Build release Docker Images #2692
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build release Docker Images | |
| on: | |
| push: | |
| branches: | |
| # $default-branch | |
| - master | |
| - 'release-*' | |
| - 'dev-*' | |
| tags: | |
| - '@agoric/sdk@*' | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| PLATFORMS: linux/amd64,linux/arm64/v8 | |
| jobs: | |
| snapshot: | |
| if: ${{ github.repository_owner == 'agoric' }} | |
| runs-on: ubuntu-latest | |
| outputs: | |
| tag: '${{ steps.snapshot-tag.outputs.tag }}' | |
| steps: | |
| - name: Generate Snapshot Tag | |
| id: snapshot-tag | |
| run: | | |
| COMMIT_TIME=$(curl --fail --silent \ | |
| --url https://api.github.com/repos/${{ github.repository }}/commits/${{ github.sha }} \ | |
| --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ | |
| --header 'content-type: application/json' \ | |
| | jq '(.commit.committer.date | fromdate)') | |
| TIMESTAMP=`date +%Y%m%d%H%M%S --date="@${COMMIT_TIME}"` | |
| SHORT_SHA=$(echo "${GITHUB_SHA}" | cut -c1-6) | |
| SNAPSHOT_TAG="${TIMESTAMP}-${SHORT_SHA}" | |
| echo "tag=$SNAPSHOT_TAG" >> $GITHUB_OUTPUT | |
| docker-sdk: | |
| permissions: | |
| # allow issuing OIDC tokens for this workflow run | |
| id-token: write | |
| # allow at least reading the repo contents, add other permissions if necessary | |
| contents: read | |
| # to push the resulting images | |
| packages: write | |
| needs: snapshot | |
| runs-on: 'depot-ubuntu-22.04-16' # ubuntu-latest | |
| outputs: | |
| tag: '${{ steps.docker-tags.outputs.tags }}' | |
| tags: '${{ steps.docker-tags.outputs.tags }} ${{ needs.snapshot.outputs.tag }}' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: depot/setup-action@v1 | |
| with: | |
| oidc: true # to set DEPOT_TOKEN for later steps | |
| - run: depot configure-docker | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| # see https://docs.github.com/en/actions/publishing-packages/publishing-docker-images | |
| with: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| registry: ${{ env.REGISTRY }} | |
| - name: Save BUILD_TAG | |
| run: | | |
| echo "BUILD_TAG=${{ needs.snapshot.outputs.tag }}" >> $GITHUB_ENV | |
| - name: Save GIT_REVISION | |
| run: echo "GIT_REVISION=$(git rev-parse HEAD)" >> $GITHUB_ENV | |
| - name: Save GIT_COMMIT | |
| run: echo "GIT_COMMIT=$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
| - name: Save commit hash, url of submodules to environment | |
| run: | | |
| node packages/xsnap/src/build.js --show-env >> $GITHUB_ENV | |
| - name: Build and Push ssh-node | |
| uses: depot/build-push-action@v1 | |
| with: | |
| file: packages/deployment/Dockerfile.ssh-node | |
| context: packages/deployment/docker | |
| platforms: ${{ env.PLATFORMS }} | |
| push: true | |
| tags: '${{ env.REGISTRY }}/agoric/ssh-node:${{ env.BUILD_TAG }}' | |
| - name: Compute tags | |
| id: docker-tags | |
| run: | | |
| set -ex | |
| SDK_TAG=$(echo "$GITHUB_REF_NAME" | sed -ne 's!^@agoric/sdk@!!p') | |
| case $SDK_TAG in | |
| "") | |
| case $GITHUB_REF_NAME in | |
| release-*) | |
| # A pre-release. | |
| DOCKER_TAGS=${GITHUB_REF_NAME#release-}-dev | |
| ;; | |
| dev-*) | |
| # A pre-release while our release branch is straying from master | |
| DOCKER_TAGS=${GITHUB_REF_NAME#dev-}-dev | |
| ;; | |
| master) | |
| # A trunk dev release. | |
| DOCKER_TAGS=dev | |
| ;; | |
| *) | |
| # Some other dev release. | |
| DOCKER_TAGS=other-dev | |
| ;; | |
| esac | |
| ;; | |
| *) | |
| # A tagged SDK release. | |
| # The commit may or may not be a descendant of the current master branch | |
| DOCKER_TAGS="latest $SDK_TAG" | |
| ;; | |
| esac | |
| DOCKER_TAGS="$DOCKER_TAGS $BUILD_TAG" | |
| echo "tags=$DOCKER_TAGS" >> $GITHUB_OUTPUT | |
| - name: Prefix tags | |
| id: prefix-tags | |
| run: | | |
| IMAGE="$REGISTRY/agoric/agoric-sdk" | |
| for TAG in ${{ steps.docker-tags.outputs.tags }}; do | |
| PREFIXED="$PREFIXED$sep$IMAGE:$TAG" | |
| sep=, | |
| done | |
| echo "tags=$PREFIXED" >> $GITHUB_OUTPUT | |
| - name: Build and Push sdk | |
| uses: depot/build-push-action@v1 | |
| with: | |
| file: packages/deployment/Dockerfile.sdk | |
| context: ./ | |
| platforms: ${{ env.PLATFORMS }} | |
| push: true | |
| tags: '${{ steps.prefix-tags.outputs.tags }}' | |
| # When changing/adding entries here, make sure to search the whole | |
| # project for `@@AGORIC_DOCKER_SUBMODULES@@` | |
| build-args: | | |
| GIT_COMMIT=${{env.GIT_COMMIT}} | |
| MODDABLE_COMMIT_HASH=${{env.MODDABLE_COMMIT_HASH}} | |
| MODDABLE_URL=${{env.MODDABLE_URL}} | |
| XSNAP_NATIVE_COMMIT_HASH=${{env.XSNAP_NATIVE_COMMIT_HASH}} | |
| XSNAP_NATIVE_URL=${{env.XSNAP_NATIVE_URL}} | |
| GIT_REVISION=${{env.GIT_REVISION}} | |
| - name: Provide unpublished agoric-sdk:unreleased tag | |
| uses: depot/build-push-action@v1 | |
| with: | |
| file: packages/deployment/Dockerfile.sdk | |
| context: ./ | |
| platforms: ${{ env.PLATFORMS }} | |
| push: false | |
| tags: '${{ env.REGISTRY }}/agoric/agoric-sdk:unreleased' | |
| # When changing/adding entries here, make sure to search the whole | |
| # project for `@@AGORIC_DOCKER_SUBMODULES@@` | |
| build-args: | | |
| GIT_COMMIT=${{env.GIT_COMMIT}} | |
| MODDABLE_COMMIT_HASH=${{env.MODDABLE_COMMIT_HASH}} | |
| MODDABLE_URL=${{env.MODDABLE_URL}} | |
| XSNAP_NATIVE_COMMIT_HASH=${{env.XSNAP_NATIVE_COMMIT_HASH}} | |
| XSNAP_NATIVE_URL=${{env.XSNAP_NATIVE_URL}} | |
| GIT_REVISION=${{env.GIT_REVISION}} | |
| - name: Build and Push setup | |
| uses: depot/build-push-action@v1 | |
| with: | |
| file: packages/deployment/Dockerfile | |
| context: packages/deployment | |
| platforms: ${{ env.PLATFORMS }} | |
| tags: '${{ env.REGISTRY }}/agoric/cosmic-swingset-setup:${{ env.BUILD_TAG }}' | |
| push: true | |
| build-args: | | |
| TAG=${{ env.BUILD_TAG }} | |
| - name: notify on failure | |
| if: failure() | |
| uses: ./.github/actions/notify-status | |
| with: | |
| webhook: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| from: ${{ secrets.NOTIFY_EMAIL_FROM }} | |
| to: ${{ secrets.NOTIFY_EMAIL_TO }} | |
| password: ${{ secrets.NOTIFY_EMAIL_PASSWORD }} | |
| docker-a3p-integration: | |
| needs: [docker-sdk, snapshot] | |
| runs-on: 'depot-ubuntu-22.04-16' # ubuntu-latest | |
| permissions: | |
| # allow issuing OIDC tokens for this workflow run | |
| id-token: write | |
| # allow at least reading the repo contents, add other permissions if necessary | |
| contents: read | |
| # to push the resulting images | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| # 18.19 causes this problem running tsx: | |
| # The --loader flag was deprecated in Node v20.6.0 | |
| node-version: 18.18 | |
| - name: Install deps | |
| run: | | |
| # Enable corepack for packageManager config | |
| corepack enable || sudo corepack enable | |
| yarn install | |
| working-directory: a3p-integration | |
| - name: Prepare Docker config | |
| run: | | |
| yarn build-cli | |
| # prepare files for bake-action | |
| yarn synthetic-chain prepare-build | |
| - name: Override the platforms in docker-bake.json | |
| run: | | |
| jq --arg PLATFORMS "$PLATFORMS" \ | |
| '. * {"variable": {"PLATFORMS": { "default": ($PLATFORMS | split(",")) }}}' \ | |
| ./docker-bake.json > t | |
| mv t ./docker-bake.json | |
| working-directory: a3p-integration | |
| - name: Save SDK_TAG | |
| run: echo "SDK_TAG=${{ needs.snapshot.outputs.tag }}" >> $GITHUB_ENV | |
| - name: Prefix tags | |
| id: prefix-tags | |
| run: | | |
| IMAGE="$REGISTRY/agoric/agoric-3-proposals" | |
| for TAG in ${{ needs.docker-sdk.outputs.tags }}; do | |
| PREFIXED="$PREFIXED$sep$IMAGE:upgrade-next-$TAG" | |
| sep=, | |
| done | |
| echo "tags=$PREFIXED" >> $GITHUB_OUTPUT | |
| - uses: depot/setup-action@v1 | |
| with: | |
| oidc: true # to set DEPOT_TOKEN for later steps | |
| - run: depot configure-docker | |
| - name: Login to Docker Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| registry: ${{ env.REGISTRY }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/agoric/agoric-3-proposals | |
| tags: ${{ steps.prefix-tags.outputs.tags }} | |
| - name: Push proposal "use-upgrade-next" image | |
| uses: depot/bake-action@v1 | |
| with: | |
| files: | | |
| ./docker-bake.json | |
| ./docker-bake.hcl | |
| ${{ steps.meta.outputs.bake-file }} | |
| targets: use-upgrade-next | |
| push: true | |
| docker-solo: | |
| needs: [docker-sdk, snapshot] | |
| runs-on: 'depot-ubuntu-22.04-16' # ubuntu-latest | |
| permissions: | |
| # allow issuing OIDC tokens for this workflow run | |
| id-token: write | |
| # allow at least reading the repo contents, add other permissions if necessary | |
| contents: read | |
| # to push the resulting images | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Save SDK_TAG | |
| run: echo "SDK_TAG=${{ needs.snapshot.outputs.tag }}" >> $GITHUB_ENV | |
| - name: Prefix tags | |
| id: prefix-tags | |
| run: | | |
| IMAGE="$REGISTRY/agoric/cosmic-swingset-solo" | |
| for TAG in ${{ needs.docker-sdk.outputs.tags }}; do | |
| PREFIXED="$PREFIXED$sep$IMAGE:$TAG" | |
| sep=, | |
| done | |
| echo "tags=$PREFIXED" >> $GITHUB_OUTPUT | |
| - uses: depot/setup-action@v1 | |
| with: | |
| oidc: true # to set DEPOT_TOKEN for later steps | |
| - run: depot configure-docker | |
| - name: Login to Docker Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| registry: ${{ env.REGISTRY }} | |
| - name: Build and Push | |
| uses: depot/build-push-action@v1 | |
| with: | |
| file: packages/solo/Dockerfile | |
| context: packages/solo | |
| platforms: ${{ env.PLATFORMS }} | |
| push: true | |
| tags: '${{ steps.prefix-tags.outputs.tags }}' | |
| build-args: | | |
| TAG=${{env.SDK_TAG}} | |
| - name: notify on failure | |
| if: failure() | |
| uses: ./.github/actions/notify-status | |
| with: | |
| webhook: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| from: ${{ secrets.NOTIFY_EMAIL_FROM }} | |
| to: ${{ secrets.NOTIFY_EMAIL_TO }} | |
| password: ${{ secrets.NOTIFY_EMAIL_PASSWORD }} |