-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dockerize snapshot upload #400
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
name: Snapshot Service Image | ||
|
||
# Cancel workflow if there is a new change to the branch. | ||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.ref }} | ||
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | ||
|
||
on: | ||
push: | ||
branches: [main] | ||
merge_group: | ||
pull_request: | ||
branches: [main] | ||
|
||
jobs: | ||
build-and-push-docker-image: | ||
name: Build images and push to GHCR | ||
runs-on: ubuntu-latest | ||
timeout-minutes: 30 | ||
steps: | ||
- name: List cached docker images | ||
run: docker image ls | ||
|
||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Login to Github Packages | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
# This step yields the following labels: | ||
# - date+sha, e.g. 2023-01-19-da4692d, | ||
# - latest, | ||
- name: Docker Meta | ||
id: meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
images: ghcr.io/chainsafe/forest-snapshot-service | ||
tags: | | ||
type=raw,value={{date 'YYYY-MM-DD'}}-{{sha}} | ||
type=raw,value=latest,enable={{is_default_branch}} | ||
|
||
- name: Build image and push to GitHub Container Registry | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: ./images/snapshot-service/ | ||
build-contexts: | | ||
common=./tf-managed/scripts/ | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
push: ${{ github.ref == 'refs/heads/main' }} | ||
|
||
- name: List docker images | ||
run: docker image ls |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
*.md |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# Snapshot service Dockerfile. | ||
# It is meant to produce a single snapshot of the given chain in the Filecoin network and upload it to S3 (preferably Cloudflare R2, it should work for other providers as well, but it wasn't tested). | ||
FROM docker:24 | ||
LABEL org.opencontainers.image.description "Forest snapshot service generator and uploader for Filecoin" | ||
|
||
RUN apk add --no-cache \ | ||
ruby=3.2.2-r1 \ | ||
ruby-dev=3.2.2-r1 \ | ||
docker=24.0.7-r0 \ | ||
aws-cli=2.13.25-r0 \ | ||
bash=5.2.21-r0 && \ | ||
gem install \ | ||
docker-api:1.28.0 \ | ||
slack-ruby-client:2.2 \ | ||
activesupport:7.0.8 | ||
|
||
COPY ./src /opt/snapshot-service | ||
|
||
# TODO: Change this once `sync-check` is fully-dockerized as well. | ||
# hadolint ignore=DL3022 | ||
COPY --from=common ruby_common /opt/snapshot-service/ruby_common | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. where is There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I see, it's from There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @hanabi1224 done. I had to drop |
||
|
||
WORKDIR /opt/snapshot-service | ||
|
||
CMD ["bash", "run.sh"] |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# Forest snapshot service | ||
|
||
This service serves as a Filecoin snapshot generator and uploader. Supported networks are [calibnet](https://docs.filecoin.io/networks/calibration) and [mainnet](https://docs.filecoin.io/networks/mainnet). All S3-compatible providers should work correctly, though it was tested exclusively on Cloudflare R2. | ||
|
||
## Building the image | ||
|
||
```bash | ||
docker build --build-context common=../../tf-managed/scripts/ -t <name>:<tag> . | ||
``` | ||
|
||
## Running the Forest snapshot service | ||
|
||
The container needs additional privileges and access to the docker socket to issue other `docker` commands. | ||
|
||
This command will generate a snapshot for the given network and upload it to an S3 bucket. | ||
```bash | ||
docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env-file <variable-file> --env NETWORK_CHAIN=<chain> ghcr.io/chainsafe/forest-snapshot-service:edge | ||
``` | ||
|
||
## Variables (all required) | ||
|
||
```bash | ||
# Details for the snapshot upload | ||
R2_ACCESS_KEY= | ||
R2_SECRET_KEY= | ||
R2_ENDPOINT= | ||
SNAPSHOT_BUCKET= | ||
|
||
# Details for the Slack notifications | ||
SLACK_API_TOKEN= | ||
SLACK_NOTIFICATION_CHANNEL= | ||
|
||
# Network chain - can be either `mainnet` or `calibnet` | ||
NETWORK_CHAIN= | ||
# Forest tag to use. `latest` is the newest stable version. | ||
# See [Forest packages](https://github.com/ChainSafe/forest/pkgs/container/forest) for more. | ||
FOREST_TAG= | ||
``` |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
#!/bin/bash | ||
|
||
set -euo pipefail | ||
|
||
# Assert that all required environment variables are set | ||
: "${R2_ACCESS_KEY:?}" | ||
: "${R2_SECRET_KEY:?}" | ||
: "${R2_ENDPOINT:?}" | ||
: "${SNAPSHOT_BUCKET:?}" | ||
: "${SLACK_API_TOKEN:?}" | ||
: "${SLACK_NOTIFICATION_CHANNEL:?}" | ||
: "${NETWORK_CHAIN:?}" | ||
: "${FOREST_TAG:?}" | ||
|
||
aws configure set default.s3.multipart_chunksize 4GB | ||
aws configure set aws_access_key_id "$R2_ACCESS_KEY" | ||
aws configure set aws_secret_access_key "$R2_SECRET_KEY" | ||
|
||
ruby daily_snapshot.rb "$NETWORK_CHAIN" |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,5 @@ | ||
#!/bin/bash | ||
|
||
# shellcheck source=/dev/null | ||
source ~/.forest_env | ||
cd "$BASE_FOLDER" || exit | ||
flock -n /tmp/calibnet.lock -c "ruby daily_snapshot.rb calibnet >> logs/calibnet_log.txt 2>&1" | ||
cd "$HOME" || exit | ||
flock -n /tmp/calibnet.lock -c "docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env-file .forest_env -e NETWORK_CHAIN=calibnet ghcr.io/chainsafe/forest-snapshot-service:latest >> calibnet_log.txt 2>&1" |
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,5 @@ | ||
#!/bin/bash | ||
|
||
# shellcheck source=/dev/null | ||
source ~/.forest_env | ||
cd "$BASE_FOLDER" || exit | ||
flock -n /tmp/mainnet.lock -c "ruby daily_snapshot.rb mainnet > mainnet_log.txt 2>&1" || exit | ||
cd "$HOME" || exit | ||
flock -n /tmp/mainnet.lock -c "docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env-file .forest_env -e NETWORK_CHAIN=mainnet ghcr.io/chainsafe/forest-snapshot-service:latest >> mainnet_log.txt 2>&1" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe without
load: true
,docker image ls
steps won't list the output imageThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nvm it actually does. https://github.com/ChainSafe/forest-iac/actions/runs/7726607692/job/21063223556?pr=400#step:7:30