This repository has been archived by the owner on Dec 8, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: add Dockerfile and docker-compose file
uses cabal, the IOHK libsodium fork, includes the schema at build-time. Implements Docker secrets for passing in the credentials, and creates a cross-container pgpass file in the entrypoing. This can also accept ENVs. WIP
- Loading branch information
Showing
7 changed files
with
173 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Dockerfile |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
ARG UBUNTU_VERSION=20.04 | ||
FROM ubuntu:${UBUNTU_VERSION} as haskell-builder | ||
ARG CABAL_VERSION=3.2.0.0 | ||
ARG GHC_VERSION=8.6.5 | ||
ARG IOHK_LIBSODIUM_GIT_REV=66f017f16633f2060db25e17c170c2afa0f2a8a1 | ||
ENV DEBIAN_FRONTEND=nonintercative | ||
RUN mkdir -p /app/src | ||
WORKDIR /app | ||
RUN apt-get update -y && apt-get install -y \ | ||
automake=1:1.16.1-4ubuntu6 \ | ||
build-essential \ | ||
g++=4:9.3.0-1ubuntu2 \ | ||
git \ | ||
jq \ | ||
libffi-dev=3.3-4 \ | ||
libghc-postgresql-libpq-dev=0.9.4.2-1build1 \ | ||
libgmp-dev=2:6.2.0+dfsg-4 \ | ||
libncursesw5=6.2-0ubuntu2 \ | ||
libpq-dev=12.4-0ubuntu0.20.04.1 \ | ||
libssl-dev=1.1.1f-1ubuntu2 \ | ||
libsystemd-dev=245.4-4ubuntu3.2 \ | ||
libtinfo-dev=6.2-0ubuntu2 \ | ||
libtool=2.4.6-14 \ | ||
make \ | ||
pkg-config \ | ||
tmux \ | ||
wget \ | ||
zlib1g-dev=1:1.2.11.dfsg-2ubuntu1 | ||
RUN wget --secure-protocol=TLSv1_2 \ | ||
https://downloads.haskell.org/~cabal/cabal-install-${CABAL_VERSION}/cabal-install-${CABAL_VERSION}-x86_64-unknown-linux.tar.xz &&\ | ||
tar -xf cabal-install-${CABAL_VERSION}-x86_64-unknown-linux.tar.xz &&\ | ||
rm cabal-install-${CABAL_VERSION}-x86_64-unknown-linux.tar.xz cabal.sig &&\ | ||
mv cabal /usr/local/bin/ | ||
RUN cabal update | ||
WORKDIR /app/ghc | ||
RUN wget --secure-protocol=TLSv1_2 \ | ||
https://downloads.haskell.org/~ghc/${GHC_VERSION}/ghc-${GHC_VERSION}-x86_64-deb9-linux.tar.xz &&\ | ||
tar -xf ghc-${GHC_VERSION}-x86_64-deb9-linux.tar.xz &&\ | ||
rm ghc-${GHC_VERSION}-x86_64-deb9-linux.tar.xz | ||
WORKDIR /app/ghc/ghc-${GHC_VERSION} | ||
RUN ./configure && \ | ||
make install | ||
WORKDIR /app/src | ||
RUN git clone https://github.com/input-output-hk/libsodium.git &&\ | ||
cd libsodium &&\ | ||
git fetch --all --tags &&\ | ||
git checkout ${IOHK_LIBSODIUM_GIT_REV} | ||
WORKDIR /app/src/libsodium | ||
RUN ./autogen.sh && \ | ||
./configure && \ | ||
make && \ | ||
make install .. | ||
ENV LD_LIBRARY_PATH="/usr/local/lib:$LD_LIBRARY_PATH" | ||
ENV PKG_CONFIG_PATH="/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH" | ||
COPY . /app/src/smash | ||
WORKDIR /app/src/smash | ||
RUN cabal install smash \ | ||
--install-method=copy \ | ||
--installdir=/usr/local/bin | ||
# Cleanup for runtiume-base copy of /usr/local/lib | ||
RUN rm -rf /usr/local/lib/ghc-${GHC_VERSION} /usr/local/lib/pkgconfig | ||
|
||
FROM ubuntu:${UBUNTU_VERSION} | ||
RUN curl --proto '=https' --tlsv1.2 -sSf -L https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - | ||
RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list | ||
RUN apt-get update && apt-get install -y --no-install-recommends \ | ||
ca-certificates \ | ||
postgresql-client-12 | ||
COPY --from=haskell-builder /usr/local/lib /usr/local/lib | ||
COPY --from=haskell-builder /usr/local/bin/smash-exe /usr/local/bin/ | ||
COPY ./schema /schema | ||
COPY ./scripts/docker-entrypoint.sh /entrypoint.sh | ||
RUN mkdir /ipc | ||
EXPOSE 3100 | ||
ENTRYPOINT ["./entrypoint.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
smash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
notForProduction! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
postgres |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
version: "3.5" | ||
|
||
services: | ||
postgres: | ||
image: postgres:11.5-alpine | ||
environment: | ||
- POSTGRES_LOGGING=true | ||
- POSTGRES_DB_FILE=/run/secrets/postgres_db | ||
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password | ||
- POSTGRES_USER_FILE=/run/secrets/postgres_user | ||
volumes: | ||
- postgres:/var/lib/postgresql/data | ||
ports: | ||
- 5432:5432 | ||
restart: on-failure | ||
secrets: | ||
- postgres_password | ||
- postgres_user | ||
- postgres_db | ||
logging: | ||
driver: "json-file" | ||
options: | ||
max-size: "200k" | ||
max-file: "10" | ||
|
||
cardano-node: | ||
image: inputoutput/cardano-node:1.20.0 | ||
environment: | ||
- NETWORK=${NETWORK:-mainnet} | ||
volumes: | ||
- node-db:/data/db | ||
- node-ipc:/ipc | ||
restart: on-failure | ||
logging: | ||
driver: "json-file" | ||
options: | ||
max-size: "200k" | ||
max-file: "10" | ||
|
||
smash: | ||
build: . | ||
command: [ | ||
"run-app-with-db-sync", | ||
"--config", "/configuration/config.yaml", | ||
"--socket-path", "/node-ipc/node.socket" | ||
] | ||
environment: | ||
- POSTGRES_HOST=postgres | ||
- POSTGRES_PORT=5432 | ||
depends_on: | ||
- cardano-node | ||
- postgres | ||
volumes: | ||
- node-ipc:/node-ipc | ||
- ./config/${NETWORK:-mainnet}:/configuration | ||
This comment has been minimized.
Sorry, something went wrong. |
||
restart: on-failure | ||
secrets: | ||
- postgres_password | ||
- postgres_user | ||
- postgres_db | ||
logging: | ||
driver: "json-file" | ||
options: | ||
max-size: "200k" | ||
max-file: "10" | ||
|
||
secrets: | ||
postgres_db: | ||
file: ./config/secrets/postgres_db | ||
postgres_password: | ||
file: ./config/secrets/postgres_password | ||
postgres_user: | ||
file: ./config/secrets/postgres_user | ||
|
||
volumes: | ||
postgres: | ||
node-db: | ||
node-ipc: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
#!/usr/bin/env bash | ||
set -euo pipefail | ||
|
||
SECRET_DIR=${1:-/run/secrets} | ||
OUT_DIR=${2:-/configuration} | ||
SCHEMA_DIR=${3:-/schema} | ||
SMASHPGPASSFILE=${OUT_DIR}/pgpass | ||
|
||
POSTGRES_DB=''${POSTGRES_DB:-$(< ''${SECRET_DIR}/postgres_db)} | ||
POSTGRES_USER=''${POSTGRES_USER:-$(< ''${SECRET_DIR}/postgres_user)} | ||
POSTGRES_PASSWORD=''${POSTGRES_PASSWORD:-$(< ''${SECRET_DIR}/postgres_password)} | ||
echo ${POSTGRES_HOST}:${POSTGRES_PORT}:${POSTGRES_DB}:${POSTGRES_USER}:${POSTGRES_PASSWORD} > $SMASHPGPASSFILE | ||
chmod 0600 $SMASHPGPASSFILE | ||
export SMASHPGPASSFILE | ||
|
||
exec smash-exe --schema-dir ${SCHEMA_DIR} $@ |
@ksaric I've left this as a single mount as a suggestion to use a directory structure such as
./config/mainnet/config.yaml
, to avoid the need for single mapping of each file.