From 000f3d5a8c1bb5e4b0d6a318b7fdc6e48e7b7f1c Mon Sep 17 00:00:00 2001
From: Grant Limberg <grant.limberg@zerotier.com>
Date: Wed, 3 Sep 2025 11:37:26 -0700
Subject: [PATCH] let's build a docker image

---
 .github/workflows/central-controller.yaml     | 66 ++++++++++++++++++-
 .../Dockerfile.conda                          | 23 +++++++
 .../Dockerfile.run_base2                      | 23 -------
 3 files changed, 88 insertions(+), 24 deletions(-)
 create mode 100644 ext/central-controller-docker/Dockerfile.conda
 delete mode 100644 ext/central-controller-docker/Dockerfile.run_base2

diff --git a/.github/workflows/central-controller.yaml b/.github/workflows/central-controller.yaml
index 39ce3a87b..4fb340227 100644
--- a/.github/workflows/central-controller.yaml
+++ b/.github/workflows/central-controller.yaml
@@ -38,4 +38,68 @@ jobs:
         cmake --build build/ --target all -j4 --verbose
     - name: SelfTest
       run: |
-        ./build/zerotier-selftest
\ No newline at end of file
+        ./build/zerotier-selftest
+
+    - name: GCP Auth
+      uses: google-github-actions/auth@v2
+      with:
+        credentials_json: ${{ secrets.DOCKER_REGISTRY_WRITER}}
+
+    - name: Set up GCloud CLI
+      uses: google-github-actions/setup-gcloud@v2
+
+    - name: Docker Auth
+      run: gcloud auth configure-docker us-central1-docker.pkg.dev --quiet
+
+    - name: Get branch name and sanitize
+      id: branch
+      run: |
+        BRANCH_NAME="${GITHUB_REF##*/}"
+        SANITIZED_BRANCH="${BRANCH_NAME//\//-}"
+        echo "branch_name=$SANITIZED_BRANCH" >> $GITHUB_OUTPUT
+    
+    - name: Get short git commit SHA
+      id: sha
+      run: |
+        calculatedSha=$(git rev-parse --short ${{ github.sha }})
+        echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV
+
+    - name: Build and push Docker Image
+      run: |    
+        docker build -t us-central1-docker.pkg.dev/zerotier-421eb9/docker-images/central-controller:${{ steps.sha.outputs.COMMIT_SHORT_SHA }}-${{ steps.branch.outputs.branch_name }}-${{ runner.arch }} -f ext/central-controller-docker/Dockerfile.conda .
+        docker push us-central1-docker.pkg.dev/zerotier-421eb9/docker-images/central-controller:${{ steps.sha.outputs.COMMIT_SHORT_SHA }}-${{ steps.branch.outputs.branch_name }}-${{ runner.arch }}
+    
+  multi-arch-docker:
+    runs-on: gha-runner-x64
+    needs: central_controller
+    steps:
+    - name: GCP Auth
+      uses: google-github-actions/auth@v2
+      with:
+        credentials_json: ${{ secrets.DOCKER_REGISTRY_WRITER}}
+
+    - name: Set up GCloud CLI
+      uses: google-github-actions/setup-gcloud@v2
+
+    - name: Docker Auth
+      run: gcloud auth configure-docker us-central1-docker.pkg.dev --quiet
+
+    - name: Get branch name and sanitize
+      id: branch
+      run: |
+        BRANCH_NAME="${GITHUB_REF##*/}"
+        SANITIZED_BRANCH="${BRANCH_NAME//\//-}"
+        echo "branch_name=$SANITIZED_BRANCH" >> $GITHUB_OUTPUT
+    
+    - name: Get short git commit SHA
+      id: sha
+      run: |
+        calculatedSha=$(git rev-parse --short ${{ github.sha }})
+        echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV
+
+    - name: Create and push multi-arch manifest
+      run: |
+        docker manifest create us-central1-docker.pkg.dev/zerotier-421eb9/docker-images/central-controller:${{ steps.sha.outputs.COMMIT_SHORT_SHA }}-${{ steps.branch.outputs.branch_name }} \
+          --amend us-central1-docker.pkg.dev/zerotier-421eb9/docker-images/central-controller:${{ steps.sha.outputs.COMMIT_SHORT_SHA }}-${{ steps.branch.outputs.branch_name }}-x64 \
+          --amend us-central1-docker.pkg.dev/zerotier-421eb9/docker-images/central-controller:${{ steps.sha.outputs.COMMIT_SHORT_SHA }}-${{ steps.branch.outputs.branch_name }}-ARM64
+        docker manifest push us-central1-docker.pkg.dev/zerotier-421eb9/docker-images/central-controller:${{ steps.sha.outputs.COMMIT_SHORT_SHA }}-${{ steps.branch.outputs.branch_name }}
diff --git a/ext/central-controller-docker/Dockerfile.conda b/ext/central-controller-docker/Dockerfile.conda
new file mode 100644
index 000000000..0358240c7
--- /dev/null
+++ b/ext/central-controller-docker/Dockerfile.conda
@@ -0,0 +1,23 @@
+FROM golang:bookworm AS go_base
+RUN go install -tags 'postgres' github.com/golang-migrate/migrate/v4/cmd/migrate@latest
+
+
+FROM continuumio/miniconda3:25.3.1-1
+
+LABEL maintainer="ZeroTier Inc."
+
+ADD environment.yml /tmp/environment.yml
+
+RUN conda env create -f /tmp/environment.yml && \
+    conda clean -a -y
+
+COPY --from=go_base /go/bin/migrate /usr/local/bin/migrate
+COPY ext/central-controller-docker/migrations /migrations
+ADD build/zerotier-one /usr/local/bin/zerotier-one
+RUN chmod a+x /usr/local/bin/zerotier-one
+# RUN echo "/usr/local/lib64" > /etc/ld.so.conf.d/usr-local-lib64.conf && ldconfig
+
+ADD ext/central-controller-docker/main.sh /
+RUN chmod a+x /main.sh
+
+ENTRYPOINT ["/main.sh"]
diff --git a/ext/central-controller-docker/Dockerfile.run_base2 b/ext/central-controller-docker/Dockerfile.run_base2
deleted file mode 100644
index c64f04ab6..000000000
--- a/ext/central-controller-docker/Dockerfile.run_base2
+++ /dev/null
@@ -1,23 +0,0 @@
-FROM continuumio/miniconda3:25.3.1-1
-
-LABEL maintainer="ZeroTier Inc."
-
-RUN conda config --set channel_priority strict && \
-    conda install -y -c conda-forge \
-    conda-forge::cmake=3.25.1 \
-    conda-forge::git \
-    conda-forge::cxx-compiler \
-    conda-forge::c-compiler \
-    conda-forge::make \
-    conda-forge::pkg-config \
-    conda-forge::libpqxx=7.7.3 \
-    conda-forge::libopentelemetry-cpp=1.21.0 \
-    conda-forge::libopentelemetry-cpp-headers=1.21.0 \
-    conda-forge::google-cloud-cpp=2.39.0 \
-    conda-forge::libgoogle-cloud=2.39.0 \
-    conda-forge::rust=1.89.0 \
-    conda-forge::inja=3.3.0 \
-    conda-forge::libhiredis=1.3.0 \
-    conda-forge::nlohmann_json=3.12.0
-
-# ADD . /src
\ No newline at end of file