-
Notifications
You must be signed in to change notification settings - Fork 180
152 lines (137 loc) · 5.05 KB
/
builds.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
name: Build Node Docker Images
# This workflow is used to build and push one-off images for specific node types. This is useful
# when deploying hotfixes or any time a change is not needed for all node roles.
on:
workflow_dispatch:
inputs:
tag:
type: string
description: 'Git tag/commit'
required: true
docker_tag:
type: string
description: 'Docker tag'
required: true
# GHA doesn't support multi-selects, so simulating it with one boolean for each option
build_access:
type: boolean
description: 'Access'
required: false
build_collection:
type: boolean
description: 'Collection'
required: false
build_consensus:
type: boolean
description: 'Consensus'
required: false
build_execution:
type: boolean
description: 'Execution'
required: false
build_verification:
type: boolean
description: 'Verification'
required: false
build_observer:
type: boolean
description: 'Observer'
required: false
# GHA allows only up to 10 inputs - regroup two entries in one
include_alternative_builds:
type: boolean
description: 'Build amd64 `without_adx` and `without_netgo_without_adx` images, and arm64 images'
required: false
private_build:
type: boolean
description: 'Build private images'
required: false
jobs:
# matrix_builder generates a matrix that includes the roles selected in the input
matrix_builder:
name: Setup build jobs
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.generate.outputs.matrix }}
steps:
- name: Print all input variables
run: echo '${{ toJson(inputs) }}' | jq
- id: generate
run: |
roles=()
if [[ "${{ inputs.build_access }}" = "true" ]]; then
roles+=( "access" )
fi
if [[ "${{ inputs.build_collection }}" = "true" ]]; then
roles+=( "collection" )
fi
if [[ "${{ inputs.build_consensus }}" = "true" ]]; then
roles+=( "consensus" )
fi
if [[ "${{ inputs.build_execution }}" = "true" ]]; then
roles+=( "execution" )
fi
if [[ "${{ inputs.build_verification }}" = "true" ]]; then
roles+=( "verification" )
fi
if [[ "${{ inputs.build_observer }}" = "true" ]]; then
roles+=( "observer" )
fi
rolesJSON=$(jq --compact-output --null-input '$ARGS.positional' --args -- "${roles[@]}")
echo "matrix={\"role\":$(echo $rolesJSON)}" >> $GITHUB_OUTPUT
docker-push:
name: ${{ matrix.role }} images
runs-on: ubuntu-latest
environment: Production Docker Registry
needs: matrix_builder
# setup jobs for each role
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.matrix_builder.outputs.matrix) }}
steps:
- name: Setup Go
uses: actions/setup-go@v4
with:
go-version: '1.19'
- name: Checkout repo
uses: actions/checkout@v2
with:
ref: ${{ inputs.tag }}
# Provide Google Service Account credentials to Github Action, allowing interaction with the Google Container Registry
# Logging in as github-actions@dl-flow.iam.gserviceaccount.com
- id: auth
uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GCR_SERVICE_KEY_SECRET }}
- name: Set up Google Cloud SDK
uses: google-github-actions/setup-gcloud@v1
- name: Authenticate Docker with gcloud
run: |
if [[ "${{ github.event.inputs.private_build }}" == "true" ]]; then
gcloud auth configure-docker us-central1-docker.pkg.dev
else
gcloud auth configure-docker
fi
- name: Set CONTAINER_REGISTRY
id: set-registry
run: |
if [[ "${{ github.event.inputs.private_build }}" == "true" ]]; then
echo "CONTAINER_REGISTRY=${{ vars.PRIVATE_REGISTRY }}" >> $GITHUB_ENV
else
echo "CONTAINER_REGISTRY=${{ vars.PUBLIC_REGISTRY }}" >> $GITHUB_ENV
fi
- name: Build/Push ${{ matrix.role }} amd64 images with adx (default)
env:
IMAGE_TAG: ${{ inputs.docker_tag }}
CADENCE_DEPLOY_KEY: ${{ secrets.CADENCE_DEPLOY_KEY }}
run: |
make docker-build-${{ matrix.role }}-with-adx docker-push-${{ matrix.role }}-with-adx CONTAINER_REGISTRY=$CONTAINER_REGISTRY
- name: Build/Push ${{ matrix.role }} amd64 images without netgo and without adx, arm64 images
if: ${{ inputs.include_alternative_builds }}
env:
IMAGE_TAG: ${{ inputs.docker_tag }}
CADENCE_DEPLOY_KEY: ${{ secrets.CADENCE_DEPLOY_KEY }}
run: |
make docker-build-${{ matrix.role }}-without-adx docker-push-${{ matrix.role }}-without-adx \
docker-build-${{ matrix.role }}-without-netgo-without-adx docker-push-${{ matrix.role }}-without-netgo-without-adx \
docker-cross-build-${{ matrix.role }}-arm docker-push-${{ matrix.role }}-arm CONTAINER_REGISTRY=$CONTAINER_REGISTRY