Add deterministic Docker build script
This commit is contained in:
parent
50cb553680
commit
bfefd585ae
45
Dockerfile
Normal file
45
Dockerfile
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
# Dockefile from https://notes.ethereum.org/@GW1ZUbNKR5iRjjKYx6_dJQ/Bk8zsJ9xj
|
||||||
|
# FROM node:20.18.0-bullseye-slim
|
||||||
|
FROM node@sha256:9b558df8f10198fcd1f48cf344c55c4442c3446b8a9a69487523b3d890a4a59e
|
||||||
|
|
||||||
|
# install wget, git and necessary certificates so we can install IPFS below
|
||||||
|
RUN apt update && apt install --yes --no-install-recommends wget git apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
# install IPFS
|
||||||
|
WORKDIR /home/root
|
||||||
|
RUN wget -qO - https://dist.ipfs.tech/kubo/v0.31.0/kubo_v0.31.0_linux-amd64.tar.gz | tar -xvzf - \
|
||||||
|
&& cd kubo \
|
||||||
|
&& ./install.sh \
|
||||||
|
&& cd .. \
|
||||||
|
&& rm -rf kubo
|
||||||
|
RUN ipfs init
|
||||||
|
|
||||||
|
ENV GIT_REPOSITORY=https://git.tornado.ws/tornadocontrib/tornado-withdraw.git
|
||||||
|
# From development branch, double check with tornado.ws
|
||||||
|
ENV GIT_COMMIT_HASH=50cb55368083f1fe8f2fb2b39d473132a8da3c7f
|
||||||
|
|
||||||
|
# clone the repository
|
||||||
|
RUN mkdir /app/
|
||||||
|
|
||||||
|
WORKDIR /app
|
||||||
|
|
||||||
|
# Simple hack to fetch only commit and nothing more (no need to download 1GB sized repo, only 100MB would be enough)
|
||||||
|
RUN git init && \
|
||||||
|
git remote add origin $GIT_REPOSITORY && \
|
||||||
|
git fetch --depth 1 origin $GIT_COMMIT_HASH && \
|
||||||
|
git checkout $GIT_COMMIT_HASH
|
||||||
|
|
||||||
|
# install, build and prep for deployment
|
||||||
|
RUN yarn install --frozen-lockfile --ignore-scripts
|
||||||
|
RUN yarn update
|
||||||
|
|
||||||
|
# add the build output to IPFS and write the hash to a file
|
||||||
|
RUN ipfs add --cid-version 1 --quieter --only-hash --recursive --ignore-rules-path .gitignore /app > /ipfs_hash.txt
|
||||||
|
# print the hash for good measure in case someone is looking at the build logs
|
||||||
|
RUN cat /ipfs_hash.txt
|
||||||
|
|
||||||
|
# this entrypoint file will execute `ipfs add` of the build output to the docker host's IPFS API endpoint, so we can easily extract the IPFS build out of the docker image
|
||||||
|
RUN printf '#!/bin/sh\nipfs --api /ip4/`getent ahostsv4 host.docker.internal | grep STREAM | head -n 1 | cut -d \ -f 1`/tcp/5001 add --cid-version 1 -r --ignore-rules-path .gitignore /app' >> /entrypoint.sh
|
||||||
|
RUN chmod u+x /entrypoint.sh
|
||||||
|
|
||||||
|
ENTRYPOINT [ "/entrypoint.sh" ]
|
@ -8,7 +8,10 @@
|
|||||||
"dev": "npx http-server --cors .",
|
"dev": "npx http-server --cors .",
|
||||||
"update": "ts-node scripts/update.ts",
|
"update": "ts-node scripts/update.ts",
|
||||||
"sass": "sass static/bootstrap.scss static/bootstrap.css",
|
"sass": "sass static/bootstrap.scss static/bootstrap.css",
|
||||||
"sass:watch": "yarn sass --watch"
|
"sass:watch": "yarn sass --watch",
|
||||||
|
"ipfs:build": "docker build -t tornado-withdraw .",
|
||||||
|
"ipfs:hash": "docker container run --rm -it --entrypoint cat tornado-withdraw /ipfs_hash.txt",
|
||||||
|
"ipfs:add": "docker container run --rm tornado-withdraw"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@tornado/core": "git+https://git.tornado.ws/tornadocontrib/tornado-core.git#88b6e20aa18e8351464f68e5df3ae03f3b0f82f9",
|
"@tornado/core": "git+https://git.tornado.ws/tornadocontrib/tornado-core.git#88b6e20aa18e8351464f68e5df3ae03f3b0f82f9",
|
||||||
|
Loading…
Reference in New Issue
Block a user