Add a readiness check to the Docker container

.github/workflows/build-docker.yml

@@ -11,7 +11,8 @@ on:
   pull_request:
     paths:
       - ".github/workflows/build-docker.yml"
-      - "docker/centrifuge-chain/Dockerfile"
+      - "docker/"
+      - ".dockerignore"
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }}${{ github.event_name }}
   cancel-in-progress: true
@@ -22,26 +23,38 @@ jobs:
         target: [ release, test ]
     runs-on: ubuntu-latest-8-cores
     permissions:
-      contents: write    
+      contents: write # to update the GH release w/ Docker tags
+      packages: write # to upload images to ghcr
+      id-token: write
     steps:
       - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4
         with:
           fetch-depth: 0
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 #v3
-      - name: DockerHub Login
-        uses: docker/login-action@v3
+
+      # - name: DockerHub Registry Login
+      #   uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
+      #   with:
+      #     username: ${{ secrets.DOCKER_HUB_USERNAME }}
+      #     password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Github Registry login
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
         with:
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - run: echo "NOW=$(date -u +%y-%m-%d)" >> $GITHUB_ENV
 
       - name: Setup docker metadata
         id: meta
         uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 #v5
         with:
-          images: centrifugeio/centrifuge-chain
+          images: |
+            ghcr.io/centrifuge/centrifuge-chain
+            ${{ github.event_name != 'pull_request' && 'centrifugeio/centrifuge-chain' || ''}}
           tags: |
             type=semver,pattern={{raw}},prefix=${{ matrix.target == 'test' && 'test-' || '' }}
             type=raw,value=latest,enable=${{ github.event_name == 'release' }}
@@ -56,14 +69,18 @@ jobs:
             core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
             core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || '');
 
+      - run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
       - name: Build and push centrifugeio/centrifuge-chain
         uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 #v5
         with:
           context: .
           file: ./docker/centrifuge-chain/Dockerfile
           build-args: |
             FEATURES=${{ matrix.target == 'test' && 'fast-runtime' || '' }}
-          push: ${{ github.event_name != 'pull_request' }}
+            BUILD_DATE=${{ env.NOW }}
+            VERSION=${{env.VERSION}}
+          # Always push, either to ghcr or Dockerhub
+          push: true
           tags: ${{ steps.meta.outputs.tags }}
           # Cache options:
           # https://docs.docker.com/build/ci/github-actions/cache/
@@ -82,14 +99,14 @@ jobs:
           repository: centrifuge/centrifuge-chain
           short-description: ${{ github.event.repository.description }}
           enable-url-completion: true
-          
+
       - name: Update GitHub release
         if: github.event_name == 'release' && matrix.target == 'release'
         uses: softprops/action-gh-release@v1
         with:
           append_body: true
           body: |
-            **Docker tags:** 
+            **Docker tags:**
                ${{ steps.meta.outputs.tags }}
 
       - if: failure()

docker/centrifuge-chain/Dockerfile

@@ -27,43 +27,56 @@ FROM --platform=linux/amd64 docker.io/paritytech/ci-linux:production as builder
 # and simply download the binaries here. Some short of hash or integrity check would need to
 # happen to make sure the binary is what we want.
 FROM --platform=linux/amd64 docker.io/library/ubuntu:jammy
+	ARG BUILD_DATE
+	ARG VERSION
+	# Standard OCI labels
+	# https://github.com/opencontainers/image-spec/blob/main/annotations.md
+	LABEL io.centrifuge.image.vendor="Centrifuge" \
+		org.opencontainers.image.created= \
+		org.opencontainers.image.authors="[email protected]" \
+		org.opencontainers.image.title="centrifugeio/centrifuge-chain" \
+		org.opencontainers.image.description="Centrifuge, the layer 1 of RWA. This is the official Centrifuge (para)chain image" \
+		org.opencontainers.image.source="https://github.com/centrifuge/centrifuge-chain/" \
+		org.opencontainers.image.created="${BUILD_DATE}" \		
+		org.opencontainers.image.documentation="https://github.com/centrifuge/centrifuge-chain/blob/main/README.md" \
+		org.opencontainers.image.version="$VERSION" \
+		org.opencontainers.image.licenses="GPL-3" \
+		org.opencontainers.image.base.name="ubuntu/jammy" \
+		org.opencontainers.image.base.digest="ubuntu@sha256:6042500cf4b44023ea1894effe7890666b0c5c7871ed83a97c36c76ae560bb9b" 
+		# org.opencontainers.image.url= \		
 
-	LABEL io.centrifuge.image.authors="[email protected]" \
-		io.centrifuge.image.vendor="Centrifuge" \
-		io.centrifuge.image.title="centrifugeio/centrifuge-chain" \
-		io.centrifuge.image.description="Centrifuge, the layer 1 of RWA. This is the official Centrifuge (para)chain image" \
-		io.centrifuge.image.source="https://github.com/centrifuge/centrifuge-chain/blob/main/docker/centrifuge-chain/Dockerfile" \
-		io.centrifuge.image.created="${BUILD_DATE}"
 
-	# Add chain resources to image
-	COPY node/res /resources/
-
-	COPY --from=builder /centrifuge-chain/target/release/centrifuge-chain /usr/local/bin
 
-	RUN apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/* ;
+	RUN apt-get update && apt-get install -y curl jq
+	RUN apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/*
 
 	# Because of the following, all data and config directories need to be owned by UID and GID 1000
 	RUN useradd -m -u 1000 -U -s /bin/sh -d /centrifuge centrifuge
+
+	COPY node/res /resources/
+	COPY --from=builder /centrifuge-chain/target/release/centrifuge-chain /usr/local/bin/
 
-	RUN mkdir -p /data && \
+	COPY docker/scripts /centrifuge/scripts
+	RUN chmod +x /centrifuge/scripts/* && \
+		ln -s /centrifuge/scripts/* /usr/local/bin/
+
+	RUN mkdir -p /data && \ 
 		chown -R centrifuge:centrifuge /data && \
 		chown -R centrifuge:centrifuge /resources && \
-		chown -R centrifuge:centrifuge /usr/local/bin/centrifuge-chain && \
-		chown -R centrifuge:centrifuge /centrifuge/
-
-	COPY ./docker/scripts/entrypoint.sh /centrifuge/entrypoint.sh
-	RUN chown -R centrifuge:centrifuge /centrifuge/entrypoint.sh && chmod +x /centrifuge/entrypoint.sh
+		chown -R centrifuge:centrifuge /centrifuge/ 
 
 # Running as an non-root is a good security practice
 # in some cases the container can be forced to run as root overriding the next line
 # but by default we want to enforce this.
 USER centrifuge
+WORKDIR /centrifuge
 
 # checks
 RUN ldd /usr/local/bin/centrifuge-chain && \
 	/usr/local/bin/centrifuge-chain --version
+RUN set -e && command -v check-node-ready && command -v entrypoint.sh
 
 EXPOSE 30333 9933 9944
 VOLUME ["/data"]
-ENTRYPOINT ["/centrifuge/entrypoint.sh"]
+ENTRYPOINT ["entrypoint.sh"]
 CMD ["--help"]

docker/scripts/check-node-ready

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# Contact port 9933 and store the response
+response=$(curl -s http://localhost:9933/health)
+
+# Extract the number of peers and the syncing status from the response
+peers=$(echo "$response" | jq '.peers')
+isSyncing=$(echo "$response" | jq '.isSyncing')
+
+# Check that the number of peers is more than 0
+if [ "$peers" -gt 0 ]; then
+    echo "Node has peers."
+else
+    echo "Error: Node has no peers. Check the logs"
+    exit 1
+fi
+
+# Check that syncing is false
+if [ "$isSyncing" == "false" ]; then
+    echo "Node is synched."
+else
+    echo "Error: Node is still syncing but has peers. Check again later"
+    exit 1
+fi
+
+echo "Health check passed."
+exit 0