pezkuwichain/pezkuwi-subxt
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-subxt.git synced 2026-04-27 13:57:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
23a2b7b5b33067fa2d7cadc4e98379b2d660d9d2
pezkuwi-subxt/cumulus/.github/workflows/release-50_publish-docker.yml
T
Egor_P 953a07a2c6 Refactor docker image build (#3045) 
* add lib.sh file from polkadot to reuse existing functionality

* use personal repo for test

* add debug line for visibility

* add more debug

* make lib.sh executable

* more debugging

* add permissons to read conents

* test write permissions for the contents

* try download wothout token

* cleanup

* add lib.sh from polkadot to the manual step

* add new manual docker image build + renaming of the release image build

* replace existing manual docker image publishing to test

* add checkout of lib.sh from polkadot

* copy lib.sh from temp to the artifacts folder

* change path to the artifacts folder and cleanup

* rename to test

* make binary executable

* fix path to binary in the for loop

* add debug

* make bin executable right after fetching it

* change is_final field to a string value

* Add semver version extraction for a tag

* add tags to the image

* tag iamge after it was built

* refactor tagging

* fix docker owner issue in build step

* push right after tagging in loop

* rename of the file

* cleanup

* update workflow description

Co-authored-by: Chevdor <chevdor@users.noreply.github.com>

* use choice to determine type of the image

* add combimed flow for image piublishing

* change conditions

* change conditions for event action

* test another conditions

* fix conditions

* fix typo in conditions

* split fetching artifacts into release and rc

* fix if

* split the rest based on rc or release image

* refactor push and check

* fix if in rc artifacts fetch

* copy lib.sh to the artifacts dir

* cleanup

* address PR comments

---------

Co-authored-by: Chevdor <chevdor@users.noreply.github.com>
2023-08-24 08:49:48 +00:00

207 lines
6.7 KiB
YAML
Raw Blame History

name: Release - Publish Docker Image
# This workflow listens to pubished releases or can be triggered manually.
# It includes releases and rc candidates.
# It fetches the binaries, checks sha256 and GPG
# signatures, then builds an injected docker
# image and publishes it.
on:
release:
types:
- published
workflow_dispatch:
inputs:
release_id:
description: |
Release ID.
You can find it using the command:
curl -s \
-H "Authorization: Bearer ${GITHUB_TOKEN}" https://api.github.com/repos/$OWNER/$REPO/releases | \
jq '.[] | { name: .name, id: .id }'
required: true
type: string
image_type:
description: Type of the image to be published
required: true
default: rc
type: choice
options:
- rc
- release
registry:
description: Container registry
required: true
type: string
default: docker.io
owner:
description: Owner of the container image repo
required: true
type: string
default: parity
env:
RELEASE_ID: ${{ inputs.release_id }}
ENGINE: docker
REGISTRY: ${{ inputs.registry }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DOCKER_OWNER: ${{ inputs.owner || github.repository_owner }}
REPO: ${{ github.repository }}
BINARY: polkadot-parachain
EVENT_ACTION: ${{ github.event.action }}
EVENT_NAME: ${{ github.event_name }}
IMAGE_TYPE: ${{ inputs.image_type }}
jobs:
fetch-artifacts:
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Prepare temp folder
run: |
TMP=$(mktemp -d)
echo "TMP=$TMP" >> "$GITHUB_ENV"
pwd
ls -al "$TMP"
- name: Fetch lib.sh from polkadot repo
working-directory: ${{ env.TMP }}
run: |
curl -O -L \
-H "Accept: application/vnd.github.v3.raw" \
https://raw.githubusercontent.com/paritytech/polkadot/master/scripts/ci/common/lib.sh
chmod a+x lib.sh
ls -al
- name: Fetch release artifacts based on final release tag
#this step runs only if the workflow is triggered automatically when new release is published
if: ${{ env.EVENT_NAME == 'release' && env.EVENT_ACTION != '' && env.EVENT_ACTION == 'published' }}
run: |
mkdir -p release-artifacts && cd release-artifacts
for f in $BINARY $BINARY.asc $BINARY.sha256; do
URL="https://github.com/${{ github.event.repository.full_name }}/releases/download/${{ github.event.release.tag_name }}/$f"
echo " - Fetching $f from $URL"
wget "$URL" -O "$f"
done
chmod a+x $BINARY
cp -f ${TMP}/lib.sh .
ls -al
- name: Fetch rc artifacts or release artifacts based on release id
#this step runs only if the workflow is triggered manually
if: ${{ env.EVENT_NAME == 'workflow_dispatch' }}
run: |
. ${TMP}/lib.sh
fetch_release_artifacts
chmod a+x release-artifacts/$BINARY
ls -al
cp -f ${TMP}/lib.sh release-artifacts/
- name: Cache the artifacts
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
key: artifacts-${{ github.sha }}
path: |
./release-artifacts/**/*
build-container:
runs-on: ubuntu-latest
needs: fetch-artifacts
steps:
- name: Checkout sources
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Get artifacts from cache
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
key: artifacts-${{ github.sha }}
fail-on-cache-miss: true
path: |
./release-artifacts/**/*
- name: Check sha256 ${{ env.BINARY }}
working-directory: ./release-artifacts
run: |
. ./lib.sh
echo "Checking binary $BINARY"
check_sha256 $BINARY && echo "OK" || echo "ERR"
- name: Check GPG ${{ env.BINARY }}
working-directory: ./release-artifacts
run: |
. ./lib.sh
import_gpg_keys
check_gpg $BINARY
- name: Build Injected Container image for ${{ env.BINARY }}
env:
IMAGE_NAME: ${{ env.BINARY }}
OWNER: ${{ env.DOCKER_OWNER }}
run: |
ls -al
echo "Building container for $BINARY"
./docker/scripts/build-injected-image.sh
- name: Fetch rc commit and tag
if: ${{ env.IMAGE_TYPE == 'rc' }}
id: fetch_rc_refs
run: |
release=release-${{ inputs.release_id }} && \
echo "release=${release}" >> $GITHUB_OUTPUT
commit=$(git rev-parse --short HEAD) && \
echo "commit=${commit}" >> $GITHUB_OUTPUT
tag=$(git name-rev --tags --name-only $(git rev-parse HEAD)) && \
[ "${tag}" != "undefined" ] && echo "tag=${tag}" >> $GITHUB_OUTPUT || \
echo "No tag, doing without"
- name: Fetch release tags
if: ${{ env.IMAGE_TYPE == 'release' || env.EVENT_NAME == 'release' && env.EVENT_ACTION != '' && env.EVENT_ACTION == 'published' }}
id: fetch_release_refs
run: |
VERSION=$(docker run --pull never --rm $DOCKER_OWNER/$BINARY --version | awk '{ print $2 }' )
release=$( echo $VERSION | cut -f1 -d- )
echo "tag=latest" >> $GITHUB_OUTPUT
echo "release=${release}" >> $GITHUB_OUTPUT
- name: Login to Dockerhub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Tag and Push Container image for ${{ env.BINARY }}
id: docker_push
env:
TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }}
run: |
TAGS=${TAGS[@]:-latest}
IFS=',' read -r -a TAG_ARRAY <<< "$TAGS"
echo "The image ${BINARY} will be tagged with ${TAG_ARRAY[*]}"
for TAG in "${TAG_ARRAY[@]}"; do
$ENGINE tag ${DOCKER_OWNER}/${BINARY} ${DOCKER_OWNER}/${BINARY}:${TAG}
$ENGINE push ${DOCKER_OWNER}/${BINARY}:${TAG}
done
$ENGINE images | grep ${BINARY}
- name: Check version for the published image for ${{ env.BINARY }}
env:
RELEASE_TAG: ${{ steps.fetch_rc_refs.outputs.release || steps.fetch_release_refs.outputs.release }}
run: |
echo "Checking tag ${RELEASE_TAG} for image ${REGISTRY}/${DOCKER_OWNER}/${BINARY}"
$ENGINE run -i ${REGISTRY}/${DOCKER_OWNER}/${BINARY}:${RELEASE_TAG} --version
Reference in New Issue View Git Blame Copy Permalink