Skip to content

feat: use nixsgx lib.mkSGXContainer #50

feat: use nixsgx lib.mkSGXContainer

feat: use nixsgx lib.mkSGXContainer #50

name: Build and publish fee-withdrawer-v2-tee image
on:
push:
branches:
- "gramine*"
workflow_dispatch:
inputs:
target_branch:
description: "Target branch to build fee-withdrawer-v2-tee image against"
type: string
required: true
jobs:
push_to_registry:
name: Push Docker image to Docker Hub
runs-on: [matterlabs-ci-runner]
steps:
- uses: actions/checkout@v4
if: ${{ github.event_name == 'workflow_dispatch' }}
with:
ref: ${{ github.event.inputs.target_branch }}
- uses: actions/checkout@v4
if: ${{ github.event_name != 'workflow_dispatch' }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- uses: cachix/install-nix-action@v27
with:
extra_nix_config: |
access-tokens = github.com=${{ github.token }}
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=
substituters = https://cache.nixos.org/ https://nixsgx.cachix.org/
- name: Enable magic Nix cache
uses: DeterminateSystems/magic-nix-cache-action@main
- name: nix build
run: nix run github:nixos/nixpkgs/nixos-23.11#nixci
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push Docker images to matterlabsrobot
run: |
nix build -L .#container-era-fee-withdrawer-dcap
export IMAGE_TAG=$(docker load < result | grep -Po 'Loaded image.*: \K.*')
echo "Pushing image ${IMAGE_TAG} to matterlabsrobot Docker Hub"
docker tag "${IMAGE_TAG}" matterlabsrobot/"${IMAGE_TAG}"
docker push matterlabsrobot/"${IMAGE_TAG}"
docker tag matterlabsrobot/"${IMAGE_TAG}" matterlabsrobot/"${IMAGE_TAG%:*}:latest"
docker push matterlabsrobot/"${IMAGE_TAG%:*}:latest"
nix build -L .#container-era-fee-withdrawer-azure
export IMAGE_TAG=$(docker load < result | grep -Po 'Loaded image.*: \K.*')
echo "Pushing image ${IMAGE_TAG} to matterlabsrobot Docker Hub"
docker tag "${IMAGE_TAG}" matterlabsrobot/"${IMAGE_TAG}"
docker push matterlabsrobot/"${IMAGE_TAG}"
docker tag matterlabsrobot/"${IMAGE_TAG}" matterlabsrobot/"${IMAGE_TAG%:*}:latest"
docker push matterlabsrobot/"${IMAGE_TAG%:*}:latest"
echo "IMAGE_TAG=${IMAGE_TAG}" >> "$GITHUB_OUTPUT"
- name: Generate build ID for Flux Image Automation
id: build
run: |
sha=$(git rev-parse --short HEAD)
ts=$(date +%s%N | cut -b1-13)
echo "BUILD_ID=${sha}-${ts}" >> "$GITHUB_OUTPUT"
- name: Auth to google artifact registry
run: |
gcloud auth configure-docker us-docker.pkg.dev -q
- name: Push Docker image to matterlabs-infra
if: ${{ !startsWith(github.ref, 'refs/tags') }}
run: |
docker tag matterlabsrobot/"${IMAGE_TAG}" "us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/fee-withdrawer-v2-tee:latest"
docker push "us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/fee-withdrawer-v2-tee:latest"
docker tag "us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/fee-withdrawer-v2-tee:latest" "us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/fee-withdrawer-v2-tee:${{ steps.build.outputs.BUILD_ID }}"
docker push "us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/fee-withdrawer-v2-tee:${{ steps.build.outputs.BUILD_ID }}"