From dd606e5e07d78d6e2a8b24796937f84965aa7d78 Mon Sep 17 00:00:00 2001
From: akme <akme@users.noreply.github.com>
Date: Tue, 27 Jul 2021 13:20:35 +0300
Subject: [PATCH] Add docker workflow

---
 .github/workflows/docker-ubuntu-image.yml | 44 +++++++++++++++
 docker/Dockerfile                         | 32 +++++++++++
 docker/README.md                          | 28 +++++++++
 docker/control.template                   |  9 +++
 docker/init.sh                            | 69 +++++++++++++++++++++++
 5 files changed, 182 insertions(+)
 create mode 100644 .github/workflows/docker-ubuntu-image.yml
 create mode 100644 docker/Dockerfile
 create mode 100644 docker/README.md
 create mode 100644 docker/control.template
 create mode 100644 docker/init.sh

diff --git a/.github/workflows/docker-ubuntu-image.yml b/.github/workflows/docker-ubuntu-image.yml
new file mode 100644
index 00000000..42c8d378
--- /dev/null
+++ b/.github/workflows/docker-ubuntu-image.yml
@@ -0,0 +1,44 @@
+name: Build Docker Ubuntu Image
+
+on:
+  push:
+    branches:
+      - 'master'
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+        
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      -
+        name: Login to GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      -
+        name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          context: ./docker
+          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+
diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 00000000..7abefca8
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,32 @@
+FROM ubuntu:20.04 as builder
+RUN apt-get update && \
+	DEBIAN_FRONTEND=noninteractive apt-get install -y build-essential cmake clang-6.0 openssl libssl-dev zlib1g-dev gperf wget git && \
+	rm -rf /var/lib/apt/lists/*
+ENV CC clang-6.0
+ENV CXX clang++-6.0
+WORKDIR /
+RUN git clone --recursive https://github.com/newton-blockchain/ton
+WORKDIR /ton
+
+RUN mkdir build && \
+	cd build && \
+	cmake .. -DCMAKE_BUILD_TYPE=Release && \
+	make -j 4
+
+FROM ubuntu:20.04
+RUN apt-get update && \
+	apt-get install -y openssl wget&& \
+	rm -rf /var/lib/apt/lists/*
+RUN mkdir -p /var/ton-work/db && \
+	mkdir -p /var/ton-work/db/static
+
+COPY --from=builder /ton/build/lite-client/lite-client /usr/local/bin/
+COPY --from=builder /ton/build/validator-engine/validator-engine /usr/local/bin/
+COPY --from=builder /ton/build/validator-engine-console/validator-engine-console /usr/local/bin/
+COPY --from=builder /ton/build/utils/generate-random-id /usr/local/bin/
+
+WORKDIR /var/ton-work/db
+COPY init.sh control.template ./
+RUN chmod +x init.sh
+
+ENTRYPOINT ["/var/ton-work/db/init.sh"]
diff --git a/docker/README.md b/docker/README.md
new file mode 100644
index 00000000..955fd3ef
--- /dev/null
+++ b/docker/README.md
@@ -0,0 +1,28 @@
+# The Open Network Node
+Dockerfile for The Open Network Node
+
+#### Install
+```docker pull ghcr.io/newton-blockchain/ton```
+#### Create volume
+```docker volume create ton-db```
+#### Run
+```docker run -d --name ton-node --mount source=ton-db,target=/var/ton-work/db --network host -e "PUBLIC_IP=<YOUR_PUBLIC_IP>" -e "CONSOLE_PORT=<TCP-PORT1>" -e "LITESERVER=true" -e "LITE_PORT=<TCP-PORT2>" -it ghcr.io/newton-blockchain/ton```
+
+
+If you don't need Liteserver, then remove -e "LITESERVER=true".
+
+#### Use
+```docker exec -ti <container-id> /bin/bash```
+
+```./validator-engine-console -k client -p server.pub -a <IP>:<TCP-PORT1>```
+
+IP:PORT is shown at start of container.
+
+#### Lite-client
+To use lite-client you need to get liteserver.pub from container.
+
+```docker cp <container-id>:/var/ton-work/db/liteserver.pub /your/path```
+
+Then you can connect to it, but be sure you use right port, it's different from fullnode console port.
+
+```lite-client -a <IP>:<TCP-PORT2> -p liteserver.pub```
diff --git a/docker/control.template b/docker/control.template
new file mode 100644
index 00000000..857bcebc
--- /dev/null
+++ b/docker/control.template
@@ -0,0 +1,9 @@
+"control" : [
+  { "id" : SERVER-ID,
+    "port" : CONSOLE-PORT,
+    "allowed" : [
+      { "id" : CLIENT-ID,
+        "permissions" : 15
+      }
+    ]
+  }
\ No newline at end of file
diff --git a/docker/init.sh b/docker/init.sh
new file mode 100644
index 00000000..1fe4f5e1
--- /dev/null
+++ b/docker/init.sh
@@ -0,0 +1,69 @@
+#!/usr/bin/env bash
+
+# global config 
+if [ ! -z "$GCONFURL" ]; then
+    echo -e "\e[1;32m[+]\e[0m Downloading provided global config."
+    wget -q $GCONFURL -O /var/ton-work/db/ton-global.config
+else
+    echo -e "\e[1;33m[=]\e[0m No global config provided, downloading default."
+    wget -q https://api.tontech.io/ton/wallet-mainnet.autoconf.json -O /var/ton-work/db/ton-global.config
+fi
+
+# Init local config with IP:PORT
+if [ ! -z "$PUBLIC_IP" ]; then
+    if [ -z "$CONSOLE_PORT" ]; then
+        CONSOLE_PORT="43678"
+    fi
+    echo -e "\e[1;32m[+]\e[0m Using provided IP: $PUBLIC_IP:$CONSOLE_PORT"
+    validator-engine -C /var/ton-work/db/ton-global.config --db /var/ton-work/db --ip "$PUBLIC_IP:$CONSOLE_PORT"
+else
+    echo -e "\e[1;31m[!]\e[0m No IP:PORT provided, exiting"
+    exit 1
+fi
+
+# Generating server certificate
+if [ -f "./server" ]; then
+    echo -e "\e[1;33m[=]\e[0m Found existing server certificate, skipping"
+else 
+    echo -e "\e[1;32m[+]\e[0m Generating and installing server certificate for remote control"
+    read -r SERVER_ID1 SERVER_ID2 <<< $(generate-random-id -m keys -n server)
+    echo "Server IDs: $SERVER_ID1 $SERVER_ID2"
+    cp server /var/ton-work/db/keyring/$SERVER_ID1
+fi
+
+# Generating client certificate
+if [ -f "./client" ]; then 
+    echo -e "\e[1;33m[=]\e[0m Found existing client certificate, skipping"
+else
+    read -r CLIENT_ID1 CLIENT_ID2 <<< $(generate-random-id -m keys -n client)
+    echo -e "\e[1;32m[+]\e[0m Generated client private certificate $CLIENT_ID1 $CLIENT_ID2"
+    echo -e "\e[1;32m[+]\e[0m Generated client public certificate"
+    # Adding client permissions
+    sed -e "s/CONSOLE-PORT/\"$(printf "%q" $CONSOLE_PORT)\"/g" -e "s~SERVER-ID~\"$(printf "%q" $SERVER_ID2)\"~g" -e "s~CLIENT-ID~\"$(printf "%q" $CLIENT_ID2)\"~g" control.template > control.new
+    sed -e "s~\"control\"\ \:\ \[~$(printf "%q" $(cat control.new))~g" config.json > config.json.new
+    mv config.json.new config.json
+fi
+
+# Liteserver
+if [ -z "$LITESERVER" ]; then
+    echo -e "\e[1;33m[=]\e[0m Liteserver disabled"
+else
+    if [ -f "./liteserver" ]; then
+        echo -e "\e[1;33m[=]\e[0m Found existing liteserver certificate, skipping"
+    else 
+        echo -e "\e[1;32m[+]\e[0m Generating and installing liteserver certificate for remote control"
+        read -r LITESERVER_ID1 LITESERVER_ID2 <<< $(generate-random-id -m keys -n liteserver)
+        echo "Liteserver IDs: $LITESERVER_ID1 $LITESERVER_ID2"
+        cp liteserver /var/ton-work/db/keyring/$LITESERVER_ID1
+        if [ -z "$LITE_PORT" ]; then
+            LITE_PORT="43679"
+        fi
+        LITESERVERS=$(printf "%q" "\"liteservers\":[{\"id\":\"$LITESERVER_ID2\",\"port\":\"$LITE_PORT\"}")
+        sed -e "s~\"liteservers\"\ \:\ \[~$LITESERVERS~g" config.json > config.json.liteservers
+        mv config.json.liteservers config.json
+    fi
+fi
+
+echo -e "\e[1;32m[+]\e[0m Running validator-engine"
+
+exec validator-engine -c /var/ton-work/db/config.json -C /var/ton-work/db/ton-global.config --db /var/ton-work/db
\ No newline at end of file