Skip to content

Commit

Permalink
Testing for v0.21.0 Release candidate & Final (#42)
Browse files Browse the repository at this point in the history 
* Add 0.21 release candidate
* Fix version
* Remove tests temporarily so can see if this compiles on arm
* Add docker hub login info
* Fix up tagging
* Fix up sanity tests
* Switch everything back to be more consistent now that the release is out
* Update README with v0.21.0
  • Loading branch information
@nolim1t
nolim1t authored Jan 15, 2021
1 parent 12503b0 commit 1f38c4a
Show file tree
Hide file tree
Showing 3 changed files with 262 additions and 7 deletions.
18 changes: 14 additions & 4 deletions .github/workflows/single-test.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: Test build bitcoind on push to vX.Z-test branch

env:
APP: bitcoind
APP: nolim1t/bitcoind
ACTIONS_ALLOW_UNSECURE_COMMANDS: true

on:
Expand Down Expand Up @@ -40,7 +40,17 @@ jobs:
docker build "$MINOR/"
--build-arg "ARCH=${{ matrix.arch }}"
--build-arg "SOURCE=git"
--tag "$APP"
--tag "${APP}:${MINOR}-${{ matrix.arch }}"
- name: Push ${{ env.APP }} to docker hub
run: >
if [[ ! -z ${{ secrets.DOCKER_HUB_USER }} ]] && [[ ! -z ${{ secrets.DOCKER_USER }} ]] && [[ ! -z ${{ secrets.DOCKER_PASS }} ]]; then
echo "Pushing to docker hub if credentials exist"
echo ${{ secrets.DOCKER_PASS }} | docker login -u=${{ secrets.DOCKER_USER }} --password-stdin
docker push "${{ env.APP }}:${MINOR}-${{ matrix.arch }}"
else
echo "Not pushing to docker up as credentials don't exist"
fi
- name: Show built image details
run: docker images "$APP"
Expand All @@ -54,10 +64,10 @@ jobs:
ARGS=${*:-"--version"}
printf "\n$ %s %s\n" "$ENTRYPOINT" "$ARGS"
docker run --rm --entrypoint "$ENTRYPOINT" "$APP" $ARGS
docker run --rm --entrypoint "$ENTRYPOINT" "${APP}:${MINOR}-${{ matrix.arch }}" $ARGS
}
docker inspect "$APP" | jq '.'
docker inspect "${APP}:${MINOR}-${{ matrix.arch }}" | jq '.'
printf "\n"
run bitcoind | head -n 1
Expand Down
238 changes: 238 additions & 0 deletions 0.21/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,238 @@
# This Dockerfile builds Bitcoin Core and packages it into a minimal `final` image

# VERSION of Bitcoin Core to be build
# NOTE: Unlike our other images this one is NOT prefixed with `v`,
# as many things (like download URLs) use this form instead.
ARG VERSION=0.21.0


# CPU architecture to build binaries for
ARG ARCH

# Define default versions so that they don't have to be repeated throughout the file
ARG VER_ALPINE=3.12

# $USER name, and data $DIR to be used in the `final` image
ARG USER=bitcoind
ARG DIR=/data

# Choose where to get bitcoind sources from, options: release, git
# NOTE: Only `SOURCE=git` can be used for RC releases
ARG SOURCE=release

# Choose where to get BerkeleyDB from, options: prebuilt, compile
# NOTE: When compiled here total execution time exceeds allowed CI limits, so pre-built one is used by default
ARG BDB_SOURCE=prebuilt



#
## `preparer-base` installs dependencies needed by both ways of fetching the source,
# as well as imports GPG keys needed to verify authenticity of the source.
#
FROM alpine:${VER_ALPINE} AS preparer-base

# Make sure APKs are downloaded over SSL. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories

RUN apk add --no-cache gnupg

ENV KEYS 71A3B16735405025D447E8F274810B012346C9A6 01EA5486DE18A882D4C2684590C8019E36C2E964
RUN timeout 16s gpg --keyserver keyserver.ubuntu.com --recv-keys $KEYS

# Print imported keys, but also ensure there's no other keys in the system
RUN gpg --list-keys | tail -n +3 | tee /tmp/keys.txt && \
gpg --list-keys $KEYS | diff - /tmp/keys.txt



#
## Option #1: [default] Fetch bitcoind source from release tarballs
#
FROM preparer-base AS preparer-release

ARG VERSION

# Download checksums
ADD https://bitcoincore.org/bin/bitcoin-core-$VERSION/SHA256SUMS.asc ./

# Download source code (intentionally different website than checksums)
ADD https://bitcoin.org/bin/bitcoin-core-$VERSION/bitcoin-$VERSION.tar.gz ./

# Verify that hashes are signed with the previously imported key
RUN gpg --verify SHA256SUMS.asc

# Verify that downloaded source-code archive matches exactly the hash that's provided
RUN grep " bitcoin-$VERSION.tar.gz\$" SHA256SUMS.asc | sha256sum -c -

# Extract
RUN tar -xzf "bitcoin-$VERSION.tar.gz" && \
rm -f "bitcoin-$VERSION.tar.gz"



#
## Option #2: Fetch bitcoind source from GitHub
#
FROM preparer-base AS preparer-git

ARG VERSION

RUN apk add --no-cache git

# Fetch the source code at a specific TAG
RUN git clone -b "v$VERSION" --depth=1 https://github.com/bitcoin/bitcoin.git "/bitcoin-$VERSION/"

# Verify tag, and copy source code to predetermined location on success
RUN cd "/bitcoin-$VERSION/" && \
git verify-tag "v$VERSION"



#
## Alias to go around `COPY` not accepting ARGs in value passed to `--from=`
#
FROM preparer-${SOURCE} AS preparer



#
## `berkeleydb-prebuilt` downloads a pre-built BerkeleyDB to make sure
# the overall build time of this Dockerfile fits within CI limits.
#
FROM lncm/berkeleydb:v4.8.30.NC${ARCH:+-${ARCH}} AS berkeleydb-prebuilt

#
## `berkeleydb-compile` builds BerkeleyDB from source using script provided in bitcoind repo.
#
FROM alpine:${VER_ALPINE} AS berkeleydb-compile
# TODO: implement ^^
RUN echo "Not implemented" && exit 1


FROM berkeleydb-${BDB_SOURCE} AS berkeleydb



#
## `builder` builds Bitcoin Core regardless on how the source, and BDB code were obtained.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS builder

ARG VERSION
ARG SOURCE

# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories

RUN apk add --no-cache \
autoconf \
automake \
boost-dev \
build-base \
chrpath \
file \
libevent-dev \
libressl \
libtool \
linux-headers \
zeromq-dev

# Fetch pre-built berkeleydb
COPY --from=berkeleydb /opt/ /opt/

# Change to the extracted directory
WORKDIR /bitcoin-$VERSION/

# Copy bitcoin source (downloaded & verified in previous stages)
COPY --from=preparer /bitcoin-$VERSION/ ./

ENV BITCOIN_PREFIX /opt/bitcoin-$VERSION

RUN ./autogen.sh

# TODO: Try to optimize on passed params
RUN ./configure LDFLAGS=-L/opt/db4/lib/ CPPFLAGS=-I/opt/db4/include/ \
--prefix="$BITCOIN_PREFIX" \
--disable-man \
--disable-shared \
--disable-ccache \
--disable-tests \
--enable-static \
--enable-reduce-exports \
--without-gui \
--without-libs \
--with-utils \
--with-daemon

RUN make -j$(( $(nproc) + 1 )) check
RUN make install

# List installed binaries pre-strip & strip them
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN strip -v "$BITCOIN_PREFIX/bin/bitcoin"*

# List installed binaries post-strip & print their checksums
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN sha256sum "$BITCOIN_PREFIX/bin/bitcoin"*



#
## `final` aggregates build results from previous stages into a necessary minimum
# ready to be used, and published to Docker Hub.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS final

ARG VERSION
ARG USER
ARG DIR

LABEL maintainer="Damian Mee (@meeDamian)"

# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories

RUN apk add --no-cache \
boost-filesystem \
boost-thread \
libevent \
libsodium \
libstdc++ \
libzmq

COPY --from=builder /opt/bitcoin-$VERSION/bin/bitcoin* /usr/local/bin/

# NOTE: Default GID == UID == 1000
RUN adduser --disabled-password \
--home "$DIR/" \
--gecos "" \
"$USER"

USER $USER

# Prevents `VOLUME $DIR/.bitcoind/` being created as owned by `root`
RUN mkdir -p "$DIR/.bitcoin/"

# Expose volume containing all `bitcoind` data
VOLUME $DIR/.bitcoin/

# REST interface
EXPOSE 8080

# P2P network (mainnet, testnet & regnet respectively)
EXPOSE 8333 18333 18444

# RPC interface (mainnet, testnet & regnet respectively)
EXPOSE 8332 18332 18443

# ZMQ ports (for transactions & blocks respectively)
EXPOSE 28332 28333

ENTRYPOINT ["bitcoind"]

CMD ["-zmqpubrawblock=tcp://0.0.0.0:28332", "-zmqpubrawtx=tcp://0.0.0.0:28333"]
13 changes: 10 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ This repo builds [`bitcoind`] in an [auditable way](https://github.com/lncm/dock

> **NOTE:** For an always up-to-date list see: https://hub.docker.com/r/lncm/bitcoind/tags
* `v0.21.0`
* `v0.20.0`
* `v0.19.1`
* `v0.19.0.1`
Expand All @@ -80,7 +81,7 @@ This repo builds [`bitcoind`] in an [auditable way](https://github.com/lncm/dock
First pull the image from [Docker Hub]:

```bash
docker pull lncm/bitcoind:v0.20.0
docker pull lncm/bitcoind:v0.21.0
```

> **NOTE:** Running above will automatically choose native architecture of your CPU.
Expand All @@ -90,11 +91,17 @@ docker pull lncm/bitcoind:v0.20.0
Or, to pull a specific CPU architecture:

```bash
docker pull lncm/bitcoind:v0.20.0-arm64v8
docker pull lncm/bitcoind:v0.21.0-arm64v8
```

#### Start

First of all, create a directory in your home directory called `.bitcoin`

Next, create a config file. You can take a look at the following samples: thebox-compose-system ([1](https://github.com/lncm/thebox-compose-system/blob/master/bitcoin/bitcoin.conf)) / bitcoin main repo [(2)](https://github.com/bitcoin/bitcoin/blob/master/share/examples/bitcoin.conf)

Some guides on how to configure bitcoin can be found [here](https://github.com/bitcoin/bitcoin/blob/master/doc/bitcoin-conf.md) (bitcoin git repo)

Then to start bitcoind, run:

```bash
Expand All @@ -105,7 +112,7 @@ docker run -it --rm --detach \
-p 28332:28332 \
-p 28333:28333 \
--name bitcoind \
lncm/bitcoind:v0.20.0
lncm/bitcoind:v0.21.0
```

That will run bitcoind such that:
Expand Down

0 comments on commit 1f38c4a

Please sign in to comment.