Reproducible and composable OCI images for Anoma using Nix.
Requires the Nix package manager with the flakes nix-command
features
enabled.
# You must specify the revision of github.com:anoma/anoma
nix run . -- --no-upload --rev v0.2.0
It creates an output called stream-anoma-${ANOMA_REV}
in the current directory,
which you can execute and pipe the output to the docker daemon, or even directly
to a docker registry.
To load the image into your local docker daemon, run:
./stream-anoma-v0.2.0 | docker load
You could also make an image archive, that can be loaded to a docker daemon or registry later on:
./stream-anoma-v0.2.0 | gzip > anoma-v0.2.0.tgz
Following arguments are recognized by the build script:
--no-upload
: Don't upload the image to a registry.--rev ANOMA_REV
: Anoma revision to build from.-o FILE
: Output file. Default:stream-anoma-ANOMA_REV
.
Following environment variables are recognized by the build script:
ANOMA_CHAIN_ID
: Set the default chain id that is joined to on container start (can also be set at runtime).ANOMA_FEATURES
: Specify Cargo features. Default:default
.ANOMA_REV
: Alternative to--rev
.CI_REGISTRY_AUTH
: Credentials to the registry.CI_REGISTRY
: Docker registry to upload to (only if not--no-upload
). Default:docker.io
.IMAGE_REPO
: Repository in the registry to upload to. Default:heliaxdev/anoma
.IMAGE_TAG
: Tag for the uploaded image. Default:YYYY-MM-DD.REV
.OUTPUT
: Alternative to-o
.
Following environment variables can be used to configure the container at
creation time (docker run -e VAR=VALUE
):
ANOMA_CHAIN_ID
: if not empty, performsanoma client utils join-network --chain-id=$ANOMA_CHAIN_ID
before executing the user command.ANOMA_BASE_DIR
: location of the ".anoma" directory inside the container. This is the location where you should mount a persistent volume. Default:/data
.ANOMA_WASM_DIR
: location where to store WASM files inside the container. Note that if you modify this, you need to take care that the the directory exists and that correctchecksums.json
file exists in it. This directory does not need to be persisted. Default:/wasm
.
You can place any initialization scripts you want to run when the container
starts in /docker-entrypoint.d/
. The default entrypoint executes all
executable files in /docker-entrypoint.d/
in alphabetical order prior to
launching the container command (anoman ledger run
by default). Each script
must succeed. The container exits immediately if an entrypoint script returns a
non-zero exit code. Following scripts are provided by default:
/docker-entrypoint.d/20-join-network.sh
: fetches the network configuration for the chain set by theANOMA_CHAIN_ID
environment variable./docker-entrypoint.d/25-patch-config.sh
: patches the config fetched by20-join-network.sh
so that the RPC endpoints are bound to all interfaces instead of only localhost. This enables access to those endpoints from other containers in the same network, meaning you can run the ledger in one container, intent gossip in another and the client in yet another container. Make sure you don't publish the RPC ports to the internet!
Ports the ledger listens on:
26656/tcp
: Tendermint P2P26657/tcp
: Tendermint RPC26658/tcp
: Ledger RPC
Ports the intent gossip node listens on:
26659/tcp
: Intent gossip P2P26660/tcp
: Intent gossip RPC
The P2P ports should be exposed to the internet on public nodes so that peers can connect to them. RPC ports should not be exposed.