Add deterministic Docker build script

2024-11-11 10:32:19 +00:00 · 2024-11-11 10:32:19 +00:00 · bfefd585ae
commit bfefd585ae
parent 50cb553680
2 changed files with 49 additions and 1 deletions
--- a/45
+++ b/45
@ -0,0 +1,45 @@
+# Dockefile from https://notes.ethereum.org/@GW1ZUbNKR5iRjjKYx6_dJQ/Bk8zsJ9xj
+# FROM node:20.18.0-bullseye-slim
+FROM node@sha256:9b558df8f10198fcd1f48cf344c55c4442c3446b8a9a69487523b3d890a4a59e
+
+# install wget, git and necessary certificates so we can install IPFS below
+RUN apt update && apt install --yes --no-install-recommends wget git apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/*
+
+# install IPFS
+WORKDIR /home/root
+RUN wget -qO - https://dist.ipfs.tech/kubo/v0.31.0/kubo_v0.31.0_linux-amd64.tar.gz | tar -xvzf - \
+	&& cd kubo \
+	&& ./install.sh \
+	&& cd .. \
+	&& rm -rf kubo
+RUN ipfs init
+
+ENV GIT_REPOSITORY=https://git.tornado.ws/tornadocontrib/tornado-withdraw.git
+# From development branch, double check with tornado.ws
+ENV GIT_COMMIT_HASH=50cb55368083f1fe8f2fb2b39d473132a8da3c7f
+
+# clone the repository
+RUN mkdir /app/
+
+WORKDIR /app
+
+# Simple hack to fetch only commit and nothing more (no need to download 1GB sized repo, only 100MB would be enough)
+RUN git init && \
+  git remote add origin $GIT_REPOSITORY && \
+  git fetch --depth 1 origin $GIT_COMMIT_HASH && \
+  git checkout $GIT_COMMIT_HASH
+
+# install, build and prep for deployment
+RUN yarn install --frozen-lockfile --ignore-scripts
+RUN yarn update
+
+# add the build output to IPFS and write the hash to a file
+RUN ipfs add --cid-version 1 --quieter --only-hash --recursive --ignore-rules-path .gitignore /app > /ipfs_hash.txt
+# print the hash for good measure in case someone is looking at the build logs
+RUN cat /ipfs_hash.txt
+
+# this entrypoint file will execute `ipfs add` of the build output to the docker host's IPFS API endpoint, so we can easily extract the IPFS build out of the docker image
+RUN printf '#!/bin/sh\nipfs --api /ip4/`getent ahostsv4 host.docker.internal | grep STREAM | head -n 1 | cut -d \  -f 1`/tcp/5001 add --cid-version 1 -r --ignore-rules-path .gitignore /app' >> /entrypoint.sh
+RUN chmod u+x /entrypoint.sh
+
+ENTRYPOINT [ "/entrypoint.sh" ]
--- a/package.json
+++ b/package.json
@ -8,7 +8,10 @@
    "dev": "npx http-server --cors .",
    "update": "ts-node scripts/update.ts",
    "sass": "sass static/bootstrap.scss static/bootstrap.css",
-    "sass:watch": "yarn sass --watch"
+    "sass:watch": "yarn sass --watch",
+    "ipfs:build": "docker build -t tornado-withdraw .",
+    "ipfs:hash": "docker container run --rm -it --entrypoint cat tornado-withdraw /ipfs_hash.txt",
+    "ipfs:add": "docker container run --rm tornado-withdraw"
  },
  "devDependencies": {
    "@tornado/core": "git+https://git.tornado.ws/tornadocontrib/tornado-core.git#88b6e20aa18e8351464f68e5df3ae03f3b0f82f9",