theinterfold · hmzakhalid · Dec 2, 2025 · Dec 1, 2025 · Dec 1, 2025 · Dec 1, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -15,8 +15,10 @@ on:
       - main
       - dev
 env:
-  DOCKERFILE_PATH: crates/support/Dockerfile
-  IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/e3-support
+  SUPPORT_DOCKERFILE_PATH: crates/support/Dockerfile
+  CIPHERNODE_DOCKERFILE_PATH: crates/Dockerfile
+  SUPPORT_IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/e3-support
+  CIPHERNODE_IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/ciphernode
   HARDHAT_VAR_MNEMONIC: 'test test test test test test test test test test test junk'
   HARDHAT_VAR_INFURA_API_KEY: 'zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz'
   PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80'
@@ -143,44 +145,78 @@ jobs:
       image_tag: ${{ steps.version.outputs.version }}
     steps:
       - uses: actions/checkout@v4
-      - name: Generate version tag
-        id: version
-        run: |
-          echo "version=$(git rev-parse --short=9 HEAD)" >> $GITHUB_OUTPUT
       - name: Generate tags
         id: tags
         run: |
-          VERSION=$(git rev-parse --short=9 HEAD)
-          TAGS="${{ env.IMAGE_NAME }}:$VERSION"
-          if [ "${{ github.ref }}" = "refs/heads/main" ]; then
-            TAGS="$TAGS,${{ env.IMAGE_NAME }}:latest"
+          SHORT_SHA=$(git rev-parse --short=9 HEAD)
+          TAGS="${SUPPORT_IMAGE_NAME}:${SHORT_SHA}"
+
+          if [ "${GITHUB_REF}" = "refs/heads/main" ]; then
+            TAGS="$TAGS,${SUPPORT_IMAGE_NAME}:main"
           fi
+
           echo "tags=$TAGS" >> $GITHUB_OUTPUT
       - name: Set up BuildKit
         uses: docker/setup-buildx-action@v3
+
       - name: Log in to GitHub Container Registry
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Build image
         uses: docker/build-push-action@v5
         with:
           context: ./crates/support
-          file: ${{ env.DOCKERFILE_PATH }}
-          push: true
+          file: ${{ env.SUPPORT_DOCKERFILE_PATH }}
+          push: ${{ github.ref == 'refs/heads/main' }}
+          tags: ${{ steps.tags.outputs.tags }}
+          cache-from: |
+            type=gha,scope=e3-support
+          cache-to: |
+            type=gha,mode=max,scope=e3-support
+
+  build_ciphernode_image:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Generate tags
+        id: tags
+        run: |
+          SHORT_SHA=$(git rev-parse --short=9 HEAD)
+          TAGS="${CIPHERNODE_IMAGE_NAME}:${SHORT_SHA}"
+
+          if [ "${GITHUB_REF}" = "refs/heads/main" ]; then
+            TAGS="$TAGS,${CIPHERNODE_IMAGE_NAME}:main"
+          fi
+
+          echo "tags=$TAGS" >> $GITHUB_OUTPUT
+
+      - name: Set up Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        if: github.ref == 'refs/heads/main'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build ciphernode image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ${{ env.CIPHERNODE_DOCKERFILE_PATH }}
+          push: ${{ github.ref == 'refs/heads/main' }}
           tags: ${{ steps.tags.outputs.tags }}
           cache-from: |
-            type=gha,scope=cargo-registry
-            type=gha,scope=cargo-git
-            type=gha,scope=cargo-target
-            type=gha,scope=buildcache
+            type=gha,scope=ciphernode
           cache-to: |
-            type=gha,mode=max,scope=cargo-registry
-            type=gha,mode=max,scope=cargo-git
-            type=gha,mode=max,scope=cargo-target
-            type=gha,mode=max,scope=buildcache
+            type=gha,mode=max,scope=ciphernode
 
   test_contracts:
     runs-on: 'ubuntu-latest'

diff --git a/.github/workflows/ec2-deployment.yml b/.github/workflows/ec2-deployment.yml
diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml
@@ -11,6 +11,10 @@ on:
       - 'v*.*.*-*' # Pre-release tags like v1.0.0-beta.1
 
 env:
+  CIPHERNODE_DOCKERFILE_PATH: crates/Dockerfile
+  SUPPORT_DOCKERFILE_PATH: crates/support/Dockerfile
+  CIPHERNODE_IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/ciphernode
+  SUPPORT_IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/e3-support
   MNEMONIC: 'test test test test test test test test test test test junk'
   INFURA_API_KEY: 'zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz'
   ETHERSCAN_API_KEY: 'zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz'
@@ -67,6 +71,72 @@ jobs:
 
           echo "✅ All versions match: $VERSION"
 
+  build-ciphernode-image-release:
+    name: Build & Push ciphernode (release)
+    runs-on: ubuntu-latest
+    needs: validate-and-prepare
+    env:
+      CIPHERNODE_IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/ciphernode
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build & push ciphernode release image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: crates/Dockerfile
+          push: true
+          tags: |
+            ${{ env.CIPHERNODE_IMAGE_NAME }}:${{ needs.validate-and-prepare.outputs.version }}
+            ${{ env.CIPHERNODE_IMAGE_NAME }}:latest
+          cache-from: |
+            type=gha,scope=ciphernode
+          cache-to: |
+            type=gha,mode=max,scope=ciphernode
+
+  build-e3-support-release:
+    name: Build & Push e3-support (release)
+    runs-on: ubuntu-latest
+    needs: validate-and-prepare
+    env:
+      SUPPORT_IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/e3-support
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build & push e3-support release image
+        uses: docker/build-push-action@v5
+        with:
+          context: ./crates/support
+          file: ${{ env.SUPPORT_DOCKERFILE_PATH }}
+          push: true
+          tags: |
+            ${{ env.SUPPORT_IMAGE_NAME }}:${{ needs.validate-and-prepare.outputs.version }}
+            ${{ env.SUPPORT_IMAGE_NAME }}:latest
+          cache-from: |
+            type=gha,scope=e3-support
+          cache-to: |
+            type=gha,mode=max,scope=e3-support
+
   build-binaries:
     name: Build Binaries (${{ matrix.os_name }}-${{ matrix.arch }})
     runs-on: ${{ matrix.os }}
@@ -217,7 +287,15 @@ jobs:
   create-github-release:
     name: Create GitHub Release
     runs-on: ubuntu-latest
-    needs: [validate-and-prepare, build-binaries, publish-rust-crates, publish-npm-packages]
+    needs:
+      [
+        validate-and-prepare,
+        build-ciphernode-image-release,
+        build-e3-support-release,
+        build-binaries,
+        publish-rust-crates,
+        publish-npm-packages,
+      ]
     if: always() && needs.validate-and-prepare.result == 'success' && needs.build-binaries.result == 'success'
     steps:
       - name: Checkout

diff --git a/dappnode/.gitignore b/dappnode/.gitignore
@@ -0,0 +1,33 @@
+# DAppNode Package - Git Ignore
+
+# Environment files with secrets
+.env
+*.env.local
+
+# Local test data
+data/
+
+# Build artifacts
+build_*/
+*.tar.xz
+*.txz
+
+# DAppNode SDK output
+releases/
+
+# Node modules (if any)
+node_modules/
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# IDE files
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# Logs
+*.log
+logs/
diff --git a/dappnode/Dockerfile b/dappnode/Dockerfile
@@ -0,0 +1,43 @@
+# DAppNode Enclave Ciphernode Dockerfile
+# Uses official upstream image from GitHub Container Registry
+
+ARG UPSTREAM_VERSION
+FROM ghcr.io/gnosisguild/ciphernode:${UPSTREAM_VERSION} AS upstream
+
+# Runtime image
+FROM debian:stable-slim
+
+# Install runtime dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
+    procps \
+    gettext-base \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Create non-root user
+RUN useradd -m -u 1000 -s /bin/bash ciphernode
+
+# Create data directory
+RUN mkdir -p /data && chown ciphernode:ciphernode /data
+
+# Copy binary from upstream
+COPY --from=upstream /usr/local/bin/enclave /usr/local/bin/enclave
+RUN chmod +x /usr/local/bin/enclave
+
+# Copy entrypoint and config template
+COPY --chmod=755 entrypoint.sh /usr/local/bin/entrypoint.sh
+COPY --chmod=644 config.template.yaml /opt/config.template.yaml
+
+# Labels
+LABEL maintainer="Gnosis Guild <https://gnosisguild.org>"
+LABEL org.opencontainers.image.source="https://github.com/gnosisguild/enclave"
+LABEL org.opencontainers.image.description="Enclave Ciphernode for DAppNode"
+
+USER ciphernode
+WORKDIR /data
+
+HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
+    CMD pgrep -f enclave || exit 1
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]