GHW for building and publishing docker images (#1391)

* add ghw and scripts for docker image deployment * debug * add permissions for content * fix path to the bin folder * add tags * rename env * fix path to docker file * make polkadot-parachain executable * fix typo * fix more typos * test * revert back use of working directory * mke bin executable in the artifacts folder * use cd instead of working directory * change path to cash * fix path to cash * change cache key * delete old flows * addressed PR comments * fix path * reorg docker files
2026-04-30 17:47:56 +00:00 · 2023-09-06 16:11:10 +02:00
parent 4c077b209b
commit eeb368ed9c
55 changed files with 783 additions and 676 deletions
@@ -1,206 +0,0 @@
-name: Release - Publish Docker Image
-
-# This workflow listens to pubished releases or can be triggered manually.
-# It includes releases and rc candidates.
-# It fetches the binaries, checks sha256 and GPG
-# signatures, then builds an injected docker
-# image and publishes it.
-
-on:
-  release:
-    types:
-      - published
-  workflow_dispatch:
-    inputs:
-      release_id:
-        description: |
-          Release ID.
-          You can find it using the command:
-          curl -s \
-            -H "Authorization: Bearer ${GITHUB_TOKEN}" https://api.github.com/repos/$OWNER/$REPO/releases | \
-            jq '.[] | { name: .name, id: .id }'
-        required: true
-        type: string
-      image_type:
-        description: Type of the image to be published
-        required: true
-        default: rc
-        type: choice
-        options:
-          - rc
-          - release
-      registry:
-        description: Container registry
-        required: true
-        type: string
-        default: docker.io
-      owner:
-        description: Owner of the container image repo
-        required: true
-        type: string
-        default: parity
-
-env:
-  RELEASE_ID: ${{ inputs.release_id }}
-  ENGINE: docker
-  REGISTRY: ${{ inputs.registry }}
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  DOCKER_OWNER: ${{ inputs.owner || github.repository_owner }}
-  REPO: ${{ github.repository }}
-  BINARY: polkadot-parachain
-  EVENT_ACTION: ${{ github.event.action }}
-  EVENT_NAME: ${{ github.event_name }}
-  IMAGE_TYPE: ${{ inputs.image_type }}
-
-jobs:
-  fetch-artifacts:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout sources
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-
-      - name: Prepare temp folder
-        run: |
-          TMP=$(mktemp -d)
-          echo "TMP=$TMP" >> "$GITHUB_ENV"
-          pwd
-          ls -al "$TMP"
-
-      - name: Fetch lib.sh from polkadot repo
-        working-directory: ${{ env.TMP }}
-        run: |
-          curl -O -L \
-            -H "Accept: application/vnd.github.v3.raw" \
-            https://raw.githubusercontent.com/paritytech/polkadot/master/scripts/ci/common/lib.sh
-
-          chmod a+x lib.sh
-          ls -al
-
-      - name: Fetch release artifacts based on final release tag
-        #this step runs only if the workflow is triggered automatically when new release is published
-        if: ${{ env.EVENT_NAME == 'release' && env.EVENT_ACTION != '' && env.EVENT_ACTION == 'published' }}
-        run: |
-          mkdir -p release-artifacts && cd release-artifacts
-
-          for f in $BINARY $BINARY.asc $BINARY.sha256; do
-            URL="https://github.com/${{ github.event.repository.full_name }}/releases/download/${{ github.event.release.tag_name }}/$f"
-            echo " - Fetching $f from $URL"
-            wget "$URL" -O "$f"
-          done
-          chmod a+x $BINARY
-          cp -f ${TMP}/lib.sh .
-          ls -al
-
-      - name: Fetch rc artifacts or release artifacts based on release id
-        #this step runs only if the workflow is triggered manually
-        if: ${{ env.EVENT_NAME  == 'workflow_dispatch' }}
-        run: |
-          . ${TMP}/lib.sh
-
-          fetch_release_artifacts
-
-          chmod a+x release-artifacts/$BINARY
-          ls -al
-
-          cp -f ${TMP}/lib.sh release-artifacts/
-
-      - name: Cache the artifacts
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
-        with:
-          key: artifacts-${{ github.sha }}
-          path: |
-            ./release-artifacts/**/*
-
-  build-container:
-    runs-on: ubuntu-latest
-    needs: fetch-artifacts
-
-    steps:
-      - name: Checkout sources
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-
-      - name: Get artifacts from cache
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
-        with:
-          key: artifacts-${{ github.sha }}
-          fail-on-cache-miss: true
-          path: |
-            ./release-artifacts/**/*
-
-      - name: Check sha256 ${{ env.BINARY }}
-        working-directory: ./release-artifacts
-        run: |
-          . ./lib.sh
-
-          echo "Checking binary $BINARY"
-          check_sha256 $BINARY && echo "OK" || echo "ERR"
-
-      - name: Check GPG ${{ env.BINARY }}
-        working-directory: ./release-artifacts
-        run: |
-          . ./lib.sh
-          import_gpg_keys
-          check_gpg $BINARY
-
-      - name: Build Injected Container image for ${{ env.BINARY }}
-        env:
-          IMAGE_NAME: ${{ env.BINARY }}
-          OWNER: ${{ env.DOCKER_OWNER }}
-        run: |
-          ls -al
-          echo "Building container for $BINARY"
-          ./docker/scripts/build-injected-image.sh
-
-      - name: Fetch rc commit and tag
-        if: ${{ env.IMAGE_TYPE == 'rc' }}
-        id: fetch_rc_refs
-        run: |
-          release=release-${{ inputs.release_id }} && \
-          echo "release=${release}" >> $GITHUB_OUTPUT
-
-          commit=$(git rev-parse --short HEAD) && \
-          echo "commit=${commit}" >> $GITHUB_OUTPUT
-
-          tag=$(git name-rev --tags --name-only $(git rev-parse HEAD)) && \
-          [ "${tag}" != "undefined" ] && echo "tag=${tag}" >> $GITHUB_OUTPUT || \
-          echo "No tag, doing without"
-
-      - name: Fetch release tags
-        if: ${{ env.IMAGE_TYPE == 'release' || env.EVENT_NAME == 'release' &&  env.EVENT_ACTION != '' && env.EVENT_ACTION == 'published' }}
-        id: fetch_release_refs
-        run: |
-          VERSION=$(docker run --pull never --rm $DOCKER_OWNER/$BINARY --version | awk '{ print $2 }' )
-          release=$( echo $VERSION | cut -f1 -d- )
-          echo "tag=latest" >> $GITHUB_OUTPUT
-          echo "release=${release}" >> $GITHUB_OUTPUT
-
-
-      - name: Login to Dockerhub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Tag and Push Container image for ${{ env.BINARY }}
-        id: docker_push
-        env:
-          TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }}
-        run: |
-          TAGS=${TAGS[@]:-latest}
-          IFS=',' read -r -a TAG_ARRAY <<< "$TAGS"
-
-          echo "The image ${BINARY} will be tagged with ${TAG_ARRAY[*]}"
-          for TAG in "${TAG_ARRAY[@]}"; do
-            $ENGINE tag ${DOCKER_OWNER}/${BINARY} ${DOCKER_OWNER}/${BINARY}:${TAG}
-            $ENGINE push ${DOCKER_OWNER}/${BINARY}:${TAG}
-          done
-
-          $ENGINE images | grep ${BINARY}
-
-      - name: Check version for the published image for ${{ env.BINARY }}
-        env:
-          RELEASE_TAG: ${{ steps.fetch_rc_refs.outputs.release || steps.fetch_release_refs.outputs.release  }}
-        run: |
-          echo "Checking tag ${RELEASE_TAG} for image ${REGISTRY}/${DOCKER_OWNER}/${BINARY}"
-          $ENGINE run -i ${REGISTRY}/${DOCKER_OWNER}/${BINARY}:${RELEASE_TAG} --version