This repository has been archived by the owner on Nov 15, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 379
206 lines (174 loc) · 6.75 KB
/
release-50_publish-docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
name: Release - Publish Docker Image
# This workflow listens to pubished releases or can be triggered manually.
# It includes releases and rc candidates.
# It fetches the binaries, checks sha256 and GPG
# signatures, then builds an injected docker
# image and publishes it.
on:
release:
types:
- published
workflow_dispatch:
inputs:
release_id:
description: |
Release ID.
You can find it using the command:
curl -s \
-H "Authorization: Bearer ${GITHUB_TOKEN}" https://api.github.com/repos/$OWNER/$REPO/releases | \
jq '.[] | { name: .name, id: .id }'
required: true
type: string
image_type:
description: Type of the image to be published
required: true
default: rc
type: choice
options:
- rc
- release
registry:
description: Container registry
required: true
type: string
default: docker.io
owner:
description: Owner of the container image repo
required: true
type: string
default: parity
env:
RELEASE_ID: ${{ inputs.release_id }}
ENGINE: docker
REGISTRY: ${{ inputs.registry }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DOCKER_OWNER: ${{ inputs.owner || github.repository_owner }}
REPO: ${{ github.repository }}
BINARY: polkadot-parachain
EVENT_ACTION: ${{ github.event.action }}
EVENT_NAME: ${{ github.event_name }}
IMAGE_TYPE: ${{ inputs.image_type }}
jobs:
fetch-artifacts:
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Prepare temp folder
run: |
TMP=$(mktemp -d)
echo "TMP=$TMP" >> "$GITHUB_ENV"
pwd
ls -al "$TMP"
- name: Fetch lib.sh from polkadot repo
working-directory: ${{ env.TMP }}
run: |
curl -O -L \
-H "Accept: application/vnd.github.v3.raw" \
https://raw.githubusercontent.com/paritytech/polkadot/master/scripts/ci/common/lib.sh
chmod a+x lib.sh
ls -al
- name: Fetch release artifacts based on final release tag
#this step runs only if the workflow is triggered automatically when new release is published
if: ${{ env.EVENT_NAME == 'release' && env.EVENT_ACTION != '' && env.EVENT_ACTION == 'published' }}
run: |
mkdir -p release-artifacts && cd release-artifacts
for f in $BINARY $BINARY.asc $BINARY.sha256; do
URL="https://github.com/${{ github.event.repository.full_name }}/releases/download/${{ github.event.release.tag_name }}/$f"
echo " - Fetching $f from $URL"
wget "$URL" -O "$f"
done
chmod a+x $BINARY
cp -f ${TMP}/lib.sh .
ls -al
- name: Fetch rc artifacts or release artifacts based on release id
#this step runs only if the workflow is triggered manually
if: ${{ env.EVENT_NAME == 'workflow_dispatch' }}
run: |
. ${TMP}/lib.sh
fetch_release_artifacts
chmod a+x release-artifacts/$BINARY
ls -al
cp -f ${TMP}/lib.sh release-artifacts/
- name: Cache the artifacts
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
key: artifacts-${{ github.sha }}
path: |
./release-artifacts/**/*
build-container:
runs-on: ubuntu-latest
needs: fetch-artifacts
steps:
- name: Checkout sources
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Get artifacts from cache
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
key: artifacts-${{ github.sha }}
fail-on-cache-miss: true
path: |
./release-artifacts/**/*
- name: Check sha256 ${{ env.BINARY }}
working-directory: ./release-artifacts
run: |
. ./lib.sh
echo "Checking binary $BINARY"
check_sha256 $BINARY && echo "OK" || echo "ERR"
- name: Check GPG ${{ env.BINARY }}
working-directory: ./release-artifacts
run: |
. ./lib.sh
import_gpg_keys
check_gpg $BINARY
- name: Build Injected Container image for ${{ env.BINARY }}
env:
IMAGE_NAME: ${{ env.BINARY }}
OWNER: ${{ env.DOCKER_OWNER }}
run: |
ls -al
echo "Building container for $BINARY"
./docker/scripts/build-injected-image.sh
- name: Fetch rc commit and tag
if: ${{ env.IMAGE_TYPE == 'rc' }}
id: fetch_rc_refs
run: |
release=release-${{ inputs.release_id }} && \
echo "release=${release}" >> $GITHUB_OUTPUT
commit=$(git rev-parse --short HEAD) && \
echo "commit=${commit}" >> $GITHUB_OUTPUT
tag=$(git name-rev --tags --name-only $(git rev-parse HEAD)) && \
[ "${tag}" != "undefined" ] && echo "tag=${tag}" >> $GITHUB_OUTPUT || \
echo "No tag, doing without"
- name: Fetch release tags
if: ${{ env.IMAGE_TYPE == 'release' || env.EVENT_NAME == 'release' && env.EVENT_ACTION != '' && env.EVENT_ACTION == 'published' }}
id: fetch_release_refs
run: |
VERSION=$(docker run --pull never --rm $DOCKER_OWNER/$BINARY --version | awk '{ print $2 }' )
release=$( echo $VERSION | cut -f1 -d- )
echo "tag=latest" >> $GITHUB_OUTPUT
echo "release=${release}" >> $GITHUB_OUTPUT
- name: Login to Dockerhub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Tag and Push Container image for ${{ env.BINARY }}
id: docker_push
env:
TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }}
run: |
TAGS=${TAGS[@]:-latest}
IFS=',' read -r -a TAG_ARRAY <<< "$TAGS"
echo "The image ${BINARY} will be tagged with ${TAG_ARRAY[*]}"
for TAG in "${TAG_ARRAY[@]}"; do
$ENGINE tag ${DOCKER_OWNER}/${BINARY} ${DOCKER_OWNER}/${BINARY}:${TAG}
$ENGINE push ${DOCKER_OWNER}/${BINARY}:${TAG}
done
$ENGINE images | grep ${BINARY}
- name: Check version for the published image for ${{ env.BINARY }}
env:
RELEASE_TAG: ${{ steps.fetch_rc_refs.outputs.release || steps.fetch_release_refs.outputs.release }}
run: |
echo "Checking tag ${RELEASE_TAG} for image ${REGISTRY}/${DOCKER_OWNER}/${BINARY}"
$ENGINE run -i ${REGISTRY}/${DOCKER_OWNER}/${BINARY}:${RELEASE_TAG} --version