    | 45 +++++++++++++++++++++++++-
 files/docker/node/addons/entrypoint.sh | 35 +++++++-------------
 files/docker/node/dockerfile_bin       | 20 +++++++++---
 3 files changed, 71 insertions(+), 29 deletions(-)

diff --git a/docs/docker/tips.md b/docs/docker/tips.md
index d3fc30a5d..8ef750740 100644
--- a/docs/docker/tips.md
+++ b/docs/docker/tips.md
@@ -79,4 +79,47 @@ backup directory is smaller than the db directory.
 
 When the container is started with the **ENABLE_RESTORE** environment variable set to **Y** the container will automatically restore
 the latest backup from the `/opt/cardano/cnode/backup/$NETWORK-db` directory. The database will be restored when the container is started
-and if the backup directory is larger than the db directory.
\ No newline at end of file
+and if the backup directory is larger than the db directory.
+
+### Configuration Update Check Functionality
+
+The container now includes a static copy of each network's configuration files (Mainnet, Preprod, Preview, Sanchonet,
+and Guild networks). The `NETWORK` environment variable passed into the container determines which configuration files
+are copied into `$CNODE_HOME/files`.
+
+The `UPDATE_CHECK` environment variable controls whether the container updates these configuration files from GitHub
+before starting. By default, the container has the environment variable set to `UPDATE_CHECK=N`, meaning the container
+uses the configuration files it was built with. This can be overriden either persistently or dynamically.
+
+#### Persistently updating configuration files
+
+To always update the configuration files from GitHub, set the `UPDATE_CHECK` environment variable when creating the
+container by using the `--env` option, for example `--env UPDATE_CHECK=Y`.
+
+To always update the configuration files from a specific GitHub account, set the `G_ACCOUNT` environment variable when
+creating the container by using the `--env` option, for example `--env G_ACCOUNT=gh-fork-user`.
+
+[!NOTE]
+There is no way to change the environment variable of an already running container. To rollback the configuration files and scripts stop and remove the container and start it without setting the environment variable.
+
+#### Dynamically updating configuration files
+
+Set an environment file during create/run using `--env-file=file`, for example `--env-file=/opt/cardano/cnode/.env`.
+
+* When `UPDATE_CHECK` is not defined in the environment file, the container will use the built-in configs.
+* When `UPDATE_CHECK=Y` is defined in the environment file the container will update configs and scripts from the
+  `cardano-community` GitHub repository.
+  * When `G_ACCOUNT` is defined in the environment file, the container will update configs and scripts from the GitHub
+  repository of the specified account.
+
+To rollback the configuration files to the built-in versions, remove the `UPDATE_CHECK=Y` or set it to `UPDATE_CHECK=N` in the environment file. The static configuration files in the container will be used, however the scripts will remain updated. If you want both the configuration files and scripts to be rolled back, you will need to stop and remove the container and create a new one.
+
+### Building Images from Forked Repositories
+
+Run the **Docker Image** GitHub Action to build and push images to the `ghcr.io` registry.
+
+* The `G_ACCOUNT` will be inherited from the `GITHUB_REPOSITORY_OWNER`.
+  * It will be all lowercase so it matches container image name requirements.
+* All images not from **master** branch or when **Testing workflow** is checked will be pushed to `ghcr.io`.
+* Images from the master branch will also be pushed to the `ghcr.io` registry as long as the **Testing workflow**
+remains checked.
diff --git a/files/docker/node/addons/entrypoint.sh b/files/docker/node/addons/entrypoint.sh
index 8247eac40..e338c0f0a 100755
--- a/files/docker/node/addons/entrypoint.sh
+++ b/files/docker/node/addons/entrypoint.sh
@@ -42,33 +42,22 @@ find /opt/cardano/cnode/files -name "*config*.json" -print0 | xargs -0 sed -i 's
 return 0
 }
 
-export UPDATE_CHECK='N'
+load_configs () {
+  cp -rf /conf/"${NETWORK}"/* "$CNODE_HOME"/files/
+}
 
-if [[ "$NETWORK" == "mainnet" ]]; then
-  $CNODE_HOME/scripts/guild-deploy.sh -n mainnet -u -s f > /dev/null 2>&1 \
-  && customise \
-  && exec $CNODE_HOME/scripts/cnode.sh
-elif [[ "$NETWORK" == "preprod" ]]; then
-  $CNODE_HOME/scripts/guild-deploy.sh -n preprod -u -s f > /dev/null 2>&1 \
-  && customise \
-  && exec $CNODE_HOME/scripts/cnode.sh
-elif [[ "$NETWORK" == "preview" ]]; then
-  $CNODE_HOME/scripts/guild-deploy.sh -n preview -u -s f > /dev/null 2>&1 \
-  && customise \
-  && exec $CNODE_HOME/scripts/cnode.sh
-elif [[ "$NETWORK" == "guild-mainnet" ]]; then
-  $CNODE_HOME/scripts/guild-deploy.sh -n mainnet -u -s f > /dev/null 2>&1 \
-  && bash /home/guild/.scripts/guild-topology.sh > /dev/null 2>&1 \
-  && export TOPOLOGY="${CNODE_HOME}/files/guildnet-topology.json" \
-  && customise \
-  && exec $CNODE_HOME/scripts/cnode.sh
-elif [[ "$NETWORK" == "guild" ]]; then
-  $CNODE_HOME/scripts/guild-deploy.sh -n guild -u -s f > /dev/null 2>&1 \
-  && customise \
-  && exec $CNODE_HOME/scripts/cnode.sh
+if [[ -n "${NETWORK}" ]] ; then
+  if [[ "${UPDATE_CHECK}" == "Y" ]] ; then
+    "$CNODE_HOME"/scripts/guild-deploy.sh -n "$NETWORK" -u -s f > /dev/null 2>&1
+  else
+    load_configs
+  fi
 else
   echo "Please set a NETWORK environment variable to one of: mainnet / preview / preprod / guild-mainnet / guild"
   echo "mount a '$CNODE_HOME/priv/files' volume containing: mainnet-config.json, mainnet-shelley-genesis.json, mainnet-byron-genesis.json, and mainnet-topology.json "
   echo "for active nodes set POOL_DIR environment variable where op.cert, hot.skey and vrf.skey files reside. (usually under '${CNODE_HOME}/priv/pool/$POOL_NAME' ) "
   echo "or just set POOL_NAME environment variable (for default path). "
 fi
+
+customise \
+&& exec "$CNODE_HOME"/scripts/cnode.sh
\ No newline at end of file
diff --git a/files/docker/node/dockerfile_bin b/files/docker/node/dockerfile_bin
index 2cd2ff03a..a0e549747 100644
--- a/files/docker/node/dockerfile_bin
+++ b/files/docker/node/dockerfile_bin
@@ -19,10 +19,11 @@ ENV \
     CNODE_HOME=/opt/cardano/cnode \
     CARDANO_NODE_SOCKET_PATH=$CNODE_HOME/sockets/node.socket \
     PATH=/opt/cardano/cnode/scripts:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/home/guild/.local/bin \
-    GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
+    GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt \
+    UPDATE_CHECK=N
 
 RUN apt-get update && apt-get install --no-install-recommends -y locales apt-utils sudo \
-    && apt install -y curl wget gnupg git udev \
+    && apt install -y curl wget gnupg git udev jq \
     && apt-get -y purge \
     && apt-get -y clean \
     && apt-get -y autoremove \
@@ -69,12 +70,21 @@ RUN set -x && export SUDO='N' \
 
 # Add final tools in a separate layer to shrink the largest layer
 RUN apt-get update \
-    && apt-get install -y procps libcap2 libselinux1 libc6 libsodium-dev ncurses-bin iproute2 xz-utils netbase coreutils dnsutils net-tools procps tcptraceroute bc usbip sqlite3 python3 tmux jq ncurses-base libtool autoconf tcptraceroute util-linux less openssl bsdmainutils dialog vim \
+    && apt-get install -y procps libcap2 libselinux1 libc6 libsodium-dev ncurses-bin iproute2 xz-utils netbase coreutils dnsutils net-tools procps tcptraceroute bc usbip sqlite3 python3 tmux ncurses-base libtool autoconf tcptraceroute util-linux less openssl bsdmainutils dialog vim \
     && apt-get -y purge \
     && apt-get -y clean \
     && apt-get -y autoremove \
     && rm -rf /var/lib/apt/lists/*
 
+
+RUN bash -c 'networks=(guild mainnet preprod preview sanchonet); files=({alonzo,byron,conway,shelley}-genesis.json config.json db-sync-config.json topology.json); \
+    for network in "${networks[@]}"; do \
+        mkdir -pv /conf/${network} && \
+        for file in "${files[@]}"; do \
+            curl -s -o /conf/${network}/$file https://raw.githubusercontent.com/'${G_ACCOUNT}'/guild-operators/'${GUILD_DEPLOY_BRANCH}'/files/configs/${network}/${file}; \
+        done; \
+    done'
+
 USER guild
 WORKDIR /home/guild
 
@@ -99,8 +109,8 @@ ADD https://raw.githubusercontent.com/${G_ACCOUNT}/guild-operators/${GUILD_DEPLO
     https://raw.githubusercontent.com/${G_ACCOUNT}/guild-operators/${GUILD_DEPLOY_BRANCH}/scripts/cnode-helper-scripts/mithril-relay.sh /opt/cardano/cnode/scripts/
 ADD https://raw.githubusercontent.com/${G_ACCOUNT}/guild-operators/${GUILD_DEPLOY_BRANCH}/files/docker/node/addons/entrypoint.sh ./
 
-RUN sudo chmod a+rx /home/guild/.scripts/*.sh /opt/cardano/cnode/scripts/*.sh /home/guild/entrypoint.sh \
-    && sudo chown -R guild:guild /home/guild/.* $CNODE_HOME
+RUN sudo chmod -R a+rx /home/guild/.scripts/*.sh /opt/cardano/cnode/scripts/*.sh /home/guild/entrypoint.sh /conf \
+    && sudo chown -R guild:guild /home/guild/.* $CNODE_HOME /conf
 
 HEALTHCHECK --start-period=5m --interval=5m --timeout=100s CMD /home/guild/.scripts/healthcheck.sh