From b9c5763ec7259c79471fd60b437ab8d12d4c64ad Mon Sep 17 00:00:00 2001 From: sergerad Date: Mon, 6 Jan 2025 14:26:46 +1300 Subject: [PATCH] ghcr only --- .github/actions/push/action.yaml | 57 ++------------------------------ .github/workflows/main.yaml | 16 ++++++--- .github/workflows/pr.yaml | 16 ++++++--- .github/workflows/release.yaml | 12 +++++-- 4 files changed, 36 insertions(+), 65 deletions(-) diff --git a/.github/actions/push/action.yaml b/.github/actions/push/action.yaml index e8011c5ee..d9fce0ef8 100644 --- a/.github/actions/push/action.yaml +++ b/.github/actions/push/action.yaml @@ -14,19 +14,6 @@ on: build-args: required: false type: string - role-to-assume: - required: true - type: string - role-session-name: - required: true - type: string - aws-region: - required: true - type: string - sandbox-semver: - required: false - type: boolean - default: false semver-level: required: false type: string @@ -75,14 +62,6 @@ jobs: token: ${{ secrets.github-token }} ref: ${{ inputs.git-release-tag }} - - name: configure aws credentials - id: aws-credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: ${{ inputs.role-to-assume }} - role-session-name: ${{ inputs.role-session-name }} - aws-region: ${{ inputs.aws-region }} - - name: Log in to GitHub Container Registry uses: docker/login-action@v2 with: @@ -90,12 +69,6 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.github-token }} - - name: Login to Amazon ECR - id: login-ecr - uses: docker/login-action@v2 - with: - registry: ${{ steps.aws-credentials.outputs.aws-account-id }}.dkr.ecr.${{ inputs.aws-region }}.amazonaws.com - - name: Extract Docker metadata id: meta uses: docker/metadata-action@v4 @@ -124,32 +97,8 @@ jobs: - name: Build tags id: build-tags run: | - if [[ ${{ inputs.environment }} == "prod" && ${{ inputs.push-git-tag }} == "true" ]]; then # Prod and auto-increment git tag - echo GHCR_TAG="ghcr.io/${{ github.repository }}/${{ env.REPOSITORY_NAME }}:prod-${{ steps.bump-semver.outputs.new_version }}" >> $GITHUB_ENV - echo ECR_TAG="${{ steps.aws-credentials.outputs.aws-account-id }}.dkr.ecr.${{ inputs.aws-region }}.amazonaws.com/${{ env.REPOSITORY_NAME }}:prod-${{ steps.bump-semver.outputs.new_version }}" >> $GITHUB_ENV - elif [[ ${{ inputs.environment }} == "prod" ]]; then # Prod and use current latest tag - echo GHCR_TAG="ghcr.io/${{ github.repository }}/${{ env.REPOSITORY_NAME }}:prod-${{ inputs.git-release-tag }}" >> $GITHUB_ENV - echo ECR_TAG="${{ steps.aws-credentials.outputs.aws-account-id }}.dkr.ecr.${{ inputs.aws-region }}.amazonaws.com/${{ env.REPOSITORY_NAME }}:prod-${{ inputs.git-release-tag }}" >> $GITHUB_ENV - elif [[ ${{ inputs.sandbox-semver }} == "true" && ${{ inputs.environment }} == "sandbox" ]]; then # Sandbox and use current tag for semver - echo GHCR_TAG="ghcr.io/${{ github.repository }}/${{ env.REPOSITORY_NAME }}:sandbox-${{ inputs.git-release-tag }}" >> $GITHUB_ENV - echo ECR_TAG="${{ steps.aws-credentials.outputs.aws-account-id }}.dkr.ecr.${{ inputs.aws-region }}.amazonaws.com/${{ env.REPOSITORY_NAME }}:sandbox-${{ inputs.git-release-tag }}" >> $GITHUB_ENV - elif [[ ${{ inputs.environment }} == "sandbox" ]]; then # Sandbox standard tagging - echo GHCR_TAG="ghcr.io/${{ github.repository }}/${{ env.REPOSITORY_NAME }}:sandbox-${{ env.BUILD_TIMESTAMP }}-git.${{ env.SHORT_SHA }}" >> $GITHUB_ENV - echo ECR_TAG="${{ steps.aws-credentials.outputs.aws-account-id }}.dkr.ecr.${{ inputs.aws-region }}.amazonaws.com/${{ env.REPOSITORY_NAME }}:sandbox-${{ env.BUILD_TIMESTAMP }}-git.${{ env.SHORT_SHA }}" >> $GITHUB_ENV - elif [[ ${{ inputs.environment }} == "dev" ]]; then # Dev standard tagging - echo GHCR_TAG="ghcr.io/${{ github.repository }}/${{ env.REPOSITORY_NAME }}:develop-${{ env.BUILD_TIMESTAMP }}-git.${{ env.SHORT_SHA }}" >> $GITHUB_ENV - echo ECR_TAG="${{ steps.aws-credentials.outputs.aws-account-id }}.dkr.ecr.${{ inputs.aws-region }}.amazonaws.com/${{ env.REPOSITORY_NAME }}:develop-${{ env.BUILD_TIMESTAMP }}-git.${{ env.SHORT_SHA }}" >> $GITHUB_ENV - fi - - - name: Combine tags - id: combine-tags - run: | - docker_tags="${{ env.GHCR_TAG }},${{ env.ECR_TAG }}" - if [[ -n "${{ inputs.git-release-tag }}" && ${{ inputs.ghcr-semver-only-tag }} ]]; then - ghcr_semver_only_tag="ghcr.io/${{ github.repository }}/${{ env.REPOSITORY_NAME }}:${{ inputs.git-release-tag }}" - docker_tags="$docker_tags,$ghcr_semver_only_tag" - fi - echo "docker_tags=$docker_tags" >> $GITHUB_ENV + # Dev standard tagging + echo GHCR_TAG="ghcr.io/${{ github.repository }}/${{ env.REPOSITORY_NAME }}:develop-${{ env.BUILD_TIMESTAMP }}-git.${{ env.SHORT_SHA }}" >> $GITHUB_ENV - name: Echo GITHUB_ENV variable run: echo $GITHUB_ENV @@ -198,7 +147,7 @@ jobs: file: ${{ inputs.dockerfile }} push: true build-args: ${{ inputs.build-args }} - tags: ${{ env.docker_tags }} + tags: ${{ env.GHCR_TAG }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=registry,ref=ghcr.io/${{ github.repository }}/${{ env.REPOSITORY_NAME }}:cache cache-to: type=registry,ref=ghcr.io/${{ github.repository }}/${{ env.REPOSITORY_NAME }}:cache,mode=max diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 6d30493b4..1193d4c3f 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -11,10 +11,18 @@ permissions: # see this: https://docs.github.com/en/actions/using-jobs/assigning contents: write # This is required for actions/checkout jobs: - dev_docker_build_push: + push: + name: Push Docker + runs-on: ubuntu-20-04-4-cores if: ${{ github.ref == 'refs/heads/main' }} steps: - - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + submodules: false + token: ${{ secrets.github-token }} + ref: ${{ inputs.git-release-tag }} - uses: ./.github/actions/push with: environment: dev @@ -24,8 +32,8 @@ jobs: aws-region: "us-east-2" go-mod-cache-path: "~/go/pkg/mod" go-build-cache-path: "~/.cache/go-build" - secrets: - github-token: ${{ secrets.PLATFORM_SA_GITHUB_TOKEN }} + secrets: + github-token: ${{ secrets.PLATFORM_SA_GITHUB_TOKEN }} tests: name: Tests diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 406de71ec..bcb58f2d4 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -10,10 +10,18 @@ concurrency: cancel-in-progress: true jobs: - dev_docker_build_push: + push: if: ${{ github.ref == 'refs/heads/main' }} + name: temporary + runs-on: ubuntu-20-04-4-cores steps: - - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + submodules: false + token: ${{ secrets.github-token }} + ref: ${{ inputs.git-release-tag }} - uses: ./.github/actions/push with: environment: dev @@ -23,8 +31,8 @@ jobs: aws-region: "us-east-2" go-mod-cache-path: "~/go/pkg/mod" go-build-cache-path: "~/.cache/go-build" - secrets: - github-token: ${{ secrets.PLATFORM_SA_GITHUB_TOKEN }} + secrets: + github-token: ${{ secrets.PLATFORM_SA_GITHUB_TOKEN }} bootstrap: name: Local E2E Tests diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index cae676d39..88bdcc023 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -48,7 +48,13 @@ jobs: name: "Testnet: Release" needs: [setup, dev_validate] steps: - - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + submodules: false + token: ${{ secrets.github-token }} + ref: ${{ inputs.git-release-tag }} - uses: ./.github/actions/push with: environment: sandbox @@ -60,8 +66,8 @@ jobs: push-git-tag: false git-release-tag: ${{ needs.setup.outputs.tag_name }} ghcr-semver-only-tag: false # prod release to deploy non-prefixed image - secrets: - github-token: ${{ secrets.PLATFORM_SA_GITHUB_TOKEN }} + secrets: + github-token: ${{ secrets.PLATFORM_SA_GITHUB_TOKEN }} sandbox_images: name: "Testnet: Rollout"