Publish to ECR (#54) #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create and publish blobstream docker image | |
| on: | |
| push: | |
| branches: main | |
| pull_request: | |
| branches: main | |
| jobs: | |
| build-and-push-image: | |
| if: github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name | |
| runs-on: [self-hosted, prod, Linux, X64, cpu] | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install rust | |
| uses: risc0/risc0/.github/actions/rustup@main | |
| # Install risczero toolchain to build the program ELF and image ID deterministically in docker. | |
| - name: risczero toolchain install | |
| run: | | |
| cargo install cargo-binstall --version '=1.6.9' --locked | |
| cargo binstall cargo-risczero@1.1.1 --no-confirm --force | |
| cargo risczero install | |
| - name: Install Foundry | |
| uses: risc0/foundry-toolchain@2fe7e70b520f62368a0e3c464f997df07ede420f | |
| - name: cargo check to build ELF and image ID | |
| env: | |
| RISC0_USE_DOCKER: true | |
| run: cargo check | |
| - name: Delete unnecessary cache files to save disk space for docker build | |
| run: sudo rm -rf "/usr/local/share/boost" "$AGENT_TOOLSDIRECTORY" ./target/debug | |
| - name: configure aws credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: 'us-west-2' | |
| role-to-assume: arn:aws:iam::299470750068:role/github-actions-assume-role | |
| - name: configure federated aws credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: 'us-west-2' | |
| role-to-assume: arn:aws:iam::559050242814:role/github-federated-actions-push-ecr | |
| role-chaining: true | |
| role-skip-session-tagging: true | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Build, tag, and push (if main) docker image to Amazon ECR | |
| env: | |
| REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| REPOSITORY: blobstream0 | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG -f ./dockerfiles/blobstream0.Dockerfile . | |
| ${{ github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && 'docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG' || '' }} |