From f52d09cf613862a6569c85cf8f45dd823d2f82e6 Mon Sep 17 00:00:00 2001
From: Mike Keller <mike.k@blu-web.com>
Date: Tue, 23 Feb 2021 11:53:18 -0800
Subject: [PATCH] Automated Image Updates (#17)

* Adds initial workflow file for automatically keeping container images up to date.
* TODO: Still requires testing for the cron schedule to ensure that it is working appropriately.
---
 .github/workflows/update-image.yml |  31 +++++++++++++++
 Dockerfile.bak                     |  59 +++++++++++++++++++++++++++++
 Dockerfile.testing                 |   3 ++
 hello                              | Bin 0 -> 13336 bytes
 4 files changed, 93 insertions(+)
 create mode 100644 .github/workflows/update-image.yml
 create mode 100644 Dockerfile.bak
 create mode 100644 Dockerfile.testing
 create mode 100644 hello

diff --git a/.github/workflows/update-image.yml b/.github/workflows/update-image.yml
new file mode 100644
index 0000000..37320cd
--- /dev/null
+++ b/.github/workflows/update-image.yml
@@ -0,0 +1,31 @@
+name: "Update Image"
+on:
+  # TODO: Remove faster schedule and pull_request once testing is completed.
+  schedule: # Schedled workflows only run once merged into main.
+    - cron: "*/5 * * * *" # Faster schedule for testing.
+    #- cron: "0 12 * * *" # Proposed schedule once testing has completed.
+  pull_request: # Here to ensure the workflow runs during testing. Will be removed once testing is completed.
+    types: [opened, reopened, synchronize]
+jobs:
+  rebuild-container:
+    name: "Rebuild Container"
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout the repo.
+      - name: "Checkout"
+        uses: "actions/checkout@v2"
+
+      # Build and push the repo.
+      - name: "Build and Push"
+        uses: docker/build-push-action@v1
+        with:
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          registry: docker.pkg.github.com
+          repository: ${{ github.repository }}/simple-monerod
+          tags: latest
+          # TODO: Test that a release tag stays assigned to the rebuilt container when release tagged.
+          tag_with_ref: true
+          # TODO: Evaluate if the following are necessary.
+          add_git_labels: true
+          tag_with_sha: true
\ No newline at end of file
diff --git a/Dockerfile.bak b/Dockerfile.bak
new file mode 100644
index 0000000..3b69b27
--- /dev/null
+++ b/Dockerfile.bak
@@ -0,0 +1,59 @@
+# From https://github.com/leonardochaia/docker-monerod/blob/master/src/Dockerfile
+ARG MONERO_BRANCH=v0.17.1.9
+
+# Select Ubuntu 20.04LTS for the build image base
+FROM ubuntu:20.04 as build
+LABEL author="sethsimmons@pm.me" \
+      maintainer="sethsimmons@pm.me"
+
+# Dependency list from https://github.com/monero-project/monero#compiling-monero-from-source
+# Added DEBIAN_FRONTEND=noninteractive to workaround tzdata prompt on installation
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends build-essential cmake \
+    pkg-config libboost-all-dev libssl-dev libzmq3-dev libunbound-dev ca-certificates \
+    libsodium-dev libunwind8-dev liblzma-dev libreadline6-dev libldns-dev \
+    libexpat1-dev doxygen graphviz libpgm-dev qttools5-dev-tools libhidapi-dev \
+    libusb-dev libprotobuf-dev protobuf-compiler libgtest-dev git \
+    libnorm-dev libpgm-dev libusb-1.0-0-dev libudev-dev libgssapi-krb5-2 \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Switch to directory for gtest and make/install libs
+WORKDIR /usr/src/gtest
+RUN cmake . && make && cp ./lib/libgtest*.a /usr/lib
+
+# Switch to Monero source directory
+WORKDIR /monero
+
+# Git pull Monero source at specified tag/branch
+ARG MONERO_BRANCH
+RUN git clone --recursive --branch ${MONERO_BRANCH} \
+    https://github.com/monero-project/monero . \
+    && git submodule init && git submodule update
+
+# Make static Monero binaries
+RUN make -j4 release-static
+
+# Select Ubuntu 20.04LTS for the image base
+FROM ubuntu:20.04
+
+# Install remaining dependencies
+RUN apt-get update && apt-get install --no-install-recommends -y libnorm-dev libpgm-dev libgssapi-krb5-2 \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Add user and setup directories for monerod
+RUN useradd -ms /bin/bash monero && mkdir -p /home/monero/.bitmonero \
+    && chown -R monero:monero /home/monero/.bitmonero
+USER monero
+
+# Switch to home directory and install newly built monerod binary
+WORKDIR /home/monero
+COPY --chown=monero:monero --from=build /monero/build/Linux/*/release/bin/monerod /usr/local/bin/monerod
+
+# Expose p2p and restricted RPC ports
+EXPOSE 18080
+EXPOSE 18089
+
+# Start monerod with required --non-interactive flag and sane defaults that are overridden by user input (if applicable)
+ENTRYPOINT ["monerod", "--non-interactive"]
+CMD ["--rpc-restricted-bind-ip=0.0.0.0", "--rpc-restricted-bind-port=18089", "--no-igd", "--no-zmq", "--enable-dns-blocklist"]
\ No newline at end of file
diff --git a/Dockerfile.testing b/Dockerfile.testing
new file mode 100644
index 0000000..a49c427
--- /dev/null
+++ b/Dockerfile.testing
@@ -0,0 +1,3 @@
+FROM scratch
+COPY hello /
+CMD ["/hello"]
\ No newline at end of file
diff --git a/hello b/hello
new file mode 100644
index 0000000000000000000000000000000000000000..5052f25bc5c6f3f56e3795d8bee963a28b06e5b3
GIT binary patch
literal 13336
zcmeHOeQX=$89z6@#&tj9iWV#};BC2T0a_<6WoxGfY;ek($)TZ1w5p*i7yA-h^+$BR
zOVW)&yGx|K+`O@Wrb*L2B-kXzKhuP^(xKL^p>8_~L9|JMZlfA7+_^2;%K8bpJ<of0
ziRqZiU;AUbSMojY^ZmTP=e>(wU;I>OV(S8*PjJTq;eG+RzF?G#?5iOBpq;ahY?II|
zM1|$TGH$zYUInwL!`Zavgm$SAwACmUaq94blh38MHrsYCb?wlP=OeaWAW?hb&}@^<
zy0p=65vXcyw!Zd2luul`#TE;%FK{MKU6>0$$DMT?_eHsZO9|%$!KHqOfAl>qh50_~
zaADXEewgn+)fsXEy3{F)*N8C?(}y4F$G(&?j;nXvJmMkXA>bk4A>bk4A>bk4A>bk4
zA>bk4A@F~SK+lfKCst04vmy3`w6wMn4$`%DxJ1geRv;z{WjNCI(9)`7ErRgU=ehC_
zo-hyNrM8v}c2;QQ9A)p*(tSVq;IKuFcV}vtf|kDGr{)(sBPY75<<KorfmV;;X`fcB
z8-Sc)aPl5{hL$?M2S;>T5}!u0`Lec(R?FOfvaBt(PPg2#54nm%!CvO}_w7V-*DO6U
z+eFz6JyLss`i{{zX0??K0sPkKp_V)1^ZxrfHiMs_xAjw_<F8?uQudy<l$sq^fvNrJ
z{9&t>wk+$IxB~2ayWG4kJ@a)?R(dJB8Y#b&K==J;djJhudO{)>UVzj)qEUz$jFhRl
z^eDB;bn=A$AuTODN}2dtJ6M__I(Z6~X<S=7wwRhde#-j(NT^W`*59G#g!EHhl&Ess
z35j5Iz@i!aw{lrr>Vf$$a6WlaznPjZN+Di?xNQZO(U$lOR6?<m>d_uvP&;KCsCDe=
zt=2?YTePK3|402CFS_<mXaqH1mauEJ)v!D)VjmW<IWCRsw;}rsXD6g@0o9jK<7H_Y
zW`b5Yh+lfZT4DMAL$DuU>2D-Tamjz-g=$<1LRrEA{Awq`s=$XJ6<C~X5hu%geIFj;
zY^meBK|zRJj888j+7jqxiwNrlHMJ@LQj`8}Rb<!<^xgjoqCHUQt!?-iDy>%V3mv-u
z+6<7Q-@1t!6@UGMfl91D*4M>8>Zj}vy*)H}jIv6ils)RNRbYYa?F9Q9W#?no?^(5W
z<s-}L=O!Qb!a9yZKOpbf5H&YIXC!}Z`7C5AiO-|wpDFu*njoddE1`j1)@j%a)yn1h
zB1Qw$sQV*j>!$j-NO|DQvj7T2+d<i7$~38!mNbbZSX_$64iJt;LfX^~8QI@4TYH!9
zI4$)_kH=sk36_v3HJ`*CA_cq6AVz??9)-_nFwP#6{4wKN+t|uZ_GTxWju}V%;2sAr
ze|>qv1pK>8lt&51O%QgQLc(_<W?X3-6)6aU33D-k4H$d}_ki)r4&2$-D0`sx8VHP&
z)?|6SUk_A8AKV;>fAyg#Z|PfDd8y;8AZ`)aLz@7eH877%QD*#->kPhSm`zOa+v~xB
z4ZsQ>B0xjzb?i~1RPft<>V1@&;$bv0Z!2@M{&^&&iDrUZ^3o}~x<V(<X?IaJP4DS!
zrKS$Byxqk*!KFXgWxVRA_k5$Z_72oX&74r5f`Cs#h%UBJ0-pqX7PoAICH*@GcEuix
z?W**5My4VsdVebj`-JTYb9X2*l`yxp#!d0!-Do-8J$XWV+-x^y7wKYxy;;B2m|dVX
z8?(*Y{dIUu9fNpy3u^ab^X{R+`rZ3y@ryux4K+tv<Lp(s`TXe3bpI@7i2ce(TOPj9
z#b)a8z&hGxouEw*lll)kC#JOKI1|4KIqBq-)=A9=32pi^K(*}GC}ZMpkeCm)!t_OZ
z+D@zDkJdT&1QUOb(vtX;Z9W1DYA$2kR8%=xWgvmQb!nQGREw^jL57Jb+a-s@xY|6n
z1OoQ~gWqdXb5%FWOC3X;Oaw2Xl&!i06BwsqL&JR~E=H~+4Y-fq9y_=OOuCHY7CiSO
z)`7*q9mL0iz0Cr6C&706KHR(f7T+<jt3s33f%mz|LHt&hve#S0`W3zr_glh@WsNSY
zZ3D%nQ!GS{-$8)s0k~Z*L%n`=<)tb<UbLmpQR}2Vho>!jgC054bb<cN_)D`UK4+cO
zuYt$x;RW!ZIq+kitCFJT!nH7km6W$suK&A;3U7D_cnEk1cnEk1cnEk1{4XF7ph`Ad
zAVX>)N8*L#9z|Up=u2mcB&QUM@~}dR>B3l%XlYp^dkeZsGWnt=XS1@FDddSfGNQ;T
zs0(CJA!7w~PbNQ1k_A;&l3I3eI1uP7kYOdSsIsO&komaloNVA)*aI4c3>Bb|G4wBL
z%1H4`0TKz5K2X?Ykz_Wb<TVJM*W{$8q_~r#OUX*EkPipQhEKTIVltv<vyT0mG%j~N
zRGLk#A(<SmkgpvpaDq{N5F){7m2;^tY`iN#?)|i=NmYSGrHD-O%9veN1{Ugu1HA0;
zW9dvXO;kOPC@MU#GOi?bO&-i5CSW+C7E*dr;Rd9jYa==bo5-p{k~)By2QUfbO94Dk
z+s03;r>KEJj;|9!I#Hl84J)%DTu1DZiU?;$;}wA&@2;k(xlCTp+MUzXy`)&kDbP4*
zORfOr$hpA`v|cZ+LkE(S^SCquq<>J)Yaqe?a3IDqS{k}2krdxo+-`kFBf4!kC>PU#
zKyMls$&rGPvaS_!xK(f~4Z(ImSw3Z_#(04CkgCkJsw)l&(wYX_rL8RueX~=AlZ9Mc
zAh5Nd+Mdd|oEymkz8EW$Qe+4_nki<q25;~zHo6Zh+IraODzq3v32iB5v@H)C$+_uQ
zI@I^I?SgMS=(}}kv;P@5@}T^4@OkU3W#Q3Bh%FC3z8p_a-tZ9c5bzN25bzN25bzN2
z5bzN25bzNA?;sFe5w#P!^ag1|QO90@7k}Ym8cvsRU=_mof~JIr^LiN0tRsr5?G?hA
zd`1((nlcX8Az*|s9A{-s7Q#w;_mB!_Qrl*?tg15Dqm4TsE`SqU!XsIj*j|Ih;th)X
z4C*CdgD--hdOqC$*LVMqpEz=tTz^8l9TfOxbMAlm=YF4Hd*C~)#(}ntLjtDJKj`=e
z;f)gxKNi<89Pyk4Ua)<_AOB$jN9Yz#gd62=2Q$p?u7Cb_61M+_>jDs4Ja^p$vqt|-
zcSgBx)19`-Mw`rCugC8}&@6|Ko5uZ}h5NgP>+N0MrH_DbOM^eY&&M$XFaB}3b~ZQ9
zyYii&!1~?%_(mSb<s0~OBe?8_PouvOjoK;%7KZ!#3!D4*{Ao}$`n&g2$njt5Iy%&?
o+ZE?wf-<-MsFPoE{Kw}SYkLrz%v~FE&k14T`d@#Gp?%}{7nD5?v;Y7A

literal 0
HcmV?d00001