Build Node Docker Images #272
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Node Docker Images | |
| # This workflow is used to build and push one-off images for specific node types. This is useful | |
| # when deploying hotfixes or any time a change is not needed for all node roles. | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| type: string | |
| description: 'Git tag/commit' | |
| required: true | |
| docker_tag: | |
| type: string | |
| description: 'Docker tag' | |
| required: true | |
| # GHA doesn't support multi-selects, so simulating it with one boolean for each option | |
| build_access: | |
| type: boolean | |
| description: 'Access' | |
| required: false | |
| build_collection: | |
| type: boolean | |
| description: 'Collection' | |
| required: false | |
| build_consensus: | |
| type: boolean | |
| description: 'Consensus' | |
| required: false | |
| build_execution: | |
| type: boolean | |
| description: 'Execution' | |
| required: false | |
| build_verification: | |
| type: boolean | |
| description: 'Verification' | |
| required: false | |
| build_observer: | |
| type: boolean | |
| description: 'Observer' | |
| required: false | |
| # GHA allows only up to 10 inputs - regroup two entries in one | |
| include_alternative_builds: | |
| type: boolean | |
| description: 'Build amd64 `without_adx` and `without_netgo_without_adx` images, and arm64 images' | |
| required: false | |
| private_build: | |
| type: boolean | |
| description: 'Build private images' | |
| required: false | |
| jobs: | |
| # matrix_builder generates a matrix that includes the roles selected in the input | |
| matrix_builder: | |
| name: Setup build jobs | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.generate.outputs.matrix }} | |
| steps: | |
| - name: Print all input variables | |
| run: echo '${{ toJson(inputs) }}' | jq | |
| - id: generate | |
| run: | | |
| roles=() | |
| if [[ "${{ inputs.build_access }}" = "true" ]]; then | |
| roles+=( "access" ) | |
| fi | |
| if [[ "${{ inputs.build_collection }}" = "true" ]]; then | |
| roles+=( "collection" ) | |
| fi | |
| if [[ "${{ inputs.build_consensus }}" = "true" ]]; then | |
| roles+=( "consensus" ) | |
| fi | |
| if [[ "${{ inputs.build_execution }}" = "true" ]]; then | |
| roles+=( "execution" ) | |
| fi | |
| if [[ "${{ inputs.build_verification }}" = "true" ]]; then | |
| roles+=( "verification" ) | |
| fi | |
| if [[ "${{ inputs.build_observer }}" = "true" ]]; then | |
| roles+=( "observer" ) | |
| fi | |
| rolesJSON=$(jq --compact-output --null-input '$ARGS.positional' --args -- "${roles[@]}") | |
| echo "matrix={\"role\":$(echo $rolesJSON)}" >> $GITHUB_OUTPUT | |
| docker-push: | |
| name: ${{ matrix.role }} images | |
| runs-on: ubuntu-latest | |
| environment: Production Docker Registry | |
| needs: matrix_builder | |
| # setup jobs for each role | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJson(needs.matrix_builder.outputs.matrix) }} | |
| steps: | |
| - name: Setup Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.19' | |
| - name: Checkout repo | |
| uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ inputs.tag }} | |
| # Provide Google Service Account credentials to Github Action, allowing interaction with the Google Container Registry | |
| # Logging in as [email protected] | |
| - id: auth | |
| uses: google-github-actions/auth@v1 | |
| with: | |
| credentials_json: ${{ secrets.GCR_SERVICE_KEY_SECRET }} | |
| - name: Set up Google Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v1 | |
| - name: Authenticate Docker with gcloud | |
| run: | | |
| if [[ "${{ github.event.inputs.private_build }}" == "true" ]]; then | |
| gcloud auth configure-docker us-central1-docker.pkg.dev | |
| else | |
| gcloud auth configure-docker | |
| fi | |
| - name: Set CONTAINER_REGISTRY | |
| id: set-registry | |
| run: | | |
| if [[ "${{ github.event.inputs.private_build }}" == "true" ]]; then | |
| echo "CONTAINER_REGISTRY=${{ vars.PRIVATE_REGISTRY }}" >> $GITHUB_ENV | |
| else | |
| echo "CONTAINER_REGISTRY=${{ vars.PUBLIC_REGISTRY }}" >> $GITHUB_ENV | |
| fi | |
| - name: Build/Push ${{ matrix.role }} amd64 images with adx (default) | |
| env: | |
| IMAGE_TAG: ${{ inputs.docker_tag }} | |
| CADENCE_DEPLOY_KEY: ${{ secrets.CADENCE_DEPLOY_KEY }} | |
| run: | | |
| make docker-build-${{ matrix.role }}-with-adx docker-push-${{ matrix.role }}-with-adx CONTAINER_REGISTRY=$CONTAINER_REGISTRY | |
| - name: Build/Push ${{ matrix.role }} amd64 images without netgo and without adx, arm64 images | |
| if: ${{ inputs.include_alternative_builds }} | |
| env: | |
| IMAGE_TAG: ${{ inputs.docker_tag }} | |
| CADENCE_DEPLOY_KEY: ${{ secrets.CADENCE_DEPLOY_KEY }} | |
| run: | | |
| make docker-build-${{ matrix.role }}-without-adx docker-push-${{ matrix.role }}-without-adx \ | |
| docker-build-${{ matrix.role }}-without-netgo-without-adx docker-push-${{ matrix.role }}-without-netgo-without-adx \ | |
| docker-cross-build-${{ matrix.role }}-arm docker-push-${{ matrix.role }}-arm CONTAINER_REGISTRY=$CONTAINER_REGISTRY | |