Skip to content

Build release Docker Images #2708

Build release Docker Images

Build release Docker Images #2708

Workflow file for this run

name: Build release Docker Images
on:
push:
branches:
# $default-branch
- master
- 'release-*'
- 'dev-*'
tags:
- '@agoric/sdk@*'
workflow_dispatch:
env:
REGISTRY: ghcr.io
DOCKER_PLATFORMS: linux/amd64,linux/arm64/v8
jobs:
snapshot:
if: ${{ github.repository_owner == 'agoric' }}
runs-on: ubuntu-latest
outputs:
tag: '${{ steps.snapshot-tag.outputs.tag }}'
steps:
- name: Generate Snapshot Tag
id: snapshot-tag
run: |
COMMIT_TIME=$(curl --fail --silent \
--url https://api.github.com/repos/${{ github.repository }}/commits/${{ github.sha }} \
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
--header 'content-type: application/json' \
| jq '(.commit.committer.date | fromdate)')
TIMESTAMP=`date +%Y%m%d%H%M%S --date="@${COMMIT_TIME}"`
SHORT_SHA=$(echo "${GITHUB_SHA}" | cut -c1-6)
SNAPSHOT_TAG="${TIMESTAMP}-${SHORT_SHA}"
echo "tag=$SNAPSHOT_TAG" >> $GITHUB_OUTPUT
docker-sdk:
permissions:
# allow issuing OIDC tokens for this workflow run
id-token: write
# allow at least reading the repo contents, add other permissions if necessary
contents: read
# to push the resulting images
packages: write
needs: snapshot
runs-on: 'depot-ubuntu-22.04-16' # ubuntu-latest
outputs:
tag: '${{ steps.docker-tags.outputs.tags }}'
tags: '${{ steps.docker-tags.outputs.tags }} ${{ needs.snapshot.outputs.tag }}'
steps:
- uses: actions/checkout@v4
- uses: depot/setup-action@v1
with:
oidc: true # to set DEPOT_TOKEN for later steps
- run: depot configure-docker
- name: Log in to the Container registry
uses: docker/login-action@v3
# see https://docs.github.com/en/actions/publishing-packages/publishing-docker-images
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
- name: Save BUILD_TAG
run: |
echo "BUILD_TAG=${{ needs.snapshot.outputs.tag }}" >> $GITHUB_ENV
- name: Save GIT_REVISION
run: echo "GIT_REVISION=$(git rev-parse HEAD)" >> $GITHUB_ENV
- name: Save GIT_COMMIT
run: echo "GIT_COMMIT=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- name: Save commit hash, url of submodules to environment
run: |
node packages/xsnap/src/build.js --show-env >> $GITHUB_ENV
- name: Build and Push ssh-node
uses: depot/build-push-action@v1
with:
file: packages/deployment/Dockerfile.ssh-node
context: packages/deployment/docker
platforms: ${{ env.DOCKER_PLATFORMS }}
push: true
tags: '${{ env.REGISTRY }}/agoric/ssh-node:${{ env.BUILD_TAG }}'
- name: Compute tags
id: docker-tags
run: |
set -ex
SDK_TAG=$(echo "$GITHUB_REF_NAME" | sed -ne 's!^@agoric/sdk@!!p')
case $SDK_TAG in
"")
case $GITHUB_REF_NAME in
release-*)
# A pre-release.
DOCKER_TAGS=${GITHUB_REF_NAME#release-}-dev
;;
dev-*)
# A pre-release while our release branch is straying from master
DOCKER_TAGS=${GITHUB_REF_NAME#dev-}-dev
;;
master)
# A trunk dev release.
DOCKER_TAGS=dev
;;
*)
# Some other dev release.
DOCKER_TAGS=other-dev
;;
esac
;;
*)
# A tagged SDK release.
# The commit may or may not be a descendant of the current master branch
DOCKER_TAGS="latest $SDK_TAG"
;;
esac
DOCKER_TAGS="$DOCKER_TAGS $BUILD_TAG"
echo "tags=$DOCKER_TAGS" >> $GITHUB_OUTPUT
- name: Prefix tags
id: prefix-tags
run: |
IMAGE="$REGISTRY/agoric/agoric-sdk"
for TAG in ${{ steps.docker-tags.outputs.tags }}; do
PREFIXED="$PREFIXED$sep$IMAGE:$TAG"
sep=,
done
echo "tags=$PREFIXED" >> $GITHUB_OUTPUT
- name: Build and Push sdk
uses: depot/build-push-action@v1
with:
file: packages/deployment/Dockerfile.sdk
context: ./
platforms: ${{ env.DOCKER_PLATFORMS }}
push: true
tags: '${{ steps.prefix-tags.outputs.tags }}'
# When changing/adding entries here, make sure to search the whole
# project for `@@AGORIC_DOCKER_SUBMODULES@@`
build-args: |
GIT_COMMIT=${{env.GIT_COMMIT}}
MODDABLE_COMMIT_HASH=${{env.MODDABLE_COMMIT_HASH}}
MODDABLE_URL=${{env.MODDABLE_URL}}
XSNAP_NATIVE_COMMIT_HASH=${{env.XSNAP_NATIVE_COMMIT_HASH}}
XSNAP_NATIVE_URL=${{env.XSNAP_NATIVE_URL}}
GIT_REVISION=${{env.GIT_REVISION}}
- name: Build and Push setup
uses: depot/build-push-action@v1
with:
file: packages/deployment/Dockerfile
context: packages/deployment
platforms: ${{ env.DOCKER_PLATFORMS }}
tags: '${{ env.REGISTRY }}/agoric/cosmic-swingset-setup:${{ env.BUILD_TAG }}'
push: true
build-args: |
TAG=${{ env.BUILD_TAG }}
- name: notify on failure
if: failure()
uses: ./.github/actions/notify-status
with:
webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
from: ${{ secrets.NOTIFY_EMAIL_FROM }}
to: ${{ secrets.NOTIFY_EMAIL_TO }}
password: ${{ secrets.NOTIFY_EMAIL_PASSWORD }}
docker-build-upgrade-next:
needs: [docker-sdk, snapshot]
runs-on: 'depot-ubuntu-22.04-16' # ubuntu-latest
permissions:
# allow issuing OIDC tokens for this workflow run
id-token: write
# allow at least reading the repo contents, add other permissions if necessary
contents: read
# to push the resulting images
packages: write
outputs:
build-id: '${{ steps.bake-upgrade-next.outputs.build-id }}'
tags: '${{ steps.prefix-tags.outputs.tags }}'
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/restore-node
with:
# 18.19 causes this problem running tsx:
# The --loader flag was deprecated in Node v20.6.0
node-version: 18.18
# Since we can't build core eval submissions for the SDK using a newer endo,
# simply ignore any endo branch integration (this means we don't have full coverage)
ignore-endo-branch: 'true'
- name: Install deps
run: |
# Enable corepack for packageManager config
corepack enable || sudo corepack enable
yarn install
working-directory: a3p-integration
- name: Prepare Docker config
run: |
# prepare files for bake-action
yarn build:submissions
yarn synthetic-chain prepare-build
working-directory: a3p-integration
- name: Save SDK_TAG
run: echo "SDK_TAG=${{ needs.snapshot.outputs.tag }}" >> $GITHUB_ENV
- name: Override the docker-bake.json variables
run: |
REPOSITORY_COLON="$REGISTRY/agoric/agoric-sdk:"
jq -n --arg REPOSITORY_COLON "$REPOSITORY_COLON" \
--arg PLATFORMS "$DOCKER_PLATFORMS" \
'{"variable": {
"PLATFORMS": { "default": ($PLATFORMS | split(",")) },
"REPOSITORY_COLON": { "default": $REPOSITORY_COLON },
}}' > ./docker-bake.override.json
working-directory: a3p-integration
- name: Prefix tags
id: prefix-tags
run: |
IMAGE="$REGISTRY/agoric/agoric-sdk"
for TAG in ${{ needs.docker-sdk.outputs.tags }}; do
PREFIXED="$PREFIXED$sep$IMAGE:use-upgrade-next-$TAG"
sep=,
done
echo "tags=$PREFIXED" >> $GITHUB_OUTPUT
- uses: depot/setup-action@v1
with:
oidc: true # to set DEPOT_TOKEN for later steps
- run: depot configure-docker
- name: Login to Docker Registry
uses: docker/login-action@v3
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/agoric/agoric-sdk
tags: ${{ steps.prefix-tags.outputs.tags }}
- name: Save proposal "use-upgrade-next" image
uses: depot/bake-action@v1
id: bake-upgrade-next
with:
files: |
docker-bake.json
docker-bake.override.json
docker-bake.hcl
${{ steps.meta.outputs.bake-file }}
set: '*.args.SDK_TAG=${{ env.SDK_TAG }}'
targets: use-upgrade-next
push: true
workdir: ./a3p-integration
- name: clean up repo
run: git clean -f && git restore .
- name: notify on failure
if: failure()
uses: ./.github/actions/notify-status
with:
webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
from: ${{ secrets.NOTIFY_EMAIL_FROM }}
to: ${{ secrets.NOTIFY_EMAIL_TO }}
password: ${{ secrets.NOTIFY_EMAIL_PASSWORD }}
docker-solo:
needs: [docker-sdk, snapshot]
runs-on: 'depot-ubuntu-22.04-16' # ubuntu-latest
permissions:
# allow issuing OIDC tokens for this workflow run
id-token: write
# allow at least reading the repo contents, add other permissions if necessary
contents: read
# to push the resulting images
packages: write
steps:
- uses: actions/checkout@v4
- name: Save SDK_TAG
run: echo "SDK_TAG=${{ needs.snapshot.outputs.tag }}" >> $GITHUB_ENV
- name: Prefix tags
id: prefix-tags
run: |
IMAGE="$REGISTRY/agoric/cosmic-swingset-solo"
for TAG in ${{ needs.docker-sdk.outputs.tags }}; do
PREFIXED="$PREFIXED$sep$IMAGE:$TAG"
sep=,
done
echo "tags=$PREFIXED" >> $GITHUB_OUTPUT
- uses: depot/setup-action@v1
with:
oidc: true # to set DEPOT_TOKEN for later steps
- run: depot configure-docker
- name: Login to Docker Registry
uses: docker/login-action@v3
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
- name: Build and Push
uses: depot/build-push-action@v1
with:
file: packages/solo/Dockerfile
context: packages/solo
platforms: ${{ env.DOCKER_PLATFORMS }}
push: true
tags: '${{ steps.prefix-tags.outputs.tags }}'
build-args: |
TAG=${{env.SDK_TAG}}
- name: notify on failure
if: failure()
uses: ./.github/actions/notify-status
with:
webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
from: ${{ secrets.NOTIFY_EMAIL_FROM }}
to: ${{ secrets.NOTIFY_EMAIL_TO }}
password: ${{ secrets.NOTIFY_EMAIL_PASSWORD }}