Skip to content

Commit

Permalink
ci(docker): use Depot multiarch, publish use-upgrade-next
Browse files Browse the repository at this point in the history
  • Loading branch information
michaelfig committed Sep 4, 2024
1 parent bc8900d commit 9c9eeb6
Show file tree
Hide file tree
Showing 3 changed files with 147 additions and 127 deletions.
271 changes: 145 additions & 126 deletions .github/workflows/docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ on:
workflow_dispatch:
env:
REGISTRY: ghcr.io
DOCKER_PLATFORMS: linux/amd64,linux/arm64/v8

jobs:
snapshot:
Expand All @@ -33,109 +34,50 @@ jobs:
SNAPSHOT_TAG="${TIMESTAMP}-${SHORT_SHA}"
echo "tag=$SNAPSHOT_TAG" >> $GITHUB_OUTPUT
docker-parallel-build:
needs: snapshot
runs-on: ubuntu-latest
docker-sdk:
permissions:
# allow issuing OIDC tokens for this workflow run
id-token: write
# allow at least reading the repo contents, add other permissions if necessary
contents: read
# to push the resulting images
packages: write
strategy:
matrix:
platform:
- linux/amd64
- linux/arm64/v8
needs: snapshot
runs-on: 'depot-ubuntu-22.04-16' # ubuntu-latest
outputs:
tag: '${{ steps.docker-tags.outputs.tags }}'
tags: '${{ steps.docker-tags.outputs.tags }} ${{ needs.snapshot.outputs.tag }}'
steps:
- uses: actions/checkout@v4
- uses: depot/setup-action@v1
with:
oidc: true # to set DEPOT_TOKEN for later steps
- run: depot configure-docker
- name: Log in to the Container registry
uses: docker/login-action@v3
# see https://docs.github.com/en/actions/publishing-packages/publishing-docker-images
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
- name: Save BUILD_TAG
run: |
ARCH=$(echo '${{ matrix.platform }}' | tr / _)
echo "BUILD_TAG=${{ needs.snapshot.outputs.tag }}-$ARCH" >> $GITHUB_ENV
echo "BUILD_TAG=${{ needs.snapshot.outputs.tag }}" >> $GITHUB_ENV
- name: Save GIT_REVISION
run: echo "GIT_REVISION=$(git rev-parse HEAD)" >> $GITHUB_ENV
- name: Save GIT_COMMIT
run: echo "GIT_COMMIT=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- name: Save commit hash, url of submodules to environment
run: |
node packages/xsnap/src/build.js --show-env >> $GITHUB_ENV
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
buildkitd-flags: --debug
- name: Login to Docker Registry
uses: docker/login-action@v2
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
- name: Build and Push ssh-node
uses: docker/build-push-action@v4
uses: depot/build-push-action@v1
with:
file: packages/deployment/Dockerfile.ssh-node
context: packages/deployment/docker
platforms: ${{ matrix.platform }}
platforms: ${{ env.DOCKER_PLATFORMS }}
push: true
tags: '${{ env.REGISTRY }}/agoric/ssh-node:${{ env.BUILD_TAG }}'
- name: Build and Push sdk
uses: docker/build-push-action@v4
with:
file: packages/deployment/Dockerfile.sdk
context: ./
platforms: ${{ matrix.platform }}
push: true
tags: '${{ env.REGISTRY }}/agoric/agoric-sdk:${{ env.BUILD_TAG }}'
# When changing/adding entries here, make sure to search the whole
# project for `@@AGORIC_DOCKER_SUBMODULES@@`
build-args: |
GIT_COMMIT=${{env.GIT_COMMIT}}
MODDABLE_COMMIT_HASH=${{env.MODDABLE_COMMIT_HASH}}
MODDABLE_URL=${{env.MODDABLE_URL}}
XSNAP_NATIVE_COMMIT_HASH=${{env.XSNAP_NATIVE_COMMIT_HASH}}
XSNAP_NATIVE_URL=${{env.XSNAP_NATIVE_URL}}
GIT_REVISION=${{env.GIT_REVISION}}
- name: Build and Push setup
uses: docker/build-push-action@v4
with:
file: packages/deployment/Dockerfile
context: packages/deployment
platforms: ${{ matrix.platform }}
tags: '${{ env.REGISTRY }}/agoric/cosmic-swingset-setup:${{ env.BUILD_TAG }}'
push: true
build-args: |
TAG=${{ env.BUILD_TAG }}
- name: notify on failure
if: failure()
uses: ./.github/actions/notify-status
with:
webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
from: ${{ secrets.NOTIFY_EMAIL_FROM }}
to: ${{ secrets.NOTIFY_EMAIL_TO }}
password: ${{ secrets.NOTIFY_EMAIL_PASSWORD }}

# Publish the build's multiarch images to Docker Registry.
docker-sdk:
needs: [docker-parallel-build, snapshot]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
outputs:
tag: '${{ steps.docker-tags.outputs.tags }}'
tags: '${{ steps.docker-tags.outputs.tags }} ${{ needs.snapshot.outputs.tag }}'
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
buildkitd-flags: --debug
- name: Login to Docker Registry
uses: docker/login-action@v2
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
- name: Compute tags
id: docker-tags
run: |
Expand Down Expand Up @@ -168,67 +110,142 @@ jobs:
DOCKER_TAGS="latest $SDK_TAG"
;;
esac
DOCKER_TAGS="$DOCKER_TAGS $BUILD_TAG"
echo "tags=$DOCKER_TAGS" >> $GITHUB_OUTPUT
- name: Push SDK multiarch
- name: Prefix tags
id: prefix-tags
run: |
set -ex
for IMAGE in agoric/agoric-sdk agoric/ssh-node agoric/cosmic-swingset-setup; do
for TAG in ${{ steps.docker-tags.outputs.tags }} ${{ needs.snapshot.outputs.tag }}; do
sources=
for ARCH in linux/amd64 linux/arm64/v8; do
uarch=$(echo "$ARCH" | tr / _)
BUILD_TAG="${{ needs.snapshot.outputs.tag }}-$uarch"
sources="$sources $REGISTRY/$IMAGE:$BUILD_TAG"
done
docker buildx imagetools create --tag "$REGISTRY/$IMAGE:$TAG"$sources
done
IMAGE="$REGISTRY/agoric/agoric-sdk"
for TAG in ${{ steps.docker-tags.outputs.tags }}; do
PREFIXED="$PREFIXED$sep$IMAGE:$TAG"
sep=,
done
echo "tags=$PREFIXED" >> $GITHUB_OUTPUT
- name: Build and Push sdk
uses: depot/build-push-action@v1
with:
file: packages/deployment/Dockerfile.sdk
context: ./
platforms: ${{ env.DOCKER_PLATFORMS }}
push: true
tags: '${{ steps.prefix-tags.outputs.tags }}'
# When changing/adding entries here, make sure to search the whole
# project for `@@AGORIC_DOCKER_SUBMODULES@@`
build-args: |
GIT_COMMIT=${{env.GIT_COMMIT}}
MODDABLE_COMMIT_HASH=${{env.MODDABLE_COMMIT_HASH}}
MODDABLE_URL=${{env.MODDABLE_URL}}
XSNAP_NATIVE_COMMIT_HASH=${{env.XSNAP_NATIVE_COMMIT_HASH}}
XSNAP_NATIVE_URL=${{env.XSNAP_NATIVE_URL}}
GIT_REVISION=${{env.GIT_REVISION}}
- name: Build and Push setup
uses: depot/build-push-action@v1
with:
file: packages/deployment/Dockerfile
context: packages/deployment
platforms: ${{ env.DOCKER_PLATFORMS }}
tags: '${{ env.REGISTRY }}/agoric/cosmic-swingset-setup:${{ env.BUILD_TAG }}'
push: true
build-args: |
TAG=${{ env.BUILD_TAG }}
- name: notify on failure
if: failure()
uses: ./.github/actions/notify-status
with:
webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
from: ${{ secrets.NOTIFY_EMAIL_FROM }}
to: ${{ secrets.NOTIFY_EMAIL_TO }}
password: ${{ secrets.NOTIFY_EMAIL_PASSWORD }}

# This is currently needed for the relayer integration test framework.
# It just runs agoric/agoric-sdk with a "single-node" argument.
docker-ibc-alpha:
docker-a3p-integration:
needs: [docker-sdk, snapshot]
runs-on: ubuntu-latest
runs-on: 'depot-ubuntu-22.04-16' # ubuntu-latest
permissions:
# allow issuing OIDC tokens for this workflow run
id-token: write
# allow at least reading the repo contents, add other permissions if necessary
contents: read
# to push the resulting images
packages: write
if: ${{ needs.docker-sdk.outputs.tag }} != dev
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/restore-node
with:
# 18.19 causes this problem running tsx:
# The --loader flag was deprecated in Node v20.6.0
node-version: 18.18
# Since we can't build core eval submissions for the SDK using a newer endo,
# simply ignore any endo branch integration (this means we don't have full coverage)
ignore-endo-branch: 'true'

- name: Install deps
run: |
# Enable corepack for packageManager config
corepack enable || sudo corepack enable
yarn install
working-directory: a3p-integration
- name: Prepare Docker config
run: |
# prepare files for bake-action
yarn build:submissions
yarn synthetic-chain prepare-build
working-directory: a3p-integration

- name: Override the platforms in docker-bake.json
run: |
jq -n --arg PLATFORMS "$DOCKER_PLATFORMS" \
'{"variable": {"PLATFORMS": { "default": ($PLATFORMS | split(",")) }}}' \
> ./docker-bake.override.json
working-directory: a3p-integration

- name: Save SDK_TAG
run: echo "SDK_TAG=${{ needs.snapshot.outputs.tag }}" >> $GITHUB_ENV

- name: Override the unreleased tag reference in Dockerfile
run: |
IMAGE="$REGISTRY/agoric/agoric-sdk"
sed -i.bak -e "s%$IMAGE:unreleased%$IMAGE:$SDK_TAG%g" Dockerfile
working-directory: a3p-integration

- name: Prefix tags
id: prefix-tags
run: |
IMAGE="$REGISTRY/agoric/agoric-sdk"
for TAG in ibc-alpha; do
PREFIXED="$PREFIXED$sep$IMAGE:$TAG"
for TAG in ${{ needs.docker-sdk.outputs.tags }}; do
PREFIXED="$PREFIXED$sep$IMAGE:a3p-upgrade-next-$TAG"
sep=,
done
echo "tags=$PREFIXED" >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- uses: depot/setup-action@v1
with:
buildkitd-flags: --debug
oidc: true # to set DEPOT_TOKEN for later steps
- run: depot configure-docker
- name: Login to Docker Registry
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
- name: Build and Push
uses: docker/build-push-action@v4
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
file: packages/deployment/Dockerfile.ibc-alpha
context: packages/deployment/docker
platforms: linux/amd64,linux/arm64/v8
images: ${{ env.REGISTRY }}/agoric/agoric-sdk
tags: ${{ steps.prefix-tags.outputs.tags }}

- name: Push proposal "use-upgrade-next" image
uses: depot/bake-action@v1
with:
files: |
docker-bake.json
docker-bake.override.json
docker-bake.hcl
${{ steps.meta.outputs.bake-file }}
targets: use-upgrade-next
push: true
tags: '${{ steps.prefix-tags.outputs.tags }}'
build-args: |
SDK_TAG=${{env.SDK_TAG}}
workdir: ./a3p-integration
- name: clean up repo
run: git clean -f && git restore .
- name: notify on failure
if: failure()
uses: ./.github/actions/notify-status
Expand All @@ -240,9 +257,13 @@ jobs:

docker-solo:
needs: [docker-sdk, snapshot]
runs-on: ubuntu-latest
runs-on: 'depot-ubuntu-22.04-16' # ubuntu-latest
permissions:
# allow issuing OIDC tokens for this workflow run
id-token: write
# allow at least reading the repo contents, add other permissions if necessary
contents: read
# to push the resulting images
packages: write
steps:
- uses: actions/checkout@v4
Expand All @@ -257,24 +278,22 @@ jobs:
sep=,
done
echo "tags=$PREFIXED" >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- uses: depot/setup-action@v1
with:
buildkitd-flags: --debug
oidc: true # to set DEPOT_TOKEN for later steps
- run: depot configure-docker
- name: Login to Docker Registry
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
- name: Build and Push
uses: docker/build-push-action@v4
uses: depot/build-push-action@v1
with:
file: packages/solo/Dockerfile
context: packages/solo
platforms: linux/amd64,linux/arm64/v8
platforms: ${{ env.DOCKER_PLATFORMS }}
push: true
tags: '${{ steps.prefix-tags.outputs.tags }}'
build-args: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/integration.yml
Original file line number Diff line number Diff line change
Expand Up @@ -248,7 +248,7 @@ jobs:
with:
node-version: '18.x'
# Rebuilding the SDK image with resolved endo packages is not currently supported
# and since we can't build core eval submissions form the SDK using a newer endo,
# and since we can't build core eval submissions for the SDK using a newer endo,
# simply ignore any endo branch integration (this means we don't have full coverage)
ignore-endo-branch: 'true'
id: restore-node
Expand Down
1 change: 1 addition & 0 deletions depot.json
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"id":"0gtvlr9g8j"}

0 comments on commit 9c9eeb6

Please sign in to comment.