Skip to content

Commit

Permalink
Merge pull request #2058 from dbluhm/feature/pr-tests-gha
Browse files Browse the repository at this point in the history 
ci: add gha for pr-tests
  • Loading branch information
@WadeBarnes
WadeBarnes authored Dec 22, 2022
2 parents 888cd43 + edbd459 commit c456605
Show file tree
Hide file tree
Showing 4 changed files with 373 additions and 0 deletions.
20 changes: 20 additions & 0 deletions .github/workflows/pr-tests.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
name: PR Tests

on:
pull_request:

jobs:
tests:
name: Tests
uses: ./.github/workflows/tests.yml
with:
python-version: "3.6"
os: "ubuntu-20.04"

tests-indy:
name: Tests (Indy)
uses: ./.github/workflows/tests-indy.yml
with:
python-version: "3.6"
indy-version: "1.16.0"
os: "ubuntu-20.04"
58 changes: 58 additions & 0 deletions .github/workflows/tests-indy.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
name: Tests (Indy)

on:
workflow_call:
inputs:
python-version:
required: true
type: string
indy-version:
required: true
type: string
os:
required: true
type: string

jobs:
tests:
name: Test Python ${{ inputs.python-version }} on Indy ${{ inputs.indy-version }}
runs-on: ${{ inputs.os }}
steps:
- uses: actions/checkout@v3

- name: Cache image layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache-test
key: ${{ runner.os }}-buildx-test-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-test-
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1

- name: Build test image
uses: docker/build-push-action@v3
with:
load: true
context: .
file: docker/Dockerfile.indy
target: acapy-test
tags: acapy-test:latest
build-args: |
python_version=${{ inputs.python-version }}
indy_version=${{ inputs.indy-version }}
cache-from: type=local,src=/tmp/.buildx-cache-test
cache-to: type=local,dest=/tmp/.buildx-cache-test-new,mode=max

# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache-test
mv /tmp/.buildx-cache-test-new /tmp/.buildx-cache-test
- name: Run pytest
run: |
docker run --rm acapy-test:latest
35 changes: 35 additions & 0 deletions .github/workflows/tests.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: Tests

on:
workflow_call:
inputs:
python-version:
required: true
type: string
os:
required: true
type: string

jobs:
tests:
name: Test Python ${{ inputs.python-version }}
runs-on: ${{ inputs.os }}
steps:
- uses: actions/checkout@v3
- name: Set up Python ${{ inputs.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ inputs.python-version }}
cache: 'pip'
cache-dependency-path: 'requirements*.txt'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip3 install --no-cache-dir \
-r requirements.txt \
-r requirements.askar.txt \
-r requirements.bbs.txt \
-r requirements.dev.txt
- name: Tests
run: |
pytest
260 changes: 260 additions & 0 deletions docker/Dockerfile.indy
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,260 @@
ARG python_version=3.6.13
ARG rust_version=1.46

# This image could be replaced with an "indy" image from another repo,
# such as the indy-sdk
FROM rust:${rust_version}-slim-buster as indy-builder

ARG user=indy
ENV HOME="/home/$user"
WORKDIR $HOME
RUN mkdir -p .local/bin .local/etc .local/lib

# Install environment
RUN apt-get update -y && \
apt-get install -y --no-install-recommends \
automake \
build-essential \
ca-certificates \
cmake \
curl \
git \
libbz2-dev \
libffi-dev \
libgmp-dev \
liblzma-dev \
libncurses5-dev \
libncursesw5-dev \
libsecp256k1-dev \
libsodium-dev \
libsqlite3-dev \
libssl-dev \
libtool \
libzmq3-dev \
pkg-config \
zlib1g-dev && \
rm -rf /var/lib/apt/lists/*

# set to --release for smaller, optimized library
ARG indy_build_flags=--release

ARG indy_version=1.16.0
ARG indy_sdk_url=https://codeload.github.com/hyperledger/indy-sdk/tar.gz/refs/tags/v${indy_version}

# make local libs and binaries accessible
ENV PATH="$HOME/.local/bin:$PATH"
ENV LIBRARY_PATH="$HOME/.local/lib:$LIBRARY_PATH"

# Download and extract indy-sdk
RUN mkdir indy-sdk && \
curl "${indy_sdk_url}" | tar -xz -C indy-sdk

# Build and install indy-sdk
WORKDIR $HOME/indy-sdk
RUN cd indy-sdk*/libindy && \
cargo build ${indy_build_flags} && \
cp target/*/libindy.so "$HOME/.local/lib" && \
cargo clean

# Package python3-indy
RUN tar czvf ../python3-indy.tgz -C indy-sdk*/wrappers/python .

# grab the latest sdk code for the postgres plug-in
WORKDIR $HOME
ARG indy_postgres_url=${indy_sdk_url}
RUN mkdir indy-postgres && \
curl "${indy_postgres_url}" | tar -xz -C indy-postgres

# Build and install postgres_storage plugin
WORKDIR $HOME/indy-postgres
RUN cd indy-sdk*/experimental/plugins/postgres_storage && \
cargo build ${indy_build_flags} && \
cp target/*/libindystrgpostgres.so "$HOME/.local/lib" && \
cargo clean

# Clean up SDK
WORKDIR $HOME
RUN rm -rf indy-sdk indy-postgres


# Indy Base Image
# This image could be replaced with an "indy-python" image from another repo,
# such as the indy-sdk
FROM python:${python_version}-slim-buster as indy-base

ARG uid=1001
ARG user=indy
ARG indy_version

ENV HOME="/home/$user" \
APP_ROOT="$HOME" \
LC_ALL=C.UTF-8 \
LANG=C.UTF-8 \
PIP_NO_CACHE_DIR=off \
PYTHONUNBUFFERED=1 \
PYTHONIOENCODING=UTF-8 \
RUST_LOG=warning \
SHELL=/bin/bash \
SUMMARY="indy-python base image" \
DESCRIPTION="aries-cloudagent provides a base image for running Hyperledger Aries agents in Docker. \
This image provides all the necessary dependencies to use the indy-sdk in python. Based on Debian Buster."

LABEL summary="$SUMMARY" \
description="$DESCRIPTION" \
io.k8s.description="$DESCRIPTION" \
io.k8s.display-name="indy-python $indy_version" \
name="indy-python" \
version="$indy_version" \
maintainer=""

# Add indy user
RUN useradd -U -ms /bin/bash -u $uid $user

# Install environment
RUN apt-get update -y && \
apt-get install -y --no-install-recommends \
apt-transport-https \
ca-certificates \
bzip2 \
curl \
git \
less \
libffi6 \
libgmp10 \
liblzma5 \
libncurses5 \
libncursesw5 \
libsecp256k1-0 \
libzmq5 \
net-tools \
openssl \
sqlite3 \
vim-tiny \
zlib1g && \
rm -rf /var/lib/apt/lists/* /usr/share/doc/*

WORKDIR $HOME

# Copy build results
COPY --from=indy-builder --chown=$user:$user $HOME .

RUN mkdir -p $HOME/.local/bin

# Add local binaries and aliases to path
ENV PATH="$HOME/.local/bin:$PATH"

# Make libraries resolvable by python
ENV LD_LIBRARY_PATH="$HOME/.local/lib:$LD_LIBRARY_PATH"
RUN echo "$HOME/.local/lib" > /etc/ld.so.conf.d/local.conf && ldconfig

# Install python3-indy
RUN pip install --no-cache-dir python3-indy.tgz && rm python3-indy.tgz

# - In order to drop the root user, we have to make some directories writable
# to the root group as OpenShift default security model is to run the container
# under random UID.
RUN usermod -a -G 0 $user

# Create standard directories to allow volume mounting and set permissions
# Note: PIP_NO_CACHE_DIR environment variable should be cleared to allow caching
RUN mkdir -p \
$HOME/.cache/pip/http \
$HOME/.indy-cli/networks \
$HOME/.indy_client/wallet \
$HOME/.indy_client/pool \
$HOME/.indy_client/ledger-cache \
$HOME/ledger/sandbox/data \
$HOME/log

# The root group needs access the directories under $HOME/.indy_client for the container to function in OpenShift.
# Also ensure the permissions on the python 'site-packages' folder are set correctly.
RUN chown -R $user:root $HOME/.indy_client \
&& chmod -R ug+rw $HOME/log $HOME/ledger $HOME/.cache $HOME/.indy_client

USER $user

CMD ["bash"]


# ACA-Py Test
# Used to run ACA-Py unit tests with Indy
FROM indy-base as acapy-test

USER indy

RUN mkdir src test-reports

WORKDIR /home/indy/src

RUN mkdir -p test-reports && chown -R indy:indy test-reports && chmod -R ug+rw test-reports

ADD requirements*.txt ./

USER root
RUN pip3 install --no-cache-dir \
-r requirements.txt \
-r requirements.askar.txt \
-r requirements.bbs.txt \
-r requirements.dev.txt

ADD --chown=indy:root . .
USER indy

ENTRYPOINT ["/bin/bash", "-c", "pytest \"$@\"", "--"]

# ACA-Py Builder
# Build ACA-Py wheel using setuptools
FROM python:${python_version}-slim-buster AS acapy-builder

WORKDIR /src

ADD . .

RUN pip install setuptools wheel
RUN python setup.py sdist bdist_wheel


# ACA-Py Indy
# Install wheel from builder and commit final image
FROM indy-base AS main

ARG uid=1001
ARG user=indy
ARG acapy_version
ARG acapy_reqs=[askar,bbs]

ENV HOME="/home/$user" \
APP_ROOT="$HOME" \
LC_ALL=C.UTF-8 \
LANG=C.UTF-8 \
PIP_NO_CACHE_DIR=off \
PYTHONUNBUFFERED=1 \
PYTHONIOENCODING=UTF-8 \
RUST_LOG=warning \
SHELL=/bin/bash \
SUMMARY="aries-cloudagent image" \
DESCRIPTION="aries-cloudagent provides a base image for running Hyperledger Aries agents in Docker. \
This image layers the python implementation of aries-cloudagent $acapy_version. \
This image includes indy-sdk and supporting libraries."

LABEL summary="$SUMMARY" \
description="$DESCRIPTION" \
io.k8s.description="$DESCRIPTION" \
io.k8s.display-name="aries-cloudagent $acapy_version" \
name="aries-cloudagent" \
version="$acapy_version" \
maintainer=""

# Create standard directories to allow volume mounting and set permissions
# Note: PIP_NO_CACHE_DIR environment variable should be cleared to allow caching
RUN mkdir -p $HOME/.aries_cloudagent

# The root group needs access the directories under $HOME/.indy_client for the container to function in OpenShift.
# Also ensure the permissions on the python 'site-packages' folder are set correctly.
RUN chmod -R ug+rw $HOME/.aries_cloudagent

COPY --from=acapy-builder /src/dist/aries_cloudagent*.whl .

RUN pip install --no-cache-dir --find-links=. aries_cloudagent${acapy_reqs} && rm aries_cloudagent*.whl

ENTRYPOINT ["aca-py"]

0 comments on commit c456605

Please sign in to comment.