github: Add docker workflow for testing building Docker images

.changelog/222.internal.1.md

@@ -0,0 +1 @@
+docker: Improve build steps and ignore everything in .dockerignore

.changelog/222.internal.2.md

@@ -0,0 +1,4 @@
+github: Add [docker workflow] for testing building Docker images
+
+[docker workflow]:
+  https://github.com/oasisprotocol/oasis-core/actions?query=workflow:docker

.github/workflows/docker.yml

@@ -0,0 +1,74 @@
+# NOTE: This name appears in GitHub's Checks API and in workflow's status badge.
+name: docker
+
+# NOTE: The purpose of this workflow is only to test if Docker images build
+# successfully.
+# Oasis recommends using binaries from the official GitHub releases as described
+# in repo's docker/README.md.
+
+# Trigger the workflow when:
+on:
+  # A push occurs to one of the matched branches.
+  push:
+    # XXX: ideally on master branches we would build the image only if there are changes in the
+    # 'docker/' directory (as we do in pull_requests). However, this doesn't work when pushing a new
+    # 'stable/*' branch - the build on a new branch does not trigger unless there are changes
+    # compared to master on the filtered path.
+    # If this is ever fixed, or per branch filters are possible, bring back the path filter to only
+    # build the image when there are changes within 'docker/' directory.
+    branches:
+      - master
+      - stable/*
+  # Or when a pull request event occurs for a pull request against one of the matched branches and at least
+  # one modified file matches the configured paths.
+  #
+  # NOTE: We use this to be able to easily test Docker image changes.
+  pull_request:
+    branches:
+      - master
+      - stable/*
+    paths:
+      - docker/**
+  # Or every day at 04:00 UTC (for the default/master branch).
+  schedule:
+    - cron: "0 4 * * *"
+
+jobs:
+
+  build-images:
+    # NOTE: This name appears in GitHub's Checks API.
+    name: build-images
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Determine tag name
+        id: determine_tag
+        shell: bash
+        run: |
+          if [[ -z $GITHUB_BASE_REF ]]; then
+            # On master/stable branches.
+            branch=${GITHUB_REF#refs/heads/}
+          else
+            # On pull request branches.
+            branch=pr-$(git describe --always --match '' --abbrev=7)
+          fi
+          branch=${branch//\//-}
+          echo "::set-output name=tag::${branch}"
+          echo "::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: "Rebuild oasisprotocol/oasis-core-rosetta-gateway:${{ steps.determine_tag.outputs.tag }}"
+        uses: docker/build-push-action@v2.5.0
+        with:
+          context: docker
+          file: docker/Dockerfile
+          tags: oasisprotocol/oasis-core-rosetta-gateway:${{ steps.determine_tag.outputs.tag }}
+          pull: true
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.html_url }}
+            org.opencontainers.image.created=${{ steps.determine_tag.outputs.created }}
+            org.opencontainers.image.revision=${{ github.sha }}

README.md

@@ -2,13 +2,16 @@
 
 [![CI test status][github-ci-tests-badge]][github-ci-tests-link]
 [![CI lint status][github-ci-lint-badge]][github-ci-lint-link]
+[![Docker status][github-docker-badge]][github-docker-link]
 [![Release status][github-release-badge]][github-release-link]
 
 <!-- markdownlint-disable line-length -->
 [github-ci-tests-badge]: https://github.com/oasisprotocol/oasis-core-rosetta-gateway/workflows/ci-tests/badge.svg
 [github-ci-tests-link]: https://github.com/oasisprotocol/oasis-core-rosetta-gateway/actions?query=workflow:ci-tests+branch:master
 [github-ci-lint-badge]: https://github.com/oasisprotocol/oasis-core-rosetta-gateway/workflows/ci-lint/badge.svg
 [github-ci-lint-link]: https://github.com/oasisprotocol/oasis-core-rosetta-gateway/actions?query=workflow:ci-lint+branch:master
+[github-docker-badge]: https://github.com/oasisprotocol/oasis-core-rosetta-gateway/workflows/docker/badge.svg
+[github-docker-link]: https://github.com/oasisprotocol/oasis-core-rosetta-gateway/actions?query=workflow:docker
 [github-release-badge]: https://github.com/oasisprotocol/oasis-core-rosetta-gateway/workflows/release/badge.svg
 [github-release-link]: https://github.com/oasisprotocol/oasis-core-rosetta-gateway/actions?query=workflow:release
 <!-- markdownlint-enable line-length -->

docker/.dockerignore

@@ -0,0 +1,5 @@
+# Ignore everything to prevent accidentially copying any files from the context
+# directory.
+# NOTE: This is a requirement for Rosetta API Docker Deployment:
+# https://www.rosetta-api.org/docs/node_deployment.html#build-anywhere
+**/*

docker/Dockerfile

@@ -13,39 +13,45 @@ FROM golang:1.16-alpine3.13 AS build
 # Install prerequisites.
 RUN rm -f /var/cache/apk/*; apk --no-cache add bash git make gcc g++ libressl-dev libseccomp-dev linux-headers
 
-ARG CORE_BRANCH="v21.2.6"
-ARG GATEWAY_BRANCH="master"
+ARG CORE_BRANCH=v21.2.6
+ARG CORE_GITHUB=https://github.com/oasisprotocol/oasis-core
+
+ARG GATEWAY_BRANCH=master
+ARG GATEWAY_GITHUB=https://github.com/oasisprotocol/oasis-core-rosetta-gateway
 
 ARG JEMALLOC_VERSION=5.2.1
 ARG JEMALLOC_CHECKSUM=34330e5ce276099e2e8950d9335db5a875689a4c6a56751ef3b1d8c537f887f6
 
-# Install jemalloc (used by badgerdb).
-RUN wget -O jemalloc.tar.bz2 https://github.com/jemalloc/jemalloc/releases/download/${JEMALLOC_VERSION}/jemalloc-${JEMALLOC_VERSION}.tar.bz2 && \
+# Fetch and build jemalloc (used by BadgerDB).
+RUN wget -O jemalloc.tar.bz2 \
+    https://github.com/jemalloc/jemalloc/releases/download/${JEMALLOC_VERSION}/jemalloc-${JEMALLOC_VERSION}.tar.bz2 && \
+    # Ensure checksum matches.
     echo "${JEMALLOC_CHECKSUM}  jemalloc.tar.bz2" | sha256sum -c && \
-    tar -xjf ./jemalloc.tar.bz2 -v --no-same-owner && cd jemalloc-${JEMALLOC_VERSION} && \
+    tar -xf jemalloc.tar.bz2 && \
+    cd jemalloc-${JEMALLOC_VERSION} && \
     # Ensure reproducible jemalloc build.
     # https://reproducible-builds.org/docs/build-path/
-    EXTRA_CXXFLAGS=-ffile-prefix-map=$(pwd -L)=. \
-    EXTRA_CFLAGS=-ffile-prefix-map=$(pwd -L)=. \
+    EXTRA_CXXFLAGS=-ffile-prefix-map=$(pwd -L)=. EXTRA_CFLAGS=-ffile-prefix-map=$(pwd -L)=. \
     ./configure --with-jemalloc-prefix='je_' --with-malloc-conf='background_thread:true,metadata_thp:auto' && \
-    make && make install && \
+    make && \
+    make install && \
     cd .. && rm jemalloc.tar.bz2 && rm -rf jemalloc-${JEMALLOC_VERSION}
 
-# Fetch and build oasis-core.
-RUN git clone --single-branch --branch $CORE_BRANCH https://github.com/oasisprotocol/oasis-core /usr/local/build-core && \
-	cd /usr/local/build-core/go && \
-	make oasis-node && \
-	cp oasis-node/oasis-node /usr/bin/ && \
-	make clean && go clean -cache -testcache -modcache && \
-	cd / && rm -rf /usr/local/build-core
+# Fetch and build Oasis Core.
+RUN git clone --single-branch --branch $CORE_BRANCH ${CORE_GITHUB} /usr/local/build-core && \
+    cd /usr/local/build-core/go && \
+    make oasis-node && \
+    cp oasis-node/oasis-node /usr/bin/ && \
+    make clean && go clean -cache -testcache -modcache && \
+    cd / && rm -rf /usr/local/build-core
 
-# Fetch and build oasis-core-rosetta-gateway.
-RUN git clone --single-branch --branch $GATEWAY_BRANCH https://github.com/oasisprotocol/oasis-core-rosetta-gateway /usr/local/build-gateway && \
-	 cd /usr/local/build-gateway && \
-	 make && \
-	 cp oasis-core-rosetta-gateway /usr/bin/ && \
-	 make nuke && \
-	 cd / && rm -rf /usr/local/build-gateway
+# Fetch and build Oasis Core Rosetta Gateway.
+RUN git clone --single-branch --branch $GATEWAY_BRANCH ${GATEWAY_GITHUB} /usr/local/build-gateway && \
+    cd /usr/local/build-gateway && \
+    make && \
+    cp oasis-core-rosetta-gateway /usr/bin/ && \
+    make nuke && \
+    cd / && rm -rf /usr/local/build-gateway
 
 
 #

docker/README.md

@@ -1,5 +1,10 @@
 # Running Oasis Node and Rosetta Gateway in Docker
 
+_NOTE: Oasis recommends using binaries from the [official GitHub Releases].
+The versions of [Rosetta API] and [Oasis Core] that are supported for a given
+release are indicated in a release's Change Log (e.g. [Change Log for 1.1.1]
+release)._
+
 This directory contains a Dockerfile that builds an image containing both
 the [Oasis Node] and the [Oasis Rosetta gateway], as instructed by the
 [Rosetta Docker Deployment] doc.
@@ -35,6 +40,12 @@ The final image is around 87MB in size.  You can remove the intermediary build
 image to save disk space.
 
 <!-- markdownlint-disable line-length -->
+[official GitHub Releases]:
+  https://github.com/oasisprotocol/oasis-core-rosetta-gateway/releases/
+[Change Log for 1.1.1]:
+  https://github.com/oasisprotocol/oasis-core-rosetta-gateway/blob/v1.1.1/CHANGELOG.md
+[Rosetta API]: https://www.rosetta-api.org/docs/welcome.html
+[Oasis Core]: https://github.com/oasisprotocol/oasis-core
 [Oasis Node]:
   https://docs.oasis.dev/general/run-a-node/prerequisites/oasis-node
 [Oasis Rosetta Gateway]: