name: Release - Publish Docker Image # This workflow listens to published releases or can be triggered manually. # It builds and published releases and rc candidates. on: workflow_dispatch: inputs: image_type: description: Type of the image to be published required: true default: rc type: choice options: - rc - release binary: description: Binary to be published required: true default: pezkuwi type: choice options: - pezkuwi - pezkuwi-omni-node - pezkuwi-teyrchain - chain-spec-builder registry: description: Container registry required: true type: string default: docker.io # The owner is often the same as the Docker Hub username but does ont have to be. # In our case, it is not. owner: description: Owner of the container image repo required: true type: string default: pezkuwichain version: description: Version of the pezkuwi node release in format v1.16.0 or v1.16.0-rc1 default: v0.9.18 required: true stable_tag: description: Tag matching the actual stable release version in the format pezkuwi-stableYYMM(-rcX) or pezkuwi-stableYYMM-X(-rcX) for patch releases required: true workflow_call: inputs: image_type: description: Type of the image to be published required: true default: rc type: string binary: description: Binary to be published required: true default: pezkuwi type: string registry: description: Container registry required: true type: string default: docker.io owner: description: Owner of the container image repo required: true type: string default: pezkuwichain version: description: Version of the pezkuwi node release in format v1.16.0 or v1.16.0-rc1 required: true type: string stable_tag: description: Tag matching the actual stable release version in the format pezkuwi-stableYYMM(-rcX) or pezkuwi-stableYYMM-X(-rcX) for patch releases required: true type: string permissions: contents: write env: ENGINE: docker REGISTRY: ${{ inputs.registry }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} DOCKER_OWNER: ${{ inputs.owner || github.repository_owner }} REPO: ${{ github.repository }} BINARY: ${{ inputs.binary }} # EVENT_ACTION: ${{ github.event.action }} EVENT_NAME: ${{ github.event_name }} IMAGE_TYPE: ${{ inputs.image_type }} jobs: # check-synchronization job disabled - pezkuwichain-release sync not needed for pezkuwichain # Original: uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main validate-inputs: # Removed dependency on check-synchronization (disabled) runs-on: ubuntu-latest outputs: version: ${{ steps.validate_inputs.outputs.VERSION }} stable_tag: ${{ steps.validate_inputs.outputs.stable_tag }} steps: - name: Checkout sources uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Validate inputs id: validate_inputs run: | . ./.github/scripts/common/lib.sh VERSION=$(filter_version_from_input "${{ inputs.version }}") echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT STABLE_TAG=$(validate_stable_tag ${{ inputs.stable_tag }}) echo "stable_tag=${STABLE_TAG}" >> $GITHUB_OUTPUT fetch-artifacts: # this job will be triggered for the pezkuwi-teyrchain rc and release or pezkuwi rc image build runs-on: ubuntu-latest needs: [ validate-inputs ] steps: - name: Checkout sources if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }} uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Fetch rc artifacts or release artifacts from s3 based on version if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }} run: | . ./.github/scripts/common/lib.sh VERSION="${{ needs.validate-inputs.outputs.stable_tag }}" if [[ ${{ inputs.binary }} == 'pezkuwi' ]]; then bins=(pezkuwi pezkuwi-prepare-worker pezkuwi-execute-worker) for bin in "${bins[@]}"; do fetch_release_artifacts_from_s3 $bin x86_64-unknown-linux-gnu done else fetch_release_artifacts_from_s3 $BINARY x86_64-unknown-linux-gnu fi - name: Upload artifacts if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }} uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: release-artifacts-${{ env.BINARY }} path: release-artifacts/x86_64-unknown-linux-gnu/${{ env.BINARY }}/**/* build-container: # this job will be triggered for the pezkuwi-teyrchain rc and release or pezkuwi rc image build runs-on: ubuntu-latest needs: [ fetch-artifacts, validate-inputs ] environment: release steps: - name: Checkout sources uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Download artifacts if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }} uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: release-artifacts-${{ env.BINARY }} path: release-artifacts - name: Check sha256 ${{ env.BINARY }} if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }} working-directory: release-artifacts run: | . ../.github/scripts/common/lib.sh echo "Checking binary $BINARY" check_sha256 $BINARY && echo "OK" || echo "ERR" - name: Check GPG ${{ env.BINARY }} if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }} working-directory: release-artifacts run: | . ../.github/scripts/common/lib.sh import_gpg_keys check_gpg $BINARY - name: Fetch rc commit and tag working-directory: release-artifacts if: ${{ env.IMAGE_TYPE == 'rc' }} id: fetch_rc_refs shell: bash run: | . ../.github/scripts/common/lib.sh commit=$(git rev-parse --short HEAD) && \ echo "commit=${commit}" >> $GITHUB_OUTPUT echo "release=$(echo ${{ needs.validate-inputs.outputs.version }})" >> $GITHUB_OUTPUT echo "tag=$(prepare_docker_stable_tag ${{ needs.validate-inputs.outputs.stable_tag }})" >> $GITHUB_OUTPUT - name: Fetch release tags if: ${{ env.IMAGE_TYPE == 'release'}} id: fetch_release_refs shell: bash run: | . .github/scripts/common/lib.sh echo "tag=latest" >> $GITHUB_OUTPUT echo "release=$(echo ${{ needs.validate-inputs.outputs.version }})" >> $GITHUB_OUTPUT echo "stable=$(prepare_docker_stable_tag ${{ needs.validate-inputs.outputs.stable_tag }})" >> $GITHUB_OUTPUT - name: Build Injected Container image for pezkuwi if: ${{ env.BINARY == 'pezkuwi' }} env: ARTIFACTS_FOLDER: release-artifacts IMAGE_NAME: ${{ env.BINARY }} OWNER: ${{ env.DOCKER_OWNER }} TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }} shell: bash run: | ls -al echo "Building container for $BINARY" echo "IMAGE_TYPE: ${{ inputs.image_type }}" if [[ "${{ inputs.image_type }}" == "rc" ]]; then echo "Building RC container for pezkuwi" export DOCKERFILE="docker/dockerfiles/pezkuwi/pezkuwi_injected.Dockerfile" export BINARY="pezkuwi,pezkuwi-execute-worker,pezkuwi-prepare-worker" ./docker/scripts/build-injected.sh else echo "Building release container for pezkuwi" export DOCKERFILE="docker/dockerfiles/pezkuwi/pezkuwi_injected_debian.Dockerfile" export BINARY="pezkuwi,pezkuwi-execute-worker,pezkuwi-prepare-worker" export PEZKUWI_DEB=true export VERSION=${{ needs.validate-inputs.outputs.version }} ./docker/scripts/build-injected.sh fi - name: Build Injected Container image for pezkuwi-omni-node/chain-spec-builder if: ${{ env.BINARY == 'pezkuwi-omni-node' || env.BINARY == 'chain-spec-builder' }} shell: bash env: ARTIFACTS_FOLDER: release-artifacts IMAGE_NAME: ${{ env.BINARY }} OWNER: ${{ env.DOCKER_OWNER }} TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }} VERSION: ${{ needs.validate-inputs.outputs.version }} run: | ls -al echo "Building container for $BINARY" ./docker/scripts/build-injected.sh - name: Build Injected Container image for pezkuwi-teyrchain if: ${{ env.BINARY == 'pezkuwi-teyrchain' }} shell: bash env: ARTIFACTS_FOLDER: release-artifacts IMAGE_NAME: ${{ env.BINARY }} OWNER: ${{ env.DOCKER_OWNER }} DOCKERFILE: docker/dockerfiles/pezkuwi-teyrchain/pezkuwi-teyrchain_injected.Dockerfile TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }} VERSION: ${{ needs.validate-inputs.outputs.version }} run: | ls -al mkdir -p $ARTIFACTS_FOLDER/specs cp pezcumulus/teyrchains/chain-specs/*.json $ARTIFACTS_FOLDER/specs echo "Building container for $BINARY" ./docker/scripts/build-injected.sh - name: Login to Dockerhub to publish pezkuwi if: ${{ env.BINARY == 'pezkuwi' }} uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: username: ${{ secrets.PEZKUWI_DOCKERHUB_USERNAME }} password: ${{ secrets.PEZKUWI_DOCKERHUB_TOKEN }} - name: Login to Dockerhub to publish pezkuwi-omni-node/pezkuwi-teyrchain/chain-spec-builder if: ${{ env.BINARY == 'pezkuwi-omni-node' || env.BINARY == 'pezkuwi-teyrchain' || env.BINARY == 'chain-spec-builder' }} uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: username: ${{ secrets.CUMULUS_DOCKERHUB_USERNAME }} password: ${{ secrets.CUMULUS_DOCKERHUB_TOKEN }} - name: Push Container image for ${{ env.BINARY }} id: docker_push run: | $ENGINE images | grep ${BINARY} $ENGINE push --all-tags ${REGISTRY}/${DOCKER_OWNER}/${BINARY} - name: Check version for the published image for ${{ env.BINARY }} env: RELEASE_TAG: ${{ steps.fetch_rc_refs.outputs.release || steps.fetch_release_refs.outputs.release }} run: | echo "Checking tag ${RELEASE_TAG} for image ${REGISTRY}/${DOCKER_OWNER}/${BINARY}" if [[ ${BINARY} == 'chain-spec-builder' ]]; then $ENGINE run -i ${REGISTRY}/${DOCKER_OWNER}/${BINARY}:${RELEASE_TAG} else $ENGINE run -i ${REGISTRY}/${DOCKER_OWNER}/${BINARY}:${RELEASE_TAG} --version fi