Update config to enable signing vote extensions (#4 )

Co-authored-by: Shreerang Kale <shreerangkale@gmail.com> Reviewed-on: #4 Co-authored-by: shreerang <shreerang@noreply.git.vdb.to> Co-committed-by: shreerang <shreerang@noreply.git.vdb.to>
Update dockerfile to not set any runtime user (#3 )
2025-08-18 08:57:26 +00:00 · 2025-06-13 06:23:02 +00:00
4 changed files with 34 additions and 6 deletions
--- a/.gitea/workflows/docker-image.yml
+++ b/.gitea/workflows/docker-image.yml
@ -0,0 +1,29 @@
 name: Publish tmkms docker image on release
 on:
  release:
    types: [published]
 jobs:
  build:
    name: Run docker build and publish
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Run docker build
        run: docker build -t cerc/tmkms -f stack-orchestrator/container-build/cerc-tmkms/Dockerfile .
      - name: Get the version
        id: vars
        run: |
          echo ::set-output name=sha::$(echo ${GITHUB_SHA:0:7})
          echo ::set-output name=tag::$(echo ${GITHUB_REF#refs/tags/})
      - name: Tag docker image
        run: docker tag cerc/tmkms git.vdb.to/laconicnetwork/cerc/tmkms:${{steps.vars.outputs.sha}}
      - name: Tag docker image
        run: docker tag git.vdb.to/laconicnetwork/cerc/tmkms:${{steps.vars.outputs.sha}} git.vdb.to/laconicnetwork/cerc/tmkms:${{steps.vars.outputs.tag}}
      - name: Docker Login
        run: echo ${{ secrets.CICD_PUBLISH_TOKEN }} | docker login https://git.vdb.to -u laconiccicd --password-stdin
      - name: Docker Push
        run: docker push git.vdb.to/laconicnetwork/cerc/tmkms:${{steps.vars.outputs.sha}}
      - name: Docker Push TAGGED
        run: docker push git.vdb.to/laconicnetwork/cerc/tmkms:${{steps.vars.outputs.tag}}
--- a/stack-orchestrator/compose/docker-compose-tmkms.yml
+++ b/stack-orchestrator/compose/docker-compose-tmkms.yml
@ -9,7 +9,7 @@ services:
      NODE_PORT: ${NODE_PORT:-26659}
      KEY_PREFIX: ${KEY_PREFIX}
    volumes:
-      - tmkms-data:/home/tmkmsuser/tmkms
+      - tmkms-data:/root/tmkms
      - ../config/tmkms/run.sh:/opt/run.sh
    extra_hosts:
    - "host.docker.internal:host-gateway"
--- a/stack-orchestrator/config/tmkms/run.sh
+++ b/stack-orchestrator/config/tmkms/run.sh
@ -6,7 +6,7 @@ fi
 set -e
-TMKMS_HOME=/home/tmkmsuser/tmkms
+TMKMS_HOME=/root/tmkms
 INPUT_PRIV_KEY_FILE=$TMKMS_HOME/tmp/priv_validator_key.json
 TMKMS_SECRETS_DIR=$TMKMS_HOME/secrets
 TMKMS_STATE_DIR=$TMKMS_HOME/state
@ -42,6 +42,7 @@ cat <<EOF > $TMKMS_HOME/tmkms.toml
  id = "$CHAIN_ID"
  key_format = { type = "cosmos-json", account_key_prefix = "${KEY_PREFIX}pub", consensus_key_prefix = "${KEY_PREFIX}valconspub" }
  state_file = "$TMKMS_STATE_DIR/priv_validator_state.json"
  sign_extensions = true
  [[validator]]
  chain_id = "$CHAIN_ID"
--- a/stack-orchestrator/container-build/cerc-tmkms/Dockerfile
+++ b/stack-orchestrator/container-build/cerc-tmkms/Dockerfile
@ -47,10 +47,8 @@ RUN apt-get update && \
 # Copy compiled binary
 COPY --from=builder /home/builder/tmkms/target/release/tmkms /usr/local/bin/tmkms
-# Create runtime user
+# Set working directory
-RUN useradd -m tmkmsuser
+WORKDIR /
 USER tmkmsuser
 WORKDIR /home/tmkmsuser
 # Default command, override with `docker run ... bash` etc.
 CMD ["tmkms"]