Modernize docker setup

.dockerignore

@@ -0,0 +1,11 @@
+**/*
+!rust-toolchain.toml
+!Cargo.toml
+!Cargo.lock
+!.cargo
+!crates
+!depversions.sh
+!.git
+.git/hooks/**/*
+.git/info/**/*
+.git/logs/**/*

.github/workflows/docker.yml

@@ -26,12 +26,51 @@ jobs:
         uses: actions/checkout@v6
         timeout-minutes: 5
 
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
+      - name: Docker meta for humanode-peer
+        id: meta-humanode-peer
+        uses: docker/metadata-action@v6
         with:
+          bake-target: docker-metadata-action-humanode-peer
           images: |
             ghcr.io/${{ github.repository }}
+          labels: |
+            org.opencontainers.image.title=${{ github.repository }}-humanode-peer
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+
+      - name: Docker meta for robonode-server
+        id: meta-robonode-server
+        uses: docker/metadata-action@v6
+        with:
+          bake-target: docker-metadata-action-robonode-server
+          images: |
+            ghcr.io/${{ github.repository }}/robonode-server
+          labels: |
+            org.opencontainers.image.title=${{ github.repository }}-robonode-server
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+
+      - name: Docker meta for robonode-keygen
+        id: meta-robonode-keygen
+        uses: docker/metadata-action@v6
+        with:
+          bake-target: docker-metadata-action-robonode-keygen
+          images: |
+            ghcr.io/${{ github.repository }}/robonode-keygen
+          labels: |
+            org.opencontainers.image.title=${{ github.repository }}-robonode-keygen
           tags: |
             type=schedule
             type=ref,event=branch
@@ -42,36 +81,27 @@ jobs:
             type=sha
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
       - name: Login to GitHub Container Registry
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Cache code build
-        uses: actions/cache@v5
+      - name: Build and push
+        uses: docker/bake-action@v7
         with:
-          path: |
-            target/docker/*/*/rustup/
-            !target/docker/*/*/rustup/tmp/
-            !target/docker/*/*/rustup/downloads/
-            target/docker/*/*/cargo/bin/
-            target/docker/*/*/cargo/registry/index/
-            target/docker/*/*/cargo/registry/cache/
-            target/docker/*/*/cargo/git/db/
-            target/docker/*/*/target/
-          key: docker-cargo-${{ hashFiles('rust-toolchain.toml', 'Cargo.lock', 'docker/Dockerfile.*', 'docker/build.sh') }}
-
-      - name: Build the code and docker image
-        run: docker/build.sh
-
-      - name: Tag and push
-        if: github.event_name != 'pull_request'
-        run: |
-          xargs docker/tag-and-push.sh humanode <<EOF
-            ${{ steps.meta.outputs.tags }}
-          EOF
+          source: .
+          allow: ssh
+          files: |
+            ./docker-bake.hcl
+            ${{ steps.meta-humanode-peer.outputs.bake-file }}
+            ${{ steps.meta-robonode-server.outputs.bake-file }}
+            ${{ steps.meta-robonode-keygen.outputs.bake-file }}
+          push: ${{ github.event_name != 'pull_request' }}
+          set: |
+            *.cache-from=type=gha
+            *.cache-to=type=gha,mode=max

Dockerfile

@@ -0,0 +1,78 @@
+# syntax=docker/dockerfile:1.23
+
+ARG BUILDER_BASE=rust:bookworm
+ARG RUNTIME_BASE=debian:bookworm
+
+FROM ${BUILDER_BASE} AS builder
+
+SHELL ["/bin/bash", "-c"]
+
+RUN apt-get update \
+  && apt-get install -y \
+  clang \
+  unzip \
+  && rm -rf /var/lib/apt/lists/*
+
+RUN --mount=source=depversions.sh,target=/depversions.sh \
+  set -a && source /depversions.sh && set +a \
+  && curl -Lo protoc.zip "https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-x86_64.zip" \
+  && unzip -q protoc.zip bin/protoc -d /usr/local \
+  && chmod a+x /usr/local/bin/protoc \
+  && rm -rf protoc.zip
+
+RUN mkdir -p ~/.ssh \
+  && chmod 0600 ~/.ssh \
+  && ssh-keyscan github.com >>~/.ssh/known_hosts
+
+FROM ${RUNTIME_BASE} AS runtime
+
+RUN apt-get update \
+  && apt-get install -y \
+  libssl3 \
+  ca-certificates \
+  jq \
+  curl \
+  && rm -rf /var/lib/apt/lists/*
+
+FROM builder AS build
+
+WORKDIR /worktree
+
+# Install rust.
+RUN \
+  --mount=type=bind,target=rust-toolchain.toml,source=rust-toolchain.toml \
+  --mount=type=cache,target=/usr/local/rustup \
+  rustup install
+
+# Build the binaries.
+RUN \
+  --mount=type=bind,target=.,readwrite \
+  --mount=type=cache,target=/usr/local/rustup \
+  --mount=type=cache,target=/usr/local/cargo/registry \
+  --mount=type=cache,target=target \
+  --mount=type=ssh \
+  RUST_BACKTRACE=1 \
+  CARGO_TARGET_DIR=target/artifacts \
+  cargo build --release --locked --workspace
+
+# Copy artifacts.
+RUN \
+  --mount=type=cache,target=target \
+  cp -r target/artifacts /artifacts \
+  && ls -la /artifacts
+
+FROM runtime AS robonode-server
+COPY --from=build /artifacts/release/robonode-server /usr/local/bin
+RUN ldd /usr/local/bin/robonode-server
+CMD ["robonode-server"]
+
+FROM runtime AS robonode-keygen
+COPY --from=build /artifacts/release/robonode-keygen /usr/local/bin
+RUN ldd /usr/local/bin/robonode-keygen
+CMD ["robonode-keygen"]
+
+# Keep the peer last as the default target.
+FROM runtime AS humanode-peer
+COPY --from=build /artifacts/release/humanode-peer /usr/local/bin
+RUN ldd /usr/local/bin/humanode-peer
+CMD ["humanode-peer"]

docker-bake.hcl

@@ -0,0 +1,31 @@
+variable "TARGETS" {
+  type = list(string)
+  default = ["humanode-peer", "robonode-server", "robonode-keygen"]
+}
+
+group "default" {
+  targets = TARGETS
+}
+
+target "base" {
+  dockerfile = "Dockerfile"
+  # ssh = ["default"]
+}
+
+target "main" {
+  matrix = {
+    tgt = TARGETS
+  }
+  name = tgt
+  inherits = ["base", "docker-metadata-action-${tgt}"]
+  target = tgt
+}
+
+# Targets to allow injecting customizations from Github Actions.
+
+target "docker-metadata-action" {
+  matrix = {
+    tgt = TARGETS
+  }
+  name = "docker-metadata-action-${tgt}"
+}