-
Notifications
You must be signed in to change notification settings - Fork 7
89 lines (75 loc) · 3.7 KB
/
build_and_publish_tee.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
name: Build and publish fee-withdrawer-v2-tee image
on:
push:
branches:
- "gramine*"
workflow_dispatch:
inputs:
target_branch:
description: "Target branch to build fee-withdrawer-v2-tee image against"
type: string
required: true
jobs:
push_to_registry:
name: Push Docker image to Docker Hub
runs-on: [matterlabs-ci-runner]
steps:
- uses: actions/checkout@v4
if: ${{ github.event_name == 'workflow_dispatch' }}
with:
ref: ${{ github.event.inputs.target_branch }}
- uses: actions/checkout@v4
if: ${{ github.event_name != 'workflow_dispatch' }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- uses: cachix/install-nix-action@v27
with:
extra_nix_config: |
access-tokens = github.com=${{ github.token }}
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=
substituters = https://cache.nixos.org/ https://nixsgx.cachix.org/
- name: Enable magic Nix cache
uses: DeterminateSystems/magic-nix-cache-action@main
- name: nix build
run: nix run github:nixos/nixpkgs/nixos-23.11#nixci
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push Docker images to matterlabsrobot
id: build
run: |
nix build -L .#container-era-fee-withdrawer-dcap
export IMAGE_TAG=$(docker load < result | grep -Po 'Loaded image.*: \K.*')
echo "Pushing image ${IMAGE_TAG} to matterlabsrobot Docker Hub"
docker tag "${IMAGE_TAG}" matterlabsrobot/"${IMAGE_TAG}"
docker push matterlabsrobot/"${IMAGE_TAG}"
docker tag matterlabsrobot/"${IMAGE_TAG}" matterlabsrobot/"${IMAGE_TAG%:*}:latest"
docker push matterlabsrobot/"${IMAGE_TAG%:*}:latest"
nix build -L .#container-era-fee-withdrawer-azure
export IMAGE_TAG=$(docker load < result | grep -Po 'Loaded image.*: \K.*')
echo "Pushing image ${IMAGE_TAG} to matterlabsrobot Docker Hub"
docker tag "${IMAGE_TAG}" matterlabsrobot/"${IMAGE_TAG}"
docker push matterlabsrobot/"${IMAGE_TAG}"
docker tag matterlabsrobot/"${IMAGE_TAG}" matterlabsrobot/"${IMAGE_TAG%:*}:latest"
docker push matterlabsrobot/"${IMAGE_TAG%:*}:latest"
echo "IMAGE_TAG=${IMAGE_TAG}" >> "$GITHUB_OUTPUT"
- name: Generate build ID for Flux Image Automation
id: flux
run: |
sha=$(git rev-parse --short HEAD)
ts=$(date +%s%N | cut -b1-13)
echo "BUILD_ID=${sha}-${ts}" >> "$GITHUB_OUTPUT"
- name: Auth to google artifact registry
run: |
gcloud auth configure-docker us-docker.pkg.dev -q
- name: Push Docker image to matterlabs-infra
if: ${{ !startsWith(github.ref, 'refs/tags') }}
run: |
docker tag "${{ steps.build.outputs.IMAGE_TAG}}" "us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/fee-withdrawer-v2-tee:latest"
docker push "us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/fee-withdrawer-v2-tee:latest"
docker tag "us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/fee-withdrawer-v2-tee:latest" "us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/fee-withdrawer-v2-tee:${{ steps.flux.outputs.BUILD_ID }}"
docker push "us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/fee-withdrawer-v2-tee:${{ steps.flux.outputs.BUILD_ID }}"