Build release Docker Images #2708
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build release Docker Images | |
on: | |
push: | |
branches: | |
# $default-branch | |
- master | |
- 'release-*' | |
- 'dev-*' | |
tags: | |
- '@agoric/sdk@*' | |
workflow_dispatch: | |
env: | |
REGISTRY: ghcr.io | |
DOCKER_PLATFORMS: linux/amd64,linux/arm64/v8 | |
jobs: | |
snapshot: | |
if: ${{ github.repository_owner == 'agoric' }} | |
runs-on: ubuntu-latest | |
outputs: | |
tag: '${{ steps.snapshot-tag.outputs.tag }}' | |
steps: | |
- name: Generate Snapshot Tag | |
id: snapshot-tag | |
run: | | |
COMMIT_TIME=$(curl --fail --silent \ | |
--url https://api.github.com/repos/${{ github.repository }}/commits/${{ github.sha }} \ | |
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ | |
--header 'content-type: application/json' \ | |
| jq '(.commit.committer.date | fromdate)') | |
TIMESTAMP=`date +%Y%m%d%H%M%S --date="@${COMMIT_TIME}"` | |
SHORT_SHA=$(echo "${GITHUB_SHA}" | cut -c1-6) | |
SNAPSHOT_TAG="${TIMESTAMP}-${SHORT_SHA}" | |
echo "tag=$SNAPSHOT_TAG" >> $GITHUB_OUTPUT | |
docker-sdk: | |
permissions: | |
# allow issuing OIDC tokens for this workflow run | |
id-token: write | |
# allow at least reading the repo contents, add other permissions if necessary | |
contents: read | |
# to push the resulting images | |
packages: write | |
needs: snapshot | |
runs-on: 'depot-ubuntu-22.04-16' # ubuntu-latest | |
outputs: | |
tag: '${{ steps.docker-tags.outputs.tags }}' | |
tags: '${{ steps.docker-tags.outputs.tags }} ${{ needs.snapshot.outputs.tag }}' | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: depot/setup-action@v1 | |
with: | |
oidc: true # to set DEPOT_TOKEN for later steps | |
- run: depot configure-docker | |
- name: Log in to the Container registry | |
uses: docker/login-action@v3 | |
# see https://docs.github.com/en/actions/publishing-packages/publishing-docker-images | |
with: | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
registry: ${{ env.REGISTRY }} | |
- name: Save BUILD_TAG | |
run: | | |
echo "BUILD_TAG=${{ needs.snapshot.outputs.tag }}" >> $GITHUB_ENV | |
- name: Save GIT_REVISION | |
run: echo "GIT_REVISION=$(git rev-parse HEAD)" >> $GITHUB_ENV | |
- name: Save GIT_COMMIT | |
run: echo "GIT_COMMIT=$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
- name: Save commit hash, url of submodules to environment | |
run: | | |
node packages/xsnap/src/build.js --show-env >> $GITHUB_ENV | |
- name: Build and Push ssh-node | |
uses: depot/build-push-action@v1 | |
with: | |
file: packages/deployment/Dockerfile.ssh-node | |
context: packages/deployment/docker | |
platforms: ${{ env.DOCKER_PLATFORMS }} | |
push: true | |
tags: '${{ env.REGISTRY }}/agoric/ssh-node:${{ env.BUILD_TAG }}' | |
- name: Compute tags | |
id: docker-tags | |
run: | | |
set -ex | |
SDK_TAG=$(echo "$GITHUB_REF_NAME" | sed -ne 's!^@agoric/sdk@!!p') | |
case $SDK_TAG in | |
"") | |
case $GITHUB_REF_NAME in | |
release-*) | |
# A pre-release. | |
DOCKER_TAGS=${GITHUB_REF_NAME#release-}-dev | |
;; | |
dev-*) | |
# A pre-release while our release branch is straying from master | |
DOCKER_TAGS=${GITHUB_REF_NAME#dev-}-dev | |
;; | |
master) | |
# A trunk dev release. | |
DOCKER_TAGS=dev | |
;; | |
*) | |
# Some other dev release. | |
DOCKER_TAGS=other-dev | |
;; | |
esac | |
;; | |
*) | |
# A tagged SDK release. | |
# The commit may or may not be a descendant of the current master branch | |
DOCKER_TAGS="latest $SDK_TAG" | |
;; | |
esac | |
DOCKER_TAGS="$DOCKER_TAGS $BUILD_TAG" | |
echo "tags=$DOCKER_TAGS" >> $GITHUB_OUTPUT | |
- name: Prefix tags | |
id: prefix-tags | |
run: | | |
IMAGE="$REGISTRY/agoric/agoric-sdk" | |
for TAG in ${{ steps.docker-tags.outputs.tags }}; do | |
PREFIXED="$PREFIXED$sep$IMAGE:$TAG" | |
sep=, | |
done | |
echo "tags=$PREFIXED" >> $GITHUB_OUTPUT | |
- name: Build and Push sdk | |
uses: depot/build-push-action@v1 | |
with: | |
file: packages/deployment/Dockerfile.sdk | |
context: ./ | |
platforms: ${{ env.DOCKER_PLATFORMS }} | |
push: true | |
tags: '${{ steps.prefix-tags.outputs.tags }}' | |
# When changing/adding entries here, make sure to search the whole | |
# project for `@@AGORIC_DOCKER_SUBMODULES@@` | |
build-args: | | |
GIT_COMMIT=${{env.GIT_COMMIT}} | |
MODDABLE_COMMIT_HASH=${{env.MODDABLE_COMMIT_HASH}} | |
MODDABLE_URL=${{env.MODDABLE_URL}} | |
XSNAP_NATIVE_COMMIT_HASH=${{env.XSNAP_NATIVE_COMMIT_HASH}} | |
XSNAP_NATIVE_URL=${{env.XSNAP_NATIVE_URL}} | |
GIT_REVISION=${{env.GIT_REVISION}} | |
- name: Build and Push setup | |
uses: depot/build-push-action@v1 | |
with: | |
file: packages/deployment/Dockerfile | |
context: packages/deployment | |
platforms: ${{ env.DOCKER_PLATFORMS }} | |
tags: '${{ env.REGISTRY }}/agoric/cosmic-swingset-setup:${{ env.BUILD_TAG }}' | |
push: true | |
build-args: | | |
TAG=${{ env.BUILD_TAG }} | |
- name: notify on failure | |
if: failure() | |
uses: ./.github/actions/notify-status | |
with: | |
webhook: ${{ secrets.SLACK_WEBHOOK_URL }} | |
from: ${{ secrets.NOTIFY_EMAIL_FROM }} | |
to: ${{ secrets.NOTIFY_EMAIL_TO }} | |
password: ${{ secrets.NOTIFY_EMAIL_PASSWORD }} | |
docker-build-upgrade-next: | |
needs: [docker-sdk, snapshot] | |
runs-on: 'depot-ubuntu-22.04-16' # ubuntu-latest | |
permissions: | |
# allow issuing OIDC tokens for this workflow run | |
id-token: write | |
# allow at least reading the repo contents, add other permissions if necessary | |
contents: read | |
# to push the resulting images | |
packages: write | |
outputs: | |
build-id: '${{ steps.bake-upgrade-next.outputs.build-id }}' | |
tags: '${{ steps.prefix-tags.outputs.tags }}' | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/restore-node | |
with: | |
# 18.19 causes this problem running tsx: | |
# The --loader flag was deprecated in Node v20.6.0 | |
node-version: 18.18 | |
# Since we can't build core eval submissions for the SDK using a newer endo, | |
# simply ignore any endo branch integration (this means we don't have full coverage) | |
ignore-endo-branch: 'true' | |
- name: Install deps | |
run: | | |
# Enable corepack for packageManager config | |
corepack enable || sudo corepack enable | |
yarn install | |
working-directory: a3p-integration | |
- name: Prepare Docker config | |
run: | | |
# prepare files for bake-action | |
yarn build:submissions | |
yarn synthetic-chain prepare-build | |
working-directory: a3p-integration | |
- name: Save SDK_TAG | |
run: echo "SDK_TAG=${{ needs.snapshot.outputs.tag }}" >> $GITHUB_ENV | |
- name: Override the docker-bake.json variables | |
run: | | |
REPOSITORY_COLON="$REGISTRY/agoric/agoric-sdk:" | |
jq -n --arg REPOSITORY_COLON "$REPOSITORY_COLON" \ | |
--arg PLATFORMS "$DOCKER_PLATFORMS" \ | |
'{"variable": { | |
"PLATFORMS": { "default": ($PLATFORMS | split(",")) }, | |
"REPOSITORY_COLON": { "default": $REPOSITORY_COLON }, | |
}}' > ./docker-bake.override.json | |
working-directory: a3p-integration | |
- name: Prefix tags | |
id: prefix-tags | |
run: | | |
IMAGE="$REGISTRY/agoric/agoric-sdk" | |
for TAG in ${{ needs.docker-sdk.outputs.tags }}; do | |
PREFIXED="$PREFIXED$sep$IMAGE:use-upgrade-next-$TAG" | |
sep=, | |
done | |
echo "tags=$PREFIXED" >> $GITHUB_OUTPUT | |
- uses: depot/setup-action@v1 | |
with: | |
oidc: true # to set DEPOT_TOKEN for later steps | |
- run: depot configure-docker | |
- name: Login to Docker Registry | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
registry: ${{ env.REGISTRY }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.REGISTRY }}/agoric/agoric-sdk | |
tags: ${{ steps.prefix-tags.outputs.tags }} | |
- name: Save proposal "use-upgrade-next" image | |
uses: depot/bake-action@v1 | |
id: bake-upgrade-next | |
with: | |
files: | | |
docker-bake.json | |
docker-bake.override.json | |
docker-bake.hcl | |
${{ steps.meta.outputs.bake-file }} | |
set: '*.args.SDK_TAG=${{ env.SDK_TAG }}' | |
targets: use-upgrade-next | |
push: true | |
workdir: ./a3p-integration | |
- name: clean up repo | |
run: git clean -f && git restore . | |
- name: notify on failure | |
if: failure() | |
uses: ./.github/actions/notify-status | |
with: | |
webhook: ${{ secrets.SLACK_WEBHOOK_URL }} | |
from: ${{ secrets.NOTIFY_EMAIL_FROM }} | |
to: ${{ secrets.NOTIFY_EMAIL_TO }} | |
password: ${{ secrets.NOTIFY_EMAIL_PASSWORD }} | |
docker-solo: | |
needs: [docker-sdk, snapshot] | |
runs-on: 'depot-ubuntu-22.04-16' # ubuntu-latest | |
permissions: | |
# allow issuing OIDC tokens for this workflow run | |
id-token: write | |
# allow at least reading the repo contents, add other permissions if necessary | |
contents: read | |
# to push the resulting images | |
packages: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Save SDK_TAG | |
run: echo "SDK_TAG=${{ needs.snapshot.outputs.tag }}" >> $GITHUB_ENV | |
- name: Prefix tags | |
id: prefix-tags | |
run: | | |
IMAGE="$REGISTRY/agoric/cosmic-swingset-solo" | |
for TAG in ${{ needs.docker-sdk.outputs.tags }}; do | |
PREFIXED="$PREFIXED$sep$IMAGE:$TAG" | |
sep=, | |
done | |
echo "tags=$PREFIXED" >> $GITHUB_OUTPUT | |
- uses: depot/setup-action@v1 | |
with: | |
oidc: true # to set DEPOT_TOKEN for later steps | |
- run: depot configure-docker | |
- name: Login to Docker Registry | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
registry: ${{ env.REGISTRY }} | |
- name: Build and Push | |
uses: depot/build-push-action@v1 | |
with: | |
file: packages/solo/Dockerfile | |
context: packages/solo | |
platforms: ${{ env.DOCKER_PLATFORMS }} | |
push: true | |
tags: '${{ steps.prefix-tags.outputs.tags }}' | |
build-args: | | |
TAG=${{env.SDK_TAG}} | |
- name: notify on failure | |
if: failure() | |
uses: ./.github/actions/notify-status | |
with: | |
webhook: ${{ secrets.SLACK_WEBHOOK_URL }} | |
from: ${{ secrets.NOTIFY_EMAIL_FROM }} | |
to: ${{ secrets.NOTIFY_EMAIL_TO }} | |
password: ${{ secrets.NOTIFY_EMAIL_PASSWORD }} |