docker is back

Author: Arqu

.dockerignore

@@ -0,0 +1,2 @@
+docker
+target

.github/workflows/docker.yaml

@@ -0,0 +1,103 @@
+name: Docker
+
+on:
+    workflow_dispatch:
+      inputs:
+        release_version:
+          description: "Release version"
+          required: true
+          type: string
+          default: ""
+        base_hash:
+          description: "Commit hash from which to build"
+          required: true
+          type: string
+          default: ""
+        publish:
+          description: "Publish to Docker Hub"
+          required: true
+          type: boolean
+          default: false
+    workflow_call:
+      inputs:
+        release_version:
+          description: "Release version"
+          required: true
+          type: string
+          default: ""
+        base_hash:
+          description: "Commit hash from which to build"
+          required: true
+          type: string
+          default: ""
+        publish:
+          description: "Publish to Docker Hub"
+          required: true
+          type: boolean
+          default: false
+
+env:
+  IROH_FORCE_STAGING_RELAYS: "1"
+
+jobs:
+    build_and_publish:
+      timeout-minutes: 30
+      name: Docker
+      runs-on: [self-hosted, linux, X64]
+      steps:
+        - name: Checkout
+          uses: actions/checkout@v4
+
+        - name: Set up Docker Buildx
+          uses: docker/setup-buildx-action@v3
+
+        - name: Login to Docker Hub
+          uses: docker/login-action@v3
+          with:
+            username: ${{ secrets.DOCKERHUB_USERNAME }}
+            password: ${{ secrets.DOCKERHUB_TOKEN }}
+        
+        - name: Prep dirs
+          run: |
+            mkdir -p bins/linux/amd64
+            mkdir -p bins/linux/arm64
+
+        - name: Setup awscli on linux
+          run: |
+            curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+            unzip awscliv2.zip
+            sudo ./aws/install --update
+    
+        - name: Set aws credentials
+          run: |
+              echo "AWS_ACCESS_KEY_ID=${{secrets.S3_ACCESS_KEY_ID}}" >> $GITHUB_ENV
+              echo "AWS_SECRET_ACCESS_KEY=${{secrets.S3_ACCESS_KEY}}" >> $GITHUB_ENV
+              echo "AWS_DEFAULT_REGION=us-west-2" >> $GITHUB_ENV
+
+        - name: Fetch release binaries
+          run: |
+            aws s3 cp s3://vorc/iroh-relay-linux-amd64-${{ inputs.base_hash }} bins/linux/amd64/iroh-relay
+            aws s3 cp s3://vorc/iroh-dns-server-linux-amd64-${{ inputs.base_hash }} bins/linux/amd64/iroh-dns-server
+
+            aws s3 cp s3://vorc/iroh-relay-linux-aarch64-${{ inputs.base_hash }} bins/linux/arm64/iroh-relay
+            aws s3 cp s3://vorc/iroh-dns-server-linux-aarch64-${{ inputs.base_hash }} bins/linux/arm64/iroh-dns-server
+        
+        - name: Build Docker image (iroh-relay)
+          uses: docker/build-push-action@v6
+          with:
+            context: .
+            push: ${{ inputs.publish }}
+            tags: n0computer/iroh-relay:latest,n0computer/iroh-relay:${{ inputs.release_version }}
+            target: iroh-relay
+            platforms: linux/amd64,linux/arm64/v8
+            file: docker/Dockerfile.ci
+
+        - name: Build Docker image (iroh-dns-server)
+          uses: docker/build-push-action@v6
+          with:
+            context: .
+            push: ${{ inputs.publish }}
+            tags: n0computer/iroh-dns-server:latest,n0computer/iroh-dns-server:${{ inputs.release_version }}
+            target: iroh-dns-server
+            platforms: linux/amd64,linux/arm64/v8
+            file: docker/Dockerfile.ci

.github/workflows/release.yml

@@ -42,7 +42,7 @@ env:
   RUSTDOCFLAGS: -Dwarnings
   MSRV: "1.76"
   SCCACHE_CACHE_SIZE: "50G"
-  BIN_NAMES: "iroh,iroh-relay,iroh-dns-server"
+  BIN_NAMES: "iroh-relay,iroh-dns-server"
   RELEASE_VERSION: ${{ github.event.inputs.release_version }}
 
 jobs:
@@ -234,14 +234,12 @@ jobs:
         - name: push release
           if: matrix.os != 'windows-latest'
           run: |
-            aws s3 cp ./target/${{ matrix.cargo_targets }}/optimized-release/iroh s3://vorc/iroh-${RELEASE_OS}-${RELEASE_ARCH}-${GITHUB_SHA::7} --no-progress
             aws s3 cp ./target/${{ matrix.cargo_targets }}/optimized-release/iroh-relay s3://vorc/iroh-relay-${RELEASE_OS}-${RELEASE_ARCH}-${GITHUB_SHA::7} --no-progress
             aws s3 cp ./target/${{ matrix.cargo_targets }}/optimized-release/iroh-dns-server s3://vorc/iroh-dns-server-${RELEASE_OS}-${RELEASE_ARCH}-${GITHUB_SHA::7} --no-progress
     
         - name: push release latest
           if: matrix.os != 'windows-latest' && (github.event.inputs.mark_latest == 'true' || github.event_name == 'push')
           run: |
-            aws s3 cp ./target/${{ matrix.cargo_targets }}/optimized-release/iroh s3://vorc/iroh-${RELEASE_OS}-${RELEASE_ARCH}-latest --no-progress
             aws s3 cp ./target/${{ matrix.cargo_targets }}/optimized-release/iroh-relay s3://vorc/iroh-relay-${RELEASE_OS}-${RELEASE_ARCH}-latest --no-progress
             aws s3 cp ./target/${{ matrix.cargo_targets }}/optimized-release/iroh-dns-server s3://vorc/iroh-dns-server-${RELEASE_OS}-${RELEASE_ARCH}-latest --no-progress
 

docker/Dockerfile

@@ -0,0 +1,65 @@
+FROM rust:alpine AS chef
+
+RUN update-ca-certificates
+RUN apk add --no-cache musl-dev openssl-dev pkgconfig
+RUN cargo install cargo-chef 
+WORKDIR /iroh
+
+FROM chef AS planner
+COPY . .
+RUN cargo chef prepare  --recipe-path recipe.json
+
+### Builder image
+FROM chef AS rust_builder
+
+RUN update-ca-certificates
+RUN apk add --no-cache musl-dev openssl-dev pkgconfig
+
+COPY --from=planner /iroh/recipe.json recipe.json
+# Build dependencies - this is the caching Docker layer!
+RUN cargo chef cook --release --recipe-path recipe.json
+
+WORKDIR /iroh
+
+# copy entire workspace
+COPY . .
+
+RUN cargo build --release --all-features
+
+### Target image
+FROM alpine:latest AS iroh-relay
+
+RUN apk update && apk add ca-certificates && update-ca-certificates
+
+# Copy our build, changing owndership to distroless-provided "nonroot" user,
+# (65532:65532)
+COPY --from=rust_builder /iroh/target/release/iroh-relay /iroh-relay
+
+RUN chmod +x /iroh-relay
+
+WORKDIR /
+
+# expose the default ports
+# http, https, stun, metrics
+EXPOSE  80 443 3478/udp 9090
+ENTRYPOINT ["/iroh-relay"]
+CMD [""]
+
+### Target image
+FROM alpine:latest AS iroh-dns-server
+
+RUN apk update && apk add ca-certificates && update-ca-certificates
+
+# Copy our build, changing owndership to distroless-provided "nonroot" user,
+# (65532:65532)
+COPY --from=rust_builder /iroh/target/release/iroh-dns-server /iroh-dns-server
+
+RUN chmod +x /iroh-dns-server
+
+WORKDIR /
+
+# expose the default ports
+# dns, metrics
+EXPOSE 53/udp 9090
+ENTRYPOINT ["/iroh-dns-server"]
+CMD [""]

docker/Dockerfile.ci

@@ -0,0 +1,35 @@
+### Base image for iroh-relay and iroh-dns-server
+FROM alpine:latest AS base
+RUN apk update && apk add ca-certificates && update-ca-certificates
+
+### Target image
+FROM base AS iroh-relay
+ARG TARGETPLATFORM
+
+COPY bins/${TARGETPLATFORM}/iroh-relay /iroh-relay
+
+RUN chmod +x /iroh-relay
+
+WORKDIR /
+
+# expose the default ports
+# http, https, stun, metrics
+EXPOSE  80 443 3478/udp 9090
+ENTRYPOINT ["/iroh-relay"]
+CMD [""]
+
+### Target image
+FROM base AS iroh-dns-server
+ARG TARGETPLATFORM
+
+COPY bins/${TARGETPLATFORM}/iroh-dns-server /iroh-dns-server
+
+RUN chmod +x /iroh-dns-server
+
+WORKDIR /
+
+# expose the default ports
+# dns, metrics
+EXPOSE 53/udp 9090
+ENTRYPOINT ["/iroh-dns-server"]
+CMD [""]

docker/README.md

@@ -0,0 +1,25 @@
+# Iroh Docker Images
+
+## Intro
+
+A set of docker images provided to easily run iroh in a containerized environment.
+Features `iroh-relay` and `iroh-dns-server`.
+
+The provided `Docker` files are intended for CI use but can be also manually built.
+
+## Building
+
+- All commands are run from the root folder
+- If you're on macOS run `docker buildx build -f docker/Dockerfile --target iroh-relay --platform linux/arm64/v8 --tag n0computer/iroh-relay:latest .`
+- If you're on linux run `docker buildx build -f docker/Dockerfile --target iroh-relay --platform linux/amd64 --tag n0computer/iroh-relay:latest .`
+- Switch out `--target iroh-relay` for `iroh-dns-server`
+
+## Running
+
+### iroh-relay
+
+- Provide a config file: `docker run -v /path/to/iroh-relay.conf:/config/iroh-relay.conf -p 80:80 -p 443:443 -p 3478:3478/udp -p 9090:9090 -it n0computer/iroh-relay:latest <params> --config /config/iroh-relay.conf`
+
+### iroh-dns-server
+
+- Provide a config file: `docker run -v /path/to/iroh-dns-server.conf:/config/iroh-dns-server.conf -p 53:53/udp -p 9090:9090 -it n0computer/iroh-dns-server:latest <params> --config /config/iroh-dns-server.conf`