feat: New docker images structure, tools image (#2185)

.github/actions/build_docker_image/action.yml

@@ -5,9 +5,6 @@ inputs:
   images:
     description: Name of the images to use as a base name
     required: true
-  dockerhub_repo:
-    description: DockerHub repository name
-    required: true
   push_image:
     description: Whether to push the image to the registry (true/false)
     required: true
@@ -20,15 +17,19 @@ inputs:
   platforms:
     description: Platforms to build the image for (e.g. linux/amd64,linux/arm64)
     required: true
-  description:
+
+  dockerhub_repo:
+    description: DockerHub repository name
+    required: false
+  dockerhub_description:
     description: Short description of the image
-    required: true
+    required: false
 
 runs:
   using: composite
   steps:
     - name: Login to DockerHub
-      if: ${{ inputs.push_image == 'true' }}
+      if: ${{ inputs.push_image == 'true' && inputs.dockerhub_repo != '' }}
       uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
       with:
         username: ${{ env.DOCKERHUB_USER }}
@@ -62,11 +63,11 @@ runs:
         tags: ${{ steps.meta.outputs.tags }}
 
     - name: Update DockerHub description
-      if: ${{ inputs.push_image == 'true' }}
+      if: ${{ inputs.push_image == 'true' && inputs.dockerhub_repo != '' }}
       uses: peter-evans/dockerhub-description@432a30c9e07499fd01da9f8a49f0faf9e0ca5b77 # v4.0.2
       with:
         username: ${{ env.DOCKERHUB_USER }}
         password: ${{ env.DOCKERHUB_PW }}
         repository: ${{ inputs.dockerhub_repo }}
-        short-description: ${{ inputs.description }}
+        short-description: ${{ inputs.dockerhub_description }}
         readme-filepath: ${{ inputs.directory }}/README.md

.github/workflows/build_clio_docker_image.yml

@@ -85,16 +85,16 @@ jobs:
       - name: Build Docker image
         uses: ./.github/actions/build_docker_image
         env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
           DOCKERHUB_PW: ${{ secrets.DOCKERHUB_PW }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           images: |
-            rippleci/clio
             ghcr.io/xrplf/clio
-          dockerhub_repo: rippleci/clio
+            rippleci/clio
           push_image: ${{ inputs.publish_image }}
           directory: docker/clio
           tags: ${{ inputs.tags }}
           platforms: linux/amd64
-          description: Clio is an XRP Ledger API server.
+          dockerhub_repo: rippleci/clio
+          dockerhub_description: Clio is an XRP Ledger API server.

.github/workflows/update_docker_ci.yml

@@ -9,6 +9,7 @@ on:
 
       - "docker/ci/**"
       - "docker/compilers/**"
+      - "docker/tools/**"
   push:
     branches: [develop]
     paths:
@@ -16,10 +17,9 @@ on:
 
       - ".github/actions/build_docker_image/**"
 
-      # CI image must update when either its Dockerfile changes
-      # or any compilers changed and were pushed by hand
       - "docker/ci/**"
       - "docker/compilers/**"
+      - "docker/tools/**"
   workflow_dispatch:
 
 concurrency:
@@ -28,22 +28,115 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  build_and_push:
-    name: Build and push docker image
+  gcc:
+    name: Build and push GCC docker image
     runs-on: [self-hosted, heavy]
 
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        with:
+          files: "docker/compilers/gcc/**"
+
+      - uses: ./.github/actions/build_docker_image
+        if: steps.changed-files.outputs.any_changed == 'true'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
+          DOCKERHUB_PW: ${{ secrets.DOCKERHUB_PW }}
+        with:
+          images: |
+            ghcr.io/xrplf/clio-gcc
+            rippleci/clio_gcc
+          push_image: ${{ github.event_name != 'pull_request' }}
+          directory: docker/compilers/gcc
+          tags: |
+            type=raw,value=latest
+            type=raw,value=12
+            type=raw,value=${{ github.sha }}
+          platforms: linux/amd64,linux/arm64
+          dockerhub_repo: rippleci/clio_gcc
+          dockerhub_description: GCC compiler for XRPLF/clio.
+
+  clang:
+    name: Build and push Clang docker image
+    runs-on: [self-hosted, heavy]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        with:
+          files: "docker/compilers/clang/**"
+
+      - uses: ./.github/actions/build_docker_image
+        if: steps.changed-files.outputs.any_changed == 'true'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
+          DOCKERHUB_PW: ${{ secrets.DOCKERHUB_PW }}
+        with:
+          images: |
+            ghcr.io/xrplf/clio-clang
+            rippleci/clio_clang
+          push_image: ${{ github.event_name != 'pull_request' }}
+          directory: docker/compilers/clang
+          tags: |
+            type=raw,value=latest
+            type=raw,value=16
+            type=raw,value=${{ github.sha }}
+          platforms: linux/amd64,linux/arm64
+          dockerhub_repo: rippleci/clio_clang
+          dockerhub_description: Clang compiler for XRPLF/clio.
+
+  tools:
+    name: Build and push tools docker image
+    runs-on: [self-hosted, heavy]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        with:
+          files: "docker/tools/**"
+
+      - uses: ./.github/actions/build_docker_image
+        if: steps.changed-files.outputs.any_changed == 'true'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          images: |
+            ghcr.io/xrplf/clio-tools
+          push_image: ${{ github.event_name != 'pull_request' }}
+          directory: docker/tools
+          tags: |
+            type=raw,value=latest
+            type=raw,value=${{ github.sha }}
+          platforms: linux/amd64,linux/arm64
+
+  ci:
+    name: Build and push CI docker image
+    runs-on: [self-hosted, heavy]
+    needs: [gcc, clang, tools]
+
     steps:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/build_docker_image
         env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
           DOCKERHUB_PW: ${{ secrets.DOCKERHUB_PW }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           images: |
             rippleci/clio_ci
             ghcr.io/xrplf/clio-ci
-          dockerhub_repo: rippleci/clio_ci
           push_image: ${{ github.event_name != 'pull_request' }}
           directory: docker/ci
           tags: |
@@ -51,4 +144,5 @@ jobs:
             type=raw,value=gcc_12_clang_16
             type=raw,value=${{ github.sha }}
           platforms: linux/amd64,linux/arm64
-          description: CI image for XRPLF/clio.
+          dockerhub_repo: rippleci/clio_ci
+          dockerhub_description: CI image for XRPLF/clio.

.hadolint.yml

@@ -1,8 +1,6 @@
 ---
 ignored:
   - DL3003
+  - DL3007
   - DL3008
   - DL3013
-  - DL3015
-  - DL3027
-  - DL3047

docker/ci/Dockerfile

@@ -1,6 +1,9 @@
-FROM rippleci/clio_clang:16
+FROM ghcr.io/xrplf/clio-gcc:12 AS clio-gcc
+FROM ghcr.io/xrplf/clio-tools:latest AS clio-tools
+
+FROM ghcr.io/xrplf/clio-clang:16
+
 ARG DEBIAN_FRONTEND=noninteractive
-ARG TARGETARCH
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
@@ -13,23 +16,22 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 USER root
 WORKDIR /root
 
-ENV CCACHE_VERSION=4.10.2 \
-    LLVM_TOOLS_VERSION=19 \
-    GH_VERSION=2.40.0 \
-    DOXYGEN_VERSION=1.12.0 \
-    CLANG_BUILD_ANALYZER_VERSION=1.6.0 \
-    GIT_CLIFF_VERSION=2.8.0
+ARG LLVM_TOOLS_VERSION=19
 
 # Add repositories
-RUN apt-get -qq update \
-    && apt-get -qq install -y --no-install-recommends --no-install-suggests gnupg wget curl software-properties-common \
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends --no-install-suggests \
+        curl \
+        gnupg \
+        wget \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
     && echo "deb http://apt.llvm.org/focal/ llvm-toolchain-focal-${LLVM_TOOLS_VERSION} main" >> /etc/apt/sources.list \
-    && wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - && \
-    apt-get clean && rm -rf /var/lib/apt/lists/*
+    && wget --progress=dot:giga -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
 
 # Install packages
-RUN apt update -qq \
-    && apt install -y --no-install-recommends --no-install-suggests \
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends --no-install-suggests \
         bison \
         clang-tidy-${LLVM_TOOLS_VERSION} \
         clang-tools-${LLVM_TOOLS_VERSION} \
@@ -49,12 +51,18 @@ RUN apt update -qq \
         conan==1.62 \
         gcovr \
         pre-commit \
-    && apt-get clean && apt remove -y software-properties-common
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
 
 # Install gcc-12 and make ldconfig aware of the new libstdc++ location (for gcc)
 # Note: Clang is using libc++ instead
-COPY --from=rippleci/clio_gcc:12.3.0 /gcc12.deb /
-RUN apt update && apt-get install -y binutils libc6-dev \
+COPY --from=clio-gcc /gcc12.deb /
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends --no-install-suggests \
+        binutils \
+        libc6-dev \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
     && dpkg -i /gcc12.deb \
     && rm -rf /gcc12.deb \
     && ldconfig
@@ -68,43 +76,13 @@ RUN update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-12 100 \
     && update-alternatives --install /usr/bin/gcov-dump gcov-dump /usr/bin/gcov-dump-12 100 \
     && update-alternatives --install /usr/bin/gcov-tool gcov-tool /usr/bin/gcov-tool-12 100
 
-WORKDIR /tmp
-
-# Install ccache from source
-RUN wget "https://github.com/ccache/ccache/releases/download/v${CCACHE_VERSION}/ccache-${CCACHE_VERSION}.tar.gz" \
-    && tar xf "ccache-${CCACHE_VERSION}.tar.gz" \
-    && cd "ccache-${CCACHE_VERSION}" \
-    && mkdir build && cd build \
-    && cmake -GNinja -DCMAKE_BUILD_TYPE=Release .. \
-    && cmake --build . --target install \
-    && rm -rf /tmp/* /var/tmp/*
-
-# Install doxygen from source
-RUN wget "https://github.com/doxygen/doxygen/releases/download/Release_${DOXYGEN_VERSION//./_}/doxygen-${DOXYGEN_VERSION}.src.tar.gz" \
-    && tar xf "doxygen-${DOXYGEN_VERSION}.src.tar.gz" \
-    && cd "doxygen-${DOXYGEN_VERSION}" \
-    && mkdir build && cd build \
-    && cmake -GNinja -DCMAKE_BUILD_TYPE=Release .. \
-    && cmake --build . --target install \
-    && rm -rf /tmp/* /var/tmp/*
-
-# Install ClangBuildAnalyzer
-RUN wget "https://github.com/aras-p/ClangBuildAnalyzer/releases/download/v${CLANG_BUILD_ANALYZER_VERSION}/ClangBuildAnalyzer-linux" \
-    && chmod +x ClangBuildAnalyzer-linux \
-    && mv ClangBuildAnalyzer-linux /usr/bin/ClangBuildAnalyzer \
-    && rm -rf /tmp/* /var/tmp/*
-
-# Install git-cliff
-RUN wget "https://github.com/orhun/git-cliff/releases/download/v${GIT_CLIFF_VERSION}/git-cliff-${GIT_CLIFF_VERSION}-x86_64-unknown-linux-musl.tar.gz" \
-    && tar xf git-cliff-${GIT_CLIFF_VERSION}-x86_64-unknown-linux-musl.tar.gz \
-    && mv git-cliff-${GIT_CLIFF_VERSION}/git-cliff /usr/bin/git-cliff \
-    && rm -rf /tmp/* /var/tmp/*
-
-# Install gh
-RUN wget "https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_${TARGETARCH}.tar.gz" \
-    && tar xf gh_${GH_VERSION}_linux_${TARGETARCH}.tar.gz \
-    && mv gh_${GH_VERSION}_linux_${TARGETARCH}/bin/gh /usr/bin/gh \
-    && rm -rf /tmp/* /var/tmp/*
+COPY --from=clio-tools \
+    /usr/local/bin/ccache \
+    /usr/local/bin/doxygen \
+    /usr/local/bin/ClangBuildAnalyzer \
+    /usr/local/bin/git-cliff \
+    /usr/local/bin/gh \
+    /usr/local/bin/
 
 WORKDIR /root
 

docker/clio/Dockerfile

@@ -2,14 +2,17 @@ FROM ubuntu:22.04
 
 COPY ./clio_server /opt/clio/bin/clio_server
 
-RUN ln -s /opt/clio/bin/clio_server /usr/local/bin/clio_server && \
-    mkdir -p /opt/clio/etc/ && \
-    mkdir -p /opt/clio/log/ && \
-    groupadd -g 10001 clio && \
-    useradd -u 10000 -g 10001 -s /bin/bash clio && \
-    chown clio:clio /opt/clio/log && \
-    apt update && \
-    apt install -y libatomic1
+RUN ln -s /opt/clio/bin/clio_server /usr/local/bin/clio_server \
+    && mkdir -p /opt/clio/etc/ \
+    && mkdir -p /opt/clio/log/ \
+    && groupadd -g 10001 clio \
+    && useradd -u 10000 -g 10001 -s /bin/bash clio \
+    && chown clio:clio /opt/clio/log \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends --no-install-suggests \
+        libatomic1 \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
 
 USER clio
 ENTRYPOINT ["/opt/clio/bin/clio_server"]

docker/compilers/clang-16/Dockerfile

@@ -1,21 +0,0 @@
-FROM ubuntu:focal
-ARG DEBIAN_FRONTEND=noninteractive
-ARG TARGETARCH
-
-SHELL ["/bin/bash", "-c"]
-
-# hadolint ignore=DL3002
-USER root
-WORKDIR /root
-
-ENV CLANG_VERSION=16
-
-RUN apt update -qq \
-    && apt install -qq -y --no-install-recommends --no-install-suggests \
-    wget software-properties-common gnupg
-
-RUN wget https://apt.llvm.org/llvm.sh \
-    && chmod +x llvm.sh \
-    && ./llvm.sh ${CLANG_VERSION} \
-    && rm -rf llvm.sh \
-    && apt-get install -y libc++-16-dev libc++abi-16-dev

docker/compilers/clang/Dockerfile

@@ -0,0 +1,30 @@
+FROM ubuntu:20.04
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+SHELL ["/bin/bash", "-c"]
+
+# hadolint ignore=DL3002
+USER root
+WORKDIR /root
+
+ARG CLANG_VERSION=16
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends --no-install-suggests \
+        wget \
+        software-properties-common \
+        gnupg \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN wget --progress=dot:giga https://apt.llvm.org/llvm.sh \
+    && chmod +x llvm.sh \
+    && ./llvm.sh ${CLANG_VERSION} \
+    && rm -rf llvm.sh \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends --no-install-suggests \
+        libc++-${CLANG_VERSION}-dev \
+        libc++abi-${CLANG_VERSION}-dev \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*

docker/compilers/gcc/Dockerfile

@@ -1,13 +1,24 @@
-FROM ubuntu:focal as build
+FROM ubuntu:20.04 AS build
 
 ARG DEBIAN_FRONTEND=noninteractive
 ARG TARGETARCH
 ARG UBUNTU_VERSION=20.04
 ARG GCC_VERSION=12.3.0
-ARG BUILD_VERSION=1
+ARG BUILD_VERSION=2
 
-RUN apt update && apt install -y wget build-essential file flex libz-dev libzstd-dev
-RUN wget https://gcc.gnu.org/pub/gcc/releases/gcc-$GCC_VERSION/gcc-$GCC_VERSION.tar.gz \
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends --no-install-suggests \
+        build-essential \
+        file \
+        flex \
+        libz-dev \
+        libzstd-dev \
+        software-properties-common \
+        wget \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN wget --progress=dot:giga https://gcc.gnu.org/pub/gcc/releases/gcc-$GCC_VERSION/gcc-$GCC_VERSION.tar.gz \
     && tar xf gcc-$GCC_VERSION.tar.gz \
     && cd /gcc-$GCC_VERSION && ./contrib/download_prerequisites
 
@@ -58,11 +69,16 @@ RUN mkdir /gcc-$GCC_VERSION-$BUILD_VERSION-ubuntu-$UBUNTU_VERSION/DEBIAN \
     && dpkg-deb --build --root-owner-group /gcc-$GCC_VERSION-$BUILD_VERSION-ubuntu-$UBUNTU_VERSION /gcc12.deb
 
 # Create final image
-FROM ubuntu:focal as gcc
+FROM ubuntu:20.04
 COPY --from=build /gcc12.deb /
 
 # Make gcc-12 available but also leave gcc12.deb for others to copy if needed
-RUN apt update && apt-get install -y binutils libc6-dev \
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends --no-install-suggests \
+        binutils \
+        libc6-dev \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
     && dpkg -i /gcc12.deb
 
 RUN update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-12 100 \

docker/tools/Dockerfile

@@ -0,0 +1,64 @@
+FROM ubuntu:20.04
+
+ARG DEBIAN_FRONTEND=noninteractive
+ARG TARGETARCH
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends --no-install-suggests \
+        bison \
+        build-essential \
+        cmake \
+        flex \
+        ninja-build \
+        software-properties-common \
+        wget \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /tmp
+
+ARG CCACHE_VERSION=4.11.3
+RUN wget --progress=dot:giga "https://github.com/ccache/ccache/releases/download/v${CCACHE_VERSION}/ccache-${CCACHE_VERSION}.tar.gz" \
+    && tar xf "ccache-${CCACHE_VERSION}.tar.gz" \
+    && cd "ccache-${CCACHE_VERSION}" \
+    && mkdir build \
+    && cd build \
+    && cmake -GNinja -DCMAKE_BUILD_TYPE=Release -DENABLE_TESTING=False .. \
+    && cmake --build . --target install \
+    && rm -rf /tmp/* /var/tmp/*
+
+ARG DOXYGEN_VERSION=1.12.0
+RUN wget --progress=dot:giga "https://github.com/doxygen/doxygen/releases/download/Release_${DOXYGEN_VERSION//./_}/doxygen-${DOXYGEN_VERSION}.src.tar.gz" \
+    && tar xf "doxygen-${DOXYGEN_VERSION}.src.tar.gz" \
+    && cd "doxygen-${DOXYGEN_VERSION}" \
+    && mkdir build \
+    && cd build \
+    && cmake -GNinja -DCMAKE_BUILD_TYPE=Release .. \
+    && cmake --build . --target install \
+    && rm -rf /tmp/* /var/tmp/*
+
+ARG CLANG_BUILD_ANALYZER_VERSION=1.6.0
+RUN wget --progress=dot:giga "https://github.com/aras-p/ClangBuildAnalyzer/archive/refs/tags/v${CLANG_BUILD_ANALYZER_VERSION}.tar.gz" \
+    && tar xf "v${CLANG_BUILD_ANALYZER_VERSION}.tar.gz" \
+    && cd "ClangBuildAnalyzer-${CLANG_BUILD_ANALYZER_VERSION}" \
+    && mkdir build \
+    && cd build \
+    && cmake -GNinja -DCMAKE_BUILD_TYPE=Release .. \
+    && cmake --build . --target install \
+    && rm -rf /tmp/* /var/tmp/*
+
+ARG GIT_CLIFF_VERSION=2.9.1
+RUN wget --progress=dot:giga "https://github.com/orhun/git-cliff/releases/download/v${GIT_CLIFF_VERSION}/git-cliff-${GIT_CLIFF_VERSION}-x86_64-unknown-linux-musl.tar.gz" \
+    && tar xf git-cliff-${GIT_CLIFF_VERSION}-x86_64-unknown-linux-musl.tar.gz \
+    && mv git-cliff-${GIT_CLIFF_VERSION}/git-cliff /usr/local/bin/git-cliff \
+    && rm -rf /tmp/* /var/tmp/*
+
+ARG GH_VERSION=2.74.0
+RUN wget --progress=dot:giga "https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_${TARGETARCH}.tar.gz" \
+    && tar xf gh_${GH_VERSION}_linux_${TARGETARCH}.tar.gz \
+    && mv gh_${GH_VERSION}_linux_${TARGETARCH}/bin/gh /usr/local/bin/gh \
+    && rm -rf /tmp/* /var/tmp/*
+
+WORKDIR /root