diff --git a/.github/workflows/docker-images.yml b/.github/workflows/docker-images.yml new file mode 100644 index 0000000..9a87127 --- /dev/null +++ b/.github/workflows/docker-images.yml @@ -0,0 +1,17 @@ +name: Docker Images + +on: + push: + branches: + - main + pull_request: + workflow_dispatch: + +jobs: + docker-l1: + uses: ./.github/workflows/docker.yml + with: + images: ghcr.io/espressosystems/geth-l1 + context: ./ + dockerfile: ./Dockerfile.l1 + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000..04c7b5e --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,52 @@ +name: Espresso Docker + +on: + workflow_call: + inputs: + images: + required: true + type: string + context: + required: true + type: string + dockerfile: + required: true + type: string + +jobs: + build_and_push_docker_image: + name: Push Docker image to ghcr + runs-on: ubuntu-latest + steps: + - name: Check out the repo + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to Github Container Repo + uses: docker/login-action@v2 + if: github.event_name != 'pull_request' + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Generate docker metadata + uses: docker/metadata-action@v4 + id: metadata + with: + images: ${{ inputs.images }} + + - name: Build and push docker + uses: docker/build-push-action@v4 + with: + context: ${{ inputs.context }} + file: ${{ inputs.dockerfile }} + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.metadata.outputs.tags }} + labels: ${{ steps.metadata.outputs.labels }} + platforms: linux/amd64,arm64 diff --git a/Dockerfile.l1 b/Dockerfile.l1 new file mode 100644 index 0000000..f31d252 --- /dev/null +++ b/Dockerfile.l1 @@ -0,0 +1,9 @@ +FROM ethereum/client-go:v1.13.0 + +RUN apk add --no-cache jq + +COPY entrypoint-l1.sh /entrypoint.sh + +VOLUME ["/db"] + +ENTRYPOINT ["/bin/sh", "/entrypoint.sh"] diff --git a/entrypoint-l1.sh b/entrypoint-l1.sh new file mode 100644 index 0000000..4057600 --- /dev/null +++ b/entrypoint-l1.sh @@ -0,0 +1,72 @@ +#!/bin/sh +set -exu + +VERBOSITY=${GETH_VERBOSITY:-3} +GETH_DATA_DIR=/db +GETH_CHAINDATA_DIR="$GETH_DATA_DIR/geth/chaindata" +GETH_KEYSTORE_DIR="$GETH_DATA_DIR/keystore" +GENESIS_FILE_PATH="${GENESIS_FILE_PATH:-/genesis.json}" +CHAIN_ID=$(cat "$GENESIS_FILE_PATH" | jq -r .config.chainId) +BLOCK_SIGNER_PRIVATE_KEY="ac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" +BLOCK_SIGNER_ADDRESS="0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266" +RPC_PORT="${RPC_PORT:-8545}" +WS_PORT="${WS_PORT:-8546}" + +if [ ! -d "$GETH_KEYSTORE_DIR" ]; then + echo "$GETH_KEYSTORE_DIR missing, running account import" + echo -n "pwd" > "$GETH_DATA_DIR"/password + echo -n "$BLOCK_SIGNER_PRIVATE_KEY" | sed 's/0x//' > "$GETH_DATA_DIR"/block-signer-key + geth account import \ + --datadir="$GETH_DATA_DIR" \ + --password="$GETH_DATA_DIR"/password \ + "$GETH_DATA_DIR"/block-signer-key +else + echo "$GETH_KEYSTORE_DIR exists." +fi + +if [ ! -d "$GETH_CHAINDATA_DIR" ]; then + echo "$GETH_CHAINDATA_DIR missing, running init" + echo "Initializing genesis." + geth --verbosity="$VERBOSITY" init \ + --datadir="$GETH_DATA_DIR" \ + "$GENESIS_FILE_PATH" +else + echo "$GETH_CHAINDATA_DIR exists." +fi + +# Warning: Archive mode is required, otherwise old trie nodes will be +# pruned within minutes of starting the devnet. + +exec geth \ + --datadir="$GETH_DATA_DIR" \ + --verbosity="$VERBOSITY" \ + --http \ + --http.corsdomain="*" \ + --http.vhosts="*" \ + --http.addr=0.0.0.0 \ + --http.port="$RPC_PORT" \ + --http.api=web3,debug,eth,txpool,net,engine \ + --ws \ + --ws.addr=0.0.0.0 \ + --ws.port="$WS_PORT" \ + --ws.origins="*" \ + --ws.api=debug,eth,txpool,net,engine \ + --syncmode=full \ + --nodiscover \ + --maxpeers=1 \ + --networkid=$CHAIN_ID \ + --unlock=$BLOCK_SIGNER_ADDRESS \ + --mine \ + --miner.etherbase=$BLOCK_SIGNER_ADDRESS \ + --password="$GETH_DATA_DIR"/password \ + --allow-insecure-unlock \ + --rpc.allow-unprotected-txs \ + --authrpc.addr="0.0.0.0" \ + --authrpc.port="8551" \ + --authrpc.vhosts="*" \ + --authrpc.jwtsecret=/config/jwt-secret.txt \ + --gcmode=archive \ + --metrics \ + --metrics.addr=0.0.0.0 \ + --metrics.port=6060 \ + "$@"