fix: whitelist envs {LOWER,UPPER}_BOUND_BLOB_OPERATOR_THRESHOLD
#74
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and publish fee-withdrawer-v2-tee image | |
| on: | |
| push: | |
| branches: | |
| - "gramine*" | |
| tags: | |
| - "*-sgx-*" | |
| workflow_dispatch: | |
| inputs: | |
| target_branch: | |
| description: "Target branch to build fee-withdrawer-v2-tee image against" | |
| type: string | |
| required: true | |
| jobs: | |
| push_to_registry: | |
| name: Push Docker image to Docker Hub | |
| runs-on: [matterlabs-ci-runner] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| with: | |
| ref: ${{ github.event.inputs.target_branch }} | |
| - uses: actions/checkout@v4 | |
| if: ${{ github.event_name != 'workflow_dispatch' }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - uses: cachix/install-nix-action@v27 | |
| with: | |
| extra_nix_config: | | |
| access-tokens = github.com=${{ github.token }} | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg= | |
| substituters = https://cache.nixos.org/ https://attic.teepot.org/tee-pot | |
| sandbox = true | |
| - name: Setup Attic cache | |
| uses: ryanccn/attic-action@v0 | |
| with: | |
| endpoint: https://attic.teepot.org/ | |
| cache: tee-pot | |
| token: ${{ secrets.ATTIC_TOKEN }} | |
| - name: Enable magic Nix cache | |
| uses: DeterminateSystems/magic-nix-cache-action@main | |
| - name: nix build | |
| run: nix run github:nixos/nixpkgs/nixos-23.11#nixci | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USER }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and push Docker images to matterlabsrobot | |
| id: build | |
| run: | | |
| nix build -L .#container-era-fee-withdrawer-dcap | |
| export IMAGE_TAG=$(docker load < result | grep -Po 'Loaded image.*: \K.*') | |
| echo "Pushing image ${IMAGE_TAG} to matterlabsrobot Docker Hub" | |
| docker tag "${IMAGE_TAG}" matterlabsrobot/"${IMAGE_TAG}" | |
| docker push matterlabsrobot/"${IMAGE_TAG}" | |
| docker tag matterlabsrobot/"${IMAGE_TAG}" matterlabsrobot/"${IMAGE_TAG%:*}:latest" | |
| docker push matterlabsrobot/"${IMAGE_TAG%:*}:latest" | |
| nix build -L .#container-era-fee-withdrawer-azure | |
| export IMAGE_TAG=$(docker load < result | grep -Po 'Loaded image.*: \K.*') | |
| echo "Pushing image ${IMAGE_TAG} to matterlabsrobot Docker Hub" | |
| docker tag "${IMAGE_TAG}" matterlabsrobot/"${IMAGE_TAG}" | |
| docker push matterlabsrobot/"${IMAGE_TAG}" | |
| docker tag matterlabsrobot/"${IMAGE_TAG}" matterlabsrobot/"${IMAGE_TAG%:*}:latest" | |
| docker push matterlabsrobot/"${IMAGE_TAG%:*}:latest" | |
| echo "IMAGE_TAG=${IMAGE_TAG}" >> "$GITHUB_OUTPUT" | |
| - name: Generate build ID for Flux Image Automation | |
| id: flux | |
| if: ${{ !startsWith(github.ref, 'refs/tags') }} | |
| run: | | |
| sha=$(git rev-parse --short HEAD) | |
| ts=$(date +%s%N | cut -b1-13) | |
| echo "BUILD_ID=${sha}-${ts}" >> "$GITHUB_OUTPUT" | |
| - name: Generate build ID for Flux Image Automation | |
| id: tag | |
| if: ${{ startsWith(github.ref, 'refs/tags') }} | |
| run: | | |
| echo "BUILD_ID=${GITHUB_REF#refs/*/}" >> "$GITHUB_OUTPUT" | |
| - name: Auth to google artifact registry | |
| run: | | |
| gcloud auth configure-docker us-docker.pkg.dev -q | |
| - name: Push Docker image to matterlabs-infra | |
| if: ${{ !startsWith(github.ref, 'refs/tags') }} | |
| run: | | |
| docker tag "${{ steps.build.outputs.IMAGE_TAG }}" "us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/fee-withdrawer-v2-tee:latest" | |
| docker push "us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/fee-withdrawer-v2-tee:latest" | |
| docker tag "${{ steps.build.outputs.IMAGE_TAG }}" "us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/fee-withdrawer-v2-tee:${{ steps.flux.outputs.BUILD_ID }}" | |
| docker push "us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/fee-withdrawer-v2-tee:${{ steps.flux.outputs.BUILD_ID }}" | |
| - name: Push Docker image to matterlabs-infra | |
| if: ${{ startsWith(github.ref, 'refs/tags') }} | |
| run: | | |
| docker tag "${{ steps.build.outputs.IMAGE_TAG }}" "us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/fee-withdrawer-v2-tee:latest" | |
| docker push "us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/fee-withdrawer-v2-tee:latest" | |
| docker tag "${{ steps.build.outputs.IMAGE_TAG }}" "us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/fee-withdrawer-v2-tee:${{ steps.tag.outputs.BUILD_ID }}" | |
| docker push "us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/fee-withdrawer-v2-tee:${{ steps.tag.outputs.BUILD_ID }}" |