Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign #175

Open
wants to merge 21 commits into
base: master
Choose a base branch
from
Open

Sign #175

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
e9bae24
-
andreea-popescu-reef Jul 16, 2024
34f4577
mock
andreea-popescu-reef Jul 16, 2024
3fc0380
handle docker compose dct
andreea-popescu-reef Aug 14, 2024
e957094
load delegate key
andreea-popescu-reef Aug 14, 2024
ef84805
i lost my keys
andreea-popescu-reef Aug 14, 2024
32f5fb3
replace watchtower pull with dct pull service
andreea-popescu-reef Aug 22, 2024
8ce9dd2
revert mocks
andreea-popescu-reef Aug 22, 2024
42ce20c
script to publish dct pull image
andreea-popescu-reef Aug 23, 2024
dc7c790
Update scripts/dct_pull/dct_pull.sh
andreea-popescu-reef Aug 23, 2024
d760a24
cleanup
andreea-popescu-reef Aug 23, 2024
1f69f4c
Updated cuda-keyring pkg version - previous one was missing
kkowalski-reef Sep 18, 2024
0d7361a
make mkdir idempotent with "-p"
kkowalski-reef Sep 18, 2024
97e9d76
verify signatures of runner & watchtower images
kkowalski-reef Sep 18, 2024
8683d49
Added README to dct_pull script
kkowalski-reef Sep 19, 2024
a955367
Don't sign E2E images
kkowalski-reef Sep 19, 2024
8068454
Merge branch 'master' into sign
kkowalski-reef Sep 19, 2024
a2d2ada
Enable DCT for staging images; extract DCT key install action
kkowalski-reef Sep 20, 2024
7c5ce72
Reverted miner build script
kkowalski-reef Sep 20, 2024
fe02664
Cleanup yml
kkowalski-reef Sep 20, 2024
0f9feef
move dct_pull to root
kkowalski-reef Sep 20, 2024
2416ca0
add dct_pull workflows
kkowalski-reef Sep 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion .github/workflows/end_to_end_test_ci.yml
View file
Open in desktop
kkowalski-reef marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ env:
MNEMONIC_VALIDATOR_HOTKEY: "syrup ill organ rigid supreme pen menu range tonight letter pear blind"
MINER_HOTKEY_SS58: "5FqSEa5kHZgwKMMuC7WsHLoXcf3UN9gCpDZ7iDifa2sTLBSB"
VALIDATOR_HOTKEY_SS58: "5GHikjqiHD1pUyCf3mzrjbEJgJvGnCp5FNKTXTtGkzhaJ37R"
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: "not_relevant"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is only used to decrypt the delegation key (which itself is a github secret)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't quite understand why it is here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's there to not get prompted for repository key when first pushing


jobs:
e2e:
Expand All @@ -36,7 +38,14 @@ jobs:
ssh-private-key: ${{ secrets.FACILITATOR_DEPLOY_KEY_PRIVATE }}

- name: Docker login
run: echo "${{ secrets.DOCKERHUB_KEY }}" | docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
run: |
echo "${{ secrets.DOCKERHUB_KEY }}" | docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin

DELEGATION_KEY_FILE="$HOME/.docker/trust/private/${{ secrets.DOCKERHUB_DELEGATED_KEY_ID }}.key"
mkdir -p $(dirname "$DELEGATION_KEY_FILE")
echo "${{ secrets.DOCKERHUB_DELEGATED_KEY }}" > "$DELEGATION_KEY_FILE"
chmod 600 "$DELEGATION_KEY_FILE"


- name: Build executor image
run: |
Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/executor_cd_preprod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ env:
STAGING_DOCKER_REPO_NAME: "backenddevelopersltd/compute-horde-executor-staging"
DOCKER_REPO_NAME: "backenddevelopersltd/compute-horde-executor"
DIST_VERSION_PREFIX: "executor-preprod"
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: "not_relevant"

jobs:
deploy:
Expand All @@ -23,6 +25,11 @@ jobs:
IMAGE_NAME="${DOCKER_REPO_NAME}:${TAG_VERSION}"
SHA_IMAGE_NAME="${STAGING_DOCKER_REPO_NAME}:git-${GITHUB_SHA}"

DELEGATION_KEY_FILE="$HOME/.docker/trust/private/${{ secrets.DOCKERHUB_DELEGATED_KEY_ID }}.key"
mkdir -p $(dirname "$DELEGATION_KEY_FILE")
echo "${{ secrets.DOCKERHUB_DELEGATED_KEY }}" > "$DELEGATION_KEY_FILE"
chmod 600 "$DELEGATION_KEY_FILE"

docker pull "${SHA_IMAGE_NAME}"
docker image tag "${SHA_IMAGE_NAME}" "${IMAGE_NAME}"

Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/executor_cd_prod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ env:
STAGING_DOCKER_REPO_NAME: "backenddevelopersltd/compute-horde-executor-staging"
DOCKER_REPO_NAME: "backenddevelopersltd/compute-horde-executor"
DIST_VERSION_PREFIX: "executor-prod"
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: "not_relevant"

jobs:
deploy:
Expand All @@ -23,6 +25,11 @@ jobs:
IMAGE_NAME="${DOCKER_REPO_NAME}:${TAG_VERSION}"
SHA_IMAGE_NAME="${STAGING_DOCKER_REPO_NAME}:git-${GITHUB_SHA}"

DELEGATION_KEY_FILE="$HOME/.docker/trust/private/${{ secrets.DOCKERHUB_DELEGATED_KEY_ID }}.key"
mkdir -p $(dirname "$DELEGATION_KEY_FILE")
echo "${{ secrets.DOCKERHUB_DELEGATED_KEY }}" > "$DELEGATION_KEY_FILE"
chmod 600 "$DELEGATION_KEY_FILE"

docker pull "${SHA_IMAGE_NAME}"
docker image tag "${SHA_IMAGE_NAME}" "${IMAGE_NAME}"

Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/miner_cd_preprod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ env:
STAGING_DOCKER_REPO_NAME: "backenddevelopersltd/compute-horde-miner-staging"
DOCKER_REPO_NAME: "backenddevelopersltd/compute-horde-miner-preprod"
DIST_VERSION_PREFIX: "miner-preprod"
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: "not_relevant"

jobs:
deploy:
Expand All @@ -23,6 +25,11 @@ jobs:
IMAGE_NAME="${DOCKER_REPO_NAME}:${TAG_VERSION}"
SHA_IMAGE_NAME="${STAGING_DOCKER_REPO_NAME}:git-${GITHUB_SHA}"

DELEGATION_KEY_FILE="$HOME/.docker/trust/private/${{ secrets.DOCKERHUB_DELEGATED_KEY_ID }}.key"
mkdir -p $(dirname "$DELEGATION_KEY_FILE")
echo "${{ secrets.DOCKERHUB_DELEGATED_KEY }}" > "$DELEGATION_KEY_FILE"
chmod 600 "$DELEGATION_KEY_FILE"

docker pull "${SHA_IMAGE_NAME}"
docker image tag "${SHA_IMAGE_NAME}" "${IMAGE_NAME}"

Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/miner_cd_prod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ env:
STAGING_DOCKER_REPO_NAME: "backenddevelopersltd/compute-horde-miner-staging"
DOCKER_REPO_NAME: "backenddevelopersltd/compute-horde-miner"
DIST_VERSION_PREFIX: "miner-prod"
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: "not_relevant"

jobs:
deploy:
Expand All @@ -23,6 +25,11 @@ jobs:
IMAGE_NAME="${DOCKER_REPO_NAME}:${TAG_VERSION}"
SHA_IMAGE_NAME="${STAGING_DOCKER_REPO_NAME}:git-${GITHUB_SHA}"

DELEGATION_KEY_FILE="$HOME/.docker/trust/private/${{ secrets.DOCKERHUB_DELEGATED_KEY_ID }}.key"
mkdir -p $(dirname "$DELEGATION_KEY_FILE")
echo "${{ secrets.DOCKERHUB_DELEGATED_KEY }}" > "$DELEGATION_KEY_FILE"
chmod 600 "$DELEGATION_KEY_FILE"

docker pull "${SHA_IMAGE_NAME}"
docker image tag "${SHA_IMAGE_NAME}" "${IMAGE_NAME}"

Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/miner_runner_cd_preprod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ env:
MINER_IMAGE_REPO: "compute-horde-miner-preprod"
MINER_NGINX_IMAGE_REPO: "compute-horde-miner-nginx-preprod"
DIST_VERSION_PREFIX: "miner-runner-preprod"
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: "not_relevant"

jobs:
deploy:
Expand All @@ -26,6 +28,11 @@ jobs:
IMAGE_NAME="${DOCKER_REPO_NAME}:${TAG_VERSION}"
SHA_IMAGE_NAME="${DOCKER_REPO_NAME}:git-${GITHUB_SHA}"

DELEGATION_KEY_FILE="$HOME/.docker/trust/private/${{ secrets.DOCKERHUB_DELEGATED_KEY_ID }}.key"
mkdir -p $(dirname "$DELEGATION_KEY_FILE")
echo "${{ secrets.DOCKERHUB_DELEGATED_KEY }}" > "$DELEGATION_KEY_FILE"
chmod 600 "$DELEGATION_KEY_FILE"

cd "${BUILD_DIRECTORY}" && \
docker build \
-t "${IMAGE_NAME}" \
Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/miner_runner_cd_prod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ env:
MINER_IMAGE_REPO: "compute-horde-miner"
MINER_NGINX_IMAGE_REPO: "compute-horde-miner-nginx"
DIST_VERSION_PREFIX: "miner-runner-prod"
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: "not_relevant"

jobs:
deploy:
Expand All @@ -26,6 +28,11 @@ jobs:
IMAGE_NAME="${DOCKER_REPO_NAME}:${TAG_VERSION}"
SHA_IMAGE_NAME="${DOCKER_REPO_NAME}:git-${GITHUB_SHA}"

DELEGATION_KEY_FILE="$HOME/.docker/trust/private/${{ secrets.DOCKERHUB_DELEGATED_KEY_ID }}.key"
mkdir -p $(dirname "$DELEGATION_KEY_FILE")
echo "${{ secrets.DOCKERHUB_DELEGATED_KEY }}" > "$DELEGATION_KEY_FILE"
chmod 600 "$DELEGATION_KEY_FILE"

cd "${BUILD_DIRECTORY}" && \
docker build \
-t "${IMAGE_NAME}" \
Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/validator_cd_preprod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ env:
STAGING_DOCKER_REPO_NAME: "backenddevelopersltd/compute-horde-validator-staging"
DOCKER_REPO_NAME: "backenddevelopersltd/compute-horde-validator-preprod"
DIST_VERSION_PREFIX: "validator-preprod"
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: "not_relevant"

jobs:
deploy:
Expand All @@ -23,6 +25,11 @@ jobs:
IMAGE_NAME="${DOCKER_REPO_NAME}:${TAG_VERSION}"
SHA_IMAGE_NAME="${STAGING_DOCKER_REPO_NAME}:git-${GITHUB_SHA}"

DELEGATION_KEY_FILE="$HOME/.docker/trust/private/${{ secrets.DOCKERHUB_DELEGATED_KEY_ID }}.key"
mkdir -p $(dirname "$DELEGATION_KEY_FILE")
echo "${{ secrets.DOCKERHUB_DELEGATED_KEY }}" > "$DELEGATION_KEY_FILE"
chmod 600 "$DELEGATION_KEY_FILE"

docker pull "${SHA_IMAGE_NAME}"
docker image tag "${SHA_IMAGE_NAME}" "${IMAGE_NAME}"

Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/validator_cd_prod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ env:
STAGING_DOCKER_REPO_NAME: "backenddevelopersltd/compute-horde-validator-staging"
DOCKER_REPO_NAME: "backenddevelopersltd/compute-horde-validator"
DIST_VERSION_PREFIX: "validator-prod"
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: "not_relevant"

jobs:
deploy:
Expand All @@ -23,6 +25,11 @@ jobs:
IMAGE_NAME="${DOCKER_REPO_NAME}:${TAG_VERSION}"
SHA_IMAGE_NAME="${STAGING_DOCKER_REPO_NAME}:git-${GITHUB_SHA}"

DELEGATION_KEY_FILE="$HOME/.docker/trust/private/${{ secrets.DOCKERHUB_DELEGATED_KEY_ID }}.key"
mkdir -p $(dirname "$DELEGATION_KEY_FILE")
echo "${{ secrets.DOCKERHUB_DELEGATED_KEY }}" > "$DELEGATION_KEY_FILE"
chmod 600 "$DELEGATION_KEY_FILE"

docker pull "${SHA_IMAGE_NAME}"
docker image tag "${SHA_IMAGE_NAME}" "${IMAGE_NAME}"

Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/validator_runner_cd_preprod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ env:
DOCKER_REPO_NAME: "backenddevelopersltd/compute-horde-validator-runner-preprod"
VALIDATOR_IMAGE_REPO: "compute-horde-validator-preprod"
DIST_VERSION_PREFIX: "validator-runner-preprod"
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: "not_relevant"

jobs:
deploy:
Expand All @@ -24,6 +26,11 @@ jobs:
IMAGE_NAME="${DOCKER_REPO_NAME}:${TAG_VERSION}"
SHA_IMAGE_NAME="${DOCKER_REPO_NAME}:git-${GITHUB_SHA}"

DELEGATION_KEY_FILE="$HOME/.docker/trust/private/${{ secrets.DOCKERHUB_DELEGATED_KEY_ID }}.key"
mkdir -p $(dirname "$DELEGATION_KEY_FILE")
echo "${{ secrets.DOCKERHUB_DELEGATED_KEY }}" > "$DELEGATION_KEY_FILE"
chmod 600 "$DELEGATION_KEY_FILE"

cd "${BUILD_DIRECTORY}" && \
docker build \
-t "${IMAGE_NAME}" \
Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/validator_runner_cd_prod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ env:
DOCKER_REPO_NAME: "backenddevelopersltd/compute-horde-validator-runner"
VALIDATOR_IMAGE_REPO: "compute-horde-validator"
DIST_VERSION_PREFIX: "validator-runner-prod"
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: "not_relevant"

jobs:
deploy:
Expand All @@ -24,6 +26,11 @@ jobs:
IMAGE_NAME="${DOCKER_REPO_NAME}:${TAG_VERSION}"
SHA_IMAGE_NAME="${DOCKER_REPO_NAME}:git-${GITHUB_SHA}"

DELEGATION_KEY_FILE="$HOME/.docker/trust/private/${{ secrets.DOCKERHUB_DELEGATED_KEY_ID }}.key"
mkdir -p $(dirname "$DELEGATION_KEY_FILE")
echo "${{ secrets.DOCKERHUB_DELEGATED_KEY }}" > "$DELEGATION_KEY_FILE"
chmod 600 "$DELEGATION_KEY_FILE"

cd "${BUILD_DIRECTORY}" && \
docker build \
-t "${IMAGE_NAME}" \
Expand Down
1 change: 1 addition & 0 deletions executor/app/publish-image.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ set -eux -o pipefail

source ./build-image.sh
echo "$DOCKERHUB_PAT" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin
export DOCKER_CONTENT_TRUST=1
docker push "$IMAGE_NAME"
3 changes: 3 additions & 0 deletions executor/app/src/compute_horde_executor/settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,9 @@ def wrapped(*args, **kwargs):

ENV = env("ENV", default="prod")

DOCKER_CONTENT_TRUST = 1
andreea-popescu-reef marked this conversation as resolved.
Show resolved Hide resolved


# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = env("SECRET_KEY", default="dummy")

Expand Down
4 changes: 4 additions & 0 deletions executor/deploy.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@ SERVICES=$(docker-compose ps --services 2>&1 > /dev/stderr \
# shellcheck disable=2086
docker-compose stop $SERVICES

# explicitly pull the docker compose images to verify DCT
export DOCKER_CONTENT_TRUST=1
docker compose convert --images | sort -u | xargs -n 1 docker pull

# start the app container only in order to perform migrations
docker-compose up -d db # in case it hasn't been launched before
docker-compose run --rm app sh -c "python manage.py wait_for_database --timeout 10; python manage.py migrate"
Expand Down
3 changes: 2 additions & 1 deletion install_miner.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ services:
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command: --interval 60 --cleanup --label-enable
command: --interval 60 --cleanup --label-enable --no-pull
ENDDOCKERCOMPOSE

cat > .env <<ENDENV
Expand Down Expand Up @@ -151,6 +151,7 @@ ENDENV

rm ~/tmpvars

export DOCKER_CONTENT_TRUST=1
docker pull backenddevelopersltd/compute-horde-executor:v0-latest
docker pull backenddevelopersltd/compute-horde-miner:v0-latest
docker pull backenddevelopersltd/compute-horde-job:v0-latest
Expand Down
3 changes: 2 additions & 1 deletion install_validator.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ services:
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command: --interval 60 --cleanup --label-enable
command: --interval 60 --cleanup --label-enable --no-pull
ENDDOCKERCOMPOSE

cat > .env <<ENDENV
Expand All @@ -113,6 +113,7 @@ FACILITATOR_URI=wss://facilitator.computehorde.io/ws/v0/
MIGRATING="$(. ~/tmpvars && echo "$MIGRATING")"
ENDENV

export DOCKER_CONTENT_TRUST=1
docker pull backenddevelopersltd/compute-horde-validator:v0-latest
docker compose up -d

Expand Down
1 change: 1 addition & 0 deletions miner/app/publish-image.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ set -eux -o pipefail

source ./build-image.sh
echo "$DOCKERHUB_PAT" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin
export DOCKER_CONTENT_TRUST=1
docker push "$IMAGE_NAME"
4 changes: 4 additions & 0 deletions miner/app/src/compute_horde_miner/settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,10 @@ def wrapped(*args, **kwargs):

ENV = env("ENV", default="prod")


DOCKER_CONTENT_TRUST = 1
andreea-popescu-reef marked this conversation as resolved.
Show resolved Hide resolved


DEFAULT_ADMIN_PASSWORD = env("DEFAULT_ADMIN_PASSWORD", default=None)
DEFAULT_ADMIN_USERNAME = env("DEFAULT_ADMIN_USERNAME", default="admin")
DEFAULT_ADMIN_EMAIL = env("DEFAULT_ADMIN_EMAIL", default="admin@admin.com")
Expand Down
4 changes: 4 additions & 0 deletions miner/deploy.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@ SERVICES=$(docker-compose ps --services 2>&1 > /dev/stderr \
# shellcheck disable=2086
docker-compose stop $SERVICES

# explicitly pull the docker compose images to verify DCT
export DOCKER_CONTENT_TRUST=1
docker compose convert --images | sort -u | xargs -n 1 docker pull

# start the app container only in order to perform migrations
docker-compose up -d db # in case it hasn't been launched before
docker-compose run --rm app sh -c "python manage.py wait_for_database --timeout 10; python manage.py migrate"
Expand Down
2 changes: 1 addition & 1 deletion miner/envs/runner/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ services:
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command: --interval 60 --cleanup --label-enable
command: --interval 60 --cleanup --label-enable --no-pull

```

Expand Down
1 change: 1 addition & 0 deletions miner/envs/runner/_publish-image.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,5 @@ if [ -z "$(docker info 2>/dev/null | grep 'Username' | awk '{print $2}')" ]; the
echo "$DOCKERHUB_PAT" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin
fi

export DOCKER_CONTENT_TRUST=1
docker push "$IMAGE_NAME"
12 changes: 12 additions & 0 deletions miner/envs/runner/data/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,18 @@ services:
logging:
<<: *logging

dct-pull:
image: backenddevelopersltd/compute-horde-dct-pull:v0-latest
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command: backenddevelopersltd/compute-horde-dct-pull:v0-latest backenddevelopersltd/${MINER_IMAGE_REPO}:${MINER_IMAGE_TAG:-v0-latest} backenddevelopersltd/${MINER_NGINX_IMAGE_REPO}:${MINER_IMAGE_TAG:-v0-latest}
logging:
<<: *logging
labels:
- "com.centurylinklabs.watchtower.enable=true"


volumes:
redis:
db:
Expand Down
4 changes: 4 additions & 0 deletions miner/envs/runner/entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
#!/bin/sh
set -eu

# explicitly pull the docker compose images to verify DCT
export DOCKER_CONTENT_TRUST=1
docker compose convert --images | sort -u | xargs -n 1 docker pull

docker compose up --detach --wait --force-recreate

while true
Expand Down
1 change: 1 addition & 0 deletions miner/envs/runner/nginx/publish-prod.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ set -eux -o pipefail

source build-prod.sh
echo "$DOCKERHUB_PAT" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin
export DOCKER_CONTENT_TRUST=1
docker push "$IMAGE_NAME"
1 change: 1 addition & 0 deletions miner/envs/runner/nginx/publish-staging.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ set -eux -o pipefail

source build-staging.sh
echo "$DOCKERHUB_PAT" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin
export DOCKER_CONTENT_TRUST=1
docker push "$IMAGE_NAME"
7 changes: 7 additions & 0 deletions scripts/dct_pull/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
FROM alpine:latest
RUN apk add --no-cache git bash

COPY dct_pull.sh /
RUN chmod +x /dct_pull.sh

ENTRYPOINT "/dct_pull.sh"
Loading
Loading