Skip to content

Commit

Permalink
ci(docker): use Depot multiarch, publish a3p-use-upgrade-next
Browse files Browse the repository at this point in the history
  • Loading branch information
michaelfig committed Sep 12, 2024
1 parent 3656582 commit 5647edd
Show file tree
Hide file tree
Showing 3 changed files with 169 additions and 132 deletions.
298 changes: 167 additions & 131 deletions .github/workflows/docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ on:
workflow_dispatch:
env:
REGISTRY: ghcr.io
DOCKER_PLATFORMS: linux/amd64,linux/arm64/v8

jobs:
snapshot:
Expand All @@ -33,109 +34,50 @@ jobs:
SNAPSHOT_TAG="${TIMESTAMP}-${SHORT_SHA}"
echo "tag=$SNAPSHOT_TAG" >> $GITHUB_OUTPUT
docker-parallel-build:
needs: snapshot
runs-on: ubuntu-latest
docker-sdk:
permissions:
# allow issuing OIDC tokens for this workflow run
id-token: write
# allow at least reading the repo contents, add other permissions if necessary
contents: read
# to push the resulting images
packages: write
strategy:
matrix:
platform:
- linux/amd64
- linux/arm64/v8
needs: snapshot
runs-on: 'depot-ubuntu-22.04-16' # ubuntu-latest
outputs:
tag: '${{ steps.docker-tags.outputs.tags }}'
tags: '${{ steps.docker-tags.outputs.tags }} ${{ needs.snapshot.outputs.tag }}'
steps:
- uses: actions/checkout@v4
- uses: depot/setup-action@v1
with:
oidc: true # to set DEPOT_TOKEN for later steps
- run: depot configure-docker
- name: Log in to the Container registry
uses: docker/login-action@v3
# see https://docs.github.com/en/actions/publishing-packages/publishing-docker-images
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
- name: Save BUILD_TAG
run: |
ARCH=$(echo '${{ matrix.platform }}' | tr / _)
echo "BUILD_TAG=${{ needs.snapshot.outputs.tag }}-$ARCH" >> $GITHUB_ENV
echo "BUILD_TAG=${{ needs.snapshot.outputs.tag }}" >> $GITHUB_ENV
- name: Save GIT_REVISION
run: echo "GIT_REVISION=$(git rev-parse HEAD)" >> $GITHUB_ENV
- name: Save GIT_COMMIT
run: echo "GIT_COMMIT=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- name: Save commit hash, url of submodules to environment
run: |
node packages/xsnap/src/build.js --show-env >> $GITHUB_ENV
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
buildkitd-flags: --debug
- name: Login to Docker Registry
uses: docker/login-action@v2
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
- name: Build and Push ssh-node
uses: docker/build-push-action@v4
uses: depot/build-push-action@v1
with:
file: packages/deployment/Dockerfile.ssh-node
context: packages/deployment/docker
platforms: ${{ matrix.platform }}
platforms: ${{ env.DOCKER_PLATFORMS }}
push: true
tags: '${{ env.REGISTRY }}/agoric/ssh-node:${{ env.BUILD_TAG }}'
- name: Build and Push sdk
uses: docker/build-push-action@v4
with:
file: packages/deployment/Dockerfile.sdk
context: ./
platforms: ${{ matrix.platform }}
push: true
tags: '${{ env.REGISTRY }}/agoric/agoric-sdk:${{ env.BUILD_TAG }}'
# When changing/adding entries here, make sure to search the whole
# project for `@@AGORIC_DOCKER_SUBMODULES@@`
build-args: |
GIT_COMMIT=${{env.GIT_COMMIT}}
MODDABLE_COMMIT_HASH=${{env.MODDABLE_COMMIT_HASH}}
MODDABLE_URL=${{env.MODDABLE_URL}}
XSNAP_NATIVE_COMMIT_HASH=${{env.XSNAP_NATIVE_COMMIT_HASH}}
XSNAP_NATIVE_URL=${{env.XSNAP_NATIVE_URL}}
GIT_REVISION=${{env.GIT_REVISION}}
- name: Build and Push setup
uses: docker/build-push-action@v4
with:
file: packages/deployment/Dockerfile
context: packages/deployment
platforms: ${{ matrix.platform }}
tags: '${{ env.REGISTRY }}/agoric/cosmic-swingset-setup:${{ env.BUILD_TAG }}'
push: true
build-args: |
TAG=${{ env.BUILD_TAG }}
- name: notify on failure
if: failure()
uses: ./.github/actions/notify-status
with:
webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
from: ${{ secrets.NOTIFY_EMAIL_FROM }}
to: ${{ secrets.NOTIFY_EMAIL_TO }}
password: ${{ secrets.NOTIFY_EMAIL_PASSWORD }}

# Publish the build's multiarch images to Docker Registry.
docker-sdk:
needs: [docker-parallel-build, snapshot]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
outputs:
tag: '${{ steps.docker-tags.outputs.tags }}'
tags: '${{ steps.docker-tags.outputs.tags }} ${{ needs.snapshot.outputs.tag }}'
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
buildkitd-flags: --debug
- name: Login to Docker Registry
uses: docker/login-action@v2
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
- name: Compute tags
id: docker-tags
run: |
Expand Down Expand Up @@ -168,67 +110,159 @@ jobs:
DOCKER_TAGS="latest $SDK_TAG"
;;
esac
DOCKER_TAGS="$DOCKER_TAGS $BUILD_TAG"
echo "tags=$DOCKER_TAGS" >> $GITHUB_OUTPUT
- name: Push SDK multiarch
- name: Prefix tags
id: prefix-tags
run: |
set -ex
for IMAGE in agoric/agoric-sdk agoric/ssh-node agoric/cosmic-swingset-setup; do
for TAG in ${{ steps.docker-tags.outputs.tags }} ${{ needs.snapshot.outputs.tag }}; do
sources=
for ARCH in linux/amd64 linux/arm64/v8; do
uarch=$(echo "$ARCH" | tr / _)
BUILD_TAG="${{ needs.snapshot.outputs.tag }}-$uarch"
sources="$sources $REGISTRY/$IMAGE:$BUILD_TAG"
done
docker buildx imagetools create --tag "$REGISTRY/$IMAGE:$TAG"$sources
done
PREFIX="$REGISTRY/agoric/agoric-sdk"
for TAG in ${{ steps.docker-tags.outputs.tags }}; do
PREFIXED="$PREFIXED$sep$PREFIX$TAG"
sep=,
done
echo "tags=$PREFIXED" >> $GITHUB_OUTPUT
- name: Build and Push sdk
uses: depot/build-push-action@v1
with:
file: packages/deployment/Dockerfile.sdk
context: ./
platforms: ${{ env.DOCKER_PLATFORMS }}
push: true
tags: '${{ steps.prefix-tags.outputs.tags }}'
# When changing/adding entries here, make sure to search the whole
# project for `@@AGORIC_DOCKER_SUBMODULES@@`
build-args: |
GIT_COMMIT=${{env.GIT_COMMIT}}
MODDABLE_COMMIT_HASH=${{env.MODDABLE_COMMIT_HASH}}
MODDABLE_URL=${{env.MODDABLE_URL}}
XSNAP_NATIVE_COMMIT_HASH=${{env.XSNAP_NATIVE_COMMIT_HASH}}
XSNAP_NATIVE_URL=${{env.XSNAP_NATIVE_URL}}
GIT_REVISION=${{env.GIT_REVISION}}
- name: Build and Push setup
uses: depot/build-push-action@v1
with:
file: packages/deployment/Dockerfile
context: packages/deployment
platforms: ${{ env.DOCKER_PLATFORMS }}
tags: '${{ env.REGISTRY }}/agoric/cosmic-swingset-setup:${{ env.BUILD_TAG }}'
push: true
build-args: |
TAG=${{ env.BUILD_TAG }}
- name: notify on failure
if: failure()
uses: ./.github/actions/notify-status
with:
webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
from: ${{ secrets.NOTIFY_EMAIL_FROM }}
to: ${{ secrets.NOTIFY_EMAIL_TO }}
password: ${{ secrets.NOTIFY_EMAIL_PASSWORD }}

# This is currently needed for the relayer integration test framework.
# It just runs agoric/agoric-sdk with a "single-node" argument.
docker-ibc-alpha:
docker-a3p-upgrade-next:
needs: [docker-sdk, snapshot]
runs-on: ubuntu-latest
runs-on: 'depot-ubuntu-22.04-16' # ubuntu-latest
permissions:
# allow issuing OIDC tokens for this workflow run
id-token: write
# allow at least reading the repo contents, add other permissions if necessary
contents: read
# to push the resulting images
packages: write
if: ${{ needs.docker-sdk.outputs.tag }} != dev
outputs:
build-id: '${{ steps.bake-upgrade-next.outputs.build-id }}'
json-tags: '${{ steps.prefix-tags.outputs.json-tags }}'
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/restore-node
with:
# 18.19 causes this problem running tsx:
# The --loader flag was deprecated in Node v20.6.0
node-version: 18.18
# Since we can't build core eval submissions for the SDK using a newer endo,
# simply ignore any endo branch integration (this means we don't have full coverage)
ignore-endo-branch: 'true'

- name: Install deps
run: |
# Enable corepack for packageManager config
corepack enable || sudo corepack enable
yarn install
working-directory: a3p-integration

- name: Save SDK_TAG
run: echo "SDK_TAG=${{ needs.snapshot.outputs.tag }}" >> $GITHUB_ENV

- name: Override the buildConfig variables
run: |
jq --arg PLATFORMS "$DOCKER_PLATFORMS" \
'. * {"agoricSyntheticChain": {
"platforms": ($PLATFORMS | split(","))
}}' package.json > ./package.json.new
mv ./package.json.new ./package.json
jq --arg SDK_TAG "$SDK_TAG" \
'. * {"agoricProposal": {
"sdkImageTag": $SDK_TAG,
}}' proposals/n\:upgrade-next/package.json > ./package.json.new
mv ./package.json.new proposals/n\:upgrade-next/package.json
working-directory: a3p-integration

- name: Prefix tags
id: prefix-tags
run: |
IMAGE="$REGISTRY/agoric/agoric-sdk"
for TAG in ibc-alpha; do
PREFIXED="$PREFIXED$sep$IMAGE:$TAG"
sep=,
# These tags don't have an image name attached yet and are JSONified
# with newline separators because they are used as input to
# docker/metadata-action.
PREFIX=a3p-use-upgrade-next-
JSON_TAGS=
sep=
for TAG in "$SDK_TAG" ${{ needs.docker-sdk.outputs.tags }}; do
JSON_TAGS="$JSON_TAGS$sep$PREFIX$TAG"
sep='\n'
done
echo "tags=$PREFIXED" >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
echo "json-tags=\"$JSON_TAGS\"" >> $GITHUB_OUTPUT
- name: Prepare Docker config
run: |
# prepare files for bake-action
yarn build:submissions
yarn synthetic-chain prepare-build
# Force use- targets to have our default tags by commenting out the
# existing definition.
sed -i.orig -e 's%\( tags = .*use-\)% //\1%' docker-bake.hcl
working-directory: a3p-integration

- uses: depot/setup-action@v1
with:
buildkitd-flags: --debug
oidc: true # to set DEPOT_TOKEN for later steps
- run: depot configure-docker
- name: Login to Docker Registry
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
- name: Build and Push
uses: docker/build-push-action@v4
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
file: packages/deployment/Dockerfile.ibc-alpha
context: packages/deployment/docker
platforms: linux/amd64,linux/arm64/v8
images: ${{ env.REGISTRY }}/agoric/agoric-sdk
tags: ${{ fromJSON(steps.prefix-tags.outputs.json-tags) }}

- name: Publish "use-upgrade-next" image
uses: depot/bake-action@v1
id: bake-upgrade-next
with:
files: |
docker-bake.json
docker-bake.hcl
${{ steps.meta.outputs.bake-file }}
targets: use-upgrade-next
push: true
tags: '${{ steps.prefix-tags.outputs.tags }}'
build-args: |
SDK_TAG=${{env.SDK_TAG}}
workdir: ./a3p-integration

- name: clean up repo
run: git clean -f . && git restore .
- name: notify on failure
if: failure()
uses: ./.github/actions/notify-status
Expand All @@ -240,9 +274,13 @@ jobs:

docker-solo:
needs: [docker-sdk, snapshot]
runs-on: ubuntu-latest
runs-on: 'depot-ubuntu-22.04-16' # ubuntu-latest
permissions:
# allow issuing OIDC tokens for this workflow run
id-token: write
# allow at least reading the repo contents, add other permissions if necessary
contents: read
# to push the resulting images
packages: write
steps:
- uses: actions/checkout@v4
Expand All @@ -251,30 +289,28 @@ jobs:
- name: Prefix tags
id: prefix-tags
run: |
IMAGE="$REGISTRY/agoric/cosmic-swingset-solo"
PREFIX="$REGISTRY/agoric/cosmic-swingset-solo"
for TAG in ${{ needs.docker-sdk.outputs.tags }}; do
PREFIXED="$PREFIXED$sep$IMAGE:$TAG"
PREFIXED="$PREFIXED$sep$PREFIX$TAG"
sep=,
done
echo "tags=$PREFIXED" >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- uses: depot/setup-action@v1
with:
buildkitd-flags: --debug
oidc: true # to set DEPOT_TOKEN for later steps
- run: depot configure-docker
- name: Login to Docker Registry
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
- name: Build and Push
uses: docker/build-push-action@v4
uses: depot/build-push-action@v1
with:
file: packages/solo/Dockerfile
context: packages/solo
platforms: linux/amd64,linux/arm64/v8
platforms: ${{ env.DOCKER_PLATFORMS }}
push: true
tags: '${{ steps.prefix-tags.outputs.tags }}'
build-args: |
Expand Down
Loading

0 comments on commit 5647edd

Please sign in to comment.