Feature/commit boost default image (#464)

Author: JasonVranek

.github/workflows/release.yml

@@ -73,7 +73,7 @@ jobs:
           VALUE=$(python .github/workflows/release/release.py is-latest "${{ inputs.tag }}")
           echo "value=$VALUE" >> $GITHUB_OUTPUT
 
-  # Builds the x64 and arm64 binaries for Linux, for all 3 crates, via the Docker builder
+  # Builds the x64 and arm64 binaries for Linux via the Docker builder
   build-binaries-linux:
     needs: [resolve-tag]
     timeout-minutes: 60
@@ -230,7 +230,7 @@ jobs:
       packages: write
     strategy:
       matrix:
-        crate: [pbs, signer]
+        crate: [pbs, signer, commit-boost]
     runs-on: ubuntu-latest
     timeout-minutes: 45
     steps:
@@ -251,10 +251,10 @@ jobs:
         run: |
           mkdir -p ./artifacts/bin/linux_amd64
           mkdir -p ./artifacts/bin/linux_arm64
-          tar -xzf ./artifacts/commit-boost-${{ matrix.crate }}-${{ inputs.tag }}-linux_x86-64/commit-boost-${{ matrix.crate }}-${{ inputs.tag }}-linux_x86-64.tar.gz -C ./artifacts/bin
-          mv ./artifacts/bin/commit-boost-${{ matrix.crate }} ./artifacts/bin/linux_amd64/commit-boost-${{ matrix.crate }}
-          tar -xzf ./artifacts/commit-boost-${{ matrix.crate }}-${{ inputs.tag }}-linux_arm64/commit-boost-${{ matrix.crate }}-${{ inputs.tag }}-linux_arm64.tar.gz -C ./artifacts/bin
-          mv ./artifacts/bin/commit-boost-${{ matrix.crate }} ./artifacts/bin/linux_arm64/commit-boost-${{ matrix.crate }}
+          tar -xzf ./artifacts/commit-boost-${{ inputs.tag }}-linux_x86-64/commit-boost-${{ inputs.tag }}-linux_x86-64.tar.gz -C ./artifacts/bin
+          mv ./artifacts/bin/commit-boost ./artifacts/bin/linux_amd64/commit-boost
+          tar -xzf ./artifacts/commit-boost-${{ inputs.tag }}-linux_arm64/commit-boost-${{ inputs.tag }}-linux_arm64.tar.gz -C ./artifacts/bin
+          mv ./artifacts/bin/commit-boost ./artifacts/bin/linux_arm64/commit-boost
 
       - name: Set lowercase owner
         run: echo "OWNER=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
@@ -298,7 +298,7 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           path: ./artifacts
-          pattern: "commit-boost*"
+          pattern: "commit-boost-*"
 
       - name: Sign all binaries with Sigstore
         uses: sigstore/gh-action-sigstore-python@v3.0.0
@@ -311,7 +311,7 @@ jobs:
           name: signed-${{ inputs.tag }}
           path: ./artifacts/**/*.sigstore*
 
-  # Creates a release on GitHub with the binaries
+  # Creates a draft release on GitHub with the binaries
   finalize-release:
     needs:
       - build-binaries-linux
@@ -328,13 +328,7 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           path: ./artifacts
-          pattern: "commit-boost*"
-
-      - name: Download signatures
-        uses: actions/download-artifact@v4
-        with:
-          path: ./artifacts
-          pattern: "signatures-${{ github.ref_name }}*"
+          pattern: "commit-boost-*"
 
       - name: Download signed artifacts
         uses: actions/download-artifact@v4
@@ -351,75 +345,4 @@ jobs:
           tag_name: ${{ inputs.tag }}
           name: ${{ inputs.tag }}
         env:
-          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
-
-  # Fast-forwards stable (full release) or beta (RC) to the new tag.
-  # Runs after all artifacts are built and the draft release is created,
-  # so stable/beta are never touched if any part of the pipeline fails.
-  fast-forward-branch:
-    needs:
-      - finalize-release
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/create-github-app-token@v1
-        id: app-token
-        with:
-          app-id: ${{ secrets.APP_ID }}
-          private-key: ${{ secrets.APP_PRIVATE_KEY }}
-
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          token: ${{ steps.app-token.outputs.token }}
-
-      - name: Configure git
-        run: |
-          git config user.name  "commit-boost-release-bot[bot]"
-          git config user.email "commit-boost-release-bot[bot]@users.noreply.github.com"
-
-      - name: Fast-forward beta branch (RC releases)
-        if: contains(github.ref_name, '-rc')
-        run: |
-          git checkout beta
-          git merge --ff-only "${{ github.ref_name }}"
-          git push origin beta
-
-      - name: Fast-forward stable branch (full releases)
-        if: "!contains(github.ref_name, '-rc')"
-        run: |
-          git checkout stable
-          git merge --ff-only "${{ github.ref_name }}"
-          git push origin stable
-
-  # Deletes the tag if any job in the release pipeline fails.
-  # This keeps the tag and release artifacts in sync — a tag should only
-  # exist if the full pipeline completed successfully.
-  # stable/beta are never touched on failure since fast-forward-branch
-  # only runs after finalize-release succeeds.
-  #
-  # Note: if finalize-release specifically fails, a draft release may already
-  # exist on GitHub pointing at the now-deleted tag and will need manual cleanup.
-  cleanup-on-failure:
-    needs:
-      - build-binaries-linux
-      - build-binaries-darwin
-      - sign-binaries
-      - build-and-push-pbs-docker
-      - build-and-push-signer-docker
-      - finalize-release
-      - fast-forward-branch
-    runs-on: ubuntu-latest
-    if: failure()
-    steps:
-      - uses: actions/create-github-app-token@v1
-        id: app-token
-        with:
-          app-id: ${{ secrets.APP_ID }}
-          private-key: ${{ secrets.APP_PRIVATE_KEY }}
-
-      - uses: actions/checkout@v4
-        with:
-          token: ${{ steps.app-token.outputs.token }}
-
-      - name: Delete tag
-        run: git push origin --delete ${{ github.ref_name }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.releases/README.md

@@ -73,7 +73,7 @@ Example verification flow:
 export REPO=Commit-Boost/commit-boost-client
 export VERSION=vX.Y.Z
 export ARCH=linux_x86-64
-export BIN=commit-boost-pbs
+export BIN=commit-boost
 
 curl -L \
   -o "$BIN-$VERSION-$ARCH.tar.gz" \
@@ -87,7 +87,7 @@ cosign verify-blob \
   "$BIN-$VERSION-$ARCH.tar.gz" \
   --bundle "$BIN-$VERSION-$ARCH.tar.gz.sigstore.json" \
   --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
-  --certificate-identity="https://github.com/Commit-Boost/commit-boost-client/.github/workflows/release.yml@refs/heads/main"
+  --certificate-identity="https://github.com/$REPO/.github/workflows/release.yml@refs/heads/main"
 ```
 
 To verify assets from a fork, replace `REPO` with the fork path, for example:

README.md

@@ -43,7 +43,7 @@ Install cosign: [cosign installation guide](https://docs.sigstore.dev/cosign/sys
 export REPO=Commit-Boost/commit-boost-client
 export VERSION=vX.Y.Z
 export ARCH=linux_x86-64
-export BIN=commit-boost-pbs
+export BIN=commit-boost
 
 # Download the binary tarball and its signature bundle
 curl -L \
@@ -59,7 +59,7 @@ cosign verify-blob \
   "$BIN-$VERSION-$ARCH.tar.gz" \
   --bundle "$BIN-$VERSION-$ARCH.tar.gz.sigstore.json" \
   --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
-  --certificate-identity="https://github.com/Commit-Boost/commit-boost-client/.github/workflows/release.yml@refs/heads/main"
+  --certificate-identity="https://github.com/$REPO/.github/workflows/release.yml@refs/heads/main"
 ```
 
 A successful verification prints `Verified OK`. If the binary was modified after being built by CI, verification will fail.

bin/tests/binary.rs

@@ -8,13 +8,13 @@ use cb_cli::docker_init::{CB_COMPOSE_FILE, CB_ENV_FILE};
 const MINIMAL_PBS_TOML: &str = r#"
 chain = "Holesky"
 [pbs]
-docker_image = "ghcr.io/commit-boost/pbs:latest"
+docker_image = "ghcr.io/commit-boost/commit-boost:latest"
 "#;
 
 const MINIMAL_WITH_MODULE_TOML: &str = r#"
 chain = "Holesky"
 [pbs]
-docker_image = "ghcr.io/commit-boost/pbs:latest"
+docker_image = "ghcr.io/commit-boost/commit-boost:latest"
 
 [signer.local.loader]
 key_path = "/keys/keys.json"
@@ -127,7 +127,7 @@ fn test_init_compose_file_pbs_service_structure() {
 
     let pbs = &compose["services"]["cb_pbs"];
     assert!(!pbs.is_null(), "cb_pbs service must exist");
-    assert_eq!(pbs["image"].as_str(), Some("ghcr.io/commit-boost/pbs:latest"), "image");
+    assert_eq!(pbs["image"].as_str(), Some("ghcr.io/commit-boost/commit-boost:latest"), "image");
     assert_eq!(pbs["container_name"].as_str(), Some("cb_pbs"), "container_name");
 
     // Config file must be mounted inside the container.

config.example.toml

@@ -10,8 +10,8 @@ chain = "Holesky"
 # Configuration for the PBS module
 [pbs]
 # Docker image to use for the PBS module.
-# OPTIONAL, DEFAULT: ghcr.io/commit-boost/pbs:latest
-docker_image = "ghcr.io/commit-boost/pbs:latest"
+# OPTIONAL, DEFAULT: ghcr.io/commit-boost/commit-boost:latest
+docker_image = "ghcr.io/commit-boost/commit-boost:latest"
 # Whether to enable the PBS module to request signatures from the Signer module (not used in the default PBS image)
 # OPTIONAL, DEFAULT: false
 with_signer = false
@@ -175,8 +175,8 @@ url = "http://0xa119589bb33ef52acbb8116832bec2b58fca590fe5c85eac5d3230b44d5bc09f
 # More details on the docs (https://commit-boost.github.io/commit-boost-client/get_started/configuration/#signer-module)
 [signer]
 # Docker image to use for the Signer module.
-# OPTIONAL, DEFAULT: ghcr.io/commit-boost/signer:latest
-docker_image = "ghcr.io/commit-boost/signer:latest"
+# OPTIONAL, DEFAULT: ghcr.io/commit-boost/commit-boost:latest
+docker_image = "ghcr.io/commit-boost/commit-boost:latest"
 # Host to bind the Signer API server to
 # OPTIONAL, DEFAULT: 127.0.0.1
 host = "127.0.0.1"

crates/cli/src/docker_init.rs

@@ -24,7 +24,7 @@ use cb_common::{
     utils::random_jwt_secret,
 };
 use docker_compose_types::{
-    Compose, DependsCondition, DependsOnOptions, EnvFile, Environment, Healthcheck,
+    Command, Compose, DependsCondition, DependsOnOptions, EnvFile, Environment, Healthcheck,
     HealthcheckTest, MapOrEmpty, NetworkSettings, Networks, Ports, Service, Services, SingleValue,
     Volumes,
 };
@@ -310,6 +310,7 @@ fn create_pbs_service(service_config: &mut ServiceCreationInfo) -> eyre::Result<
     let pbs_service = Service {
         container_name: Some("cb_pbs".to_owned()),
         image: Some(cb_config.pbs.docker_image.clone()),
+        command: Some(Command::Args(vec!["pbs".to_owned()])),
         ports: Ports::Short(ports),
         volumes,
         environment: Environment::KvPair(envs),
@@ -459,6 +460,7 @@ fn create_signer_service_local(
     let signer_service = Service {
         container_name: Some("cb_signer".to_owned()),
         image: Some(signer_config.docker_image.clone()),
+        command: Some(Command::Args(vec!["signer".to_owned()])),
         networks: Networks::Simple(signer_networks),
         ports: Ports::Short(ports),
         volumes,
@@ -586,6 +588,7 @@ fn create_signer_service_dirk(
     let signer_service = Service {
         container_name: Some("cb_signer".to_owned()),
         image: Some(signer_config.docker_image.clone()),
+        command: Some(Command::Args(vec!["signer".to_owned()])),
         networks: Networks::Simple(signer_networks),
         ports: Ports::Short(ports),
         volumes,
@@ -871,7 +874,7 @@ mod tests {
             r#"
             chain = "Holesky"
             [pbs]
-            docker_image = "ghcr.io/commit-boost/pbs:latest"
+            docker_image = "ghcr.io/commit-boost/commit-boost:latest"
         "#,
         )
         .expect("valid minimal test config")
@@ -1126,7 +1129,7 @@ mod tests {
         let service = create_pbs_service(&mut sc)?;
 
         assert_eq!(service.container_name.as_deref(), Some("cb_pbs"));
-        assert_eq!(service.image.as_deref(), Some("ghcr.io/commit-boost/pbs:latest"));
+        assert_eq!(service.image.as_deref(), Some("ghcr.io/commit-boost/commit-boost:latest"));
         assert!(env_str(&service, CONFIG_ENV).is_some());
         assert!(env_str(&service, PBS_ENDPOINT_ENV).is_some());
         assert!(service.healthcheck.is_some());

crates/common/src/config/constants.rs

@@ -14,9 +14,11 @@ pub const METRICS_PORT_ENV: &str = "CB_METRICS_PORT";
 pub const LOGS_DIR_ENV: &str = "CB_LOGS_DIR";
 pub const LOGS_DIR_DEFAULT: &str = "/var/logs/commit-boost";
 
+/// Default Docker image
+pub const COMMIT_BOOST_IMAGE_DEFAULT: &str = "ghcr.io/commit-boost/commit-boost:latest";
+
 ///////////////////////// PBS /////////////////////////
 
-pub const PBS_IMAGE_DEFAULT: &str = "ghcr.io/commit-boost/pbs:latest";
 pub const PBS_SERVICE_NAME: &str = "pbs";
 
 /// Where to receive BuilderAPI calls from beacon node
@@ -26,7 +28,6 @@ pub const MUX_PATH_ENV: &str = "CB_MUX_PATH";
 
 ///////////////////////// SIGNER /////////////////////////
 
-pub const SIGNER_IMAGE_DEFAULT: &str = "ghcr.io/commit-boost/signer:latest";
 pub const SIGNER_SERVICE_NAME: &str = "signer";
 
 /// Where the signer module should open the server

crates/common/src/config/pbs.rs

@@ -23,8 +23,8 @@ use super::{
 use crate::{
     commit::client::SignerClient,
     config::{
-        CONFIG_ENV, MODULE_JWT_ENV, MuxKeysLoader, PBS_IMAGE_DEFAULT, PBS_SERVICE_NAME, PbsMuxes,
-        SIGNER_TLS_CERTIFICATE_NAME, SIGNER_TLS_CERTIFICATES_PATH_ENV, SIGNER_URL_ENV,
+        COMMIT_BOOST_IMAGE_DEFAULT, CONFIG_ENV, MODULE_JWT_ENV, MuxKeysLoader, PBS_SERVICE_NAME,
+        PbsMuxes, SIGNER_TLS_CERTIFICATE_NAME, SIGNER_TLS_CERTIFICATES_PATH_ENV, SIGNER_URL_ENV,
         SignerConfig, TlsMode, load_env_var, load_file_from_env,
     },
     pbs::{
@@ -257,7 +257,7 @@ pub struct PbsModuleConfig {
 }
 
 fn default_pbs() -> String {
-    PBS_IMAGE_DEFAULT.to_string()
+    COMMIT_BOOST_IMAGE_DEFAULT.to_string()
 }
 
 /// Loads the default pbs config, i.e. with no signer client or custom data

crates/common/src/config/signer.rs

@@ -22,7 +22,8 @@ use super::{
 };
 use crate::{
     config::{
-        DIRK_CA_CERT_ENV, DIRK_CERT_ENV, DIRK_DIR_SECRETS_ENV, DIRK_KEY_ENV, SIGNER_IMAGE_DEFAULT,
+        COMMIT_BOOST_IMAGE_DEFAULT, DIRK_CA_CERT_ENV, DIRK_CERT_ENV, DIRK_DIR_SECRETS_ENV,
+        DIRK_KEY_ENV,
     },
     signer::{ProxyStore, SignerLoader},
     types::{Chain, ModuleId},
@@ -164,7 +165,7 @@ impl SignerConfig {
 }
 
 fn default_signer_image() -> String {
-    SIGNER_IMAGE_DEFAULT.to_string()
+    COMMIT_BOOST_IMAGE_DEFAULT.to_string()
 }
 
 fn default_tls_mode() -> TlsMode {
@@ -424,7 +425,10 @@ mod tests {
     use alloy::primitives::{Uint, b256};
 
     use super::*;
-    use crate::config::{LogsSettings, ModuleKind, PbsConfig, StaticModuleConfig, StaticPbsConfig};
+    use crate::config::{
+        COMMIT_BOOST_IMAGE_DEFAULT, LogsSettings, ModuleKind, PbsConfig, StaticModuleConfig,
+        StaticPbsConfig,
+    };
 
     // Wrapper needed because TOML requires a top-level struct (can't serialize
     // a bare enum).
@@ -437,7 +441,7 @@ mod tests {
         SignerConfig {
             host: Ipv4Addr::LOCALHOST,
             port: 20000,
-            docker_image: SIGNER_IMAGE_DEFAULT.to_string(),
+            docker_image: COMMIT_BOOST_IMAGE_DEFAULT.to_string(),
             jwt_auth_fail_limit: 3,
             jwt_auth_fail_timeout_seconds: 300,
             tls_mode,
@@ -851,7 +855,7 @@ mod tests {
         cfg.signer = Some(SignerConfig {
             host: Ipv4Addr::new(127, 0, 0, 1),
             port: 20000,
-            docker_image: SIGNER_IMAGE_DEFAULT.to_string(),
+            docker_image: COMMIT_BOOST_IMAGE_DEFAULT.to_string(),
             jwt_auth_fail_limit: 3,
             jwt_auth_fail_timeout_seconds: 300,
             tls_mode: TlsMode::Insecure,

docs/docs/get_started/building.md

@@ -4,7 +4,7 @@ Commit-Boost's components are all written in [Rust](https://www.rust-lang.org/).
 
 ## Building via the Docker Builder
 
-For convenience, Commit-Boost has Dockerized the build environment for Linux `x64` and `arm64` platforms. It utilizes Docker's powerful [buildx](https://docs.docker.com/reference/cli/docker/buildx/) system. All of the prerequisites, cross-compilation tooling, and configuration are handled by the builder image. If you would like to build the CLI, PBS module, or Signer binaries and Docker images from source, you are welcome to use the Docker builder process.
+For convenience, Commit-Boost has Dockerized the build environment for Linux `x64` and `arm64` platforms. It utilizes Docker's powerful [buildx](https://docs.docker.com/reference/cli/docker/buildx/) system. All of the prerequisites, cross-compilation tooling, and configuration are handled by the builder image. If you would like to build the Commit-Boost binary and Docker image from source, you are welcome to use the Docker builder process.
 
 To use the builder, you will need to have [Docker Engine](https://docs.docker.com/engine/install/) installed on your system. Please follow the instructions to install it first.
 
@@ -18,9 +18,8 @@ Use `just --list` to show all of the actions - there are many. The `justfile` pr
 
 Below is a brief summary of the relevant ones for building the Commit-Boost artifacts:
 
-- `build-all <version>` will build the `commit-boost` binary for your local system architecture. It will also create Docker images called `commit-boost/pbs:<version>` and `commit-boost/signer:<version>` and load them into your local Docker registry for use.
+- `build-all <version>` builds the `commit-boost` binary to `./build/<version>` and creates a Docker image called `commit-boost/commit-boost:<version>` (a unified image that bundles all subcommands), loading it into your local Docker registry.
 - `build-bin <version>` can be used to create the `commit-boost` binary itself.
-- `build-pbs-img <version>` and `build-signer-img <version>` can be used to create the Docker images for the PBS and Signer services, respectively.
 
 The `version` provided will be used to house the output binaries in `./build/<version>`, and act as the version tag for the Docker images when they're added to your local system or uploaded to your local Docker repository. For example, using `$(git rev-parse --short HEAD)` will set the version to the current commit hash.