Build and Sign Blockchain Release Images #20
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Sign Blockchain Release Images | |
| on: | |
| push: | |
| branches: | |
| # Matches i.e: release/1.9.x | |
| - 'release/[0-9]+.[0-9]+.x' | |
| tags: | |
| - 'v[0-9]+.[0-9]+.[0-9]+(?:-\S+(?:\.\d+)*)*' | |
| workflow_dispatch: | |
| jobs: | |
| # Extracts the branch name when branch=release/* and exports as an output | |
| replace-branch-name: | |
| runs-on: ubuntu-latest | |
| # Map a step output to a job output | |
| outputs: | |
| replaced-branch: ${{ steps.replace.outputs.value }} | |
| if: startsWith(github.ref, 'refs/heads/release') | |
| steps: | |
| - id: replace | |
| run: | | |
| # Transform from `refs/heads/release/1.9.x` to `release-1.9` | |
| branch_name=$(echo ${{ github.ref_name }} | sed 's!refs/heads/!!' | sed 's!/!-!' | sed 's!\.x!!') | |
| echo "replace-branch-name output: value=${branch_name}" | |
| echo "value=${branch_name}" >> $GITHUB_OUTPUT | |
| # Extracts the tag if tag=v* and exports as an output | |
| replace-tag-v: | |
| runs-on: ubuntu-latest | |
| # Map a step output to a job output | |
| outputs: | |
| replaced-tag: ${{ steps.replace.outputs.value }} | |
| major: ${{ steps.major-minor.outputs.MAJOR }} | |
| major-minor: ${{ steps.major-minor.outputs.MAJOR_MINOR }} | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| steps: | |
| - id: replace | |
| run: | | |
| # Transform from `refs/tags/v1.9.0` to `1.9.0` | |
| version=$(echo ${{ github.ref_name }} | sed 's!v!!') | |
| echo "value=${version}" | |
| echo "value=${version}" >> $GITHUB_OUTPUT | |
| - id: major-minor | |
| run: | | |
| # Extracts the major and major-minor versions | |
| # I.e: 1.9.0 -> MAJOR=1, MAJOR_MINOR=1.9 | |
| version=${{ steps.replace.outputs.value }} | |
| semver=( ${version//./ } ) | |
| echo "replace-tag-v output: MAJOR=${semver[0]}" | |
| echo "replace-tag-v output: MAJOR_MINOR=${semver[0]}.${semver[1]}" | |
| echo "MAJOR=${semver[0]}" >> $GITHUB_OUTPUT | |
| echo "MAJOR_MINOR=${semver[0]}.${semver[1]}" >> $GITHUB_OUTPUT | |
| build-container-geth-dev: | |
| # v2.0 is main at Feb 2 2024 | |
| uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v2.0 | |
| if: startsWith(github.ref, 'refs/heads/release') | |
| needs: | |
| - replace-branch-name | |
| with: | |
| workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain-dev/providers/github-by-repos' | |
| service-account: 'celo-blockchain-dev@devopsre.iam.gserviceaccount.com' | |
| artifact-registry: us-west1-docker.pkg.dev/devopsre/dev-images/geth | |
| tags: ${{ needs.replace-branch-name.outputs.replaced-branch }} | |
| platforms: linux/amd64,linux/arm64 | |
| context: . | |
| file: Dockerfile | |
| trivy: true | |
| build-container-geth-all-dev: | |
| uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v2.0 | |
| if: startsWith(github.ref, 'refs/heads/release') | |
| needs: | |
| - replace-branch-name | |
| with: | |
| workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain-dev/providers/github-by-repos' | |
| service-account: 'celo-blockchain-dev@devopsre.iam.gserviceaccount.com' | |
| artifact-registry: us-west1-docker.pkg.dev/devopsre/dev-images/geth-all | |
| tags: ${{ needs.replace-branch-name.outputs.replaced-branch }} | |
| platforms: linux/amd64,linux/arm64 | |
| context: . | |
| file: Dockerfile.alltools | |
| trivy: true | |
| build-container-geth-devopsre: | |
| uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v2.0 | |
| if: startsWith(github.ref, 'refs/tags/v') && false | |
| needs: | |
| - replace-tag-v | |
| with: | |
| workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain/providers/github-by-repos' | |
| service-account: 'celo-blockchain@devopsre.iam.gserviceaccount.com' | |
| artifact-registry: us-west1-docker.pkg.dev/devopsre/celo-blockchain-public/geth | |
| tags: ${{ needs.replace-tag-v.outputs.replaced-tag }} | |
| platforms: linux/amd64,linux/arm64 | |
| context: . | |
| file: Dockerfile | |
| trivy: true | |
| build-container-geth-all-devopsre: | |
| uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v2.0 | |
| if: startsWith(github.ref, 'refs/tags/v') && false | |
| needs: | |
| - replace-tag-v | |
| with: | |
| workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain/providers/github-by-repos' | |
| service-account: 'celo-blockchain@devopsre.iam.gserviceaccount.com' | |
| artifact-registry: us-west1-docker.pkg.dev/devopsre/celo-blockchain-public/geth-all | |
| tags: ${{ needs.replace-tag-v.outputs.replaced-tag }} | |
| platforms: linux/amd64,linux/arm64 | |
| context: . | |
| file: Dockerfile.alltools | |
| trivy: true | |
| build-container-geth-celo-org: | |
| uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v2.0 | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| needs: | |
| - replace-tag-v | |
| with: | |
| workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain/providers/github-by-repos' | |
| service-account: 'celo-blockchain@devopsre.iam.gserviceaccount.com' | |
| artifact-registry: us-docker.pkg.dev/celo-org/us.gcr.io/geth | |
| tags: ${{ needs.replace-tag-v.outputs.replaced-tag }} | |
| platforms: linux/amd64,linux/arm64 | |
| context: . | |
| file: Dockerfile | |
| trivy: true | |
| build-container-geth-all-celo-org: | |
| uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v2.0 | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| needs: | |
| - replace-tag-v | |
| with: | |
| workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain/providers/github-by-repos' | |
| service-account: 'celo-blockchain@devopsre.iam.gserviceaccount.com' | |
| artifact-registry: us-docker.pkg.dev/celo-org/us.gcr.io/geth-all | |
| tags: ${{ needs.replace-tag-v.outputs.replaced-tag }} | |
| platforms: linux/amd64,linux/arm64 | |
| context: . | |
| file: Dockerfile.alltools | |
| trivy: true | |
| # TODO(): The next worfklows assume that the latest pushed is effectively the latest tag | |
| # This can be problematic for cases when have multiple active release branches (i.e: 1.9.x and 1.10.x) and | |
| # we tag a new release on 1.9.x, the latest pushed for bakalva and 1 tags will be 1.9.x and not 1.10.x | |
| add-baklava-tag: | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| uses: ./.github/workflows/add-docker-tag.yaml | |
| needs: | |
| - replace-tag-v | |
| - build-container-geth-celo-org | |
| with: | |
| origin-tag: ${{ needs.replace-tag-v.outputs.replaced-tag }} | |
| destination-tag: v-baklava | |
| add-major-tag: | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| uses: ./.github/workflows/add-docker-tag.yaml | |
| needs: | |
| - replace-tag-v | |
| - build-container-geth-celo-org | |
| with: | |
| origin-tag: ${{ needs.replace-tag-v.outputs.replaced-tag }} | |
| destination-tag: ${{ needs.replace-tag-v.outputs.major }} | |
| add-major-minor-tag: | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| uses: ./.github/workflows/add-docker-tag.yaml | |
| needs: | |
| - replace-tag-v | |
| - build-container-geth-celo-org | |
| with: | |
| origin-tag: ${{ needs.replace-tag-v.outputs.replaced-tag }} | |
| destination-tag: ${{ needs.replace-tag-v.outputs.major-minor }} |