*run Docker rust build reusable workflow #160
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "*run Docker rust build reusable workflow" | |
on: | |
workflow_call: | |
inputs: | |
GIT_SHA: | |
required: true | |
type: string | |
description: The git SHA1 to build. If not specified, the latest commit on the triggering branch will be built | |
TARGET_CACHE_ID: | |
required: true | |
type: string | |
description: ID of the docker cache to use for the build | |
FEATURES: | |
required: false | |
type: string | |
description: The cargo features to build. If not specified, none will be built other than those specified in cargo config | |
PROFILE: | |
default: release | |
required: false | |
type: string | |
description: The cargo profile to build. If not specified, the default release profile will be used | |
BUILD_ADDL_TESTING_IMAGES: | |
default: false | |
required: false | |
type: boolean | |
description: Whether to build additional testing images. If not specified, only the base release images will be built | |
TARGET_REGISTRY: | |
default: gcp | |
required: false | |
type: string | |
description: The target docker registry to push to | |
workflow_dispatch: | |
inputs: | |
GIT_SHA: | |
required: true | |
type: string | |
description: The git SHA1 to build. If not specified, the latest commit on the triggering branch will be built | |
FEATURES: | |
required: false | |
type: string | |
description: The cargo features to build. If not specified, none will be built other than those specified in cargo config | |
PROFILE: | |
default: release | |
required: false | |
type: string | |
description: The cargo profile to build. If not specified, the default release profile will be used | |
BUILD_ADDL_TESTING_IMAGES: | |
default: false | |
required: false | |
type: boolean | |
description: Whether to build additional testing images. If not specified, only the base release images will be built | |
TARGET_REGISTRY: | |
default: gcp | |
required: false | |
type: string | |
description: The target docker registry to push to | |
env: | |
GIT_SHA: ${{ inputs.GIT_SHA }} | |
TARGET_CACHE_ID: ${{ inputs.TARGET_CACHE_ID || inputs.GIT_SHA }} # on workflow_dispatch, the build is one-off, so use the git sha as the cache id instead of another key | |
PROFILE: ${{ inputs.PROFILE }} | |
FEATURES: ${{ inputs.FEATURES }} | |
BUILD_ADDL_TESTING_IMAGES: ${{ inputs.BUILD_ADDL_TESTING_IMAGES }} | |
AWS_ECR_ACCOUNT_NUM: ${{ secrets.ENV_ECR_AWS_ACCOUNT_NUM }} | |
GCP_DOCKER_ARTIFACT_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }} | |
TARGET_REGISTRY: ${{ inputs.TARGET_REGISTRY }} | |
permissions: | |
contents: read | |
id-token: write #required for GCP Workload Identity federation which we use to login into Google Artifact Registry | |
jobs: | |
rust-all: | |
runs-on: experimental-docker | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.GIT_SHA }} | |
- uses: aptos-labs/aptos-core/.github/actions/docker-setup@main | |
with: | |
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} | |
GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} | |
- name: Build and Push Rust images | |
run: docker/builder/docker-bake-rust-all.sh | |
env: | |
PROFILE: ${{ env.PROFILE }} | |
FEATURES: ${{ env.FEATURES }} | |
BUILD_ADDL_TESTING_IMAGES: ${{ env.BUILD_ADDL_TESTING_IMAGES }} | |
GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} | |
TARGET_REGISTRY: ${{ env.TARGET_REGISTRY }} |